In its communication presenting the new EU strategy for a more effective fight against child sexual abuse, the European Commission announced a series of measures to tackle child sexual abuse online, including new legislation.

On 10 September 2020, the Commission presented a first legislative proposal, containing an interim regulation allowing number-independent interpersonal communications services, such as webmail, messaging services and internet telephony, to derogate from the privacy rules contained in the ePrivacy Directive to enable them to continue to detect and report child sexual abuse material online on a voluntary basis. The act was adopted on 14 July 2021 and entered into force on 02 August 2021. It is limited until 3 August 2024

Together with its new European strategy for a Better Internet for kids (BIK+), the Commission published on 11 May 2022 a proposal on permanent rules, which are intended to replace the interim regulation. The proposed rules will oblige providers to detect, report and remove child sexual abuse material on their services. Providers will need to assess and mitigate the risk of misuse of their services and the measures taken must be proportionate to that risk and subject to robust conditions and safeguards. They also foresee the creation of a new independent EU Centre on Child Sexual Abuse (EUCSA) to facilitate the efforts of service providers by acting as a hub of expertise. Compared to the interim regulations, these include mandatory measures to detect and report child sexual abuse. In case this long-term legislation is adopted and enters into force before the expiry date of the temporary regulation, it shall repeal the temporary regulation. 

At the Parliament the file has been allocated  to the Civil Liberties, Justice and Home affairs Committee (LIBE). On 10 October 2022 the Commissioner responsible for security, Ylva Johansson, presented the draft regulation at LIBE.

The draft report was published by the rapporteur (Javier Zarzalejos (EPP/Spain) on 19 April 2023. He welcomes and shares the proposal’s main aims. Yet the draft report includes a number of new elements. For instance, it includes in its scope search engines and other artificial intelligence systems and limits CSA scanning in E2E encryption to metadata analysis in order to detect suspicious patterns of behavior without having access to the content of the encrypted communication. It also includes the creation of a Victims' Consultative Forum at the EUCSA and foresees the possibility for the continuation of voluntary CSA detection efforts in addition to the mandatory ones. It also proposes reinforcing prevention as part of the mitigation measures to be taken by providers, such as safety and security design for children by default, functionalities enabling age assurance and enhanced parental control tools, allowing flagging and/or notifying mechanisms.

The rapporteur agrees that the rules should be laid down in a technology-neutral and a future-proof manner to encourage innovation. A key guiding principle is the compliance with the prohibition of a general monitoring obligation enshrined in European legislation and case-law of the European Court of Justice. He welcomes the set of safeguards introduced in the proposal and the EDPB-EDPS Joint Opinion which has been taken into account in the drafting of his report.  

The rapporteur supports the creation of the EUCSA. Regarding its seat, he aligns the provisions of the proposal with the recent case-law of the European Court of Justice. The amendments tabled in committee were published on 30 May 2023. On 14 November 2023 the draft report was adopted in LIBE committee and on 16 November 2023 the LIBE report was adopted in Plenary. On 22 November 2023 the LIBE committee decision to enter into interinstitutional negotiations was confirmed by plenary (Rule 71).

At the Council, work is ongoing but no common position was reached in 2024. Neither the Belgian nor the Hungarian presidencies of the Council of the EU  managed to reach an agreement by the end of their mandates.

The Polish Presidency of the Council did not reach a Council position. It is now for the Danish presidency which starts in July 2025  to find it as its sees stronger online protections for minors as a top EU priority for its mandate.

On 6 February 2024 Commission published a proposal on combatting child sexual abuse(both online and offline), which covers also offences such as livestreaming of child sexual abuse and intentional access and dissemination of CSA deepfakes. See our file 'Proposal for a revision of the combating child sexual abuse Directive (2011/93/EU)' for more details.

On 15 February 2024 Council and Parliament reached a provisional agreement to extend the interim regulation on a temporary derogation from certain provisions of the e-privacy directive for voluntary detection of online CSA until 3 April 2026. Derogation allows streaming and video media applications to voluntarily detect, report and remove CSAM. Parliament approved the agreement on 10, and Council on 29 April 2024.

See also our files 'e-Privacy Directive: Derogation to combat child sexual abuse online' and 'EU Strategy for a more effective fight against child sexual' abuse' in the same train.

References:

• EP Legislative Observatory, Rules to prevent and combat child sexual abuse, 2022/0155(COD)   
• European Parliament, Child sexual abuse online: current rules extended until April 2026, Press release, 10 April 2024     
• European Commission, Proposal for a Regulation of the European Parliament and the Council laying down rules to prevent and combat child sexual abuse, COM(2022) 209 
• European Commission, Communication to the European Parliament, the Council, the European Economic and Social Committee and The Committee of the Regions 'A Digital Decade for children and youth: the new European strategy for a better internet for kids (BIK+)', COM(2022) 212
• European Commission, Communication to the European Parliament, the Council, the European Economic and Social Committee and The Committee of the Regions EU strategy for a more effective fight against child sexual abuse, COM(2020) 607
• European Commission, Proposal for a Regulation of the European Parliament and of the Council on a temporary derogation from certain provisions of Directive 2002/58/EC of the European Parliament and of the Council as regards the use of technologies by number-independent interpersonal communications service providers for the processing of personal and other data for the purpose of combating child sexual abuse online, COM (2020) 568
• European Parliament, Committee on Civil Liberties, Justice and Home Affairs report on the proposal for a regulation laying down rules to prevent and combat child sexual abuse,  2022/0155(COD)
• European Economic and Social Committee, Opinion on the proposal for a regulation laying down rules to prevent and combat child sexual abuse, EESC 2022/02804

Further reading:

• European Parliament, EPRS, Combating child sexual abuse online, Legislative briefing, November 2024.
• European Parliament, EPRS, Preventing and combating child sexual abuse, Initial appraisal of a Commission impact assessment, Briefing, November 2022
• European Parliament, EPRS, Proposal for a regulation laying down rules to prevent and combat child sexual abuse, Complementary Impact assessment, Study, April 2023
• European Parliament, EPRS, Curbing the surge in online child abuse, Briefing, November 2020.

Author: Mar Negreiro, Members' Research Service, legislative-train@europarl.europa.eu