EU comes to political agreement to continue the use of online tools against CSAM



The Commission welcomes today's political agreement between the European Parliament and the Council on the proposed interim legislation regarding the detection of child sexual abuse online by communications services. This legal adjustment was urgently needed to give certain online communications services such as webmail and messaging services legal certainty in their voluntary measures to detect and report child sexual abuse online and to remove child sexual abuse material, as such services fell under the e-Privacy Directive as of 21 December 2020. The new Regulation will provide guarantees to safeguard privacy and protection of personal data. The voluntary measures play an important role in enabling the identification and rescue of victims and reducing the further dissemination of child sexual abuse material, and contribute to the identification and investigation of offenders as well as the prevention of offences.

The rules agreed today have a narrow scope: they will create a temporary and strictly limited derogation concerning the voluntary detection activities of the online communication services. The main elements of today's agreement include:

  • A definition of child sexual abuse online in line with the existing EU rules on child sexual abuse, including content constituting child sexual abuse material and solicitation of children.

  • Complaint mechanisms so that content that has been removed erroneously can be reinstated as soon as possible.

  • Human oversight for any processing of personal data including, where necessary, human confirmation before reporting to law enforcement authorities or organisations acting in the public interest.

  • Guarantees to protect privacy: Service providers will have to ensure that the technologies they use to detect child sexual abuse online are the least privacy-intrusive.

  • Data protection safeguards: Service providers will have to consult with data protection authorities on their processing to detect and report child sexual abuse online and remove child sexual abuse material. The European Data Protection Board will also be asked to publish guidelines to assist the relevant authorities in assessing compliance with the General Data Protection Regulation of the processing in scope of the agreed Regulation.

  • The Commission will have to establish a public register of organisations acting in the public interest against child sexual abuse, with which providers of online communications services can share personal data resulting from the voluntary measures.

  • Transparency and accountability to be supported by annual transparency reports.

  • A 3-year limit on the application of the Regulation, allowing time for the adoption of long-term legislation in this area.

Next steps

The Regulation must now be formally adopted by the European Parliament and the Council.

This interim Regulation will cease to apply at the latest 3 years from its application. As announced in the EU Strategy for a more effective fight against child sexual abuse and in the Commission Work Programme for 2021, the Commission will propose later this year new comprehensive legislation with detailed safeguards to fight child sexual abuse online and offline. These long-term rules will be intended to replace the interim legislation agreed today.


Members of the College said:

Executive Vice-President for a Europe fit for the digital age, Margrethe Vestager said: "Today's agreement helps to make the Internet safer for children, which is one of our priorities. The temporary derogation in the Regulation agreed today provides legal clarity on voluntary actions to detect, report and remove child sexual abuse. Both for users and providers of online communications services. At the same time, the legislation contains the necessary safeguards regarding the protection of fundamental rights of users."


</