EU Parliament nails down agreement on child sexual abuse regulation

The main political groups of the EU Parliament reached an agreement on the draft law to prevent the dissemination of online child sexual abuse material (CSAM) on Tuesday (24 October).

EU Parliament nails down agreement on child sexual abuse regulation -0
The agreed text, seen by Euractiv, focuses on the EU Centre and detection orders. The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs is expected to adopt the file on 13 November, paving the way for the last stage of the legislative process. [Shutterstock/Roman Chekhovskoi]

The proposed regulation aims to prevent and combat CSAM by requiring digital platforms in the EU to detect and report such material. The draft law attracted criticism because, in its original form, it would empower judicial authorities to ask intercommunication services like WhatsApp or Gmail to scan people’s private messages to find suspected content.

The agreed text, seen by Euractiv, focuses on the EU Centre and detection orders. The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs is expected to adopt the file on 13 November, paving the way for the last stage of the legislative process.

EU Centre

The EU Centre will be a central hub of expertise to help fight child sexual abuse in the EU. Following a compromise text in September, which focused on changes in the roles of this body, the current text also introduced some changes.

The EU Centre will enjoy “the most extensive legal capacity accorded to legal persons” under the law of each member state.

Previous versions of the document suggested that the EU Centre should be located in the Hague, in the Netherlands, but this has been a debated part of the file. The new version does not explicitly say where the Centre should be located but states that the location cannot affect the tasks or the recruitment process.

Moreover, it has to be someplace where it can be set up on-site after the regulation comes into effect. The location must ensure “a balanced geographical distribution of EU institutions”, as well as sustainability, digital security, and connectivity “with regards to physical and IT infrastructure and working conditions”.

The Centre will also be able to search for CSAM in “publicly accessible content”, similar to a web crawler, a bot used, for example, by search engines to collect content so they can appear in search results. OpenAI also uses this technology for ChatGPT.

The EU Centre also must be independent and have a Fundamental Rights Officer to oversee the exercising of tasks.

Europol

Europol can request information from the Centre, which, if considered “necessary and proportionate”, has to go through “an available secure exchange communication tool, such as the Secure Information Exchange Network Application”, an information exchanging platform already used by Europol, member states, and third parties.

If the EU Centre finds that a report is “unfounded”, it has to be forwarded to Europol “in accordance with the Union law.”

It is also specified that “access to personal data processed in Europol’s information systems shall be granted only on a case-by-case basis, upon submission of an explicit and justified request, which documents the specific purpose”.

So Europol can only transfer such data to the EU Centre when it is absolutely necessary and is “proportionate to the specified purpose”. In the past years, Europol was at the centre of an investigation by the European Data Protection Supervisor for data processing practices outside of its mandate, which was later on revamped.

Encryption, detection, reporting, and removal orders

Encryption has been perhaps the most debated part of the draft law concerning detection orders, which would be issued to request communications services to detect suspected CSAM.

Digital rights organisations, experts, and messaging apps like Signal or WhatsApp said this tool would break end-to-end encryption, weakening data security and privacy rights.

According to the new text, the technologies used to detect CSAM must be “audited independently as per their performance”, whether provided by the EU Centre or developed by the provider using them.

As the regulation always made it clear that it should be technology-neutral, there are no specific requirements regarding what technology should be used.

The document also says that “the EU Centre shall decide the extent of the audit that will be made publicly available.” This, however, should not apply to end-to-end encryption.

Detection orders should also target a specific group of users. For example, “subscribers to a specific channel of communication”. Even so, there has to be “reasonable grounds of suspicion” about a link to child sexual abuse so that they can be targeted.

The provider also has to “ensure privacy by design and safety-by-design” of technologies by default.

Hosting service providers or providers of number-independent interpersonal services, those not connected to publicly assigned numbers, have to remove or disable access to CSAM “upon the moment” they receive an order to do so.

According to the text, reports can now come from law enforcement authorities, but also from users or entities, “by electronic means”, allowing anonymous reporting.

The role of software application stores with CSAM has also been under discussion for a while.

App store providers designated under the Digital Markets Act are mandated, for apps whose use is not permitted to children, to make reasonable efforts to ensure that is actually the case. MEPs detailed specific criteria for age verification systems.

Age verification systems can also be put into use but are not mandatory, only in the case of porn platforms.

Parliaments

Cambodia strengthens cross-border crime control
Parliaments

Cambodia strengthens cross-border crime control

In 2024, Cambodia cracked down 197 cases relating to human trafficking and sexual exploitation, an increase of over 20% compared to the previous year. The authorities identified 523 victims and arrested 273 suspects and sent them to court, including 30 foreigners.

Indonesia rolls out people's schools initiative
Parliaments

Indonesia rolls out people's schools initiative

Indonesia's Ministry of Social Affairs has identified over 200 potential sites for the establishment of people’s schools (Sekolah Rakyat), a programme designed to provide free, quality education to children from economically disadvantaged families.

Indonesia to convert waste into fuel, power in 30 big cities
Parliaments

Indonesia to convert waste into fuel, power in 30 big cities

Indonesian Deputy Minister of Energy and Mineral Resources Yuliot Tanjung said each city can produce around 20 megawatts of electricity. The products obtained from waste processing will not be limited to electricity but also include fuel oil, which will be produced using pyrolysis technology.

Thailand rolls out anti-scam sandbox
Parliaments

Thailand rolls out anti-scam sandbox

One highlight of the DE fence platform is that it is connected to the databases of telecom operators to obtain the most up-to-date number information. It is also connected to the databases of the Royal Thai Police, the Anti-Money Laundering Office, the AOC 1441 Center, and the DES Ministry.

Indonesia plans over 20 energy projects in 2025
Parliaments

Indonesia plans over 20 energy projects in 2025

Indonesia remains heavily dependent on coal and is one of the world’s top greenhouse gas emitters. However, President Prabowo Subianto has pledged to phase out coal-fired power generation within 15 years and achieve net-zero emissions by 2050.