The European Union Parliament’s main political groups have reached an agreement on a draft law aimed at preventing the spread of online child sexual abuse material (CSAM). The legislation requires digital platforms in the EU to detect and report such content, with the EU Centre playing a critical role in the process. The Centre, possibly located in the Hague, will have extensive legal capacity and will be responsible for searching for CSAM in publicly accessible content. Furthermore, the Centre must be independent and have a Fundamental Rights Officer to ensure tasks are carried out correctly.
Europol, the EU’s law enforcement agency, can request information from the Centre, which will be shared through a secure exchange communication tool. The Centre must forward any unfounded reports to Europol, and access to personal data in Europol’s systems will be granted only on a case-by-case basis, ensuring data privacy. In recent years, Europol has come under scrutiny for data processing practices outside its mandate, prompting a revision of its operations.
Germany has proposed separating the more controversial aspects of the draft law, such as encryption and detection orders. These orders, issued to communication services to detect suspected CSAM, have been criticized for potentially breaking end-to-end encryption and compromising data security and privacy rights. However, the new text stipulates that the technologies used must be independently audited for performance and should not apply to end-to-end encryption.
Finally, the draft law addresses the role of software application stores in relation to CSAM. Providers are required to make reasonable efforts to ensure apps not suitable for children are indeed inaccessible to them. Age verification systems may also be implemented, but are not mandatory, for porn platforms. The regulation also allows for anonymous reporting of CSAM by users or entities.