Council adopts general approach for EU regulation on child sexual abuse prevention

The Council has agreed on its position for a new EU regulation to prevent and combat child sexual abuse online, significantly tightening obligations for digital service providers. Once adopted, the regulation will require a broad range of online platforms and communication services to prevent dissemination of child sexual abuse material (CSAM) and the solicitation of children. National competent authorities will be empowered to order removal and blocking of illegal content, and to require search engines to delist related results. The framework also foresees a new specialized EU agency, the EU Centre on Child Sexual Abuse, to coordinate implementation and support both member states and providers.

A core pillar of the proposal is a harmonized risk assessment and mitigation regime. Online service providers will need to assess how their services may be misused for CSAM dissemination or grooming, and adopt proportionate technical and organizational mitigating measures. These may include user reporting tools, enhanced child-specific privacy defaults, and mechanisms giving users greater control over the visibility and sharing of their content. Member states will designate coordinating and other competent authorities responsible for reviewing these assessments, mandating additional measures where necessary, and imposing penalty payments for non-compliance.

The Council text introduces a three-tier risk classification for services: high, medium and low risk, based on objective criteria such as service type and functionality. Services categorized as high risk may be compelled to contribute to the development of technologies aimed at mitigating CSAM-related risks, signaling a push towards greater industry responsibility for safety tooling. In parallel, the regulation strengthens victim-centric measures: providers must assist victims seeking removal or disabling of access to material depicting their abuse, supported by the EU Centre, which will verify whether the requested items have been taken down.

The EU Centre on Child Sexual Abuse will function as an operational and analytical hub. It will receive, assess and process provider reports on CSAM, maintain a central database of such reports, and support national authorities in evaluating service risks. The Centre will also share relevant information with Europol and national law enforcement, and maintain a database of CSAM indicators to be used by providers in their voluntary detection activities. The Council position further prolongs the existing derogation that permits voluntary CSAM scanning by communication services beyond its current expiry on 3 April 2026. The precise seat of the EU Centre remains to be determined in negotiations with the European Parliament, which adopted its position in November 2023, clearing the way for trialogue discussions on the final text.