The European Commission refused on Tuesday to confirm whether or not tech companies that scan their services for traces of child sexual abuse material (CSAM) are breaking EU law after the bloc’s legal framework for temporary CSAM scanning expired last week.

The statement follows EU legislators rejecting an extension to the temporary rules that had allowed scanning until 3 April, leaving companies with no legal basis for CSAM detection until a permanent framework is agreed.

Asked by reporters on Tuesday whether it was illegal for tech companies to keep scanning for CSAM, Commission spokespeople repeatedly refused to give a definitive answer, saying that they would not speculate on a legal assessment – but also describing it as “our duty to maintain the current level of protection”.

The EU spokespeople added that proactive detection has been “instrumental” to rescuing victims of child abuse, claiming that it’s “the only way to find out about the abuse”. Though one Commission spokesperson said that children protection should not be left to “autonomous business decisions by companies”.

The spokesperson also re-iterated the need for EU co-legislators to accelerate negotiations on the legislation that’s meant to become a permanent framework: the Child Sexual Abuse Regulation (CSAR).

Talks on CSAR could be nearing the end, as trilogues are ongoing, though progress has been very slow; the process was stalled for years after the rules were first proposed in 2022 – only restarting after the Council finally agreed a mandate last November.

“The fact these companies need to commit publicly despite massive legal uncertainty and risk should not be happening,” Big Tech lobby group the CCIA’s chief lobbyist in Brussels, Daniel Friedlander, wrote in a social media post on Tuesday.

(nl)