Skip to main content
NOPE
In Effect Law Child Protection

EU CSAM Interim

Regulation (EU) 2021/1232 + Regulation (EU) 2024/1307 (CSAM Interim Derogation)

Temporary legal bridge allowing certain communications providers to voluntarily detect/report/remove CSAM, notwithstanding ePrivacy constraints. Extended via 2024/1307 while permanent CSAR negotiated.

Jurisdiction

European Union

Enacted

Jul 14, 2021

Effective

Aug 2, 2021

Enforcement

National data protection authorities; ePrivacy regulation enforcement varies by member state

Temporary regime; expires April 3, 2026

EUR-Lex (Consolidated)

Why It Matters

Bridge law keeping voluntary scanning alive while permanent CSAR fight continues. Expires April 2026.

At a Glance

Applies to

Social PlatformOnline PlatformGeneral Chatbot

Harms addressed

Child Exploitation

Who Must Comply

  • Providers of number-independent interpersonal communications services in EU

Obligations fall on:

Safety Provisions

  • Enables voluntary CSAM detection/reporting/removal by number-independent interpersonal communications services (NIICS)
  • Strict necessity/proportionality; GDPR still applies
  • Harmonized reporting on voluntary measures
  • Exclusion of audio communications
  • Mandatory DPIA for detection technologies
  • Compulsory human review before reporting

Compliance & Enforcement

Key Dates

Apr 3, 2026

Derogation expires (unless replaced/extended)

Penalties

Penalties vary by jurisdiction

View on map

European Union

Focus Areas

Child safety
Active safeguards required

Compliance Help

For voluntary CSAM detection: documented legal basis + safeguards, DPIA, human review, plan for derogation expiration.

See how NOPE helps

Cite This

APA

European Union. (2021). Regulation (EU) 2021/1232 + Regulation (EU) 2024/1307 (CSAM Interim Derogation).

Related Regulations

Pending EU

EU CSAR (Proposed)

Proposed permanent framework replacing interim derogation. Parliament position (Nov 2023) limits detection to known/new CSAM, excludes E2EE services. Council has not agreed General Approach.

In Effect EU

DSA

Comprehensive platform regulation with tiered obligations. VLOPs (45M+ EU users) face systemic risk assessments, algorithmic transparency, and independent audits.

In Effect DE

DE JuSchG §24a (KidD)

Requires providers of certain telemedia services to implement provider-side precautionary measures ("Vorsorgemaßnahmen") with regulator-facing evaluability via published BzKJ criteria.

Enacted US-AR

AR HB 1071

Amends Arkansas publicity rights law to explicitly include AI-generated reproductions of voice and likeness. Covers simulated voices and 3D generation.

In Effect FR

FR SREN

France's 2024 "digital space" law strengthening national digital regulation and enforcement levers via ARCOM across platform safety and integrity issues.

In Effect IE

Ireland OSMR

Establishes Coimisiún na Meán (Media Commission) with binding duties for video-sharing platforms. One of the cleaner examples of explicit self-harm/suicide/eating-disorder content duties in platform governance.

All regulations Check if this applies to you

Last updated January 23, 2026. Verify against primary sources before relying on this information.