EU blocks extension of scanning carve-out for child sexual abuse detection
Platform safety teams cannot legally run automated message scans for child sexual abuse
Change
EU Parliament blocked renewal of the 2021 ePrivacy carve-out, rendering automated scanning of private messages for child sexual abuse unlawful after it expired on 3 April.
Why it matters
Safety teams lose a lawful exception for bulk automated analysis of private communications, creating a legal barrier to platform-side detection. Platforms must now balance that prohibition against ongoing obligations to remove illegal content under the Digital Services Act, creating a compliance trade-off that forces immediate policy and workflow decisions.
Implications
- — Platform trust & safety teams — must stop automated scanning of private messages immediately unless a documented lawful basis exists — continued scanning risks breaching EU privacy law and regulatory enforcement.
- — Platform legal teams and Data Protection Officers (DPOs) — must complete a documented lawful-basis assessment and update compliance records and regulator notifications now — failure to do so creates regulatory exposure and weakens defence against enforcement actions.
Unlock the decision layer.
Know what's at risk and what to do next.
- Implications: What this forces you to change — operations, exposure, or compliance.
- Who is affected: Which roles, contracts, and obligations are exposed.
- What to watch: Binding deadlines and enforcement dates.
- Real-time alerts: Delivered the moment a binding change is published.
- Ask AI: Ask what this means for your specific role.
No credit card · 14-day trial · Active in seconds
Unlock the decision layer