Wikipedia has lost its High Court challenge against the UK’s Online Safety Act, a ruling that could have far-reaching implications for how the online encyclopaedia operates in Britain and how the wider internet is regulated.

What Was the Challenge About?

The case was brought by the Wikimedia Foundation, the non-profit organisation that runs Wikipedia, alongside a UK-based volunteer editor. Their legal challenge focused on a specific part of the Online Safety Act known as the Categorisation Regulations. These rules decide which websites and online services fall under the law’s most stringent requirements, known as Category 1.

Category 1 platforms face additional obligations designed to curb harmful online content. For example, they must put in place systems to prevent children from accessing illegal or harmful material, enforce stricter moderation policies, and verify the identities of contributors. For Wikipedia, which relies on anonymous and pseudonymous volunteers to write and update its 65 million articles across 300 languages, this requirement was seen as fundamentally incompatible with how the site functions.

Wikimedia argued that being classified as Category 1 would undermine the privacy of its 260,000 active volunteer editors worldwide, exposing them to risks ranging from harassment to potential prosecution in authoritarian countries. The Foundation also warned that complying with such rules would require major changes to Wikipedia’s open model and could restrict access for UK users, either by cutting off large parts of the site or disabling core editing functions.

Wikipedia’s Challenge Dismissed

The case was heard at the High Court of Justice in London in July, with the ruling delivered on 11 August. Mr Justice Johnson dismissed the challenge, ruling that the Secretary of State for Science, Innovation and Technology had acted lawfully when deciding how the regulations should be applied.

The judge rejected Wikimedia’s claim that the rules were inherently irrational or too broad. However, the judgment stopped short of granting the government and Ofcom (the UK’s communications regulator) a “green light” to impose obligations that would significantly damage Wikipedia’s operations. Instead, the court emphasised that regulators still have a duty to ensure that public interest platforms such as Wikipedia are not unfairly harmed as the Act is implemented.

Wait Until Next Year

Importantly, Ofcom has not yet confirmed whether Wikipedia will be designated as a Category 1 service. That decision is expected later this year. The court noted that if Wikipedia is classified in this way and can no longer operate effectively, Wikimedia may have grounds to bring a fresh legal challenge.

What Happens Next?

For now, Wikipedia remains accessible to UK users as normal. However, the outcome of Ofcom’s categorisation process will be critical. If the encyclopaedia is placed in Category 1, the Foundation would face the unenviable choice of either overhauling its model by introducing identity checks for editors and stricter content controls or risking fines and potentially being blocked in the UK.

Will Keep Engaging With Ofcom and the Government

Wikimedia has said it will continue engaging with Ofcom and the government to find a workable solution. The Foundation also stressed that it views the ruling as a signal that regulators must tread carefully in applying the Act. The judgment recognised the “significant value” of Wikipedia and the risks to human rights if its contributors were forced to give up anonymity.

The UK government, however, welcomed the decision, arguing that the Act is essential for creating a safer online environment. Ministers have repeatedly said the law is not intended to target smaller or non-profit platforms, but rather to hold the largest and most influential services accountable.

Why Does This Matter for Wikipedia and the Internet?

At its core, this case reflects the tension between child safety and free knowledge online. Wikipedia is the fifth most visited website in the world, drawing more than 15 billion views every month. In the UK alone, its content is accessed hundreds of millions of times per month, including through school curricula such as the Welsh-language version, which is the most popular Welsh website globally.

The concern is that sweeping rules designed with large commercial platforms in mind, such as social media networks or adult content sites, could inadvertently capture collaborative knowledge projects. By forcing identity verification, the law could undermine the very openness and volunteer-driven nature that has made Wikipedia one of the most trusted sources of information.

Digital rights organisations have warned that the Act’s broad scope risks collateral damage. Groups such as the Electronic Frontier Foundation and the Open Rights Group have argued that blanket obligations may erode free speech, privacy, and editorial independence. They note that anonymity is not just a shield for trolls, but a lifeline for vulnerable people, including dissidents, journalists, and LGBTQ+ individuals who may otherwise be unable to contribute safely.

What Do Privacy and Child Safety Advocates Say?

Privacy campaigners have said that forcing contributors to hand over identity documents or undergo verification could expose them to data breaches or surveillance. In the worst cases, it could make volunteers targets for legal action in countries with harsh censorship laws. For example, Robin Wilton of the Internet Society has warned that weakening online anonymity often “exposes everyone, not just bad actors”.

Child Safety Charities Pleased

On the other side of the debate, child safety charities have welcomed the Act, arguing that the internet has long lacked accountability. They believe stronger rules are necessary to protect young people from harmful material, ranging from self-harm forums to violent pornography. These groups argue that platforms with significant reach and influence (whether commercial or not) must share responsibility for ensuring that harmful content is not easily accessible.

The Wider Implications

The High Court’s decision has sparked broader debate about the future of the internet in the UK and beyond. For example, if Wikipedia is required to comply with obligations designed for commercial giants, it raises questions about whether other non-profit or community-led platforms could face similar challenges. Some small forum operators have already shut down message boards, citing an inability to pay for age verification systems or the risk of large fines.

For businesses, the ruling highlights the increasing complexity of operating online services in the UK. Companies that rely on Wikipedia as a knowledge resource, including schools, libraries, and media outlets, could face disruption if the site is restricted. More broadly, the case demonstrates how regulatory approaches intended to improve online safety may reshape the digital environment for all stakeholders, potentially reducing openness and participation in favour of stricter control.

In practical terms, Ofcom now faces the task of balancing the government’s safety objectives with the need to protect platforms that serve the public interest. The regulator’s decisions later this year will determine not only Wikipedia’s future in the UK but also how flexible the Online Safety Act can be in practice.

What Does This Mean For Your Business?

What happens next will depend heavily on how Ofcom interprets its role. The court appears to have placed the responsibility squarely on the regulator to ensure that the Act is not applied in ways that damage public-interest resources such as Wikipedia. If Ofcom takes a strict line and categorises the site as Category 1, it would trigger requirements that may be unworkable for a volunteer-driven encyclopaedia. If it takes a more flexible approach, or recommends changes to Parliament, it could preserve both the goals of online safety and the principle of open access to knowledge.

For UK businesses, the outcome is likely to be more than a theoretical concern. For example, many companies, particularly in research, education, media and publishing, depend on Wikipedia as a readily accessible knowledge base. Any disruption to the platform’s availability could make training, communications and fact-checking more difficult. Schools and universities would also be affected if the site was restricted or stripped of key features. For firms operating online platforms themselves, the case is a reminder that compliance burdens are growing and that regulation designed for large tech firms can have unintended knock-on effects across the wider economy.

Campaigners argue that the stakes go further still. If collaborative projects such as Wikipedia are forced into compliance regimes built for social media giants, smaller online communities will almost certainly struggle to survive. That risks narrowing the diversity of online voices and discouraging innovation. On the other hand, advocates for stronger safety measures insist that the internet cannot continue to operate on principles designed in an earlier era, and that accountability must be applied across the board if young people are to be protected from harmful content.

The balance now lies in how regulators and government choose to enforce the Act. The High Court has made clear that there are limits to what can reasonably be demanded of platforms like Wikipedia. Whether those limits are respected will shape not only the future of the world’s largest encyclopaedia, but also the broader character of the internet in the UK.

Average ransomware payments have more than doubled in the past quarter, while stolen credentials are driving a sharp rise in breaches.

Coveware by Veeam reported the average ransom payout in Q2 2025 hit $1.13 million, up 104 per cent on the previous quarter. The median payment also doubled to $400,000, with larger organisations paying out in data exfiltration-only incidents, where files are stolen rather than systems encrypted. Data theft was a factor in 74 per cent of cases.

Criminal groups such as ‘Scattered Spider’, ‘Silent Ransom’ and ‘Shiny Hunters’ are using targeted social engineering to impersonate staff, trick helpdesks, and exploit third-party providers. “Attackers aren’t just after your backups – they’re after your people, your processes, and your data’s reputation,” warned Coveware CEO Bill Siegel.

At the same time, Check Point found credential theft has surged 160 per cent in 2025, now causing one in five breaches. Many businesses take months to revoke exposed logins, giving attackers time to exploit them.

Security experts advise organisations to enforce multi-factor authentication, tighten password policies, and train staff to spot social engineering. Treating stolen credentials and data theft as primary risks is now seen as essential.

A Hamburg–Lisbon startup is turning agricultural waste into protein powder using microbes, producing vegan dog treats today and working towards reshaping tomorrow’s food system.

MicroHarvest

MicroHarvest was founded in 2021 by Katelijne Bekers, Luísa Cruz, and Paulo Teixeira, and operates between Hamburg and Lisbon. The company specialises in microbial fermentation, a process that uses bacteria to convert by-products from the agricultural industry into protein-rich biomass.

At its Lisbon pilot plant, based in a former military food factory now known as the Unicorn Factory, large fermenters are filled with microbes and fed residual sugars from crops. Within 24 hours, those microbes multiply rapidly, creating a thick broth that is harvested, inactivated, and dried into a beige powder resembling flour. The result is a product with over 60 per cent protein content, alongside fibre, essential amino acids, iron, and vitamin B2.

MicroHarvest describes its approach as sustainable, scalable, and highly efficient. A life-cycle analysis suggests its process generates only 1.4 kg of CO₂ per kilogram of protein, two to three times less than most plant-based proteins and dramatically less than beef or dairy.

What Products Are Already on the Market?

While human consumption awaits regulatory approval, MicroHarvest has already moved into the pet-food sector. For example, in 2024, the company partnered with German brand VEGDOG to launch Pure Bites, a dog treat made with microbial protein, potato, and apple pomace. The snack was introduced at Interzoo Europe, one of the continent’s largest pet-food trade events, and is marketed as hypoallergenic, nutritious, and suitable for dogs with intolerances.

Dogs More Receptive To Microbial Protein Treats

Interestingly, palatability trials carried out by MicroHarvest found that dogs were more receptive to microbial protein treats than to poultry-based alternatives, with 85 per cent acceptance compared to 75 per cent. Also, a consumer survey across the UK and Germany showed similar openness, with around 78 per cent of dog owners saying they would consider buying pet food containing microbial protein.

This early focus on pet nutrition appears to make sense for the company as the animal feed and pet food sectors are less tightly regulated than human products, thereby enabling a faster route to market. They also represent a growing sector where sustainable, alternative protein sources are in high demand.

How the Technology Works

MicroHarvest’s process is based on microbial fermentation, a technique familiar from traditional foods such as yoghurt, kefir, and sauerkraut. The company cultivates specific bacterial strains in bioreactors, using agricultural by-products like molasses or other sugar streams as feedstock.

Once the microbes have multiplied, the biomass is separated, the cells are inactivated through heat treatment, and the material is dried into a stable protein powder. The entire cycle takes less than a day, compared with months for growing soy or years for raising livestock.

According to the company, the method reduces land use by up to 99 per cent and cuts carbon emissions by more than 70 per cent compared to beef. Also, because the process is carried out indoors, it can be established close to existing food or feed industries, bypassing the need for extensive farmland.

Why It Matters for Sustainability

The global demand for protein is expected to increase by around 50 per cent by 2050. Meeting that need through conventional farming would intensify deforestation, water use, and greenhouse gas emissions. Alternative proteins are seen as essential to bridging the gap without worsening environmental pressures.

A 2022 study in Nature suggested that replacing just 20 per cent of global beef consumption with microbial proteins could halve annual deforestation rates by mid-century. For companies like MicroHarvest, these figures highlight the potential of microbial protein to play a serious role in climate and food-security strategies.

MicroHarvest’s stated aim is to deliver protein that is not only sustainable but also versatile. Beyond dog treats, the company is developing applications in aquaculture feed, livestock diets, and eventually human food products such as shakes, protein bars, and dairy alternatives.

The Wider Landscape of Fermentation-Based Proteins

It’s worth noting here that MicroHarvest is certainly not alone in pursuing microbial solutions. The sector has attracted nearly $1 billion in global investment over the past year, with Europe claiming close to half of that. Examples of other companies in this space include:

– Finland’s Solar Foods, which has developed Solein, a protein made from microbes fed with hydrogen and carbon dioxide captured from the air. Its first commercial facility is under construction and it has received approval for human consumption in Singapore.

– Germany’s Formo, which is using precision fermentation to produce casein proteins for dairy-free cheese.

– Dutch company Vivici, which has raised over €30 million in 2025 to scale animal-free whey proteins made with microbes.

– UK-based Enough cultivates fungi to create mycoprotein, used in plant-based meat substitutes.

Also, large food companies such as Nestlé and Unilever are partnering with startups to explore microbial protein for mainstream products, seeing the potential for lower-impact ingredients that can appeal to sustainability-minded consumers.

Hurdles

Despite the momentum, microbial protein faces some serious hurdles. The first is, of course, regulation. MicroHarvest has already submitted a full dossier to the European Food Safety Authority seeking approval for human use. The process involves extensive safety and DNA screenings, and while the company is optimistic, approval timelines remain uncertain. Other alternative-protein startups have seen years of delay in Europe, forcing some to launch in more permissive markets such as Singapore.

Cost is another key concern. While microbial fermentation is highly efficient, building large-scale production plants requires significant capital investment. MicroHarvest has announced plans for a 15,000-tonne facility by 2027, more than 40 times its current output, but scaling to that level will test both its technology and its financial backing.

Consumer perception is a further challenge. For example, although microbes are commonplace in familiar foods, the idea of eating “bacteria powder” may not appeal to all shoppers. Industry observers note that how the products are framed, whether as “fermented protein” or as “next-generation ingredients”, could influence public acceptance.

The competitive landscape is also intensifying. For example, dozens of startups are experimenting with different microbes, feedstocks, and fermentation technologies. At the same time, insect protein, cultured meat, and plant-based innovations are all vying for space in the growing alternative-protein market.

What Does This Mean For Your Organisation?

The balance for MicroHarvest and its peers lies in proving they can deliver at scale while keeping costs competitive and building trust with regulators and consumers. If they succeed, microbial proteins could become more than a niche ingredient, offering a reliable and efficient source of nutrition at a time when global demand is set to rise sharply. For UK businesses in particular, this could mean opportunities in supply chain partnerships, retail adoption, and product innovation across both pet and human food markets. It also raises questions for existing agricultural producers, who may need to adapt to the emergence of new protein streams that use fewer resources and appeal to environmentally conscious buyers.

For policymakers and regulators, the challenge will be how quickly they can evaluate and approve these technologies without compromising safety. Investors, meanwhile, will be watching closely to see which companies can move from pilot plants to full commercial output. MicroHarvest’s ambition to open a 15,000-tonne facility in just two years will be one such test.

The future of food will not be decided by a single technology, but microbial protein now has a seat at the table. Whether it becomes a mainstay of diets or remains limited to specialist markets will depend on cost, regulation, and public acceptance. For now, the evidence suggests it has the potential to deliver real sustainability gains, and businesses across Europe and beyond are positioning themselves to find out just how far this promise can go.

Did you know? ChatGPT makes it really easy to share your prompts (and subsequent conversations) by giving you a hyperlink. This video shows you how to collaborate with your colleagues by sending them links to entire prompts/outputs, right in the heart of the platform itself.

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Need a quick answer or idea without waiting? If you’re using GPT‑5, switching to “Fast” mode gives you instant results with minimal delay.

How to:

– Make sure you’re using GPT‑5 in ChatGPT (available to Plus, Team, and Pro users).
– In the model dropdown at the top, select Fast.
– Enter your question or prompt as usual, e.g. “List three ways to improve team productivity.”

What it’s for:

Ideal for simple questions, lists, ideas or light research when you’re short on time and don’t need deeper reasoning.

Pro‑Tip: If the response is too basic, switch to “Thinking Mini” (if you have access to it GPT‑5) or full “Thinking” mode for more detailed insights – each mode balances speed and depth differently.

As employees increasingly snap summer photos on work phones and sync them to corporate cloud storage, UK businesses are facing fresh legal and data protection risks, so this article looks at where the boundaries lie, what the law says, and what employers should do next.

Blurred Lines Between Work and Personal Life

It has become second nature for many employees to reach for their phones during a beach day, family BBQ, or office-social. However, when that phone is company-issued (and backed up to a business-managed cloud) those sunny snapshots can come with unexpected regulatory baggage.

As of 2025, the line between personal and professional device use remains hazy, particularly in organisations without strict mobile device management policies. Whether employees are using work-issued smartphones or accessing business services through their own phones under a bring-your-own-device arrangement, the organisation’s GDPR responsibilities still apply.

For example, if an employee takes a group photo at a summer party using their company iPhone, then syncs it to OneDrive or a shared Google Workspace folder, the image may qualify as personal data. If the photo contains identifiable facial features, it could even fall under the UK GDPR’s stricter rules for special category data.

What Counts as Personal Data and Why It Matters

According to the UK GDPR, personal data refers to any information relating to an identified or identifiable individual. This can include names, locations, and biometric identifiers such as facial images.

Photographs often fall into this category. In a 2023 blog post directed at photographers, the Information Commissioner’s Office (ICO) reiterated that even casual images taken at informal gatherings can qualify as personal data if faces are clearly visible, or if the photo’s metadata reveals identifiable information.

Also, as data protection consultancy URM has warned, many organisations do not realise they are processing special category data when they store or distribute images of individuals. It described this as a potential compliance gap, particularly when personal and work-related photos mix.

This gap has already caused real-world issues. For example (back in 2022) a Midlands-based employer was investigated following a subject access request in which an employee discovered that images shared informally via a work cloud had been stored and potentially processed without lawful basis. Although no fine was issued, the ICO cautioned that such incidents could result in formal enforcement action in future.

GDPR Meets the Summer Sharing Culture

The warmer months typically see a rise in casual image sharing, from staff parties to client events to informal selfies. These images often land, unintentionally, in business systems such as shared drives, messaging apps, or Microsoft Teams folders.

Under UK GDPR, however, even internal-only use of personal data requires a lawful basis. Organisations must also notify individuals that their data is being processed and explain their rights, including the right to object or request deletion.

In practice, this compliance is often lacking. A 2024 study by Harper James Solicitors found that 38 percent of UK SMEs had no documented policy on employee photography or image storage. Of those that did, only 17 percent provided GDPR-compliant privacy notices to staff.

It is not only formal photos that pose a risk. Informal selfies taken on work phones and automatically uploaded to company cloud services may inadvertently become visible to system administrators or be exposed in a data breach. If family members or children appear in these images, the data protection concerns become even more serious.

Cloud Storage

Modern business devices are usually set up to back up automatically to cloud services. While this protects against data loss, it also means personal images taken on company phones may end up stored in corporate systems.

Cloud providers such as Microsoft, Google, and Apple are classed as data processors under the GDPR when they act on behalf of a business. This means that the employer, as the data controller, must ensure that data processing agreements are in place, the data is stored securely, and any international data transfers are lawfully managed.

For example, if an employee’s photo taken on a company iPhone is backed up to an iCloud account controlled by the IT department and hosted outside the UK, the business is legally responsible for ensuring appropriate safeguards are in place. Failure to do so could constitute a breach of Articles 44 to 49 of the UK GDPR.

The ICO has also issued repeated warnings that businesses using unmanaged cloud platforms without formal access controls may be at risk of unauthorised data access, particularly when employees leave the organisation and their accounts are not promptly deactivated.

Subject Access Requests and Administrative Headaches

The right of access, enshrined in the UK GDPR, gives individuals the ability to request any personal data held about them, including images, chat messages, and stored files. Once a subject access request is received, it must be fulfilled within 30 days.

However, this becomes highly problematic for organisations that allow employees to store personal content on corporate systems. For example, if one employee’s personal data is mixed with private material belonging to others, IT teams may be forced to sift through large volumes of photos, chat logs, or cloud folders to redact non-relevant data.

The Data Use and Access Act 2025, which received Royal Assent in June, places further pressure on employers. It introduces more detailed rules on how organisations must segregate personal and business content in employee data collections, particularly in cases where employees have been dismissed or have made legal complaints. Firms without clear systems in place may struggle to comply without incurring significant cost.

BYOD and Blurred Accountability

Even when companies operate a bring-your-own-device policy, the legal responsibilities do not disappear. Once a personal phone is used to access work platforms such as Outlook, Teams, or SharePoint, any data handled through those services becomes the employer’s responsibility under UK GDPR.

As legal advisors at Sprintlaw UK note, employers must still have robust policies in place to ensure that business data is protected and employees understand what constitutes acceptable use.

This is especially relevant in summer, when employees may inadvertently upload personal photos to business systems while attempting to clear phone space or share files. If a breach occurs and it is found that no technical safeguards were in place, the ICO may hold the business, not the individual, accountable.

What UK Employers Should Consider

Despite the complexity, there are several practical actions employers can take to reduce the risk of summer photo mishaps. For example:

– Organisations should audit company-managed phones and cloud platforms to determine whether personal data, including images, is being stored inadvertently. They should also review and update default sync settings on devices during onboarding and offboarding, and introduce or reinforce clear policies about acceptable personal use of company devices.

– Mobile device management tools should be used to isolate or wipe personal data when necessary. Businesses may also choose to restrict cloud sync functions to business-only folders, or disable photo uploads altogether.

– It is important to communicate clearly with employees that company systems are not private, and that data may be accessed in the event of a subject access request. Employers should issue GDPR-compliant notices explaining how staff photos may be used, especially in internal communications or promotional materials.

– Staff should be given training to help them understand what qualifies as personal data and how to avoid inadvertent data breaches.

This combination of policy, technology, and communication can help organisations avoid compliance pitfalls while maintaining a respectful balance between employee privacy and corporate accountability.

What Does This Mean For Your Business?

Organisations that fail to address these issues head-on could be exposing themselves to far more than just reputational damage. The legal and operational consequences of mishandled personal data, particularly where summer photos are concerned, are growing more tangible, not less. The rise in subject access requests, tighter scrutiny from the ICO, and the introduction of new legislation such as the Data Use and Access Act are all signs that regulators expect more from employers when it comes to separating business and personal data.

For UK businesses, the message is pretty clear. Even low-risk behaviours, like taking a photo at a team BBQ, can become governance headaches if the right controls are not in place. That does not mean personal moments need to be banned from the workplace entirely, but it does mean they must be treated with the same care as any other form of personal data. Failing to do so could leave businesses scrambling to comply with access requests, justify their data retention practices, or explain gaps in policy during an ICO investigation.

The implications extend beyond legal teams and IT departments. HR leaders, department heads, and even marketing teams who reuse internal images must also understand their responsibilities under GDPR. Employees themselves, meanwhile, need clearer guidance about what is and is not appropriate when using work devices for personal use.

Maintaining trust between employees and employers, therefore, depends on clarity, not guesswork. In an age where photos, chats, and uploads are generated with barely a second thought, organisations that take a proactive, structured approach will be far better positioned to navigate the grey areas. Getting this right now is not just about avoiding enforcement, but it is about future-proofing data governance in a working world where the line between personal and professional continues to shift.