With just a few days to go before the end of the derogation to the ePrivacy Directive, which allowed the voluntary detection of child sexual abuse material online (see EUROPE 13837/2), negotiations are continuing on the draft Child Sexual Abuse Regulation (CSAR) which aims to prevent and combat child sexual abuse material (CSAM).
In a note dated Tuesday 31 March that Agence Europe was able to consult, the Cyprus Presidency of the Council of the European Union is already considering compromise solutions to harmonise the CSAR with the Digital Services Act (DSA), which is already in force. The aim is to simplify the final text while guaranteeing a high level of protection for minors online.
Regulatory overlaps. The Presidency’s main concern is the overlap between the two sets of legislation. The DSA is the general regulation that obliges online platforms to moderate illegal content in the broad sense, while the CSAR specifically targets child sexual abuse. At the time of CSAR’s initial proposal, the DSA was still under negotiation. As a result, the two texts now impose similar risk assessments on the same companies.
The Cyprus Presidency therefore wants to avoid ‘duplication’ and “forum-shopping”, a strategy whereby companies play on the differences between authorities to ease their constraints. To this end, it suggests that the European Commission should retain exclusive supervisory powers over the digital giants in order to avoid “overlapping enforcement systems”. An information exchange mechanism would still be maintained between Brussels and the national coordination authorities.
Identify departments at risk. The compromise text also clarifies which service providers will be required to carry out risk assessments: priority is given to very large online platforms (VLOPs), virtual gaming platforms, services aimed at children and pornographic sites.
To lighten the administrative burden, other web hosts and interpersonal communication services would only be affected if they are “substantially exposed” to the risk of child sexual abuse. Small and medium-sized businesses would benefit from the same exemption, except in cases of proven exposure.
Towards a flexible approach to mitigation measures. On the question of the procedures put in place by online platforms to prevent the proliferation of such content, the Cyprus Presidency is advocating a principle of proportionality. Rather than imposing rigid, common measures, it proposes that the choice of mitigation measures “shall remain within the provider”. These could, for example, include “adapting moderation systems” or modifying accessible functionalities.
However, the debate remains open on age verification, which has divided Member States for several months (see EUROPE 13728/1). The memo asks whether these measures should be “compulsory or optional” for interpersonal communications services. In this respect, it reiterates the idea of an “EU age verification app”, developed by the European Commission last summer.
This document will serve as a basis for discussions by the Justice and Home Affairs Advisers at their meeting on 7 April. National delegations have until 10 April to submit their written comments on these proposals. (Original version in French by Justine Manaud)