Today, Dr. Sabine K. Witting, Center for Law and Digital Technologies (eLaw) from Leiden University, together with Dr. Mark R. Leiser (VU-Amsterdam) and Amy Crocker (ECPAT International) are launching the outcome report of the 2nd Expert Workshop on the EU Proposed Regulation on online Child Sexual Abuse. The second in a series of workshops was held at VU-Amsterdam on 2nd & 3rd March 2023 and jointly organised by VU-Amsterdam, ECPAT International and Leiden University.The workshop aimed to facilitate open discussions and identify areas of common ground around the proposed Regulation with technical experts from various fields relevant to the proposed Regulation, including child rights, privacy, data protection, platform regulation, and fundamental rights.

The proposed Regulation seeks to establish a clear and harmonised legal framework for preventing and combatting online child sexual abuse and has sparked lively debate amongst child rights and fundamental rights experts in the past months. While the goal of protecting children is a common one, concerns have been voiced from a range of groups that mandatory detection measures, if imposed at scale under the proposed Regulation, would violate the rights to data protection, privacy, and free expression as set out under the Charter of Fundamental Rights of the European Union, particularly if applied in the context of end-to-end encryption.

The second expert workshop was scheduled to discuss the technology-related aspects of the proposed Regulation. Key themes, including end-to-end encryption and detection technologies, were discussed to support a constructive conversation about whether and how the proposed Regulation in its current form can be applied in the existing legal and technological landscape. The main objective was to better understand the relevant provisions in the proposed Regulation, the current state of the art of detection technologies, the functioning and purpose of end-to-end encryption, and the associated risks related to fundamental rights, including privacy and security. Participants took a distinct fundamental rights perspective to assess which risks are imposed on fundamental rights and what procedural/substantive safeguards might be required in the proposed Regulation to protect such rights.

The outcome of the discussions led to recommendations set out at the end of this report (see section 5). These recommendations will be used to discuss potential amendments to the relevant provisions dealing with technology and related safeguards outlined in the proposed Regulation.