IWF paper sets out how end-to-end encrypted messaging can be protected from child sexual abuse without breaking encryption.
EU lawmakers are in the “last chance saloon” to keep children safe online or Europe faces a “serious backward step” for child protection, experts warn.
The Internet Watch Foundation (IWF) is calling on EU Member States to push for progress on the Child Sexual Abuse Regulation as failure to do so will leave millions of children at risk of online child sexual abuse and exploitation.
This comes as the IWF, Europe’s biggest hotline dedicated to the removal of child sexual abuse material online, publishes a new paper outlining how end-to-end encrypted (E2EE) messaging platforms can prevent the spread of known child sexual abuse images and videos without breaking encryption or trespassing on user privacy.
Concerns over the technical feasibility of safety measures have dogged the negotiations around the stalled EU Regulation, which aims to prevent and detect child sexual abuse on the internet. The paper, published today (Thursday, October 9), demonstrates how upload prevention works without compromising the fundamental right to the privacy of users.
Designed to address existing misconceptions on the issue, the paper highlights how services lose the ability to detect and remove child sexual abuse images and videos if they implement E2EE without adequate safeguards on their platforms.
In this blind spot, offenders thrive1, while victims and survivors live with the constant threat of their abuse resurfacing. The paper argues that upload prevention closes this gap.
Upload prevention offers a balanced solution to the issue as the safety measure checks for known child sexual abuse material before it is encrypted and sent from the device, working in a similar way to many other pre-encryption checks currently in use, such as malware or preview links.
The EU remains a prime destination for offenders determined to share, sell and buy sexual images and videos of children. In 2024, 62% of all child sexual abuse webpages found by the IWF were traced to an EU country. That is a 28% increase on the previous year. 2
The IWF is urging the EU to adopt the Child Sexual Abuse Regulation without further delay to provide a permanent legal basis for voluntary and mandatory detection of child sexual abuse images and videos across the EU, including when it comes to end-to-end encrypted environments.
The Regulation is all-the-more urgent due to the fast-approaching expiration of the temporary derogation from the EU’s ePrivacy Directive, which currently provides a clear legal basis for companies to proactively scan for child sexual abuse material on their platforms on a voluntary basis, with no risk of being liable for violating ePrivacy rules. The derogation runs out in April next year. 3