eco Criticises the New CSAM Regulation Proposal: New Upload Moderation Incompatible with EU Law and Integrity of Encryption Mechanisms

The Belgian EU Council Presidency is pushing hard for a last-minute compromise on the CSAM Regulation. In recent weeks, Belgium has repeatedly formulated compromise proposals. This has been pursued in order to gain a majority among the EU Member States for a joint negotiating position of the Council for a trilogue with the European Commission and the European Parliament, just before the end of the Presidency. However, the latest proposal is once again strongly criticised by eco – Association of the Internet Industry, given that it poses a clear threat to end-to-end encryption and is incompatible with EU law.

Although the CSAM draft regulation, including chat control, has been widely objected to in recent months, the new Belgian proposal still contains a flawed risk categorisation model that particularly disadvantages services that prioritise data protection and privacy. It also introduces a new problem under the guise of “upload moderation”: Users will then have to consent to the scanning of their images, videos and URLs; otherwise, they will not be able to share this content.

In response to this planned upload moderation, the eco Association is once again calling on EU Member States to safeguard the integrity of end-to-end encryption in the regulation. Alexandra Koch-Skiba, Head of the eco Complaints Office, explains: “The new proposal by the Belgian Council Presidency continues to severely compromise the security and the protection of privacy of all EU citizens. Under EU law, consent to the processing of personal data must be given voluntarily. But now the EU wants to require users to consent to client-side scanning, or else they will no longer be able to fully use a service or its essential functions. As a result, we now have forced consent that is completely at odds with EU law, as no one will want to forego the sharing of images, videos or URLs.”

The proposal makes the misleading claim that client-side scanning is not required and that end-to-end encryption remains protected. However, it is technically impossible to scan every image that users upload without generally weakening encryption. Despite the fact that the cybersecurity community has repeatedly warned that such technologies put everyone at risk, the EU is continuing to push for the law. Naturally, the Internet industry holds a critical view on this matter. eco recently signed two letters to the EU Member States to point out the dangers of this regulation.

Joint Statement on the dangers of the compromise proposal on EU CSAM

Joint Industry Call for Protecting Encryption in the Child Sexual Abuse Regulation

eco Criticises the New CSAM Regulation Proposal: New Upload Moderation Incompatible with EU Law and Integrity of Encryption Mechanisms