(inter)National Models for Women’s Safety Online
In the world of Digital Governance, 2025 was a year of rapid evolution and high-stakes experimentation. As online harms like deepfakes, online sexual exploitation and abuse of children (OSEAC), and tech-facilitated gender-based violence (TFGBV) grew in sophistication, national governments sought to move beyond content moderation to more comprehensive online safety regulatory frameworks.
Development Gateway and IREX spent the year analyzing how different nations approach the “how-to” of online safety regulations. Our research suggests that the most effective models go beyond reactionary and punitive measures to facilitate a functional ecosystem of trust and accountability between tech users and tech providers.
As we complete the National Models for Women’s Safety Online (“no more so”) program in the Philippines and Kenya, below are the six core pillars we believe define a viable national regulatory model for online safety.
- Platform accountability
How much legal responsibility should tech platforms bear for user safety? Until recently, many US-based tech companies have relied on the “guns don’t kill people, people kill people” logic. On the other end of the spectrum, the United Kingdom and Australia have both established that tech platforms have a “duty of care” to prevent user harm. In the middle, smaller economic markets such as the Philippines or Kenya have less influence or control over global tech giants like Meta or TikTok. But as more governments increasingly grapple with the impact of digital harms, an increasing number of small and mid-sized economies – such as Brazil – are adopting similar tech platform accountability mandates.
But does establishing platform accountability actually work to create safer online spaces? According to academic research and our own experience with the NMWSO program, establishing platform accountability is important; but to be effective, it must also be coupled with transparent public communication, such as public reporting mechanisms and independent audit frameworks, and clear safety-by-design standards and incentives, such as age requirements, privacy-by-default, or bans on “infinite loop” algorithms.
- Regulatory mandates
To implement online safety regulations, most countries utilize existing regulatory enforcement bodies, like the UK’s communications regulator, Ofcom. Other countries with significant government investment can establish independent offices, such as Australia’s eSafety Commission and Fiji’s Online Safety Commission.
However, improving online safety regulations doesn’t always require establishing a brand-new “mega-regulator”. In the Philippines, online safety regulations existed before the NMWSO program, but multiple agencies – such as the National Bureau of Investigation (NBI) and the Philippine National Police (PNP) – are responsible for operationalizing them. Instead of trying to establish a new online safety authority, the NWMSO program focused on improving communication, reporting, and coordination among these existing bodies. We started by mapping their various legal jurisdictions and reporting mechanisms on decision trees; facilitated convenings and targeted introductions between several critical teams and investigative pipelines; and identified opportunities for peer learning, resource sharing, and overall improved coordination. Then, we shared that information with the public citizens so they know exactly who to call when they need help through a tool called Gabay Tech, discussed below.
- Reporting mechanisms
For a national online safety regulatory model to work, survivors must know exactly where to report abuse. Tech users must have a clear path to recourse when an online platform’s internal guardrails fail to act on complaints of safety violations like cyberstalking, deepfakes, or image-based abuse. Reporting data allows regulators to launch investigations, gather critical data on both the incidence and prevalence of online safety violations, and hold both individual perpetrators and tech platforms accountable. Critically, online safety reporting mechanisms help reinforce the ecosystem of trust and accountability between tech users and tech providers.
Recognizing the critical role that reporting mechanisms play, the NMWSO Philippines program worked alongside each of the cybercrime reporting units across the National Bureau of Investigation, the Department of Justice, and the Philippine National Police to develop a step-by-step guide for Filipinos to understand who to contact based on the kind of online harm they’re facing – Gabay Tech. Australia offers one example of a more streamlined approach, remaining a global leader in online safety reporting mechanisms, being one of the only countries where survivors can report online abuse directly to the e-safety commissioner and receive a response from the government within days.
- Enforcement speed
In the digital age, a harm ignored for a week is a harm amplified forever. Online safety regulatory bodies need to set strict deadlines for content removal and other recourse mechanisms in order to reinforce trust with survivors and communicate the severity of the offense with perpetrators.
However, achieving these rapid response times requires significant investments from online safety regulators, who must process and handle complaints on a rolling basis with increasing speed and efficiency. Further, over-emphasizing speed can lead to unintended secondary harms, as seen in 2024 when Australia’s eSafety Commissioner’s mandatory 48-hr takedown request of a violent video triggered an immediate wave of retributive, TFGBV, doxxing, and targeted death threats directed against the regulator and her family. Online safety regulatory models must balance the need for responsiveness with the need to prevent wider digital harms, and avoid falling into perpetual loops of “digital whack-a-mole.”
- Penalties
Penalties are a necessary component of any regulatory framework to ensure non-compliance has real consequences. Financial penalties can be particularly effective corrections on power imbalances between Big Tech and emerging economies. Fiji, for example, imposes penalties of up to $100,000 on tech platforms that fail to comply with court orders issued by its Online Safety Commission.
While these penalties are certainly effective accountability mechanisms, they also serve a secondary purpose: the revenue and data generated from enforcement can help justify and fund resources necessary to implement online safety regulations, such as cyberforensics training and capabilities, or 24-hour hotline call centers. This critical funding is often scarce in lower- and middle-income countries where online scams, extortion, and harms are increasingly occurring.
- Preventative Measures: Safety-by-Design
While penalties are important, relying solely on “sticks” is a reactive strategy. A more self-sustaining and preventative online safety regulatory framework focuses on generating user demand for safety among tech users. Generally, when tech users and consumers are educated about risks and safety measures, they will choose to engage with a safer platform over other alternatives. Public investments in educational and advocacy campaigns about user safety rights, coupled with punitive measures for tech companies, create incentives for tech companies to adopt Safety-by-Design by generating user demand. Further – markets aside – preventative regulatory frameworks such as Safety-by-Design approaches reinforce the notion that online harms are real harms, and users do not have to simply endure them.
| Law/Region | Mechanism | Details |
| Europe Digital Services Act | Annual risk assessment and audit reporting requirements, especially for large platforms | Instead of policing single posts, this regulation forces platforms to conduct risk assessments regarding illegal content and child endangerment. Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) are legally mandated to execute comprehensive, annual systemic risk assessments. |
| Australia: Online Safety Act | Basic Online Safety Expectations (BOSE) industry codes and mandates | Through the binding BOSE and corresponding mandatory industry codes, tech platforms are required to establish an algorithmic and structural baseline that minimizes user exposure to illegal materials, cyber-bullying, and image-based abuse. |
| IREX’s PRIMA tool | Publicly-available online self-assessment for platforms | The Predictive Risk and Mitigation Audit (PRIMA) is a rapid self-assessment tool for digital innovators and tech developers. It offers practical guidance on privacy, safety, security, and transparency features tailored to your product or service. |
The 2026 Outlook: Bans vs. Design
As we look forward through 2026, a new debate has emerged around age verification and social media bans. While 25 US states have passed age verification laws and Australia prepares for a Supreme Court challenge to its under-16 ban, we remain cautious. Research from the Oxford Internet Institute suggests that outright bans may have unintended negative outcomes.
Our takeaway? The most sustainable models aren’t those that seek to block access, but those that incentivize safer design. By generating user demand for safer products and embedding safety into the design stage, we can build a digital economy that protects users without sacrificing their privacy or freedom.