Online child sexual abuse: New compromise stresses risk assessment, detection, reporting

The new compromise text, dated 27 March, was sent to the Law Enforcement Working Party, responsible for tasks concerning legislation and operational issues associated with cross-border policing.

The draft legislation currently considered will have member states’ authorities assess the risk of online service providers, such as social media platforms. Based on this risk categorisation, authorities will have to implement appropriate monitoring and mitigation measures, as well as issue detection orders.

Member states must designate competent authorities to implement the legislation, one acting as the Coordinating Authority. Competent authorities are national juristical authorities, while the Coordinating Authority in each EU country oversees risk assessments and mitigation measures, as well as efforts to detect, report, and remove CSAM.

Detection orders

The new text proposes excluding non-public electronic services, such as those for national security, from the regulation. These services have lower CSAM risk and data protection concerns, the draft says.

The draft empowers Coordinating Authorities to adjust risk measures for hosting and communication providers without impeding their investigative powers, possibly through fines. Providers can transparently inform users of their compliance.

Another Belgian presidency document, reported on by Euractiv, gives details of the risk classifications that will guide mitigation measures and detection orders.

A previous text by the presidency outlined the Coordinated Authorities’ roles when it comes to risk categorisation or detection orders, some of which were now included in the compromise text.

In the latest iteration of the legislation, detection orders, issued by the Coordinating Authority, exclude calls via public communication services.

Risk assessment

If a detection order is overturned, service providers must restore access promptly.

Reporting

Read more with Euractiv