REGULATORY SCRUTINY BOARD OPINION Regulation on detection, removal and reporting of child sexual abuse online, and establishing the EU centre to prevent and counter child sexual abuse

EUROPEAN COMMISSION
15.02.2022
SEC(2022) 209
REGULATORY SCRUTINY BOARD OPINION
Regulation on detection, removal and reporting of child sexual abuse online,
and establishing the EU centre to prevent and counter child sexual abuse
{COM(2022) 209}
{SWD(2022) 209, 210}
Offentligt
KOM (2022) 0209 - SEK-dokument
Europaudvalget 2022
________________________________
This opinion concerns a draft impact assessment which may differ from the final version.
Commission européenne, B-1049 Bruxelles - Belgium. Office: BERL 08/010. E-mail: regulatory-scrutiny-board@ec.europa.eu
EUROPEAN COMMISSION
Regulatory Scrutiny Board
Brussels,
RSB
Opinion
Title: Impact assessment / Regulation on detection, removal and reporting of child
sexual abuse online, and establishing the EU centre to prevent and counter child
sexual abuse
Overall 2nd
opinion: POSITIVE WITH RESERVATIONS
(A) Policy context
Child sexual abuse (CSA) is a particularly serious crime that has serious life-long
consequences for victims.
The aim of this initiative is to establish an obligation for relevant online service providers
to detect child sexual abuse online, to report this to the public authorities and to remove the
relevant content. It also explores the option of creating a EU centre to prevent and counter
child sexual abuse.
This initiative follows up on the CSA strategy adopted in July 2020.
(B) Summary of findings
The Board notes that the report has been substantially redrafted and improved in
many aspects.
However, the report still contains significant shortcomings. The Board gives a
positive opinion with reservations because it expects the DG to rectify the following
aspects:
(1) The role of the EU centre and associated costs are not sufficiently described. The
implementation options for the EU centre are not presented in a sufficiently open,
complete and balanced manner.
(2) The report is not sufficiently clear on how the options that include the detection of
new child sexual abuse material or grooming would respect the prohibition of
general monitoring obligations.
(3) The efficiency and proportionality of the preferred option is not sufficiently
demonstrated.
(4) The scope and quantification of the cost and cost savings for the ‘one in, one out’
purposes are not clear.
2
(C) What to improve
(1) The report should further strengthen the problem analysis. It should elaborate exactly
how ‘the continued presence and dissemination of child sexual abuse material […]
hampers growth on the Internal Market (i.e. single market for digital services)’.
(2) The report should explain better the role of the proposed EU centre. The options
description should clarify the centre’s role in the area of prevention and whether the centre
will coordinate Member States’ victim support efforts including health, legal, child
protection, education and employment. It should explain how the centre will perform
proactive search, how the coordination of this task with the detection done by the service
providers themselves will be assured and how it will support SMEs by verifying the
illegality of reported material. It should also provide the analysis of the cost of the centre
under each policy option.
(3) The implementation options for the centre should be presented in a more open,
balanced and complete manner in the main text. The preferred implementation option
should not be identified upfront, but emerge as result of an analytical assessment and
comparison process. In this respect, the report should be clearer on the relevance and
functioning of the externalisation sub-option on prevention and assistance to victims
functions via non-EU staff and covered by calls for proposal or grants. It should clarify
whether this sub-option would in practice remove the need for a separate entity under the
Europol implementation option. It should be clear on the related impacts on infrastructure
and operational expenditure costs as well as organisational efficiency.
(4) The report is clearer about the limitations of available technologies that exist for the
use in encrypted communications and acknowledges that they have not yet been deployed
at large scale. In view of this assertion, the report should be clearer about the practical
feasibility of the policy options and provide reassurance about the effective application.
The report should be clear how legal uncertainty for obliged service providers and risks of
unintended consequences on privacy and security will be avoided.
(5) The report should clarify how the options that include an obligation to detect new
child sexual abuse material or grooming would respect privacy requirements, in particular
the prohibition of general monitoring obligations. It should more explicitly explain how the
risk-assessment process could identify specific high risks groups that would be at the basis
of more targeted searches.
(6) Given the significant differences of options in terms of costs and benefits, the report
should better argue the choice of the preferred option in terms of efficiency and
proportionality. It should better substantiate and justify why it prefers an option that neither
provides the highest net benefits nor delivers the anticipated level of benefits in the most
efficient way.
(7) Differing stakeholder views, including from targeted consultation, should be presented
in a more transparent way throughout the report and especially in the analysis of impacts
and the selection of the preferred option. It should be clear who has said what, and how
concerns have been taken into account, in particular where views by category of
stakeholders differ. The focus should not be on majority views, as the consultations are not
a representative survey.
(8) The report elaborates some mitigation measures for SMEs e.g. access to training and
to free detection technologies, and the support from the centre for the verification of
illegality of the reported material. However, the impacts section should better outline the
3
measures from which SMEs will not be exempted, quantify their costs and elaborate on
possible barriers to entry.
(9) The report should explain better its approach to the ‘one in, one out’ principle. It
should clarify what exact costs and savings are included in quantification for one in, one
out purposes, making sure that only administrative cost savings are taken into account for
offsetting and that administrative costs are identified. It should also further elaborate on
how the estimates were calculated. It should be more explicit on the expected significant
adjustment costs for business under the preferred option in the section on the application of
the one in, one out approach.
(10)Annex 1 of the Impact Assessment should be further elaborated to indicate how the
recommendations made by the Regulatory Scrutiny Board in both opinions have been
treated and considered.
The Board notes the estimated costs and benefits of the preferred option(s) in this
initiative, as summarised in the attached quantification tables.
(D) Conclusion
The DG must revise the report in accordance with the Board’s findings before
launching the interservice consultation.
If there are any changes in the choice or design of the preferred option in the final
version of the report, the DG may need to further adjust the attached quantification
tables to reflect this.
Full title Impact Assessment on a proposal for a Regulation on detection,
removal and reporting of child sexual abuse online, and
establishing the EU centre to prevent and counter child sexual
abuse
Reference number PLAN/2020/8915
Submitted to RSB on 20 January 2022
Date of RSB meeting Written procedure
4
ANNEX: Quantification tables extracted from the draft impact assessment report
The following tables contain information on the costs and benefits of the initiative on
which the Board has given its opinion, as presented above.
If the draft report has been revised in line with the Board’s recommendations, the content
of these tables may be different from those in the final version of the impact assessment
report, as published by the Commission.
I. Overview of Benefits (total for all provisions) – Preferred Option (EUR million/year)
Description Amount Comments
Direct benefits
Reduction of crime/ child
sexual abuse.
3 448.0 Annual benefits from reduction of crime.
Indirect benefits
Facilitation of efforts by the
EU Centre.
N/A Cost savings due to a more effective and
efficient use of resources (e.g. avoid
duplication of efforts in the EU).
Administrative cost savings related to the ‘one in, one out’ approach
Replacement of Interim
Regulation and Council
Decision.
18 Compliance of service providers and public
authorities with the existing legislation.
5
II. Overview of costs – Preferred option (EUR million/year)
Policy measure
Citizens/Consumers Businesses Administrations
One-off Recurrent One-off Recurrent One-off Recurrent
1
Direct adjustment costs - - 0.2 2.8 0.4 3.5
Other costs - - - - - -
3 Direct adjustment costs - - - - 5.0 25.7
Other costs - - - - - -
4***
Direct adjustment costs - - - 6.9 - 11.1
Other costs - - - - - -
5 Direct adjustment costs - - 20.4 1.7 - 3.3
Other costs - - - - - -
6 Direct adjustment costs - - 352.2 459.4 - 503.6
Other costs - - - - - -
7 Direct adjustment costs - - 604.4 520.5 - 250.1
Other costs - - - - - -
8 Direct adjustment costs - - 618.0 471.9 - 28.2
Other costs - - - - - -
Costs related to the ‘one in, one out’ approach (EUR million/year)
Total Direct
adjustment costs
- - 1 595.3 1 463.3
Indirect
adjustment costs
- - - -
Administrative
costs (for
offsetting)
- - - -
6
EUROPEAN COMMISSION
Regulatory Scrutiny Board
Brussels,
RSB
Opinion
Title: Impact assessment / Regulation on detection, removal and reporting of child
sexual abuse online, and establishing the EU centre to prevent and counter child
sexual abuse
Overall opinion: NEGATIVE
(A) Policy context
Child sexual abuse (CSA) is a particularly serious crime that has serious life-long
consequences for victims. The exponential development of the digital world makes this
crime a truly global one.
The aim of this initiative is to establish an obligation for relevant online service providers
to detect child sexual abuse online, to report this to the public authorities and to remove the
relevant content. It also explores the option of creating a European centre to prevent and
counter child sexual abuse.
This initiative follows up on the CSA strategy adopted in July 2020.
(B) Summary of findings
The Board notes the additional information provided in advance of the meeting and
the commitments to make changes to the report.
However, the Board gives a negative opinion, because the report contains the
following significant shortcomings:
(1) The internal market dimension and the necessity for EU action in the area of
prevention and victim support is not always clear.
(2) The report does not fully describe all the available policy choices and leaves a
number of questions open. It does not discuss in a transparent and balanced
manner the alternative implementation forms for a European centre.
(3) The report does not clearly establish how safeguards will ensure fundamental
rights, in particular regarding technologies to detect CSA in encrypted
communications.
(4) The comparison of policy options does not comply with the standard assessment
criteria and is not based on a clear and consistent ranking methodology.
7
(C) What to improve
(1) The context section does not present clearly enough how the initiative builds on and
interacts with related policy instruments (e.g. CSA Directive, Prevention Network, Digital
Services Act, interim derogation), and how the CSA responsibilities are distributed
between the EU and the Member States. The baseline should fully integrate what these
other instruments can achieve for the detection, removal and reporting of CSA material as
well as for prevention and victim support.
(2) The report should further elaborate the internal market dimension of this initiative and
provide clear evidence of fragmentation and conflicts of law. It should better explain why
these issues cannot be adequately tackled on the basis of existing policy instruments. It
should better argue why EU action is needed for prevention and support of victims in
addition to the responsibilities already established at Member State level and to existing
coordination mechanisms.
(3) The report should clearly identify the key issues for which policy choices need to be
made. It should provide in its main part a full and open discussion of the main
implementation options identified for the European centre, including those relying on
existing structures (e.g. Europol). It should assess in a balanced and evidence-based manner
their strengths and weaknesses, including in terms of accountability, independence,
transparency, governance and organisational synergies. As regards non-EU body options
(e.g. foundation) the independence and governance discussion should take into account the
fact that part of its funding could depend on third parties and that its legal status will
depend on national provisions of the Member State in which it will be established.
(4) The report should be more precise regarding the nature of safeguards for fundamental
rights. It should also discuss how the proposed obligations to detect CSA material and
grooming would be compatible with the criteria indicated by the Court of Justice for
permissible preventive monitoring.
(5) The report should be more specific and analytical regarding the treatment of
technologies to detect CSA in encrypted communications. The report should assess the
coherence with the horizontal approach on encryption. It should indicate whether and how
political oversight on the use of detection technology will operate, including a discussion of
the relevance of certification and implementing measures. As technological solutions are
not yet available for encryption, the report should be clear how legal uncertainty for
obliged service providers and risks of unintended consequences on privacy and security
will be avoided.
(6) The report foresees certain exemptions and mitigation measures for SMEs under the
various options. These measures should be explained upfront in the options section and
thoroughly assessed in the impacts analysis, including how they will affect the operation
and the financing of the centre as well as the competitiveness of SMEs. The report should
also further develop the impact analysis of the measures from which SMEs will not be
exempt. It should quantify their costs and elaborate on possible barriers to entry.
(7) The impact analysis should be clear about the analytical methods and the categories of
costs and benefits. It should explain data sources, underlying assumptions as well as
uncertainties and limitations of the analysis. In particular, it should explain how the
extrapolation of a US study to the EU context has been done, how robust its results are for
the EU and whether it has been peer reviewed. It should indicate which part of the overall
benefits is due to mandatory obligations and which is due to the centre.
(8) The policy options (both for the EU centre and the service providers) should be
compared on the basis of the standard assessment criteria effectiveness, efficiency and
8
coherence. This should help to avoid assessing the same impacts under several criteria. The
comparison of options should provide more detail on the methodology chosen to rank the
different options. It should further elaborate on the quantitative comparison of options and
explain the analytical method chosen.
(9) Stakeholder views, including from targeted consultation, should be presented in a
transparent way throughout the report and especially in the analysis of impacts and the
selection of the preferred option. It should be clear who has said what, and how concerns
have been taken into account, in particular where views by category of stakeholders differ.
Some more technical comments have been sent directly to the author DG.
(D) Conclusion
The DG must revise the report in accordance with the Board’s findings and resubmit
it for a final RSB opinion.
Full title Impact Assessment on a proposal for a Regulation on detection,
removal and reporting of child sexual abuse online, and
establishing the EU centre to prevent and counter child sexual
abuse
Reference number PLAN/2020/8915
Submitted to RSB on 25 May 2021
Date of RSB meeting 16 June 2021
Electronically signed on 15/02/2022 15:50 (UTC+01) in accordance with article 11 of Commission Decision C(2020) 4482