Ofcom, the UK's communications regulator, has opened what it calls a pre investigation into Telegram under the Online Safety Act, after a court heard that a handler tied to a Russia linked sabotage network used the platform to direct a 22 year old to set fire to a car and two…
A Telegram account called El Money, writing in Russian and Ukrainian and linked by police to a sabotage network based in Russia, offered a 22-year-old British man roughly £3,000 in cryptocurrency to torch a car and two properties tied to Keir Starmer, film the results, and get the footage on the news, according to court reporting by The Guardian. Police later recovered more than 320 messages between handler and recruit. Only after that arc played out in a British courtroom did a UK regulator most people outside the country have never heard of do something it had never done before: formally ask Telegram to explain itself.
The regulator is Ofcom, the UK's communications watchdog, and the law it cited is the Online Safety Act, the 2023 statute that for the first time forces large platforms to proactively assess the risk of illegal content on their services and take "appropriate" mitigation. In what an Ofcom spokesperson described informally as a pre-investigation, the regulator has written to Telegram to seek clarification on how the company detects and prevents illegal incitement, according to The Guardian. Telegram did not respond to the newspaper's request for comment on the new contact.
The trigger for the contact is the May 2025 conviction of Roman Lavrynovych, 22, for conspiring with others to commit arson on a Toyota in north London that Starmer once owned, and on two properties linked to the prime minister. His co-defendant Stanislav Carpiuc, 27, was found guilty of one count of arson. Sentencing is scheduled for Friday. The case is the first visible UK test of whether the Online Safety Act can reach a platform long framed, fairly or not, as one of the least moderated large messaging services in the West.
The message trail is what makes the story read less like a lone crime and more like a test of platform accountability. The El Money account, also rendered as "Hroshi" in Ukrainian, sent Lavrynovych instructions from September 2024 onward. The handler offered about £3,000 in cryptocurrency to set fires, film them, and get the footage on the news, and afterwards told him to leave the UK, according to evidence summarized in The Guardian's court reporting. The Financial Times and the BBC reported on Monday that Lavrynovych had been recruited several months before the arson, and that the El Money account has been linked to a sabotage network based in Russia. The cross-border attribution is not an independent finding here; it travels through the FT and BBC as cited by The Guardian, and the underlying attribution to a Russian network should be read as reported, not established.
What Ofcom can actually do under the Online Safety Act is narrower than the press release cadence suggests. The statute imposes broad risk-assessment and "illegal content" duties on social media companies with UK links. Ofcom's role is to assess whether a platform's measures are adequate and to enforce against failures. It can issue fines of up to £18 million or 10% of global turnover, demand transparency reports, and, in serious cases, seek court orders requiring a platform to make specific changes. It cannot, on its own, order Telegram to take down a specific post or to hand over an account, and it is not a prosecution body. Calling the current step a pre-investigation is Ofcom's own framing; it is not a formal enforcement opening and does not carry a penalty.
That distinction matters because Telegram's defenders will, fairly, point out that the platform is a private messaging service, not a public square. Telegram was founded by Russian-born Pavel Durov and relocated to Dubai in 2017. It is now effectively blocked in Russia after an April Kremlin crackdown, but it remains widely used in Ukraine, where military and government officials have been barred from official work phones for the past two years, a useful reminder that the same platform is treated very differently by the states on either side of the conflict.
Ofcom has already crossed swords with Telegram once this year, and the two fights should not be conflated. In April 2026 Ofcom opened a separate investigation into whether Telegram is doing enough to prevent the spread of child sexual abuse material on its service. Telegram has publicly said it had "virtually eliminated" CSAM and called the Ofcom accusation false. The current contact is a different animal: a pre-investigation focused on illegal incitement detection, triggered by a real-world UK conviction rather than by a proactive scan of the platform.
What the case actually shows is what the Online Safety Act's first major Telegram encounter does and does not catch. It catches the aftermath: a UK court has already found that more than 320 recruitment messages moved through the platform, and the regulator can now write to the company and demand an account of its detection mechanisms. It does not catch the pipeline itself. The recruitment and coordination succeeded, the arson happened, and only then did the regulator step in. Whether Ofcom's engagement now does anything to deter the next handler is the open question, and it is the one the statute was supposed to answer.
The answer, for now, is that the law is being asked to do two things at once, and it is not clear it can do both. It is being asked to legitimize a UK regulatory reach over a Dubai-headquartered, globally-used messaging app whose founder left Russia and whose app is now banned there. And it is being asked to deter a recruitment model that, on the evidence in this case, did not need Telegram's permission to work. Ofcom's next move, whether it opens a formal investigation after Telegram responds, and whether it uses the existing CSAM file to pile pressure on, will be the first real test of whether the Online Safety Act's deterrent power extends past the crime scene.