Key negotiators in the European Parliament have reached a breakthrough in discussions on a controversial legislative proposal that aims to regulate how platforms respond to child sexual abuse risks. The proposed regulation, presented by the European Commission last year, has elicited significant controversy due to concerns that it might require platforms to scan all users’ private messages.
Key negotiators in the European Parliament have reached an agreement on a substantially revised version of the draft legislation, addressing concerns over blanket and untargeted scanning of private communications. The revised proposal would limit scanning to individuals or groups suspected of child sexual abuse and only for known and unknown child sexual abuse material (CSAM). The legislation would also apply only to platforms that are not end-to-end encrypted, eliminating the risk of forcing encrypted platforms to weaken security.
The European Commission’s proposal, which includes the requirement for scanning platforms to detect both known and unknown CSAM as well as real-time grooming activity, raised alarm as it may breach the EU’s prohibition on general online monitoring. Critics argue that non-targeted scanning of private messages infringes upon fundamental rights and could potentially make users, including children, more vulnerable.
MEPs in the European Parliament have responded to these concerns by proposing significant changes to the legislation. Under their revised version, scanning would be limited to suspected individuals or groups involved in child sexual abuse and would focus solely on known and unknown CSAM, removing the requirement to scan for grooming activity. Importantly, the revised proposal excludes end-to-end encrypted platforms, ensuring that the legislation does not compromise encryption security.
A Comprehensive Approach
Rapporteur Javier Zarzalejos explained that the aim of the regulation is to establish uniform rules for online platforms to assess and mitigate the risks of child sexual abuse. The legislation does not involve massive scanning or general monitoring of the internet, indiscriminate scanning of private communications, or creating backdoors to weaken encryption. Instead, it focuses on legal tools to prevent and combat these heinous crimes.
The revised legislation would require providers to deploy certain technologies only if they fail to comply with the scanning obligation. The deployment of these technologies would be authorized as a measure of last resort by a judicial authority. This approach upholds privacy of correspondence and the security of communications.
The Way Forward
MEP Patrick Breyer emphasized that the parliament has taken a new and consensus-based approach to the legislation by removing contentious points, such as blanket scanning, mandatory age verification, and excluding children under 16 from commonplace apps. The parliament’s proposal includes effective measures to keep children safe online while respecting rights.
One example of a new measure proposed by the parliament is the establishment of an EU Centre to receive and check CSAM reports, which would also be able to carry out searches on hosting service providers’ publicly accessible content. MEPs believe that this “proactive scanning” can clean up the internet without intruding into private messages.
On the prevention side, MEPs are pushing for safety by design requirements, such as defaulting profiles to non-public and seeking user consent before receiving messages or viewing images. They also propose a removal obligation on providers to take down CSAM and involve law enforcement in ensuring its removal from the internet.
The amended file will undergo committee votes and subsequently require the parliament’s approval. Attention will then shift to the European Council, which has yet to establish a common position on the proposal. Trilogue talks among the EU’s co-legislators will decide the final shape of the law.
MEPs encourage the Council to follow the parliament’s unity and consider their proposal. They also urge the Commission to support the parliament’s compromise and abandon non-targeted surveillance measures that experts argue contradict EU laws and fundamental rights.
Time is of the essence, as the temporary derogation allowing platforms to scan non-encrypted messages for CSAM expires next summer. The completion of the legislation before the turnover of the EU’s college due to elections next year would prevent further delays and uncertainty.