CSA Regulation Document Pool
This document pool contains updates and resources on the EU's proposed 'Regulation laying down rules to prevent and combat child sexual abuse' (CSA Regulation)
Content warning: this page and these resources contain discussions of child sexual abuse and exploitation online
In this document pool we list articles, documents, updates and news about the proposed EU ‘Regulation laying down rules to prevent and combat child sexual abuse‘ (2022/0155(COD)) (2022), which we refer to as the ‘CSA Regulation’ or ‘CSAR’. We approach this legislative proposal from a digital human rights perspective, including by analysing issues of mass surveillance, upload filters & online anonymity.
Pay particular attention to the blue expanding boxes, where we add descriptions of the most recent legislative developments that we are seeing.
Contents
- Key legislative information and updates including the CSAR text & annexes
- Latest news from EDRi
- EDRi position on the CSA Regulation
- Civil society demands representing 134 NGOs
- Official opinions including EDPS/EDPB, legal services & complementary impact assessment
- European Parliament position including stakeholders, reports & key votes
- EU Council position including compromise texts & key votes
- Interim ePrivacy derogation information and archive
- Terminology
- Contact us
Privacy and safety are mutually enforcing rights. People’s ability to communicate without unjustified intrusion - whether online or offline - is vital for their rights and freedoms, as well as for the development of vibrant and secure communities and society
1. Key legislative information
Here you will find key details about the CSA Regulation, including information about the responsible EU institutions, as well as the official legislative text and accompanying documents.
- The full name of the legislative file is the ‘Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse’ and its reference is 2022/0155(COD);
- It is often referred to as the ‘CSA Regulation’, ‘CSAR’ or ‘CSAM proposal’. It has also been coined ‘Chat Control’ by its critics;
- It is lex specialis to the EU’s Digital Services Act, meaning that it builds on and particularises certain parts of the DSA (those relevant to tackling child sexual abuse material online);
- The legal basis for the Regulation is Article 114 of the Treaty on the Functioning of the European Union (TFEU), which provides for the functioning of the EU Internal Market.
Note:
- The CSA Regulation is different from the ‘Directive on combating the sexual abuse and sexual exploitation of children and child sexual abuse material and replacing Council Framework Decision 2004/68/JHA’ (the CSA Directive), reference 2024/0035(COD), which has been the subject of EU negotiations in 2024 and 2025 and has caused some confusion because of the similar name;
- Whilst there is some relation between the two laws, the Directive is mostly focused on updated EU Member States’ national criminal justice and education frameworks relating to the crime of child sexual abuse;
- This document pool does not include updates or analyses about the CSA Directive. It focuses on the CSA Regulation only.
- Access the official annexes and Commission impact assessment by scrolling down to ‘Commission adoption’ at the following link, and downloading the relevant documents.
- The file is a proposal for a Regulation, meaning that it not (yet) a piece of EU legislation, and therefore its rules do not apply (yet);
- Like any EU Regulation, it has to be agreed by the ‘co-legislators’: the European Parliament and the Council of the EU (member states). The European Parliament adopted their report (the position of the whole Parliament, which they will take as their negotiating mandate into ‘trilogue’ negotiations with the Council) in 2023;
- The file is still being negotiated within the Council of the EU (member states), but despite numerous attempts, the bloc’s 27 countries have not yet been able to agree a deal. As of the second half of 2025, the Danish Presidency of the Council is in the lead, becoming the seventh country to try to broker a deal (see section 7 for more info).
- Originally scheduled for October 2021 and subsequently delayed several times, the file was eventually ‘adopted’ (proposed) by the European Commission on 11 May 2022;
- The lead European Commissioner when the law was proposed was the Commissioner for Home Affairs (2019-2024), Ylva Johansson. Johansson has been superceded by Commissioner Magnus Brunner (2024-2029).
- The lead European Commission cabinet is DG HOME (Directorate-General for Migration and Home Affairs);
- DG HOME have published information and communications including a press release, Q&A, factsheet and public campaign.
- The lead committee in the European Parliament is the committee on Civil Liberties, Justice and Home Affairs (LIBE);
- The Internal Market and Consumer Protection (IMCO) committee is an Associated Committee;
- Three committees are opinion-giving committees: the Women’s Rights and Gender Equality (FEMM) committee, the Culture and Education (CULT) committee and the Budgets (BUDG) committee;
- More information is available in the Parliament’s Legislative Observatory page for the file.
The Parliament agreed its official position (called a “Report”) on 16 November 2023.
More resources about the process in Parliament are available in section 6.
- The Council Configuration is ‘Justice and Home Affairs’ (JHA) (Coreper II);
- The responsible working group is the Law Enforcement Working Party (LEWP);
- Many of the Council’s documents are routinely published in the public register.
As of August 2025, the Council does not yet have an official position.
More resources, including detailed information about the Council negotiations, relevant presidency compromise documents, and dates of key votes, are available in section 7.
- The CSA Regulation is intended to replace Regulation (EU) 2021/1232, the ‘interim ePrivacy derogation’. The derogation expired on 3 August 2024, but was extended on 29 April 2024 because of an ongoing lack of agreement on the CSA Regulation. The extended interim derogation is in force until 3 April 2026;
- Even though a new Parliament was elected in June 2024, the Parliament’s position on the CSA Regulation remains the same as before the elections;
- The CSA Regulation was put forward alongside a complementary but distinct strategy, called ‘Better internet for Kids‘, or BiK+;
- It aims “to protect and empower children in the online world”. The European Parliament’s Culture and Education (CULT) committee developed a Resolution on the strategy, which was adopted in October 2023.
In September 2023, an investigation by journalists published in seven media outlets across Europe raised allegations of a conflict of interest from Commissioner Johansson and DG HOME staff. These allegations include facilitating access to a company with commercial interests in the file, Thorn, and have led to questions about the legitimacy and ethics of the Commission’s process in the preparation of the CSA Regulation:
- Original story in Balkan Insight (in English): https://balkaninsight.com/2023/09/25/who-benefits-inside-the-eus-fight-over-scanning-for-child-sex-content/
- Zeit (in German): https://www.zeit.de/digital/datenschutz/2023-09/chatkontrolle-eu-ashton-kutcher-thorn
- Le Monde (in French): https://www.lemonde.fr/article-offert/dxvzicdekfra-6190911/pedopornographie-en-ligne-bataille-d-influence-autour-d-un-texte-europeen-controverse
- De Groene Amsterdammer (in Dutch): https://www.groene.nl/artikel/wie-heeft-hier-baat-bij-niet-de-kinderen
- El Diario (in Spanish): https://www.eldiario.es/tecnologia/conflictos-intereses-lucha-ue-pornografia-infantil-internet_1_10535781.html
- IRPI Media (in Italian): https://irpimedia.irpi.eu/sorveglianze-pericoli-nascosti-regolamento-anti-pedopornografia/
- Solomon (in Greek): https://wearesolomon.com/el/mag/thematikh/logodosia-diafaneia/poios-ofeleitai-apo-ton-agona-tis-ee-kata-tis-paidikis-sexoualikis-kakopoihshs/
- Additional reporting detailing Europol’s request for the CSA Regulation to be expanded in future to allow scanning for other types od content: https://balkaninsight.com/2023/09/29/europol-sought-unlimited-data-access-in-online-child-sexual-abuse-regulation/
- Netzpolitik (in German): https://netzpolitik.org/2023/interne-dokumente-europol-will-chatkontrolle-daten-unbegrenzt-sammeln/
The European Parliament’s Civil Liberties (LIBE) committee wrote to the Commissioner to request an explanation, and subsequently received a response from Thorn and from Commissioner Johansson:
- LIBE coordinators letter: https://cloud.edri.org/index.php/s/PMMTGWXXQiom8GZ
- Response from Thorn: https://netzpolitik.org/wp-upload/2023/10/2023-10-02_Thorn_LIBE_Letter.pdf
- Response from Commissioner Johansson: https://cloud.edri.org/index.php/s/TrEykTHYA2Cd4d8
Before this investigation, journalists had already raised other concerns:
- Netzpolitik, Alex Fanta, ‘How a Hollywood star lobbies the EU for more surveillance‘ (2022)
- Later in 2023, researcher Danny Mekić uncovered an illegal advert microtargeting campaign led by Commissioner Johannson and DG HOME featuring deeply emotive imagery to try to persuade citizens and residents in swing Member States to support the Commission’s proposal. In addition to allegedly constituting undue interference in an ongoing legislative process, the ads were specifically targeted on the basis of people’s political views and even religious views (also reported in Wired). The Commissioner originally denied the allegations;
- Among others, MEP Alexandra Geese publicly challenged the Commission’s actions;
- 6 civil society organisations, including ARTICLE19, wrote to the Commission detailing the extent of the allegations;
- Following a complaint to the European Data Protection Supervisor (EDPS) by digital rights group noyb, the EDPS ruled that the Commission had indeed carried out illegal microtargeting, in contradiction to EU law.
- Parallel to the already-mention controversies, digital rights group the Irish Council for Civil Liberties (ICCL) submitted a complaint to the European Ombudsperson in 2023 regarding allegations of maladministration by the Commission for refusing to disclose the composition of their ‘expert group’ on the law. The Ombudsperson ruled that maladministration had indeed occured.
- The Ombudsman later investigated the same DG HOME team for further maladministration in refusing to disclose documents about Thorn’s lobbying activities about the CSA Regulation. Again, maladministration was confirmed, and the Ombudsperson further noted that the proposal seemed to give preferential treatment to Thorn’s commercial interests.
- Subsequently, this time following a complaint from former MEP Patrick Breyer, the Ombudsperson confirmed another count of maladministration linked to the CSA Regulation, this time for Europol’s failure to stop two conflicts of interest by allowing staff members to move to Thorn without following proper rules and procedures.
2. Latest news
Read EDRi’s latest blogs about the CSA Regulation, including legislative developments and key digital human rights concerns.
-
16 countries burned Poland’s bridges on the CSA Regulation: What now?
Poland’s surprising compromise to ease the deadlock on the CSA Regulation – which has been stuck in the Council of EU Member States for the past three years – met with failure. This blog recaps the Polish compromise, the positions of the Member States on the proposal, and what it could mean for the future of one of the most criticised EU laws of all time.
Read more
-
Denmark wants to break the Council deadlock on the CSA Regulation, but are they genuinely trying?
Denmark made the widely-criticised CSA Regulation a priority on the very first day of their Council presidency, but show little willingness to actually find a compromise that will break the three-year long deadlock on this law. The Danish text recycles previous failed attempts and does nothing to assuage the valid concerns about mass surveillance and encryption. Not only is Denmark unlikely to be able to broker a deal, it also stands in the way of EU countries finding an alternative, meaningful, rights-respecting solution to tackling CSA online.
Read more
-
Poland searches for silver bullet for CSA Regulation
The Polish Council Presidency attempts to break the deadlock on the controversial 'Chat Control' proposal. We analyse the new approach and what could happen if Member States approve it.
Read more
-
Dutch decision puts brakes on Chat Control
This controversial draft EU law has seen so many twists and turns that it’s giving us whiplash. Under renewed pressure from Hungary’s Viktor Orbán, some lawmakers had hoped they could finally get enough support for the controversial bill this autumn. But following a vital last-minute decision by the Netherlands, we are safe from “Chat Control” – for now.
Read more
-
Joint statement on the future of the CSA Regulation
On 1 July, EDRi and 47 civil society organisations sent a joint statement to the Hungarian Council Presidency and a number of member state permanent representatives. We call on the Council and European Parliament to demand that the European Commission withdraw the draft CSA Regulation.
Read more
-
It’s time for a heart-to-heart about the EU’s surveillance agenda
The EU prides itself on its worldwide norm-setting influence in the fields of data protection and artificial intelligence regulation. Still, it is not always for the best when it comes to digital state surveillance. Privacy is safety. As we approach the European elections in June, it’s time to discuss the EU's role in shaping how technologies are developed and used.
Read more
3. EDRi position on the CSA Regulation
Download EDRi’s position paper on the CSA Regulation, in both the full version and as a short summary booklet. You can also find our ten principles to defend children’s rights in the digital age.
-
Press Release (CSA Regulation): Who benefits from the EU Commission’s mass surveillance law?
A newly-published independent investigation uncovered that the European Commission has been promoting industry interests in its proposed law to regulate the spread of child sexual abuse material online.
Read more
-
Is this the most criticised draft EU law of all time?
An unprecedentedly broad range of stakeholders have raised concerns that despite its important aims, the measures proposed in the draft EU Child Sexual Abuse Regulation are fundamentally incompatible with human rights.
Read more
-
Open letter: Hundreds of scientists warn against EU’s proposed CSA Regulation
Over 300 security researchers & academics warn against the measures in the EU's proposed Child Sexual Abuse Regulation (CSAR), citing harmful side-effects of large-scale scanning of online communications which would have a chilling effect on society and negatively affect democracies. The letter remains open for signatures.
Read more
Because of the widespread criticism from digital and human rights groups, lawyers, UN experts, police forces, certain child protection and child rights experts, and many others, EDRi has called the CSA Regulation “the most criticised draft EU law of all time”.
- (🇬🇧 English) ‘EDRi’s 10 principles to defend children in the digital age ‘ (09.02.2022)
- (🇩🇪 German) ‘Prinzipien von EDRi für Ausnahmen von der Datenschutzrichtlinie für elektronische Kommunikation zum Zweck der Entdeckung von online verbreiteten Darstellungen des sexuellen Missbrauchs von Kindern (CSAM)‘ (09.02.2022)
4. Civil society demands
The EDRi network and our partners are part of a 134-strong coalition of NGOs warning that the risks of mass surveillance, online censorship, discrimination and digital exclusion are so severe, that the EU’s proposed CSA Regulation should be rejected.
-
Joint statement on the future of the CSA Regulation
On 1 July, EDRi and 47 civil society organisations sent a joint statement to the Hungarian Council Presidency and a number of member state permanent representatives. We call on the Council and European Parliament to demand that the European Commission withdraw the draft CSA Regulation.
Read more
-
Open letter: The dangers of the May 2024 Council of the EU compromise proposal on EU CSAM
EDRi has signed the Global Encryption Coalition open letter in response to news of the Belgian Presidency’s latest compromise proposal, dated May 2024, on the Regulation on Child Sexual Abuse (CSA).
Read more
-
Open letter: Mass surveillance and undermining encryption still on table in EU Council
Today, 17 April, EDRi, in a coalition with 50 civil society organisations and 26 individual experts, call on Member State representatives not to agree to the proposed EU Council position on the Child Sexual Abuse (CSA) Regulation whilst so many critical issues remain.
Read more
-
Open letter: EU countries should say no to the CSAR mass surveillance proposal
Today, EDRi and 81 organisations have sent an open letter to EU governments to once again urge them to say no to the CSA Regulation until it fully protects online rights, freedoms, and security.
Read more
-
European Commission must uphold privacy, security and free expression by withdrawing new law, say civil society
In May, the European Commission proposed a new law: the CSA Regulation. If passed, this law would turn the internet into a space that is dangerous for everyone’s privacy, security and free expression. EDRi is one of 134 organisations calling instead for tailored, effective, rights-compliant and technically-feasible alternatives to tackle this grave issue.
Read more
-
Open letter: Protecting digital rights and freedoms in the Legislation to effectively tackle child abuse
EDRi is one of 52 civil society organisations jointly raising our voices to the European Commission to demand that the proposed EU Regulation on child sexual abuse complies with EU fundamental rights and freedoms. You can still add your voice now!
Read more
5. Official opinions
Find resources and opinions about the CSA Regulation from other EU institutions and authorities, as well as relevant national bodies.
EDPB-EDPS Joint Opinion 04/2022 on the Proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse – 28 July 2022
Proposal for a regulation laying down rules to prevent and combat child sexual abuse: Complementary impact assessment, Study, European Parliamentary Research Service – April 2023
Opinion of the Legal Service, Proposal for a Regulation laying down rules to prevent and combat child sexual abuse – detection orders in interpersonal communications – Articles 7 and 8 of the Charter of Fundamental Rights – Right to privacy and protection of personal data – proportionality – 26 April 2023
Opinion: Impact assessment / Regulation on detection, removal and reporting of child sexual abuse online, and establishing the EU centre to prevent and counter child sexual abuse – 15 February 2022
Opinion from the Houses of the Oireachtas, Joint Committee on Justice, on the application of the principles of Subsidiarity and Proportionality – 30 March 2023
Résolution n° 77 (2022-2023), devenue résolution du Sénat le 20 mars 2023, RÉSOLUTION EUROPÉENNE sur la proposition de règlement du Parlement européen et du Conseil établissant des règles en vue de prévenir et de combattre les abus sexuels sur enfants – COM(2022) 209 final
Antrag auf Stellungnahme gemäß Art. 23e Abs. 3 B-VG der Abgeordneten Mag. Carmen Jeitler-Cincelli, BA, Katharina Kucharowits,
Süleyman Zorba, MMag. Katharina Werner, Bakk.
TOP 1 COM (2022) 209 final Vorschlag für eine Verordnung des Europäischen Parlaments und des Rates zur Festlegung von Vorschriften zur Prävention und Bekämpfung des sexuellen Missbrauchs von Kindern (109099/EU XXVII.GP)
„Chatkontrolle“ – Analyse des Verordnungsentwurfs 2022/0155 (COD) der EU-Kommission
USNESENÍ výboru pro evropské záležitosti, Návrh nařízení o pravidlech pro předcházení pohlavnímu zneužívání dětí a boj proti němu
Motie van het lid Van Ginneken c.s. over zorgen dat het Europese voorstel geen encryptiebedreigende chatcontrol bevat
6. European Parliament position
Here you’ll find information about the work of Members of the European Parliament (MEPs) leading on the CSA Regulation. This graphic explains the process and the key MEPs involved in the Parliamentary Report that was adopted in 2023. Some MEPs have since changed as a result of the 2024 EU elections – see the accordion box below for the updated list.
- The lead committee in the European Parliament is the committee on Civil Liberties, Justice and Home Affairs (LIBE);
- The lead Member of the European Parliament (MEP) (aka ‘rapporteur’) for the LIBE committee is MEP Javier Zarzalejos (Spain, European People’s Party). MEP Zarzalejos has continued in the lead after the EU elections;
- The other MEPs leading in the LIBE committee (the Shadow Rapporteurs) since the 2024 elections are: Alex Saliba (S&D), António Tânger Corrêa (Patriots), Jadwiga Wiśniewska (ECR), Hilde Vautmans (Renew), Markéta Gregorová (Greens) and Isabel Serra Sánchez (the Left);
- The Internal Market and Consumer Protection (IMCO) committee is an Associated Committee;
- The rapporteur for the IMCO committee was MEP Alex Saliba (Malta, Socialists & Democrats).
- Three committees were opinion-giving committees: the Women’s Rights and Gender Equality (FEMM) committee, the Culture and Education (CULT) committee and the Budgets (BUDG) committee.
- Draft report: ***I Draft report on the proposal for a regulation of the European Parliament and of the Council Laying down rules to prevent and combat child sexual abuse, Committee on Civil Liberties, Justice and Home Affairs, Rapporteur Javier Zarzalejos (19.4.2023), available at: https://www.europarl.europa.eu/doceo/document/LIBE-PR-746811_EN.pdf
- Amendments tabled in LIBE committee:
- Compromise amendments: not publicly available
- Committee vote:
28 September(delayed)9 October 2023(delayed)26 October 2023(delayed) 14 November 2023 (adopted) - Plenary:
vote orconfirmation of mandateexpected 8/9 November or w/c 20 November 2023held on 22 November 2023 (confirmed) - Final report: adopted. Parliament now has to wait for the EU Council to reach a position so that they can start inter-institutional negotations (trilogues).
- Draft: Draft Opinion (8.2.2023), available at: https://www.europarl.europa.eu/doceo/document/IMCO-PA-740727_EN.pdf
- Final: Opinion of the Committee on the Internal Market and Consumer Protection for the Committee on Civil Liberties, Justice and Home Affairs on the proposal for a regulation of the European Parliament and of the Council Laying down rules to prevent and combat child sexual abuse, Rapporteur for opinion: Alex Agius Saliba (3.7.2023), available at: https://www.europarl.europa.eu/doceo/document/IMCO-AD-740727_EN.pdf
- FEMM: [Final] Opinion of the Committee on Women’s Rights and Gender Equality for the Committee on Civil Liberties, Justice and Home Affairs on the proposal for a regulation of the European Parliament and of the Council Laying down rules to prevent and combat child sexual abuse, Rapporteur for opinion: Heléne Fritzon (29.6.2023), available at: https://www.europarl.europa.eu/doceo/document/FEMM-AD-746640_EN.pdf
- CULT: [Final] Opinion of the Committee on Culture and Education for the Committee on Civil Liberties, Justice and Home Affairs on the proposal for a regulation of the European Parliament and of the Council Laying down rules to prevent and combat child sexual abuse, Rapporteur for opinion: Niyazi Kizilyürek (29.3.2023), available at: https://www.europarl.europa.eu/doceo/document/CULT-AD-737365_EN.pdf
- BUDG: [Final] Opinion of the Committee on Budgets for the Committee on Civil Liberties, Justice and Home Affairs on the proposal for a regulation of the European Parliament and of the Council Laying down rules to prevent and combat child sexual abuse, Rapporteur for opinion: Niclas Herbst (9.6.2023), available at: https://www.europarl.europa.eu/doceo/document/BUDG-AD-740759_EN.pdf
EDRi blogs about the European Parliament's position
-
CSAR: European Parliament rejects mass scanning of private messages. Here is why
On 22 November, the European Parliament officially adopted its position on the draft ‘Regulation laying down rules to prevent and combat child sexual abuse’ (CSAR). With strong support for this position from all seven European political groups, this marks a positive development for human rights in one of the most controversial draft European Union (EU) laws in recent memory.
Read more
-
EU Parliament committee rejects mass scanning of private and encrypted communications
On 14th November, Members of the European Parliament’s ‘Civil Liberties’ committee voted against attempts from EU Home Affairs officials to roll out mass scanning of private and encrypted messages across Europe. It was a clear-cut vote, with a significant majority of MEPs supporting the proposed position.
Read more
-
Voluntary detection measures still on the table for the CSA Regulation
Whilst the draft EU CSA Regulation is intended to replace current voluntary scanning of people's communications with mandatory detection orders, lawmakers in the Council and Parliament are actively considering supplementing this with "voluntary detection orders". However, our analysis finds that voluntary measures would require a legal basis in the CSA Regulation, which would likely fall foul of the Court of Justice. Content warning: contains discussions of child sexual abuse and child sexual abuse material
Read more
-
Press Release: The EU’s Internal Market Committee votes for protecting encryption in the CSA Regulation
The European Union’s Internal Market and Consumer Protection (IMCO) Committee becomes the fourth European Parliament Committee to adopt an opinion on the European Union Child Sexual Abuse (CSA) Regulation, voting to protect encryption and rule out unacceptably risky technologies.
Read more
-
Civil liberties MEPs warn against undermining or circumventing encryption in CSAR
MEPs from the European Parliament’s Civil Liberties committee have thrown down the gauntlet with their amendments to one of the EU’s most controversial proposals: the Child Sexual Abuse Regulation (CSAR). These amendments show a clear majority for fully protecting the integrity of encryption. Content warning: contains discussions of child sexual abuse and child sexual abuse material
Read more
-
LIBE lead MEP fails to find silver bullet for CSA Regulation
On 19 April 2023, the lead MEP on the proposed CSA Regulation, Javier Zarzalejos (EPP), published his draft report. Whilst we agree with MEP Zarzalejos about putting privacy, safety and security by design at the heart, many of his changes may pose a greater risk to human rights online than the European Commission’s original text.
Read more
-
Internal market MEPs wrestle with how to fix Commission’s CSAR proposal
The European Union’s proposed CSA Regulation (Regulation laying down rules to prevent and combat child sexual abuse) is one of the most controversial and misguided European internet laws that we at EDRi have seen. Whilst aiming to protect children, this proposed law from the Commissioner for Home Affairs, Ylva Johansson, would obliterate privacy, security and free expression for everyone online.
Read more
-
Johansson’s address to MEPs shows why the CSA law will fail the children meant to benefit from it
On 10 October 2022, EU Commissioner for Home Affairs, Ylva Johansson, addresses the European Parliament’s Civil Liberties (LIBE) Committee about the proposed EU Child Sexual Abuse Regulation (2022/0155). The address follows months of criticism from civil liberties groups, data protection authorities and even governments due to the risks it poses to everyone’s privacy, security and free expression online.
Read more
7. EU Council position
Here you’ll find information about the timeline of the EU Council of member states, often known as ‘the Council’, including key dates and key publicly-available documents. Documents are listed in reverse chronological order.
- The file has been allocated to the Justice and Home Affairs configuration of the EU Council;
- Preparatory work is being led by the Law Enforcement Working Party (LEWP);
- The first Presidency to start internal (within the Council) negotiations towards a Council position was the Czech Republic, who held preliminary discussions before passing the Presidency on to Sweden at the beginning of 2023 who continued the discussions before passing on to Spain in summer 2023;
- The EU Council’s General Approach (position) was first scheduled to be voted on by Justice and Home Affairs ministers representing each EU member state on 28 September 2023. This vote was not taken, as a significant number of member states had informed the Spanish Presidency of the EU Council that they would not be able to agree to the law in its current form;
- Since then, Belgium, Hungary, and Poland have all tried and failed to broker a deal, with several Ministers’ votes held during this time. The current Danish Presidency (as of the second half of 2025) has therefore become the seventh country to try to find a common Council position on the CSA Regulation, but so far have not been successful.
- The Danish Presidency has scheduled a working meeting (LEWP) for 12 September 2025 and a vote of Ministers on 14 October.
- Presidency Compromise text (DK attempt #2) – 24 July 2025 – document 11596/25
- Presidency Compromise text (DK attempt #1) – 1 July 2025 – document 10131/25
- Presidency Compromise text (PL attempt #3) – 12 May 2025 – document 8621/25
- Correction, 13 May – document 8621/25
- Progress report from the Polish Presidency – 2 June 2025 – document 9277/25
- Presidency Compromise text (PL attempt #2) – 4 April 2025 – document 7080/25
- Presidency Compromise text (PL attempt #1) – 28 January 2025 – document 5352/25
- Presidency Compromise text (HU attempt #4) in the form of an escalation to ambassadors (COREPER) seeking political endorsement – 24 September 2024 – 29 November 2024 – documents 16329 and 16547
- Presentation of Presidency Compromise text for for vote at ministers’ meeting – 3 December 2024 – document 16547/24
- Critical opinions of Austria and Slovenia
- Progress report (state of play) – 7 October 2024 – document 13726/24
- Presidency Compromise text (HU attempt #3) in the form of an escalation to ambassadors (COREPER) seeking political endorsement – 24 September 2024 – document 13726
- Presidency Compromise text (HU attempt #2) – 9 September 2024 – document 12406
- Presidency Compromise text (HU attempt #1) – 14 June 2024 – document 11277/25
- Presidency Compromise text (BE attempt #4) in the form of escalation to ambassadors (COREPER) for political endorsement – 14 June 2024 – document 11277/24
- Belgian progress report – 7 June 2024 – document 10666/24
- Presidency Compromise text (BE attempt #3) – 28 May 2024 – document 9093/24
- Belgian progress report – 7 June 2024 – document 10666/24
- Presidency Compromise text (BE attempt #2) – 9 April 2024 – document 8579/24
- Presidency Compromise text (BE attempt #1) – 27 March 2024 – document 8019/24
- On the basis of new approach detailed in 7462/24
- Progress report from Spanish Presidency – 15 December 2023 – Document 16098/23
- Escalation of controversial questions to ambassadors (COREPER) for political endorsement – 10 October 2023 – document 12826/23
- Leaked notes from German delegation about Law Enforcement Working Party meeting on 14 September 2023, discussing the compromise text of 8 September 2023 (in DE) – EU-Rat verschiebt Abstimmung über Chatkontrolle
- Presidency Compromise text (ES attempt #3) – 8 September 2023 – Document 12611/23
- Presidency Compromise text (ES attempt #2) – 1 August 2023 – Document 12066/23
- Presidency Compromise text {ES attempt #1) – 16 July 2023 – Document 11518/23
- Presidency Compromise text – 29 June 2023 – Document 10833/23
- Presidency compromise text – 8 June 2023 – Document 9971/23
- Presidency compromise text – 17 May 2023 – Document 9317/23
- Presidency compromise text – 4 May 2023 – Document 8845/23
- Presidency compromise text – 21 April 2023 – Document 7842/23
- Presidency compromise text – 23 March 2023 – Document 7595/23
- Presidency compromise text – 8 March 2023 – Document 7038/23
Document 9512/23
Document 9533/23
Document 8285/23
Document 8833/23
Document WK 10235/2022 ADD 10 REV 2.
Document has not been made public by the Council, but was leaked to Wired.
Additional analysis by Wired available here.
Document 8200/23
Document 7354/23
Document 14862/22
These are listed in our blog, ‘Is this the most criticised EU law of all time?’
EDRi blogs about the Council of the EU position
-
Denmark wants to break the Council deadlock on the CSA Regulation, but are they genuinely trying?
Denmark made the widely-criticised CSA Regulation a priority on the very first day of their Council presidency, but show little willingness to actually find a compromise that will break the three-year long deadlock on this law. The Danish text recycles previous failed attempts and does nothing to assuage the valid concerns about mass surveillance and encryption. Not only is Denmark unlikely to be able to broker a deal, it also stands in the way of EU countries finding an alternative, meaningful, rights-respecting solution to tackling CSA online.
Read more
-
16 countries burned Poland’s bridges on the CSA Regulation: What now?
Poland’s surprising compromise to ease the deadlock on the CSA Regulation – which has been stuck in the Council of EU Member States for the past three years – met with failure. This blog recaps the Polish compromise, the positions of the Member States on the proposal, and what it could mean for the future of one of the most criticised EU laws of all time.
Read more
-
Poland searches for silver bullet for CSA Regulation
The Polish Council Presidency attempts to break the deadlock on the controversial 'Chat Control' proposal. We analyse the new approach and what could happen if Member States approve it.
Read more
-
Dutch decision puts brakes on Chat Control
This controversial draft EU law has seen so many twists and turns that it’s giving us whiplash. Under renewed pressure from Hungary’s Viktor Orbán, some lawmakers had hoped they could finally get enough support for the controversial bill this autumn. But following a vital last-minute decision by the Netherlands, we are safe from “Chat Control” – for now.
Read more
-
Be scanned – or get banned!
In the latest in a string of alarming developments, the Belgian government has proposed a new supposed 'solution' to the Chat Control deadlock in the Council. Read why this new proposal undermines people's security across the European Union.
Read more
-
Rearranging deck chairs on the Titanic: Belgium’s latest move doesn’t solve critical issues with EU CSA Regulation
The EDRi network has long-urged European Union (EU) lawmakers to ensure that efforts to combat OCSEA (online child sexual exploitation and abuse) are lawful, effective and technically feasible. The goal to protect children online is vital. This can only be done if the proposed measures work and are compatible with human rights, including privacy and the presumption of innocence.
Read more
-
Council poised to endorse mass surveillance as official position for CSA Regulation
The Council of EU Member States are close to finalising their position on the controversial CSA Regulation. Yet the latest slew of Council amendments – just like the European Commission’s original – endorse measures which amount to mass surveillance and which would fundamentally undermine end-to-end encryption.
Read more
-
Despite warning from lawyers, EU governments push for mass surveillance of our digital private lives
Whilst several EU governments are increasingly alert to why encryption is so important, the Council is split between those that are committed to upholding privacy and digital security in Europe, and those that aren’t. The latest draft Council text does not go anywhere near far enough to make scanning obligations targeted, despite clear warnings from their own lawyers.
Read more
-
The Belgian government is failing to consider human rights in CSA Regulation
Despite the clear warnings, Belgium has taken a position calling on the EU to adopt the CSA regulation as quickly as possible, dismissing the technical problems, and without addressing the serious legal concerns that have been raised.
Read more
-
Member States want internet service providers to do the impossible in the fight against child sexual abuse
In May 2022, the European Commission presented its proposal for a Regulation to combat child sexual abuse (CSA) online. The proposal contains a number of privacy intrusive provisions, including obligations for platforms to indiscriminately scan the private communications of all users (dubbed ”chat control”). There are also blocking obligations for internet services providers (ISPs), which is the focus of this article.
Read more
8. Interim ePrivacy derogation
The CSA Regulation is intended to replace the interim ePrivacy derogation, Regulation (EU) 2021/1232. The initial derogation expired on 3 August 2024, but was extended on 29 April 2024 because of an ongoing lack of agreement on the CSA Regulation. The extension is in force until 3 April 2026.
Learn more about EDRi’s work on the interim ePrivacy derogation and other information about what happened prior to the CSA Regulation being proposed.
- ‘Open Letter: Civil society views on defending privacy while preventing criminal acts‘ (27.10.2020)
- Opinion of the European Data Protection Supervisor (EDPS) on the proposed temporary ePrivacy derogation (10.11.2020)
- European Parliamentary Research Service (EPRS) ‘Targeted substitute impact assessment on the Commission proposal on the temporary derogation from the e-Privacy Directive for the purpose of fighting online child sexual abuse‘ (February 2021)
Blogs and articles about the interim ePrivacy derogation
-
A beginner’s guide to EU rules on scanning private communications: Part 2
Vital EU rules on human rights and on due process protect all of us from unfair, arbitrary or discriminatory interference with our privacy by states and companies. As we await the European Commission’s proposal for a law which we fear may make it mandatory for online chat and email services to scan every person’s private messages all the time, which may constitute mass surveillance, this blog explores what rights-respecting investigations into child sexual abuse material (CSAM) should look like instead.
Read more
-
A beginner’s guide to EU rules on scanning private communications: Part 1
In July 2021, the European Parliament and EU Council agreed temporary rules to allow webmail and messenger services to scan everyone’s private online communications. In 2022, the European Commission will propose a long-term version of these rules. In the first installment of this EDRi blog series on online ‘CSAM’ detection, we explore the history of the file, and why it is relevant for everyone’s digital rights.
Read more
-
It’s official. Your private communications can (and will) be spied on
On 6 July, the European Parliament adopted in a final vote the derogation to the main piece of EU legislation protecting privacy, the ePrivacy Directive, to allow Big Tech to scan your emails, messages and other online communications.
Read more
-
iSpy with my little eye: Apple’s u-turn on privacy sets a precedent and threatens everyone’s security
Apple has just announced significant changes to their privacy settings for messaging and cloud services: first, it will scan all images sent by child accounts; second, it will scan all photos as they are being uploaded to iCloud. With these changes, Apple is threatening everyone’s privacy, security and confidentiality.
Read more
-
Wiretapping children’s private communications: Four sets of fundamental rights problems for children (and everyone else)
On 27 July 2020, the European Commission published a Communication on an EU strategy for a more effective fight against child sexual abuse material (CSAM). As a long-term proposal is expected to be released by this summer, we review some of the fundamental rights issues posed by the initiatives that push for the scan of all private communications.
Read more
-
Is surveilling children really protecting them? Our concerns on the interim CSAM regulation
On 27 July, the European Commission published a Communication on an EU strategy for a more effective fight against child sexual abuse material (CSAM). The Communication indicated several worrying measures that could have devastating effects for your privacy online. The first of these measures is out now.
Read more
9. Terminology
‘CSAM’ stands for ‘Child Sexual Abuse Material’. It’s a term used to refer to videos, photos, and sometimes written or audio content, which depict the sexual solicitation, abuse and exploitation of under-18s. Generally, the term CSAM is used to refer to the online sharing of such material, for example via messages, or in materials that are uploaded to a cloud server.
Sometimes the terms ‘CSEM’ or ‘CSAEM’ are used to specify that “exploitation” is also included.
‘OCSA’ stands for ‘online child sexual abuse’ and is the term used in the EU’s CSA Regulation to include both the material (CSAM) and the associated behaviours, such as grooming.
A derogation is an exception, passed via a legislative process, to carve out provisions of another law that will no longer apply in the specific context in which the derogation operates.
Wikipedia describes lex specialis as follows: “Lex specialis, in legal theory and practice, is a doctrine relating to the interpretation of laws and can apply in both domestic and international law contexts. The doctrine states that if two laws govern the same factual situation, a law governing a specific subject matter (lex specialis) overrides a law governing only general matters (lex generalis).”
10. Contact us
Want to know more about the CSA Regulation or EDRi’s work on it? Contact our advisors working on the file:

Ella Jakubowska
Head of Policy
email: ella.jakubowska [at] edri [dot] org
Mastodon: @