The European Parliament voted to extend a temporary exemption to the EU ePrivacy Directive that allows online platforms to voluntarily detect child sexual abuse material until 3 August 2027, up from an expiry date of 3 April 2026.
KEY FACTS
- Decision MEPs extended a derogation to the ePrivacy Directive until 3 August 2027
- Scope Applies to voluntary detection of CSAM and excludes end-to-end encrypted communications
- Limits Tools must target known hashed material or content flagged by users, trusted organizations, or recognized flaggers
- Concerns Researchers have questioned the reliability of large scale automated detection systems
An open letter to the European Parliament by more than 800 scientists and researchers said current systems cannot reliably detect known or new CSAM at the scale of hundreds of millions of users and produce high rates of false positives and false negatives.
The extension prolongs a derogation from the ePrivacy Directive that was due to expire on 3 April 2026 and moves the new expiry to 3 August 2027, giving legislators more time to negotiate permanent rules.
The report sets limits on the use of detection technologies, requiring measures to be proportionate and targeted and opposing scanning of traffic data alongside message content while excluding end-to-end encrypted communications from the exemption.
Parliament also requires that tools identify only previously identified and hashed CSAM or material raised by flaggers and that measures target users or groups reasonably suspected of involvement as determined by a judicial authority. The voluntary exemption was previously extended in 2024.
WHY IT MATTERS
The extension allows providers to continue voluntary detection under strict conditions while lawmakers draft permanent rules. Policymakers must balance child protection goals with reliability and privacy concerns about detection technologies.