EU: Dangers of the proposed regulation to fight child sexual abuse online

EU: Dangers of the proposed regulation to fight child sexual abuse online - Digital

Image by: Oguzhan Akdogan


ARTICLE 19, together with several other organisations, companies, and cybersecurity experts, issued a statement raising concerns about the European Commission’s proposed Regulation on Child Sexual Abuse (CSA) and its impact on the security of communications and on user privacy.

The undersigned organizations, companies, and cybersecurity experts issued the following statement in response to the Regulation on Child Sexual Abuse (CSA) proposed by the European Commission on 11 May 2022:

Child sexual abuse is a serious crime that must be addressed by member states and by other countries around the world. We are concerned, though, that the approach taken by the Commission in this proposed Regulation would have devastating impacts on the security of communications and on user privacy.

The Commission’s legislation would enable Member States to compel online platforms, including those offering end-to-end encrypted messaging, to scan users’ content and metadata for CSA images and for ‘grooming’ conversations and behaviour, and where appropriate, report them to public authorities and delete them from their platforms. Such a requirement is fundamentally incompatible with end-to-end encrypted messaging because platforms that offer such a service cannot access communications content. This has been confirmed by experts around the world who produced an analysis of how any form of scanning breaks end-to-end encrypted systems, in addition to a detailed report on the multiple ways in which client-side scanning, in particular, ‘can fail, can be evaded, and can be abused’.

Instead of mandating measures that are inconsistent with end-to-end encryption and would diminish the security of everyone, regulators should incentivise measures that address CSA and protect communications security. Among these measures are facilitating user reporting of CSA material.


Adam Shostack, Author, Threat Modeling: Designing for Security
Alec Muffett, Security Researcher
Associação Portuguesa para a Promoção da Segurança da Informação (AP2SI)
Calyx Institute
Centre for Democracy & Technology
Christopher Parsons, Senior Research Associate, Citizen Lab, Munk School of Global Affairs & Public Policy at the University of Toronto
Collaboration on International ICT Policy for East and Southern Africa (CIPESA)
Committee to Protect Journalists (CPJ), Digital Resilience Lab – Mexico
Council of European Professional Informatics Societies (CEPIS)
Crypto ID
Dotzon GmbH
Electronic Frontier Foundation
Electronic Privacy Information Center (EPIC)
Prof. Dr. Elena Andreeva, TU Wien
Encryption Europe
Encrypt Uganda
Global Partners Digital
Hans Peter Dittler, ISOC.DE
Prof. Dr. LL.M. Indra Spiecker
Internet Society
Internet Society Brazil Chapter
Internet Society Catalan Chapter
Internet Society Ghana Chapter
Internet Society German Chapter (ISOC.DE e. V.)
IP.rec – Law and Technology Research Institute of Recife
J. Alex Halderman Professor, Computer Science and Engineering, Director, Center for Computer Security and Society, University of Michigan
Jon Callas, Director of Technology Projects, Electronic Frontier Foundation
Prof. Dr. Kai Rannenberg, Chair of Mobile Business & Multilateral Security, Goethe University, Frankfurt
Prof Kapil Goyal, Alumni Fellow, Asia Pacific School of Internet Governance
Kimmo Halunen, Professor, University of Oulu
L Jean Camp, Professor of Computer Science and Informatics, Indiana University
Lorraine Kisselburgh, Purdue University
Luka Modic, Bachelor of Criminal Justice and Security, University of Maribor, Faculty of Criminal Justice and Security
Privacy & Access Council of Canada
Ranking Digital Rights
Riana Pfefferkorn, Research Scholar, Stanford Internet Observatory
Rich Compton, Principal Engineer
Dr. Roland Bless, Karlsruhe Institute of Technology (KIT)
Sharon Polsky MAPP, Privacy & Data Protection Specialist, Privacy & Access Council of Canada
Sofía Celi, Cryptography Researcher
Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University
Sven Dietrich, Professor of Computer Science, City University of New York
Dr. Sven Herpig, Director for International Cybersecurity Policy, Stiftung Neue Verantwortung
Tech for Good Asia
Dr. Thorsten Strufe, Professor, KIT/KASTEL Karlsruhe and Centre for Internet CeTI at TU Dresden
Youth Forum for Social Justice

*Affiliations listed for identification purposes only.

Available in pdf