EU Parliament blocks extension of child sexual-abuse scanning carve-out
Platform content-safety teams lose legal basis to scan private messages
Change
EU Parliament declined to extend the 2021 ePrivacy Directive (EU electronic communications privacy rules) carve-out, letting it expire on 3 April and removing the legal basis for automated scanning of private communications for child sexual exploitation.
Why it matters
Proactive automated detection of child sexual exploitation in private communications is now without a clear legal basis under EU privacy rules, constraining platforms' ability to find abuse before it is reported. Platforms still face obligations to remove illegal content under the Digital Services Act (DSA) — EU law requiring platforms to remove illegal content — creating an operational gap between detection and takedown duties.
Implications
- — Platform content-safety teams at companies operating in the EU — must stop or reconfigure automated scanning of private communications immediately — continuing scans will lack lawful basis under ePrivacy and expose the company to enforcement risk under EU privacy law.
- — Legal and compliance teams at platform companies operating in the EU — must reconcile obligations under the Digital Services Act (DSA) with the ePrivacy prohibition now, immediately — failure to establish a lawful detection pathway will leave platforms liable to remove illegal content without a clear lawful method to detect it.
Unlock the decision layer.
Know what's at risk and what to do next.
- Implications: What this forces you to change — operations, exposure, or compliance.
- Who is affected: Which roles, contracts, and obligations are exposed.
- What to watch: Binding deadlines and enforcement dates.
- Real-time alerts: Delivered the moment a binding change is published.
- Ask AI: Ask what this means for your specific role.
No credit card · 14-day trial · Active in seconds
Unlock the decision layer