The Netherlands' government and opposition are both abstaining from supporting the latest version of the controversial EU regulation aimed at detecting online child sexual abuse material (CSAM), according to an official position and an open letter published on Tuesday (1 October).
The regulation, aimed at detecting online CSAM, has been criticised for potentially allowing the scanning of private messages on platforms such as WhatsApp or Gmail.
However, the latest compromise text from the Hungarian presidency of the Council of the EU, dated 9 September, limits detection to known material, among other changes. ‘Known’ material refers to content that has already been circulating and detected, in contrast to ‘new’ material that has not yet been identified.
The Hungarian presidency shared a partial general approach dated 24 September and seen by Euractiv, that mirrors the 9 September text but reduces the reevaluation period from five years to three for grooming and new CSAM.
“The Hungarian presidency remains committed to striking a balanced solution that addresses both the urgent need to combat child sexual abuse and the protection of privacy,” a spokesperson from the Hungarian presidency told Euractiv, adding that they will continue to “engage in constructive dialogue with all member states.”
“We are determined to create a secure environment free from the threat of abuse, to shield children from the heinous actions of those who exploit the digital realm,” the spokesperson said.
Limiting detection to known material could hinder authorities' ability to surveil massive amounts of communications, suggesting the change is likely an attempt to reconcile privacy concerns.
The Netherlands initially supported the proposal to limit detection to 'known' material but withdrew its support in early September, Euractiv reported.
On Tuesday (1 October), The Hague officially took a stance, avoiding endorsing the general approach, despite speculation last week suggesting the country might shift its position in favour of the regulation.
This is also despite the Dutch mostly maintaining that their primary concern lies with combating known CSAM – a focus that aligns with the scope of the latest proposal.
According to various statistics, the Netherlands hosts a significant amount of CSAM.
The Dutch cabinet had been considering supporting the proposal, or at least a "silent abstention" that might have weakened the blocking minority, signalling a shift since Friday (27 September), a source close to the matter told Euractiv.
While a change in the Netherlands' stance could have affected the blocking minority in the EU Council, their current position now strengthens it.
If the draft law were to pass in the EU Council, the next stage would be interinstitutional negotiations, called trilogues, between the European Parliament, the Council of the EU, and the Commission to finalise the legislation.
Both the Dutch government and the opposition are abstaining from supporting the new partial general approach.
Opposition party GroenLinks-PvdA (Greens/EFA) published an open letter, also on Tuesday, backed by a coalition of national and EU-based private and non-profit organisations, urging the government to vote against the proposal.
According to the letter, the regulation will be discussed at the Justice and Home Affairs Council on 11 October, with positions coordinated among member states on 2 October.
Currently, an interim regulation allows companies to detect and report online CSAM voluntarily. Originally set to expire in 2024, this measure has been extended to 2026 to avoid a legislative gap, as the draft for a permanent law has yet to be agreed.
The Dutch Secret Service opposed the draft regulation because "introducing a scan application on every mobile phone" with infrastructure to manage the scans would be a complex and extensive system that would introduce risks to digital resilience, according to a decision note.
The open letter
The letter was signed by GroenLinks-PvdA, Barbara Kathmann, a member of the House of Representatives of the Netherlands, Dutch MEP Kim van Sparrentak (Greens/EFA), as well as various stakeholders, politicians, academics, and directors from organisations and companies in cybersecurity.The GroenLinks-PvdA party represents the Greens in the Dutch House of Representatives, with GroenLinks affiliated with the Greens and PvdA with the Socialists & Democrats (S&D) in the European Parliament.
While acknowledging the importance of combating online child abuse, the authors express concerns that the draft law undermines digital privacy and security, particularly through mandatory client-side scanning, which would allow the scanning of all user communications before they are sent.
Such mandatory scanning, they claim, threatens the confidentiality of private communications and exposes Europeans to legal and technical risks, including false accusations.
The letter argues that the proposed regulation is based on unproven technology and could weaken encryption, possibly aiding authoritarian regimes in mass surveillance.
The signatories thus call for a targeted, evidence-based approach that protects privacy while addressing child abuse effectively. The letter concludes by urging the Dutch government to reject the CSAM proposal and lead efforts toward a better solution.
Data privacy NGOs and experts have raised concerns about these issues since the legislation was introduced in 2022.
Just last Thursday (26 September), another open letter was published, signed by a group of 168 scientists and researchers from 29 countries, also expressing objections to the latest draft.
They also argued that the regulation’s requirement for client-side scanning of encrypted communications compromises privacy, undermines encryption, and poses risks of government misuse. They further stated such technology is ineffective and may result in false positives that invade user privacy.
[Edited by Eliza Gkritsi/Martina Monti]