EU Tech Firms Defy Legal Limbo, Push for Permanent CSAM Law as Trilogue Talks Loom

TL;DR: Tech firms keep scanning for child sexual abuse material after the EU’s temporary exemption expired, putting them in legal limbo. They are urging EU lawmakers to adopt a permanent child safety law before the final trilogue talks in late June.

Since the temporary exemption lapsed on April 3, platforms must still remove illegal content but lack clear legal authority to scan private messages. Privacy advocates warn that broad scanning resembles mass surveillance, while child‑safety groups argue that without automated tools illicit images spread unchecked. The debate has stalled EU institutions for years.

The European Parliament rejected extending the exemption in March, leaving companies such as Snapchat, Meta, Google and Microsoft in a gray zone. Several firms have said they will continue scanning anyway, even though lawmakers call the practice illegal. Their stance highlights the tension between compliance with removal duties and respect for privacy rules.

In response, industry groups have intensified calls for a permanent framework that would centralize reporting and define clear obligations. They argue that legal certainty is essential to protect children without exposing platforms to contradictory legal demands. This push comes as the June trilogue talks approach.

In 2024, U.S. authorities logged more than 20.4 million reports of child sexual abuse material to the National Center for Missing and Exploited Children, showing the scale of the problem. The figure underscores why platforms feel compelled to act swiftly. It also highlights the transnational nature of the threat.

MEP Birgit Sippel warned that letting providers check all personal communications at any time deeply affects users’ rights, noting that most users are not criminals. Her comment reflects the privacy lobby’s concern that sweeping scanning powers could erode fundamental freedoms. The quote is often cited in debates over “chat control” measures.

Automated tools like PhotoDNA compare digital fingerprints to flag known abusive images without requiring a human to view them. Such technology has become the backbone of corporate detection efforts. Final trilogue talks on a permanent child‑safety law are expected at the end of June, according to the Parliament’s press office.

If the trilogue reaches agreement, the new law would create a central reporting hub and set clearer obligations for platforms, ending years of legal uncertainty. Companies say a permanent framework would let them keep protecting users while respecting privacy safeguards. It would also reduce the risk of conflicting national interpretations.

Lawmakers remain split over how far scanning powers should extend, with privacy advocates pushing for narrow limits and safety advocates urging broader authority. The outcome will shape how the EU balances child protection with digital rights. Any compromise will need to address both the scale of abuse and the sanctity of private communication.

Watch for the June trilogue session to see whether a compromise emerges that can satisfy both sides and give tech firms a stable legal basis for their scanning activities. The decision will influence not only EU policy but also global standards for online safety.