Britain's Online Safety Act compels platforms to act only on content classified as criminal, so X's 'hate' reports are advisory until a complainant files them under a criminal label.
British Future, a UK social inclusion thinktank, ran an audit this year of 30 posts on X calling Conservative Party leader Kemi Badenoch the N-word. Researchers filed each one through X's "hate, abuse or harassment" reporting flow, the platform's main user-facing channel for non-criminal abuse. According to The Guardian's report of the audit, X did not remove any of the posts on that basis, even after researchers escalated the cases through repeated tickets and a director-level email (The Guardian, 14 Jun 2026).
Two of the 30 came down, and only after a British Future director re-submitted them under a different label: not "hate, abuse or harassment," but "illegal content" under the UK's Online Safety Act, the 2023 law that gives regulator Ofcom enforcement powers over platforms. The same posts, the same evidence, the same target, just a different report button. X treats the two tracks as functionally separate, and the difference is what stayed online.
What stands out is the policy design choice behind the two tracks. The Online Safety Act is built around a binary, illegal or not illegal, and it asks platforms to police that line. X's policy architecture mirrors that binary, with an "illegal content" lane that is enforceable and a "hate, abuse or harassment" lane that is advisory, even when the content is the same. In the British Future data, a UK Member of Parliament can be called a racial slur dozens of times, every instance can be reported in good faith through the platform's own designated tool, and nothing has to happen until someone re-labels the abuse as criminal and starts the process over.
The thinktank's sample did not stop with Badenoch. The same audit describes similarly reported posts targeting the UK politicians Shabana Mahmood and Zia Yusuf, with comparable outcomes. British Future framed the pattern as giving racists "impunity," language the thinktank used and that The Guardian adopted in its headline. That framing belongs to the thinktank and the newsroom, not to X. The company had no on-record response in the Guardian report, and the audit is a single-newsroom, single-thinktank dataset of 30 cases. A larger audit, an X statement, or a second research group could shift the picture.
What is not in dispute is the mechanism. The Online Safety Act's illegal-content duties apply to defined categories of criminal speech. Racist abuse of a named politician that falls short of a criminal threshold sits, in the law's terms, outside the law's frame. Ofcom's codes of practice guide platforms on how to handle the illegal half. The legal-but-abusive half is left to voluntary moderation. X has reportedly chosen, in line with the law, to act on the illegal half and leave the rest. The 30-to-2 outcome is the direct product of that choice (The Guardian, 14 Jun 2026).
The pressure points are visible. Ofcom continues to publish practice guidance under the Act. Civil-society groups have begun publishing escalation templates that walk complainants from the "hate, abuse or harassment" button to the "illegal content" button in a single thread, a workaround that tells users to do the legal classification work the platform will not do. Whether the Act should be amended to add a third category, something like "targeted racial abuse of elected officials" that platforms must act on without criminal-level evidence, is now being put to ministers by the thinktank and others. The current law does not answer it. X, so far, is not answering it either.