Answer given by Ms Johansson on behalf of the European Commission
25.5.2023
1. The impact assessment accompanying the proposed child sexual abuse (CSA) Regulation[1] presents the outcome of experts’ consultations on technologies to detect online CSA, including on end-to-end encrypted (E2EE) services. Clientside solutions may enable the detection of CSA on device, prior to the encryption of such communication. Whether a detection order imposing any restriction of the fundamental rights at stake complies with Article 52(1) of the Charter of Fundamental Rights of the European Union and other EU law must be assessed on a case-by-case basis, including within the strict legal limits set out in the proposal. The proposed involvement of data protection authorities in the process of imposing and implementing detection orders helps ensure respect for EU data protection law.
2. Dark web platforms act in a covert manner that renders difficult the enforcement of legal obligations towards them. The Commission is examining ways to tackle CSA on the dark web in the context of the revision of Directive 2011/93/EU[2]. That said, grooming occurs in the ‘clear’ web, using online services that children also use. As to CSA material, recent data[3] shows that, contrary to popular belief, this is primarily hosted on the clear web, not in the dark web. The fact that clear web services are extensively used for online CSA is evident when looking at the number of reports (i.e. 31 802 525) that the National Center for Missing & Exploited Children received in 2022 from electronic service providers operating in the clear web. 74% of these reports came from a chat, messaging, or email service and an additional 18% from social media or online gaming platforms, which may also have integrated messaging or chat services.
3. The Commission is not aware of any expert consensus on the absence of a technical solution that can offer access to E2EE content without removing the E2EE.