Please enable javascript in your browser to view this site

The funding and resourcing of NRAs

As regulators take on similar new statutory duties for online safety, the staff and budgets at their disposal vary greatly. Despite not benefiting from the EC, we find Ofcom to be as equipped, if not more so, when compared to its European counterparts.

  • While convergence and technological developments have brought most NRAs new duties in digital markets, the resources for these regulators has not always followed. Australia, Ireland and the UK have all seen an at least a 30% increase in budget and staff, whereas France, Germany, Italy and Spain have generally seen single digit growth, or even a reduction in headcount.

  • Ofcom’s significant growth in budget and staffing should be seen as an important and necessary investment in enforcing the Online Safety Act in the UK. Unlike its peers in the EU, it is preparing to implement online safety laws without the benefit of a centralised government agency supporting its enforcement activities.

  • A number of NRAs in the EU have been designated as Digital Service Coordinators under the Digital Services Act. However, these new duties have come with limited additional funding, as in the case of Germany, Italy and Spain, despite the considerable costs of tooling up.

  • In Member States where new regulators have recently been formed (Ireland and France), we’ve seen a more notable increase in these regulators’ resources. Although these increases are difficult to link directly all their responsibilities from the DSA, they reflect a willingness to invest in meeting the regulatory challenges of the online world.

  • As scrutiny over Ofcom’s readiness for the Online Safety Act has grown during 2024, we consider the regulator as well equipped, if not more so, than many of its European counterparts to deliver on the promise of creating one of the safest places to go online.

Regulators have been tasked with policing the internet but not all with the benefit of the same resources

As technology continues to disrupt telecoms markets and redefine how people communicate, the work of national regulatory authorities (NRAs) has predictably changed too. Just as network operators are responding to convergence, regulators have been increasingly assigned duties related to the digital economy (see Figure 1). With the implementation of new regulatory frameworks, such as the Online Safety Act in the UK and the Digital Markets Act (DMA) and Digital Services Act (DSA) in the EU, sectoral regulators have taken on the task of implementing and enforcing policies across a growing range of new areas. In the EU, the vast majority (18 of 25 named so far) of newly appointed Digital Service Coordinators (DSCs) responsible for implementing the DSA throughout Member States are telecoms NRAs.

Despite this common expansion in remit, corresponding growth in resourcing for regulators has been considerably mixed. Analysing the funding and staffing of NRAs, it becomes apparent that only a handful of governments have invested meaningfully in the implementation and enforcement of new online safety regimes. Though Ofcom’s commonly compared counterparts in the EU (AGCOM in Italy, Arcep in France, BNetzA in Germany and the CNMC in Spain) – have the benefit of centralised support from the EC, the laborious work of setting up national infrastructures such as trusted flagger networks as required by the DSA will largely be undertaken without the benefit of meaningful budgetary increases. Instead of suggesting mission creep or an unfounded realignment of priorities, we consider the increased investment in Ofcom’s resources as an important and necessary support for the success of the Online Safety Act.

In the UK, Ofcom has grown significantly in size to meet its new online safety responsibilities

Now 20 years into its tenure, Ofcom is in the midst of perhaps the biggest evolution of its mission and make-up since its founding. With 2025 set to be a crucial year in kicking-off online safety enforcement alongside the continued embrace of other added responsibilities, such as supporting growth as a public policy objective, the regulator’s staffing and budget both reflect well-resourced readiness. Overall, Ofcom’s budget has increased over 50% in the past five years (see Figure 2). That growth includes a 270% increase in spending on online harms work since the 2021/2022 financial year when the regulator first budgeted for that new duty. Over the last five years, the regulator added over 500 new employees, growing to a total headcount of nearly 1,500. Ofcom will also implement its fee scheme for stakeholders in the online safety sector in financial year 2026/2027, opening up a comparable revenue stream to the rest of its regulated sectors in the years to come.

During this time, Ofcom’s profile in communications and broadcasting has otherwise remained largely stable. Though some significant single-year shifts in revenue can be observed – such as a 28% increase in fees collected from the telecoms sector for the 2024/2025 financial year – longer term trends in funding reflect a much more level outlook. Across the whole of the past five years, revenue related to telecoms, spectrum and broadcasting has not changed more than 10%, with the largest shift being an 8% overall reduction in fees collected from the telecoms sector during this time. Despite recent questioning of where the regulator’s traditional focus on communications and broadcasting markets now sits among its organisational priorities, Ofcom has largely kept its money where its mouth is in maintaining levels of resources to deliver on its historic regulatory portfolio.

While Ofcom is normally benchmarked against its European peers, the particularly active efforts of policymakers in Australia in digital markets also makes for a useful comparison. The Australian Communications and Media Authority (ACMA), a similarly converged communications regulator with an added remit in online safety, provides the closest counterpart to Ofcom among these comparator countries. Though ACMA’s subsidiary the eSafety Commission has existed in some form since 2015, the update to Australia’s Online Safety Act in 2021 as well as expected introduction of a digital duty of care in coming years reflects a steady expansion of its portfolio. Save for the responsibility of regulating the postal sector, ACMA’s and Ofcom’s lists of duties mirror one another quite closely and are reflected in similarly expanding funding and staffing (see Figure 3).

Regulators in the EU with new online safety duties have not benefited from significant increases in resources

In the EU, regulators tasked with implementing the DSA across Member States have largely not benefited from the same increased investment as seen in Australia and the UK. While many of these regulators had already begun work on topics related to the digital economy, their appointment as a DSC creates a range of new, labour-intensive duties, including creating administrative processes for certifying trusted flaggers of illegal content, accrediting researchers and responding to incoming constituent complaints and inquiries. Despite these new demands, NRAs have seen limited increases in funding and staffing. This lack of change is also consistent in countries that fund their regulator through revenue collected from regulated sectors (Italy) as well as through centralised budget processes (Germany, Spain).

As the DSC for Spain, the CNMC will add DSA-related duties to its existing portfolio work in competition policy, as well as in audiovisual and telecoms markets. Given its role as the national competition authority, the CNMC has also been an active participant in the rollout of the DMA, although its statutory duties under that law are comparatively limited. The CNMC’s budget has seen a small increase (4%) over the past five years, but given the breadth of the regulator’s remit in other network industries, including transportation and energy, the agency’s resourcing appears more limited compared to other NRAs with similar responsibilities.

Similar to the CNMC, BNetzA in Germany is responsible for the regulation of communications markets, as well as other network industries, including energy and transportation. In addition to its DSC designation, BNetzA has been active in other supranational legislative efforts, including monitoring the progress of artificial intelligence (AI) regulation at the EU level. Though the regulator saw a one-year decline in its 2024 budget, like the CNMC, BNetzA has also benefited from a modest increase (8%) in its budget over the past five years. As the largest European regulator in this comparison, BNetzA’s approximately 3,000-person staff sets the agency apart from its international peers. However, it’s difficult to determine how many of these staff members are assigned to telecoms or digital services portfolios and therefore the extent to which BNetzA’s leading staffing figures help with its work on communications markets.

Unlike the CNMC and BNetzA, Italy’s AGCOM is not responsible for other networked industries and, like Ofcom, is funded by levies collected from stakeholders in regulated sectors, including telecoms. From the 2021/2022 financial year through the 2023/2024 financial year, AGCOM collected fees from online platforms to cover the administrative costs of its work programmes in the sector, including its work on copyright enforcement and the regulation of audiovisual services. From 2021/2022 to AGCOM’s most recent statements for the 2023/2024 financial year, the revenue collected from online platforms increased 125% to over €9m (£7.7m), charting a promising ramping up in resourcing in advance of added online safety duties with its designation as a DSC. However, following a ruling issued by the European Court of Justice in January 2024, AGCOM has been barred from collecting these administrative fees from any platform services without a headquarters in Italy. As a result, AGCOM’s added resourcing is likely to disappear just as the full implementation of the DSA gets underway.

Newly formed regulators have fared better than telecoms counterparts across the EU when it comes to resourcing

Among regulators that were not named DSC (including ComReg in Ireland and Arcep in France), the outlook on resourcing varies. While ComReg has seen growth in its budget (+27%) as well as growth in the surplus revenues it has returned to the Irish Government over the past five years, Arcep has been a picture of stability or stagnation, depending on perspective. Though both of these regulators gained some responsibility for sustainability objectives under legislative amendments issued during these periods, it is unclear the extent to which these duties have impacted resourcing. Instead, we consider these differences in resourcing to potentially be products of the differences in how each regulator is funded: through levies paid by regulated sectors in Ireland and through a central political budget in France. 

Newly formed regulators in both of these countries have fared better, however. Both the Coimisiún na Meán (CNAM) in Ireland and Arcom in France were formed as aggregated regulators of media and online safety in recent years, taking the designation of DSC on behalf of their respective governments. Similarly, both of the bodies have seen notable growth in resourcing over their predecessors (the Broadcasting Authority in Ireland and the High Audiovisual Council in France) and in comparison to their telecoms counterparts. Though more pronounced for CNAM (84% increase in budget over five years), Arcom has seen an 11% increase in its funding, resulting in its most recent budget per capita totalling more than double that of Arcep. It is difficult to credit this growth in resources directly to a recognition of forthcoming duties under the DSA, but the legislative formation of these regulators reflects a readiness from governments to invest in navigating new regulatory challenges.

Without adequate resourcing, regulators will find it difficult to deliver public policy objectives

With all the attention paid to Ofcom’s preparedness to enforce the Online Safety Act, especially in light of disinformation-fuelled violence in the UK during July and August of 2024, the UK’s public investment in the tools to police the online world appears to stack up well globally. Although the right size of an online safety regulator is a question probably better answered further down the line, the UK’s financial and political support for the work of Ofcom in making digital spaces safer will only assist in working in the same context as the considerable financial resources of big tech firms. 

NRAs have been frequently cast as ill-equipped to engage with the technical elements of digital markets, and the addition of labour-intensive tasks (such as those associated with content moderation provisions) will further stretch capacity, which is already limited in some instances. Unlike the better established credibility traditional telecoms regulators carry into upcoming telecoms activities, including the UK’s Telecoms Access Review or the EU’s forthcoming Digital Networks Act, the effective and timely implementation of ambitious legislation such as the DSA and Online Safety Act will be central to developing the credibility of these same regulators in their new duties. With Ofcom well-situated among its peers to act on its duties, the UK may actually be on course to become (certainly one of) the safest places in the world to go online.