On 10 October 2022, Commissioner for European Home Affairs Ylva Johansson presented the new proposed Regulation (COM/2022/209) aimed at tackling online child sexual abuse. The proposed Regulation was originally published on 11 May 2022 and seeks to replace the temporary regime due to expire in August 2024 (Regulation 2021/1232) which only provides for voluntary detection of child sexual abuse material. Notably, during the presentation the Commissioner conceded that there was a risk of a gap between the temporary regime expiring and the new Regulation coming into force. The Commissioner also discussed the challenges around the balance with privacy, encryption and over-moderation, noting that detection orders can only be used if compliant with GDPR.
As a reminder, the new Regulation:
- Will establish a new European Centre to prevent and counter child sexual abuse (the Centre), by requiring relevant internet companies (broadly, providers of hosting services or of interpersonal communications services) to:
- Conduct risk assessments of child sexual abuse material (CSAM) disseminating on their services;
- Take reasonable mitigation measures to minimise identified risks;
- Report on the risk assessment and mitigation to the relevant Member State authority who will review and assess the adequacy of such measures;
- Comply with “detection orders” issued by Member State national courts if there is evidence of a significant risk of the service being used for the purpose of CSAM; and
- If subject to a detection order, install and operate technologies to detect the dissemination of CSAM and report this back to the Centre.
- The Centre will create and maintain databases of CSAM “indicators”. Once the Centre has determined the legitimacy of any CSAM, they will pass this on to Europol and national law enforcement authorities.
- In-scope internet companies may be subject to penalties of up to 6% of their annual income or global turnover for non-compliance.
The proposed Regulation should be considered as part of the wider emerging internet regulatory landscape that are converging around issues of trust and safety. The EU’s Digital Services Act (DSA), which will shortly enter into force, is a key related regulation. It remains to be seen how a further draft and the DSA will interact.
If you would like to speak to the Deloitte team supporting clients with Internet Regulation advice and compliance, please contact:
Joey Conway, Internet Regulation Partner, Legal
Nick Seeber, Internet Regulation Lead Partner
Jessica Withey, Internet Regulation Director, Legal
Content from the Deloitte Legal blog can now be sent direct to your inbox. Choose the topic and frequency by subscribing here.