Brussels: Europe and the Arabs

The European Union is intensifying its efforts to combat child sexual abuse. Representatives of EU member states today agreed on the Council's position regarding a regulation to prevent and combat child sexual abuse. According to a European statement issued in Brussels, "The new law, once adopted, will obligate digital companies to prevent the dissemination of child sexual abuse material and incitement to such abuse. Competent national authorities will have the power to compel companies to remove the content and block access to it, or—in the case of search engines—to delete search results. The regulation also establishes a new EU agency, the EU Centre on Child Sexual Abuse, to support member states and online service providers in enforcing the law." The statement quoted the current Danish Presidency of the EU, represented by Danish Minister of Justice Peter Hummelgaard, as saying, "Every year, millions of files depicting child sexual abuse are published. Behind every image or video is a child who has suffered the most horrific and appalling forms of abuse. This is completely unacceptable." Therefore, I am pleased that Member States have finally agreed on a way forward that includes a number of commitments for telecommunications service providers to combat the spread of child sexual abuse material.

Risk Assessment and Mitigation
Under the new rules, online service providers will be required to assess the risk of their services being misused to spread or groom child sexual abuse material. Based on this assessment, they will be required to implement mitigation measures to address this risk. These measures could include providing tools that enable users to report online child sexual abuse, control the content shared about them with others, and set default privacy settings for children.

Member States will designate national authorities (coordinating authorities and other competent authorities) responsible for assessing these risks and implementing mitigation measures, with the possibility of requiring service providers to implement these measures. In case of non-compliance, service providers may be subject to fines.

Risk Categories
The Council introduces three categories of risk for online services. Based on a set of objective criteria (such as type), a service is classified as high, medium, or low risk. Based on this classification, authorities can require online service providers classified as high-risk to contribute to the development of technologies that mitigate the risks associated with their services.

Assistance for Victims
Internet companies must provide assistance to victims who wish to have child sexual abuse material depicting them removed or access to such material blocked. To this end, victims can also seek support from the EU Centre. For example, the EU Centre will check whether the companies in question have removed or blocked access to the material(s) the victim wants removed.

Voluntary Action by Service Providers
The Council also wants to make permanent a current temporary measure that allows companies to voluntarily screen their services for child sexual abuse. Currently, messaging service providers, for example, can screen, report, and remove content shared on their platforms for online child sexual abuse material. This is permitted thanks to an exception to certain rules for the electronic communications sector. Although this exemption is set to expire on 3 April 2026, it will remain in force, according to the Council's position.

EU Centre
The new law provides for the creation of a new EU agency, the EU Centre on Child Sexual Abuse, to support the implementation of the regulation.

The EU Centre will assess and process information submitted by online service providers about child sexual abuse material identified on their services. It will create, maintain, and manage a database of reports submitted by service providers. It will also support national authorities in assessing the risks of services being used to disseminate child sexual abuse material.

The Centre will also be responsible for sharing information about companies with Europol and national law enforcement agencies. Furthermore, it will create a database of child sexual abuse indicators, which companies can use in their voluntary activities.

The Council's position does not specify the location of the EU Centre; this will be determined in coordination with the European Parliament in a separate procedure.

Based on today's agreement, the Council can now begin negotiations with the European Parliament to agree on the final regulation. The European Parliament reached its position in November 2023.