BETA

Activities of Marcel KOLAJA related to 2022/0155(COD)

Shadow opinions (2)

2023/03/29
Committee: CULT
Dossiers: 2022/0155(COD)
Documents: PDF(215 KB) DOC(140 KB)
Authors: [{'name': 'Niyazi KIZILYÜREK', 'mepid': 197415}]

2023/07/03
Committee: IMCO
Dossiers: 2022/0155(COD)
Documents: PDF(451 KB) DOC(279 KB)
Authors: [{'name': 'Alex AGIUS SALIBA', 'mepid': 197403}]

Amendments (269)

Proposal for a regulation
Recital 35 a (new)

(35 a) As pointed out in the EU strategy for a more effective fight against child sexual abuse 1a, children themselves need to have the knowledge and tools that could help them not to be confronted with the abuse when possible and they need to be informed that certain behaviours are not acceptable. The Commission-funded network of Safer Internet Centres raises awareness on online safety and provides information, resources and assistance via helplines and hotlines on a wide range of digital safety topics including grooming and sexting. The One in Five campaign by the Council of Europe and Europol’s “#SayNo” initiative are further examples of how this can be done. When abuse occurs, children need to feel secure and empowered to speak up, react and report, even when the abuse comes from within their circle of trust, as it is often the case. They also need to have access to safe, accessible and age-appropriate channels to report the abuse without fear. As stated in the Recommendation of the UN Committee on the Rights of the Child 1b, States parties should ensure that digital literacy is taught in schools, as part of basic education curricula, from the preschool level and throughout all school years, and that such pedagogies are assessed on the basis of their results. Curricula should include the knowledge and skills to safely handle a wide range of digital tools and resources, including those relating to content, creation, collaboration, participation, socialization and civic engagement. _________________ 1a COM(2020) 607 final, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions EU strategy for a more effective fight against child sexual abuse 1b CRC/C/GC/25, General comment No. 25 (2021) on children’s rights in relation to the digital environment from UN Committee on the Rights of the Child

2022/11/30
Committee: CULT

Proposal for a regulation
Recital 36

(36) In order to prevent children from falling victim of abuse, providers of very large online platforms which have identified the risk of use of their service for the purpose of online child sexual abuse in line with Article 3 should provide reasonable assistance, by putting in place alert and alarm mechanisms in a prominent way on their platforms. The alert mechanism could consist of, for example, linking potential victims to the local organisations such as helplines, victims` right organisations or hotlines. Providers of very large online platforms should ensure adequate follow-up, when a report or alert is made, in the language chosen by the user for using their service. Given the impact on the rights of victims depicted in such known child sexual abuse material and the typical ability of providers of hosting services to limit that impact by helping ensure that the material is no longer available on their services, those providers should assist victims who request the removal or disabling of access of the material in question. That assistance should remain limited to what can reasonably be asked from the provider concerned under the given circumstances, having regard to factors such as the content and scope of the request, the steps needed to locate the items of known child sexual abuse material concerned and the means available to the provider. The assistance could consist, for example, of helping to locate the items, carrying out checks and removing or disabling access to the items. Considering that carrying out the activities needed to obtain such removal or disabling of access can be painful or even traumatic as well as complex, victims should also have the right to ~~be assisted by the EU Centre in this regard, via the Coordinating Authorities.~~ receive adequate psycho-social, age appropriate, child-friendly support and to be assisted by the EU Centre and its relevant partners, such as child helplines or other psycho-social support mechanisms in this regard, via the Coordinating Authorities. Member States should establish and improve the functioning of child helpline and missing children hotline, including through funding and capacity building, in line with Article 96 of Directive (EU) 2018/1972. Victim identification is key not only for tracking down online child sexual abuse, but also for preventing victimisation, stopping the further spread of damaging material and ensuring that victims can benefit from available assistance. However, such victim identification requires a high degree of specialisation and adequate resources. Therefore, the European Cybercrime Centre`s efforts in victim identification should be complemented at national level.

2022/11/30
Committee: CULT

Proposal for a regulation
Recital 44

(44) In order to provide clarity and enable effective, efficient and consistent coordination and cooperation both at national and at Union level, where a Member State designates more than one competent authority to apply and enforce this Regulation, it should designate one lead authority as the Coordinating Authority, whilst the designated authority should automatically be considered the Coordinating Authority where a Member State designates only one authority. For those reasons, the Coordinating Authority should act as the single contact point with regard to all matters related to the application of this Regulation, ~~without prejudice to the enforcement powers of other national authoritie~~and related to achieving the objective of this Regulation, including prevention matters without prejudice to the enforcement powers of other national authorities. It is essential to ensure the training of officials who could be in close contact with victims, including law enforcement officers, judges, prosecutors, lawyers and forensic experts and social workers, in order to ensure that such officials are able to understand the problems that child victims can face, and in order to ensure that the situation is prevented and mitigated if necessary. The Coordinating Authority should therefore also act as single point of contact with regard to all matters related to the achievement of the objective of this Regulation, including prevention, with regard to awareness raising and training of officials.

2022/11/30
Committee: CULT

Proposal for a regulation
Recital 45 a (new)

(45 a) Given the EU Centre’s particular expertise with regard to the generation and sharing of knowledge, Member States should ensure that such information is shared and promoted at national level. For this purpose, they should cooperate with partner organisations, including with semi-public organisations and hotlines, as well as with civil society. It is important to ensure that practitioners who get in close contact with child victims are adequately trained to deal with such victims, and that the situation of the victim is adequately mitigated. Therefore, the Coordinating authority should ensure that officials such as law enforcement officers, judges, prosecutors, lawyers and forensic experts and social workers cooperate with civil society and semi-public organisations.

2022/11/30
Committee: CULT

Proposal for a regulation
Recital 67

(67) Given its central position resulting from the performance of its primary tasks under this Regulation and the information and expertise it can gather in connection thereto, the EU Centre should also contribute to the achievement of the objectives of this Regulation by serving as a hub for knowledge, expertise and research on matters related to the prevention and combating of online child sexual abuse~~. In this connection, the EU Centre should~~, including education and awareness raising, and prevention programmes available for potential offenders and offenders during and after criminal proceedings. The collection and analysis of data should include the list of education and awareness raising material made part of the official curricula. In this connection, the EU Centre should bring together practitioners and researchers. The EU Centre should also cooperate with relevant stakeholders from both within and outside the Union and allow Member States to benefit from the knowledge and expertise gathered, including best practices and lessons learned.

2022/11/30
Committee: CULT

Proposal for a regulation
Recital 70

(70) Longstanding Union support for both INHOPE and its member hotlines recognises that hotlines are in the frontline in the fight against online child sexual abuse. The EU Centre should leverage the network of hotlines and encourage that they work together effectively with the Coordinating Authorities, providers of relevant information society services and law enforcement authorities of the Member States. The hotlines’ expertise and experience is an invaluable source of information on the early identification of common threats and solutions, as well as on regional and national differences across the Union. Child helplines are equally in the frontline in the fight against online child sexual abuse. Therefore, the EU Centre should also recognise the work of child helplines in victim response, and the existing referral mechanisms between child helplines and hotlines. The EU Centre should coordinate services for victims.

2022/11/30
Committee: CULT

Proposal for a regulation
Article 2 – paragraph 1 – point w a (new)

(w a) `very large online platform` means online platforms which have a number of average monthly active recipients of the service in the Union equal to or higher than 45 million, and which are designated as very large online platforms pursuant to paragraph 4 of Article 33 of Regulation (EU) 2022/2065;

2022/11/30
Committee: CULT

Proposal for a regulation
Article 21 – title

Victims’ right of assistance and support ~~for removal~~

2022/11/30
Committee: CULT

Proposal for a regulation
Article 21 – paragraph 1

1. The providers of very large online platforms that have identified the risk of use of their service for the purpose of online child sexual abuse in line with Article 3 shall provide reasonable assistance, on request, to persons residing in the Union that seek to report potential abuse, by putting in place reporting functions in a prominent way on their platform. Such providers shall ensure adequate follow-up, when a report or alert is made, in the language that the user has chosen for their service. Providers of hosting services shall provide reasonable assistance, on request, to persons residing in the Union that seek to have one or more specific items of known child sexual abuse material depicting them removed or to have access thereto disabled by the provider.

2022/11/30
Committee: CULT

Proposal for a regulation
Article 21 – paragraph 4 a (new)

4 a. Member States shall establish and improve the functioning of child helpline and missing children hotline, including through funding and capacity building, in line with Article 96 of Directive (EU) 2018/1972.

2022/11/30
Committee: CULT

4 b. Member States shall ensure that law enforcement authorities have adequate technical, financial and human resources to carry out their tasks, including for the purpose of identification of victims.

2022/11/30
Committee: CULT

Proposal for a regulation
Article 25 – paragraph 2 – subparagraph 2

The Coordinating Authority shall be responsible for all matters related to the application and enforcement of this Regulation, and to the achievement of the objective of this regulation in the Member State concerned, unless that Member State has assigned certain specific tasks or sectors to other competent authorities.

2022/11/30
Committee: CULT

Proposal for a regulation
Article 25 – paragraph 2 – subparagraph 3

The Coordinating Authority shall in any event be responsible for ensuring coordination at national level in respect of those matters, including matters related to prevention and for contributing to the effective, efficient and consistent application and enforcement of this Regulation throughout the Union.

2022/11/30
Committee: CULT

Proposal for a regulation
Article 25 – paragraph 5

5. Each Member State shall ensure that a contact point is designated or established within the Coordinating Authority’s office to coordinate prevention within the Member State and to handle requests for clarification, feedback and other communications in relation to all matters related to the application and enforcement of this Regulation in that Member State. Member States shall make the information on the contact point publicly available and communicate it to the EU Centre. They shall keep that information updated.

2022/11/30
Committee: CULT

Proposal for a regulation
Article 25 a (new)

Article 25 a Cooperation with partner organisations Where necessary for the performance of its tasks under this Regulation, including the achievement of the objective of this Regulation, and in order to promote the generation and sharing of knowledge in line with Article 43 (6), the Coordinating Authority shall cooperate with organisations and networks with information and expertise on matters related to the prevention and combating of online child sexual abuse, including civil society organisations and semi-public organisations and practitioners.

2022/11/30
Committee: CULT

(a) collecting, recording, analysing and providing information, providing analysis based on anonymised and non-personal data gathering, and providing expertise on matters regarding the prevention and combating of online child sexual abuse, in accordance with Article 51 , including education and awareness raising programmes, and intervention programmes;

2022/11/30
Committee: CULT

Proposal for a regulation
Article 43 – paragraph 1 – point 6 – point b

(b) supporting the development and dissemination of research and expertise on those matters and on assistance to victims, including by serving as a hub of expertise to support evidence-based policy and by linking researchers to practitioners;

2022/11/30
Committee: CULT

Proposal for a regulation
Recital 2

(2) Given the central importance of relevant information society services, those aims can only be achieved by ensuring that providers offering such services in the Union behave responsibly and take reasonable measures to minimise the risk of their services being misused for the purpose of child sexual abuse, those providers often being ~~the only ones~~ in a position to prevent and to help combat such abuse. The measures taken should be targeted, carefully balanced ~~and proportionate~~, effective, evidence- based proportionate , and subject to constant review, so as to avoid any undue negative consequences for the fight against crime and for those who use the services for lawful purposes, in particular for the exercise of their fundamental rights protected under Union law, that is, those enshrined in the Charter and recognised as general principles of Union law, and so as to avoid directly or indirectly imposing any excessive burdens on the providers of the services.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 3

(3) Member States are increasingly introducing, or are considering introducing, national laws to prevent and combat online child sexual abuse, in particular by imposing requirements on providers of relevant information society services. In the light of the inherently cross-border nature of the internet and the service provision concerned, those national laws, which diverge, may have a direct negative effect on the internal market. To increase legal certainty, eliminate the resulting obstacles to the provision of the services and ensure a level playing field in the internal market, the necessary harmonised requirements should be laid down at Union level.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 4

(4) Therefore, this Regulation should contribute to the proper functioning of the internal market by setting out clear, uniform and balanced rules to prevent and combat child sexual abuse in a manner that is demonstrably and durably effective and that respects the fundamental rights of all parties concerned. In view of the fast- changing nature of the services concerned and the technologies used to provide them, those rules should be laid down in technology-neutral and future- proof manner, so as not to hamper ~~innovation~~the fight against crime .

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 5

(5) In order to achieve the objectives of this Regulation, it should cover providers of services ~~that have the potential to b~~are misused for the purpose of online child sexual abuse. As they are increasingly misused to a significant extent for that purpose, those services shcould include publicly available number- independent interpersonal communications services, such as messaging services and web-based e-mail services, in so far as those services asre publicly available. As ~~servic~~online games which enable direct interpersonal and interactive exchange of information merely as a minor ancillary feature ~~that is intrinsically linked to another service, such as chat and similar functions as part of gaming, image-sharing and video-hosting are equally~~are also at risk of misuse, they should also be covered by this Regulation. However, given the inherent differences between the various relevant information society services covered by this Regulation and the related varying risks that those services are misused for the purpose of online child sexual abuse and varying ability of the providers concerned to prevent and combat such abuse, the obligations imposed on the providers of those services should be differentiated in an appropriate manner.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 6

(6) Online child sexual abuse ~~frequently~~can also involves the misuse of information society services offered in the Union by providers established in third countries. In order to ensure the effectiveness of the rules laid down in this Regulation and a level playing field within the internal market, those rules should apply to all providers, irrespective of their place of establishment or residence, that offer services in the Union, as evidenced by a substantial connection to the Union.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 9

(9) Article 15(1) of Directive 2002/58/EC allows Member States to adopt legislative measures to restrict the scope of the rights and obligations provided for in certain specific provisions of that Directive relating to the confidentiality of communications when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society, inter alia, to prevent, investigate, detect and prosecute criminal offences, provided certain conditions are met, including compliance with the Charter , which, inter alia, requires the specific measures to be provided for by law and genuinely achieve objectives of general interest. Applying the requirements of that provision by analogy, this Regulation should limit the exercise of the rights and obligations provided for in Articles 5(1), (3) and 6(1) of Directive 2002/58/EC, insofar as strictly necessary in line with Article 52 of the Charter to execute ~~detec~~investigation orders issued in accordance with this Regulation with a view to prevent and combat online child sexual abuse.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 11

(11) A substantial connection to the Union should be considered to exist where the relevant information society services has an establishment in the Union or, in its absence, on the basis of the existence of a significant number , in relation to population size of users in one or more Member States, or the targeting of activities towards one or more Member States. The targeting of activities towards one or more Member States should be determined on the basis of all relevant circumstances, including factors such as the use of a language or a currency generally used in that Member State, or the possibility of ordering products or services, or using a national top level domain. The targeting of activities towards a Member State could also be derived from the availability of a software application in the relevant national software application store, from the provision of local advertising or advertising in the language used in that Member State, or from the handling of customer relations such as by providing customer service in the language generally used in that Member State. A substantial connection should also be assumed where a service provider directs its activities to one or more Member State as set out in Article 17(1), point (c), of Regulation (EU) 1215/2012 of the European Parliament and of the Council44. Mere technical accessibility of a website from the Union ~~should~~cannot, alone, be considered as establishing a substantial connection to the Union. _________________ 44 Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (OJ L 351, 20.12.2012, p. 1).

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 14

(14) With a view to minimising the risk that their services are misused for the dissemination of ~~known or~~ onlinew child sexual abuse material ~~or the solicitation of children~~, providers of hosting services and providers of publicly available number- independent interpersonal communications services ~~should assess such risk for each~~that are exposed to substantial amount of child sexual abuse material should assess the existence of a significant risk stemming from the design and functioning of of the services that they offer in the Union. To guide their risk assessment, a non- exhaustive list of elements to be taken into account should be provided. To allow for a full consideration of the specific characteristics of the services they offer, providers should be allowed to take account of additional elements where relevant. As risks evolve over time, in function of developments such as those related to technology and the manners in which the services in question are offered and used, it is appropriate to ensure that the risk assessment is, as well as the effectiveness and proportionality of specific measures are updated regularly and when needed for particular reasons.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 15

(15) Some of those providers of relevant information society services in scope of this Regulation may also be subject to an obligation to conduct a risk assessment under Regulation (EU) …/… [on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC] with respect to information that they store and disseminate to the public , which should form the basis for the risk assessment under this instrument. For the purposes of the present Regulation, those providers may draw on such a risk assessment and complement it with a more specific assessment of the risks of use of their services for the purpose of online child sexual abuse, as required by this Regulation.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 16

(16) In order to prevent and combat online child sexual abuse effectively, providers of hosting services and providers of publicly available number-independent interpersonal communications services should take reasonable specific measures to mitigate ~~the risk of~~ their services being misused for ~~such abuse, as identified through the risk assessment~~the dissemination of known child sexual abuse material. Providers subject to an obligation to adopt mitigation measures pursuant to Regulation (EU) …/… [on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC] may consider to which extent mitigation measures adopted to comply with that obligation, ~~which may include targeted measures to protect the rights of the child, including age verification and parental control tools,~~ may also serve to address the risk identified in the specific risk assessment pursuant to this Regulation, and to which extent further targeted mitigation measures may be required to comply with this ~~Regulation~~.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 17

(17) To allow for innovation and ensure proportionality and technological neutrality, no exhaustive list of the compulsory ~~mitigation~~specific measures should be established. Instead, providers should be left a degree of flexibility to design and implement measures tailored to the risk ~~identified~~exposure and the characteristics of the services they provide and the manners in which those services are used. In particular, providers are free to design and implement, in accordance with Union law, measures based on their existing practices ~~to detect online child sexual abuse~~ . Specific measures could include providing their services and indicate as part of the risk reporting their willingness and preparedness to eventually being issued a detection order under this Regulation, if deemed necessary by the competent national authorityechnical measures and tools that allow users to manage their own privacy visibility, reachability and safety, such as mechanisms for users to block or mute other users, mechanisms that ask for confirmation before displaying certain content, tools that prompt or warn users.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 17 a (new)

(17 a) Relying on providers for risk mitigation measures comes with inherent problems, as business models, technologies and crimes evolve continuously. As a result, clear targets, oversight, review and adaptation, led by national supervisory authorities are needed, to avoid measures becoming redundant, disproportionate, ineffective, counterproductive and outdated.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 18

(18) In order to ensure that the objectives of this Regulation are achieved, that flexibility should be subject to the need to comply with Union law and, in particular, the requirements of this Regulation on mitigation measures. Therefore, providers of hosting services and providers of publicly available number-independent interpersonal communications services should, when designing and implementing the ~~mitigation~~specific measures, give importance not only to ensuring their effectiveness, but also to avoiding any undue negative consequences for other affected parties, notably for the exercise of users’ fundamental rights. In order to ensure proportionality, when determining which ~~mitigation~~specific measures that should reasonably be taken in a given situation, account should also be taken of the ongoing effectiveness of the measures and the financial and technological capabilities and the size of the provider concerned. When selecting appropriate ~~mitigation~~specific measures, providers should at least duly consider the possible measures listed in this Regulation, as well as, where appropriate, other measures such as those based on industry best practices, including as established through self-regulatory cooperation, and those contained in guidelines from the Commission. When no risk has been detected after a diligently conducted or updated risk assessment, providers should not be required to take any mitigation measuresquantifying the expected impact of the available measures. Objective data on ongoing effectiveness must be provided, in order for any measure to be recognised as best practice.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 19

(19) In the light of their role as intermediaries facilitating access to software applications that may be misused for online child sexual abuse, providers of software application stores should be made subject to obligations to take certain reasonable measures to assess and mitigate that risk. The providers should make that assessment in a diligent manner, making efforts that are reasonable under the given circumstances, having regard inter alia to the nature and extent of that risk as well as their financial and technological capabilities and size, and cooperating with the. The providers should only make available on their platform software applications if prior to the use of their service they have obtained the contact details of the provider of software application developing team with the cooperation of the specific providers of the services offered through the software application ~~where possible~~.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 20

(20) With a view to ensuring effective prevention and fight against online child sexual abuse, when ~~mitigating measures are deemed insufficient to limit the risk of misuse of a certain service for the purpose of online child sexual abus~~data on the impact of specific measures demonstrate that their impact is below pre-determined targets e, the Coordinating Authorities designated by Member States under this Regulation should be empowered to request the i~~ssuance of detection orders~~mplementation of additional targeted and proportionate risk mitigation measures . In order to avoid any undue interference with fundamental rights and to ensure proportionality, that power should be subject to a carefully balanced set of targets, limits and safeguards. For instance, considering that child sexual abuse material tends to be disseminated through hosting services and publicly available number-independent interpersonal communications services, and that solicitation of children mostly takes place in publicly available number-independent interpersonal communications services, it should only be possible to address ~~detec~~investigation orders to providers of such services in relation to specific suspects or specific group of suspects or a specific incident .

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 21

(21) Furthermore, as parts of those limits and safeguards, ~~detec~~investigation orders should only be issued after a diligent and objective assessment leading to the finding of a significant risk of the specific service concerned being misused for a given type of online child sexual abuse covered by this Regulation. One of the elements to be taken into account in this regard is the likelihood that the service is used to an appreciable extent, that is, beyond isolated and relatively rare instances, for such abuse. The criteria should vary so as to account of the different characteristics of the various types of online child sexual abuse at stake and of the different characteristics of the services used to engage in such abuse, as well as the related different degree of intrusiveness of the measures to be taken to execute the detection orderthat the order is necessary and proportionate .

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 22

(22) However, the finding of such a significant risk should in itself be insufficient to justify the issuance of a detection order, given that in such a case the order might lead to disproportionate negative consequences for the rights and legitimate interests of other affected parties, in particular for the exercise of users’ fundamental rights. Therefore, it should be ensured that detecIt should be ensured that investigation orders can be issued only after the Coordinating Authorities and the competent judicial authority or independent administrative authority having objectively and diligently assessed, identified and weighted, on a case-by-case basis, not only the likelihood and seriousness of the potential consequences of the service being misused for the type of online child sexual abuse at issue, but also the specific results anticipated by the measure, the likelihood and seriousness of any potential negative consequences for other parties affected. With a view to avoiding the imposition of excessive burdens, the assessment should also take account of the financial and technological capabilities and size of the provider concerned.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 23

(23) In addition, to avoid undue interference with fundamental rights and ensure proportionality, when it is established that those requirements have been met and a ~~detec~~investigation order is to be issued, it should still be ensured that the ~~detection~~ order is targeted and specifiedc enough so as to ensure that any such negative consequences for affected parties do not go beyond what is strictly necessary ~~to effectively address the significant risk identified~~. This should concern, in particular, a limitation to an identifiable part or component of the service where possible without prejudice to the effectiveness of the measure, such as specific types of channels of a publicly available number-independent interpersonal communications service, or to specific users or specific groups of users, to the extent that they can be taken in isolation for the purpose of detection, as well as the specification of the safeguards additional to the ones already expressly specified in this Regulation, such as independent auditing, the provision of additional information or access to data, or reinforced human oversight and review, and the further limitation of the duration of application of the detection order that the Coordinating Authority deems necessary. To avoid unreasonable or disproportionate outcomes, such requirements should be set after an objective and diligent assessment conducted on a case-by-case basis.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 24

(24) The competent judicial authority ~~or the competent independent administrative authority, as applicable in accordance with the detailed procedural rules set by the relevant Member State, should~~should have the data necessary to be in a position to take a well-informed decision on requests for the issuance of ~~detec~~investigations orders. That is of particular importance to ensure the necessary fair balance of the fundamental rights at stake and a consistent approach, especially in connection to ~~detec~~investigation orders concerning the solicitation of children. Therefore, a procedure should be provided for that allows the providers concerned, the EU Centre on Child Sexual Abuse established by this Regulation (‘EU Centre’) and, where so provided in this Regulation, the competent data protection authority designated under Regulation (EU) 2016/679 to provide their views on the measures in question. They should do so ~~as soon as possible~~without undue delay , having regard to the important public policy objective at stake and the need to act ~~without undue delay~~ to protect children. ~~In particular~~Furthermore, data protections authorities should ~~do their utmost to avoid extending the time period set out in Regulation (EU) 2016/679 for providing their opinions in response to a prior consultation. Furthermore, they should~~ normally be able to provide their opinion ~~well within that time period~~in a timely manner in situations where the European Data Protection Board has already issued guidelines regarding the technologies that a provider envisages deploying and operating to execute a ~~detec~~investigation order addressed to it under this Regulation.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 25

(25) Where new services are concerned, that is, services not previously offered in the Union, the evidence available on the potential misuse of the service in the last 12 months is normally non-existent. Taking this into account, and to ensure the effectiveness of this Regulation, the Coordinating Authority should be able to draw on evidence stemming from comparable services when assessing whether to request the issuance of a detection order in respect of such a new service. A service should be considered comparable where it provides a functional equivalent to the service in question, having regard to all relevant facts and circumstances, in particular its main characteristics and functionalities, the manner in which it is offered and used, the user base, the applicable terms and conditions and risk mitigation measures, as well as the overall remaining risk profile.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 26

(26) The measures taken by providers of hosting services and providers of publicly available number-independent interpersonal communications services to execute ~~detec~~investigation orders addressed to them should remain strictly limited to what is specified in this Regulation and in the detection orders issued in accordance with this Regulation. In order to ensure the effectiveness of those measures, allow for tailored solutions, remain technologically neutral, and avoid circumvention of the detection obligations, those measures should be taken regardless of the technologies used by the providers concerned in connection to the provision of their services. Therefore, t. This Regulation leaves to the provider concerned the choice of the technologies to be operated to comply effectively with ~~detection~~ orders and should not be understood as incentivising or disincentivising the use of any given technology, provided that the technologies and accompanying measures ~~meet the requirements of this Regulation~~are not undermined . That includes the use of end-to-end encryption technology, which is an important tool to guarantee the security and confidentiality of the communications of users, including those of children. ~~When executing the detection order, providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or~~Any weakening of encryption could potentially be abused by malicious their ~~employees for purposes other than compliance with~~d parties. Nothing in this Regulation~~, n~~ should therefore b~~y third parties, and thus to avoid undermining the security and confidentiality of the communications of users~~e interpreted as prohibiting or weakening end-to-end encryption.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 27

(27) In order to facilitate the providers’ compliance with the ~~detection obligation~~investigation orders, the EU Centre should make available to providers ~~detection~~approved technologies that they may choose to use, on a free-of-charge basis, for the sole purpose of executing the ~~detec~~investigation orders addressed to them. The European Data Protection Board should be consulted on the acceptability or otherwise of those technologies and the ways in which they should be ~~best~~ deployed ~~to ensure~~, if at all, in compliance with applicable ~~rules of~~ Union law on the protection of personal data~~. The advice~~ and with the Charter of Fundamental Rights. The authoritative position of the European Data Protection Board should be fully taken into account by the EU Centre ~~when compiling the lists of available technologies~~ and also by the Commission when preparing guidelines regarding the application of the ~~detection~~ obligations. The providers may operate the technologies made available by the EU Centre or by others or technologies that they developed themselves, as long as they meet the requirements of this Regulation and other applicable EU law, such as Regulation 2016/679.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 28

(28) With a view to constantly assess the performance of the ~~detection~~ technologies and ensure that they are sufficiently ~~reliable~~accurate , as well as to identify false positives and ~~avoid to the extent~~false negatives and to avoid erroneous reporting to the EU Centre, providers should ensure adequate human oversight and, where necessary, human intervention, adapted to the type of ~~detection~~ technologies and the type of online child sexual abuse at issue. Such oversight should include regular assessment of the rates of false negatives and positives generated by the technologies, based on an analysis of anonymised representative data samples. In particular where the detection of the solicitation of children in publicly available interpersonal communications is concerned, service providers should ensure regular, specific and detailed human oversight and human verification of conversations identified by the technologies as involving potential solicitation of children.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 29

(29) Providers of hosting services and providers of publicly available interpersonal communications services are uniquely positioned to detect potential online child sexual abuse involving their services. The information that theyThe information providers may obtain when offering their services is often indispensable to effectively investigate and prosecute child sexual abuse offences. Therefore, they should be required to report on potential online child sexual abuse on their services, whenever they become aware of it, that is, when there are reasonable grounds to believe that a particular activity may constitute online child sexual abuse. Where such reasonable grounds exist, doubts about the potential victim’s age should not prevent those providers from submitting reports. In the interest of effectiveness, it should be immaterial in which manner they obtain such awareness. Such awareness could, for example, be obtained through the execution of detection orders, information flagged by users or organisations acting in the public interest against child sexual abuse, or activities conducted on the providers’ own initiativeIn the interest of effectiveness, it should be immaterial in which manner they obtain such awareness. Those providers should report a minimum of information, as specified in this Regulation, for competent law enforcement authorities to be able to assess whether to initiate an investigation, where relevant, and should ensure that the reports are as complete as possible before submitting them.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 32

(32) The obligations of this Regulation do not apply to providers of hosting services that do not offer their services in the Union. However, such services may still be used to disseminate child sexual abuse material to or by users in the Union, causing harm to children and society at large, even if the providers’ activities are not targeted towards Member States and the total numbers of users of those services in the Union are limited. ~~For legal and p~~In view of the very high number of ractical reasons, it may not be reasonably possible to have those providers remove or disable access to the material, not even through cooperation with the competent authorities of the third country where they are established. Therefore, in line with existing practices in severalfications of the UN Convention on the Rights of the Child or its optional Protocol on Child Pornography globally, it should always be possible to have those providers remove or disable access to the material. Where problems arise in relation to specific jurisdictions, Commission and Member States~~, it~~ should ~~be possible to require providers of internet access services to take reasonable measures to block the access of users in the Union to the material~~use all reasonable means at their disposal to encourage and lead international efforts to remedy the situation.

2023/03/09
Committee: IMCO

(34) Considering that acquiring, possessing, knowingly obtaining access and transmitting child sexual abuse material constitute criminal offences under Directive 2011/93/EU, it is necessary to exempt providers of relevant information society services from criminal liability when they are involved in such activities, insofar as their activities remain strictly limited to what is needed for the purpose of complying with their obligations under this Regulation and they act in good faith.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 44

(44) In order to provide clarity and enable effective, efficient and consistent coordination and cooperation both at national and at Union level, where a Member State designates more than one competent authority to apply and enforce this Regulation, it should designate one lead authority as the Coordinating Authority, whilst the designated authority should automatically be considered the Coordinating Authority where a Member State designates only one authority. For those reasons, the Coordinating Authority should act as the single contact point with regard to all matters related to ~~the application of this Regulation~~contributing to the achievements of the objective of this Regulation, , including for trusted organisations providing assistance to victims and providing education and awareness raising, without prejudice to the enforcement powers of other national authorities.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 49

(49) In order to verify that the rules of this Regulation, in particular those on ~~mitigation~~specific measures and on the execution of ~~detec~~investigation orders, removal orders ~~or blocking orders that it issued~~, are effectively complied ~~in practice~~with, each Coordinating Authority should be able to carry out searches, using the relevant indicators provided by the EU Centre, to detect the dissemination of known or new child sexual abuse material through publicly available material in the hosting services of the providers concernedrelevant searches.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 50

(50) With a view to ensuring that providers of hosting services are aware of the misuse made of their services and to afford them an opportunity to take expeditious action to remove or disable access on a voluntary basis, Coordinating Authorities of establishment should be able to notify those providers of the presence of known child sexual abuse material on their services and requesting removal or disabling of access thereof, for the providers’ voluntary consideration. Such notifying activities should be clearly distinguished from the Coordinating Authorities’ powers under this Regulation to request the issuance of removal orders, which impose on the provider concerned a binding legal obligation to remove or disable access to the material in question within a set time period.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 55

(55) It is essential for the proper functioning of ~~the system of mandatory detection and blocking of online child sexual abuse set up by~~ this Regulation that the EU Centre receives, via the Coordinating Authorities, anonymised specific items of material identified as constituting child sexual abuse material or transcripts of conversations identified as constituting the solicitation of children related to a specific person or a specific group of people or specific incident , such as may have been found for example during criminal investigations, so that that material or conversations can serve as an accurate and reliable basis for the EU Centre to generate indicators of such abuses. In order to achieve that result, the identification should be made after a diligent assessment, conducted in the context of a procedure that guarantees a fair and objective outcome, either by the Coordinating Authorities themselves or by a court or another independent administrative authority than the Coordinating Authority. Whilst the swift assessment, identification and submission of such material is important also in other contexts, it is crucial in connection to ~~new~~ child sexual abuse material ~~and the solicitation of children~~ reported under this Regulation, considering that this material can lead to the identification of ongoing or imminent abuse and the rescuing of victims. Therefore, specific time limits should be set ~~in connection to such reporting~~.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 55 a (new)

(55 a) All communications containing illegal material should be encrypted to state of the art standards, all access by staff to such content should be limited to what is necessary and thoroughly logged.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 56

(56) With a view to ensuring that the indicators generated by the EU Centre ~~for the purpose of detection~~ are as complete as possible, the submission of relevant material and transcripts should be done proactively by the Coordinating Authorities. However, the EU Centre should also be allowed to bring certain material or conversations to the attention of the Coordinating Authorities for those purposes.

2023/03/09
Committee: IMCO

Proposal for a regulation
Recital 78

(78) Regulation (EU) 2021/1232 of the European Parliament and of the Council45provides for a temporary solution in respect of the use of technologies by certain providers of publicly available interpersonal communications services for the purpose of combating online child sexual abuse~~, pending the preparation and adoption of a long-term legal framework.This Regulation provides that long-term legal framework~~. Regulation (EU) 2021/1232 should therefore be repealed. _________________ 45 Regulation (EU) 2021/1232 of the European Parliament and of the Council of 14 July 2021 on a temporary derogation from certain provisions of Directive 2002/58/EC as regards the use of technologies by providers of number- independent interpersonal communications services for the processing of personal and other data for the purpose of combating online child sexual abuse (OJ L 274, 30.7.2021, p. 41).

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 1 – paragraph 1 – subparagraph 1

This Regulation lays down uniform rules to address the misuse of relevant information society services for online child sexual abuse in ~~the internal market.~~ order to contribute to the proper functioning of the internal market and to create a safe, predictable and trusted online environment that facilitates innovation and in which fundamental rights enshrined in the Charter are effectively protected.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 1 – paragraph 1 – subparagraph 2 – point b

(b) obligations on providers of hosting services and providers of publicly available number-independent interpersonal communication services to ide~~tect~~ntify and report online child sexual abuse;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 1 – paragraph 1 – subparagraph 2 – point e a (new)

(e a) Obligations on providers of online games;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 1 – paragraph 4

4. This Regulation limits the exercise of the rights and obligations provided for in 5(1) and (3) and Article 6(1) of Directive 2002/58/EC insofar as necessary for the execution of the ~~detec~~investigation orders issued in accordance with Section 2 of Chapter 1 of this Regulation.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 2 – paragraph 1 – point a

(a) ‘hosting service’ means an information society service as defined in Article 23, point (fg), third indent, of Regulation (EU) …/… [on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC];

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 2 – paragraph 1 – point b

(b) ‘number-independent interpersonal communications service’ means a publicly available service as defined in Article 2, point 57, of Directive (EU) 2018/1972~~, including services which enable direct interpersonal and interactive exchange of information merely as a minor ancillary feature that is intrinsically linked to another service~~;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 2 – paragraph 1 – point b a (new)

(b a) ‘number-independent interpersonal communications service within games’ means any service defined in Article 2, point 7 of Directive (EU) 2018/1972 which is part of a game.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 2 – paragraph 1 – point e

(e) ‘internet access service’ means a service as defined in Article 2(2), point 2, of Regulation (EU) 2015/2120 of the European Parliament and of the Council49; _________________ 49 Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union (OJ L 310, 26.11.2015, p. 1– 18).deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 2 – paragraph 1 – point f – point ii

(ii) an publicly available number- independent interpersonal communications service;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 2 – paragraph 1 – point f – point iv

~~(iv) an internet access service.~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 2 – paragraph 1 – point f – point iv a (new)

(iv a) online games;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 2 – paragraph 1 – point h a (new)

(h a) ‘hotline’ means an organisation providing a mechanism, other than the reporting channels provided by law enforcement agencies, for receiving anonymous report from the public about alleged child sexual abuse material and online child sexual exploitation, which is officially recognised by the Member State of establishment and has the mission of combatting child sexual abuse;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 2 – paragraph 1 – point h b (new)

(h b) ‘help-line’ means an organisation providing services for children in need as recognised by the Member State of establishment;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 1

1. Providers of hosting services and providers of ~~interpersonal communications services shall identify, analyse and assess, for each such service that they offer, the risk of use~~publicly available number- independent interpersonal communications services that are exposed to substantial amount of child sexual abuse material shall identify, analyse and assess, for each such service that they offer, risks stemming from the design, functioning , including algorithmic systems of the service for the purpose of online child sexual abuse.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 1 a (new)

1 a. A hosting service provider or publicly available number-independent interpersonal communication service is exposed to child sexual abuse material where the coordinating authority of the Member State of its main establishment or where its legal repr esentative resides or is established has: a) taken a decision, on the basis of objecti ve factors, such as the provider having rec eived two or more final removal orders in the previous 12 m onths, finding that the provider is exposed to child sexual abuse material;and b) notified the decision referred to in point (a) to the provider.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point a

~~(a) any previously identified instances of use of its services for the purpose of online child sexual abuse;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point a a (new)

(a a) any actual or foreseeable negative effects for the exercise of fundamental rights

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point b – introductory part

(b) the existence and implementation by the provider of a policy and the availability and effectiveness of functionalities to address the risk referred to in paragraph 1, including through the following:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point b – indent 1

~~— prohibitions and restrictions laid down in the terms and conditions;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point b – indent 2

~~— measures taken to enforce such prohibitions and restrictions;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point b – indent 3

— functionalities enabling ~~age verification~~the effective protection of children online ;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point c

~~(c) the manner in which users use the service and the impact thereof on that risk;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point d

(d) the manner in which the provider designed and operates the service, including the business model, governance and relevant systems and processes, the design of their recommender systems and any other relevant algorithmic system and the impact thereof on that risk;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point e – point i

~~(i) the extent to which the service is used or is likely to be used by children;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point e – point ii

~~(ii) where the service is used by children, the different age groups of the child users and the risk of solicitation of children in relation to those age groups;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point e – point iii – indent 1

— enabling users to publicly search for other users and, in particular, for adult users to search for child users;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 2 – point e – point iii – indent 2

— enabling users to ~~establish~~initiate unsolicited contact with other users directly, in particular through private communications;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 3 – subparagraph 1

The provider may request the EU Centre to perform an analysis of ~~representative, anonymized data samples to identify potential online child sexual abuse,~~methodology for risk assessment in order to support the risk assessment.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 3 – subparagraph 2

The costs incurred by the EU Centre for the performance of such an analysis shall be borne by the requesting provider. However, the EU Centre shall bear those costs where the provider is a micro, small or medium-sized enterprise~~, provided the request is~~. The Centre may reject the request on the basis that it is not reasonably necessary to support the risk assessment.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 3 – subparagraph 3

~~The Commission shall be empowered to adopt~~ delegated acts in accordance with Article 86 in order to supplement this Regulation with the necessary detailed rules on the determination and charging of those costs and the application of the exemption for micro, small and medium- sized enterprises.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 3 – paragraph 4 – subparagraph 2 – point a

(a) for a service which is subject to a ~~detec~~investigation order issued in accordance with Article 7, the provider shall update the risk assessment at the latest two months before the expiry of the period of application of the ~~detection~~ order;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – title

~~Risk mitigation~~Specific measures

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 1 – introductory part

1. Providers of hosting services and providers of publicly available number- independent interpersonal communications services stha~~ll take reasonable mitigation~~t are exposed to substantial amount of child sexual abuse material shall take proportionate and effective specific measures, tailored to the serious risk identified pursuant to Article 3~~, to minimise that risk~~. Such measures shall include some or all of the following:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 1 – point a

(a) adapting, through appropriate technical and operational measures and staffing, the provider’s content moderation or recommender systems, its decision- making processes, the operation or functionalities of the service, ~~or the content or enforcement of its terms and conditions;~~

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 1 – point a a (new)

(a a) providing technical measures and tools that allow users to manage their own privacy, visibility, reachability and safety , and that are set to the most secure levels by default;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 1 – point a b (new)

(a b) informing users about external resources and services in the user’s region on preventing child sexual abuse, counselling by help-lines, victim support and educational resources by hotlines and child protection organisation;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 1 – point a c (new)

(a c) providing tools in a prominent way on their platform that allow users and potential victims to seek help from their local help-line

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 1 – point a d (new)

(a d) automatic mechanisms and interface design elements to inform users about external preventive intervention programmes

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 1 – point b

(b) ~~reinforc~~adapting the provider’s internal processes or the internal supervision of the functioning of the service;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 2 – introductory part

2. The ~~mitigation~~specific measures shall be:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 2 – point a

(a) effective and proportionate in mitigating the identified serious risk;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 2 – point a a (new)

(a a) subject to an implementation plan with clear objectives and methodologies for identifying and quantifying impacts on the identified serious risk and on the exercise of the fundamental rights of all affected parties. The implementation plan shall be reviewed every six months.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 2 – point b

(b) targeted and proportionate in relation to that risk, taking into account, in particular, the seriousness of the risk , any impact on the functionality of the service as well as the provider’s financial and technological capabilities and the number of users;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 3

3. Providers of interpersonal communications services that have identified, pursuant to the risk assessment conducted or updated in accordance with Article 3, a risk of use of their services for the purpose of the solicitation of children, shall take the necessary age verification and age assessment measures to reliably identify child users on their services, enabling them to take the mitigation measures.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 3 a (new)

3 a. Any requirement to take specific measures shall be without prejudice to Article 8 of Regulation (EU) 2022/2065 and shall entail neither a general obligation for hosting services providers to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 4

4. PWhere appropriate providers of hosting services and providers of interpersonal communications services shall clearly describe in their terms ~~and conditions~~of service the mitigation measures that they have taken. That description shall not include information that ~~may~~is likely to reduce the effectiveness of the mitigation measures.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 – paragraph 5

5. The Commission, in cooperation with Coordinating Authorities and the EU Centre and after having conducted a public consultation, may issue guidelines on the application of paragraphs 1~~, 2, 3~~ and 42, having due regard in particular to relevant technological developments and in the manners in which the services covered by those provisions are offered and used.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 a (new)

Article 4 a Specific measures for platforms primarily used for the dissemination of pornographic content Where an online platform is primarily used for the dissemination of user generated pornographic content, the platform shall take the necessary technical and organisational measures to ensure a. user-friendly reporting mechanisms to report alleged child sexual abuse material; b. adequate professional human content moderation to rapidly process notices of alleged child sexual abuse material; c. automatic mechanisms and interface design elements to inform users about external preventive intervention programmes in the user’s region.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 4 b (new)

Article 4 b Specific measures for number- independent interpersonal communications service within games Providers of online games that operate number-independent interpersonal communications service within their games shall take the necessary technical and organisational measures a) preventing users from initiating unsolicited contact with other users; b) facilitating user-friendly reporting of alleged child sexual abuse material; c) providing technical measures and tools that allow users to manage their own privacy, visibility reachability and safety. and that are set to the most secure levels by default; d) providing tools in a prominent way on their platform that allow users and potential victims to seek help from their local help-line.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 5 – paragraph 1 – introductory part

1. Providers of hosting services and providers of publicly available number- independent interpersonal communications services shall transmit, by three months from the date referred to in Article 3(4), to the Coordinating Authority of establishment a report specifying the following:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 5 – paragraph 1 – point a

(a) ~~the process and~~ the results of the risk assessment conducted or updated pursuant to Article 3, including the assessment of any ~~potential~~ remaining serious risk referred to in Article 3(5);

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 5 – paragraph 1 – point b

(b) any ~~mitigation~~specific measures taken pursuant to Article 4.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 5 – paragraph 2

2. Within three months after receiving the report, the Coordinating Authority of establishment shall assess it and determine, on that basis and taking into account any other relevant information available to it, whether the risk assessment has been carried out or updated and the ~~mitigation measure~~specific measures and implementation plans have been taken in accordance with the requirements of Articles 3 and 4.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 5 – paragraph 3 – subparagraph 1

Where necessary for that assessment, that Coordinating Authority may require further information from the provider, ~~within a reasonable time period set by that Coordinating Authority. That time period shall not be longer than two weeks~~to be provided without undue delay .

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 5 – paragraph 3 – subparagraph 2

~~The time period referred to in the first subparagraph shall be suspended until that additional information is provid~~deleted.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 5 – paragraph 4

4. Without prejudice to Articles 7 and 27 to 29, where the requirements of Articles 3 and 4 have not been met, that Coordinating Authority shall require the provider to ~~re-conduct or~~make specific updates to the risk assessment ~~or to introduce, review, discontinue or expand, as applicable, the mitigation measures,~~ within a reasonable time period set by that Coordinating Authority. That time period shall not be longer than one month.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 5 – paragraph 6

6. Providers shall, upon request, transmit the report to the providers of software application stores, insofar as necessary for the assessment referred to in Article 6(2). Where necessary, they may remove confidential information from the reports.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 6 – paragraph 1 – point a

(a) make reasonable efforts to ~~assess, where possible together with the providers of~~to ensure that software applications, whether each service offered through the software applications ~~that they intermediate presents a risk of being used for the purpose of the so~~can only make available on their platform software applications if prior to the use of their service they have obtained the contact details of the provider of software applicitation ~~of children~~developing team ;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 6 – paragraph 1 – point b

(b) take reasonable measures to prevent child users from accessing the software applications in relation to which they have identified a significant risk of use of the service concerned for the purpose of the solicitation of children;deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 6 – paragraph 1 – point c

~~(c) take the necessary age verification and age assessment measures to reliably identify child users on their services, enabling them to take the measures referred to in point (b).~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 6 – paragraph 2

2. In assessing the risk referred to in paragraph 1, the provider shall take into account all the available information, including the results of the risk assessment conducted or updated pursuant to Article 3.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 6 – paragraph 3

3. Providers of software application stores shall make publicly available information describing the process and criteria used to assess the risk and describing the measures referred to in paragraph 1. That description shall not include information that may reduce the effectiveness of the assessment of those measures.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 6 – paragraph 4

4. The Commission, in cooperation with Coordinating Authorities and the EU Centre and after having conducted a public consultation, may issue guidelines on the application of paragraphs 1, 2 and 3, having due regard in particular to relevant technological developments and to the manners in which the services covered by those provisions are offered and used.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 6 a (new)

Article 6 a Security of communications and services Nothing in this regulation shall be construed as encouraging the prohibition, restriction, circumvention or undermining of the provision or the use of encrypted services.

2023/03/09
Committee: IMCO

Proposal for a regulation
Chapter II – Section 2 – title

2 ~~Detec~~Investigation obligations

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – title

Issuance of ~~detec~~investigation orders

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 1

1. The Coordinating Authority of establishment shall have the power to request the competent judicial authority of the Member State that designated it ~~or another independent administrative authority of that Member State to issue a detec~~to issue an investigation order requiring a provider of hosting services or a provider of publicly available number-independent interpersonal communications services under the jurisdiction of that Member State to take the measures specified in Article 10 to ~~detect~~assist in investigations of a specific person, specific group of people, or a specific incident related to online child sexual abuse on a specific service.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 2 – subparagraph 1

The Coordinating Authority of establishment shall, before requesting the issuance of a ~~detec~~n investigation order, carry out the ~~investigations and~~ assessments necessary to determine whether the conditions of paragraph 4 have been met.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – introductory part

Where the Coordinating Authority of establishment takes the ~~preliminary~~ view that the conditions of paragraph 4 have been met, it shall:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – point a

(a) establish a draft request for the issuance of a ~~detec~~n investigation order, specifying the factual and legal grounds upon which the request is based, the main elements of the content of the ~~detec~~investigation order it intends to request and the reasons for requesting it;

2023/03/09
Committee: IMCO

~~(c) afford the provider an opportunity to comment on the draft request, within a reasonable time period set by that Coordinating Authority;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 2 – introductory part

Where, having regard to the ~~comments of the provider and the~~ opinion of the EU Centre, that Coordinating Authority continues to be of the view that the conditions of paragraph 4 ~~hav~~are met, it shall re~~-submit the draft request, adjusted where appropriate, to the provider. In that case,~~quest the judicial validation of the inquiry/investigation order from the competent judicial authority responsible for the issuing of such orders pursuant to paragraph 4. Upon receipt of judicial validation of the order, the Coordinating Authority shall submit the order, adjusted where appropriate, to the provider. Prior to requesting the judicial validation of the investigation order, the Coordinating Authority shall request the provider ~~shall~~to do all of the following, within a reasonable time period ~~set by that Coordinating Authority:~~ :

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 2 – point a

(a) draft an implementation plan setting out the incident that the authority intends to investigate, the measures it envisages taking to execute the intended ~~detec~~investigation order, including detailed information regarding the envisaged technologies and safeguards;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 2 – point b

(b) where the draft implementation plan concerns an intended ~~detec~~investigation order concerning the solicitation of children other than the renewal of a previously issued ~~detec~~investigation order without any substantive changes, conduct a data protection impact assessment and a prior consultation procedure as referred to in Articles 35 and 36 of Regulation (EU) 2016/679, respectively, in relation to the measures set out in the implementation plan;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 2 – point c

(c) where point (b) applies, or where the conditions of Articles 35 and 36 of Regulation (EU) 2016/679 are met, adjust the draft implementation plan, where necessary in view of the outcome of the data protection impact assessment and in order to ~~take into~~utmost account of the opinion of the data protection authority provided in response to the prior consultation;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 2 – point d

(d) submit to that Coordinating Authority the implementation plan, where applicable attaching the opinion of the competent data protection authority and specifying how the implementation plan has been adjusted ~~in view~~to take full account of the outcome of the data protection impact assessment and of that opinion.

2023/03/09
Committee: IMCO

Where, having regard to the implementation plan of the provider and taking taking utmost account of the opinion of the data protection authority, that Coordinating Authority ~~continues to be~~is of the view that the conditions of paragraph 4 have met, it shall submit the request for the validation and issuance of the ~~detection~~investigation order, adjusted where appropriate, to the competent judicial ~~authority or independent administrative~~ authority. It shall attach the implementation plan of the provider and the opinions of the EU Centre and the data protection authority to that request.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 4 – subparagraph 1 – introductory part

Based on a reasoned justification, The Coordinating Authority of establishment shall request the issuance of the ~~detec~~investigation order, and the competent judicial authority ~~or independent administrative authority~~ shall issue the ~~detec~~investigation order where it considers that the following conditions are met:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 4 – subparagraph 1 – point a

(a) there is evidence of a s~~ign~~pecific~~ant~~ risk of the service being used for the purpose of online child sexual abuse by one or more suspects , within the meaning of paragraphs 5, 6 and 7, as applicable;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 4 – subparagraph 1 – point b

(b) the ~~reasons for~~ issuing of the ~~detection order~~the investigation order is necessary and proportionate and outweighs negative consequences for the rights and legitimate interests of all parties affected, having regard in particular to the need to ensure a fair balance between the fundamental rights of those parties.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 4 – subparagraph 2

When assessing whether the conditions of the first subparagraph have been met, account shall be taken of all relevant facts and circumstances of the case at hand, in particular: (a) the risk assessment conducted or updated and any mitigation measures taken by the provider pursuant to Articles 3 and 4, including any mitigation measures introduced, reviewed, discontinued or expanded pursuant to Article 5(4) where applicable; (b) any additional information obtained pursuant to paragraph 2 or any other relevant information available to it, in particular regarding the use, design and operation of the service, regarding the provider’s financial and technological capabilities and size and regarding the potential consequences of the measures to be taken to execute the detection order for all other parties affected; (c) the views and the implementation plan of the provider submitted in accordance with paragraph 3; (d) the opinions of the EU Centre and of the data protection authority submitted in accordance with paragraph 3.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 4 – subparagraph 2 – point a

(a) the risk assessment conducted or updated and any mitigation measures taken by the provider pursuant to Articles 3 and 4, including any mitigation measures introduced, reviewed, discontinued or expanded pursuant to Article 5(4) where applicable;deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 4 – subparagraph 2 – point b

(b) any additional information obtained pursuant to paragraph 2 or any other relevant information available to it, in particular regarding the use, design and operation of the service, regarding the provider’s financial and technological capabilities and size and regarding the potential consequences of the measures to be taken to execute the detection order for all other parties affected;deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 4 – subparagraph 2 – point c

~~(c) the views and the implementation plan of the provider submitted in accordance with paragraph 3;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 4 – subparagraph 2 – point d

~~(d) the opinions of the EU Centre and of the data protection authority submitted in accordance with paragraph 3.~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 4 – subparagraph 3

As regards the second subparagraph, point (d), where that Coordinating Authority substantially deviates from the opinion of the EU Centre, it shall inform the EU Centre and the Commission thereof, specifying the points at which it deviated and the main reasons for the deviation.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 5 – introductory part

5. As regards ~~detec~~investigation orders concerning the dissemination of known child sexual abuse material, the s~~ign~~pecific~~ant~~ risk referred to in paragraph 4, first subparagraph, point (a), shall be deemed to exist where the following conditions are met:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 5 – point a

(a) it is likely, despite any mitigation measures that the provider may have taken or will take, that the service is ~~used~~being used by the suspect or suspects, to an appreciable extent for the dissemination of known child sexual abuse material;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 5 – point b

(b) there is evidence of the service, ~~or of a comparable service if the service has not yet been offered in the Union at the date of the request for the issuance of the detection order,~~ having been used in the past 12 months ~~and to an appreciable extent~~by one or more suspects for the dissemination of known child sexual abuse material.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 6

6. As regards detection orders concerning the dissemination of new child sexual abuse material, the significant risk referred to in paragraph 4, first subparagraph, point (a), shall be deemed to exist where the following conditions are met: (a) it is likely that, despite any mitigation measures that the provider may have taken or will take, the service is used, to an appreciable extent, for the dissemination of new child sexual abuse material; (b) there is evidence of the service, or of a comparable service if the service has not yet been offered in the Union at the date of the request for the issuance of the detection order, having been used in the past 12 months and to an appreciable extent, for the dissemination of new child sexual abuse material; (c) for services other than those enabling the live transmission of pornographic performances as defined in Article 2, point (e), of Directive 2011/93/EU: (1) a detection order concerning the dissemination of known child sexual abuse material has been issued in respect of the service; (2) the provider submitted a significant number of reports concerning known child sexual abuse material, detected through the measures taken to execute the detection order referred to in point (1), pursuant to Article 12.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 7

7. As regards detection orders concerning the solicitation of children, the significant risk referred to in paragraph 4, first subparagraph, point (a), shall be deemed to exist where the following conditions are met: (a) the provider qualifies as a provider of interpersonal communication services; (b) it is likely that, despite any mitigation measures that the provider may have taken or will take, the service is used, to an appreciable extent, for the solicitation of children; (c) there is evidence of the service, or of a comparable service if the service has not yet been offered in the Union at the date of the request for the issuance of the detection order, having been used in the past 12 months and to an appreciable extent, for the solicitation of children. The detection orders concerning the solicitation of children shall apply only to interpersonal communications where one of the users is a child user.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 8 – subparagraph 1

The Coordinating Authority of establishment when requesting the judicial validation and the issuance of ~~detec~~investigation orders, and the competent judicial ~~or independent administrative authority~~ when issuing the ~~detec~~investigation order, shall target and specify it in such a manner that the negative consequences referred to in paragraph 4, first subparagraph, point (b), remain limited to what is strictly necessary ~~to effectively address the significant risk referred to in point (a) thereof~~and proportionate to obtain the information required to to effectively investigate the case, and collect the information required to assess the existence of a criminal offence.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 8 – subparagraph 2

To that ~~aim~~end, they shall take into account all relevant parameters, including the availability of sufficiently reliable ~~detection~~investigative technologies in that they limit to the maximum extent possible the rate of errors regarding the ~~detec~~investigation and their suitability and effectiveness for achieving the objectives of this Regulation, as well as the impact of the measures on the rights of the users affected, and require the taking of the least intrusive measures, in accordance with Article 10, from among several equally effective measures.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 8 – subparagraph 3 – point b

(b) where necessary, in particular to limit such negative consequences, effective and proportionate safeguards additional to those listed in Article 10(4), ~~(5)~~ and (65) are provided for;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 9 – subparagraph 1

The competent judicial authority ~~or independent administrative authority~~ shall specify in the ~~detec~~investigation order the period during which it applies, indicating the start date and the end date.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 9 – subparagraph 2

The start date shall be set taking into account the time reasonably required for the provider to take the necessary measures to prepare the execution of the ~~detection order. It shall not be earlier than three months from the date at which the provider received the detection order and not be later than 12 months from that date~~investigation order.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 7 – paragraph 9 – subparagraph 3

The period of application of detection orders concerning the dissemination of known or new child sexual abuse material shall not exceed 24 months and that of detection orders concerning the solicitation of children shall not exceed 12 monthsinvestigation orders shall be proportionate, taking all relevant factors into account.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – title

Additional rules regarding ~~detec~~investigation orders

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 1 – introductory part

1. The competent judicial authority ~~or independent administrative authority~~ shall issue the ~~detec~~investigation orders referred to in Article 7 using the template set out in Annex I. ~~Detec~~Investigation orders shall include:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 1 – point a

(a) information regarding the measures to be taken to execute the ~~detec~~investigation order, including the person, group of person or incident concerned, the temporal scope, the indicators to be used and the safeguards to be provided for, including the reporting requirements set pursuant to Article 9(3) and, where applicable, any additional safeguards as referred to in Article 7(8);

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 1 – point b

~~(b)~~ identification details of the ~~(b)~~ competent judicial authority ~~or the independent administrative authority~~ issuing the ~~detec~~investigation order and authentication of the ~~detec~~investigation order by that judicial ~~or independent administrative~~ authority;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 1 – point d

(d) the specific service in respect of which the ~~detec~~investigation order is issued and, where applicable, the part or component of the service affected as referred to in Article 7(8);

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 1 – point e

(e) whether the ~~detec~~investigation order issued concerns the dissemination of known or ~~new~~previously unknown child sexual abuse material or the solicitation of children;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 1 – point f

(f) the start date and the end date of the ~~detec~~investigation order;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 1 – point g

(g) a ~~sufficiently~~ detailed statement of reasons explaining why the ~~detec~~investigation order is issued;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 1 – point h

(h) the factual and legal grounds justifying the issuing of the order, and a reference to this Regulation as the legal basis for the detection order;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 1 – point i

(i) the date, time stamp and electronic signature of the judicial ~~or independent administrative~~ authority issuing the ~~detec~~investigation order;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 1 – point j

(j) easily understandable information about the redress available to the addressee of the ~~detec~~investigation order, including information about redress to a court and about the time periods applicable to such redress.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 1

The competent judicial authority ~~or independent administrative authority~~ issuing the ~~detec~~investigation order shall address it to the main establishment of the provider or, where applicable, to its legal representative designated in accordance with Article 24.

2023/03/09
Committee: IMCO

The ~~detec~~investigation order shall be securely transmitted to the provider’s point of contact referred to in Article 23(1), to the Coordinating Authority of establishment and to the EU Centre, through the system established in accordance with Article 39(2).

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 2 – subparagraph 3

The ~~detec~~investigation order shall be drafted in the language declared by the provider pursuant to Article 23(3).

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 – paragraph 3

3. If the provider cannot execute the ~~detec~~investigation order because it contains ~~manifest errors~~errors , or it appears unnecessary or disproportionate, or does not contain sufficient information for its execution, the provider shall, without undue delay, request the necessary correction or clarification to the Coordinating Authority of establishment, using the template set out in Annex II.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 a (new)

Article 8 a Scope of preservation orders Investigation orders may require the expedited preservation by the provider, insofar as the data is under their control, of one or more of the following, including new data generated after issuance of the order, as part of a planned or current law enforcement operation; a) Traffic data: i) Pseudonyms, screen names or other identifiers used by the subject(s) of the investigation; ii) Network identifiers, such as IP addresses, port numbers, or MAC addresses used by, or associated with, the subject(s) of the investigation; iii) Any other traffic data, including metadata, of any activity linked to subject(s) of the investigation; b) Content data: i) Copies of any data uploaded, downloaded or otherwise communicated by the subject(s) of the investigation; 2. Access to the data shall be made available to law enforcement authorities on the basis of the national law of the country of establishment of the provider. 3. The provider shall inform all users concerned of the investigation order, unless the issuing authority instructs it, on the basis of a reasoned opinion, not to do so. 4. Investigation orders may require providers to provide support for law enforcement authorities. Such support shall be technically feasible, clearly defined, subject to specific judicial oversight, necessary proportionate and respect the fundamental rights of all parties involved.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 8 c (new)

Article 8 c Notification mechanism 1. Providers of hosting services and providers of interpersonal communication services shall establish mechanisms that allow users to notify to them the presence on their service of specific items or activities that the user considers to be potential child sexual abuse material, in particular previously unknown child sexual abuse material and solicitation of children. Those mechanisms shall be easy to access and user-friendly, child-friendly and shall allow for the submission of notices exclusively by electronic means. 2. Where the notice contains the electroni c contact information of the user who submitted it , the provider shall without undue delay send a confirmation or receipt to the user. 3. Providers shall ensure that such notices are processed without undue delay.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 9 – title

Redress, information, reporting and modification of ~~detec~~investigation orders

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 9 – paragraph 1

1. Providers of hosting services and providers of publicly available number- independent interpersonal communications services that have received a ~~detec~~investigation order, as well as users affected by the measures taken to execute it, shall have a right to effective redress. That right shall include the right to challenge the ~~detec~~investigation order before the courts of the Member State of the competent judicial authority ~~or independent administrative authority~~ that issued the ~~detec~~investigation order.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 9 – paragraph 2 – subparagraph 1

When the ~~detec~~investigation order becomes final, the competent judicial authority ~~or independent administrative authority~~ that issued the ~~detec~~investigation order shall, without undue delay, transmit a copy thereof to the Coordinating Authority of establishment. The Coordinating Authority of establishment shall then, without undue delay, transmit a copy thereof to all other Coordinating Authorities through the system established in accordance with Article 39(2).

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 9 – paragraph 2 – subparagraph 2

For the purpose of the first subparagraph, a ~~detec~~n investigation order shall become final upon the expiry of the time period for appeal where no appeal has been lodged in accordance with national law or upon confirmation of the ~~detec~~investigation order following an appeal.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 9 – paragraph 3 – subparagraph 1

Where the period of application of the ~~detec~~investigation order exceeds 12 months, or six months in the case of a ~~detec~~investigation order concerning the solicitation of children, the Coordinating Authority of establishment shall require the provider to report to it on the execution of the ~~detec~~investigation order at least once, halfway through the period of application.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 9 – paragraph 3 – subparagraph 2

Those reports shall include a detailed description of the measures taken to execute the ~~detec~~investigation order, including the safeguards provided, and information on the functioning in practice of those measures, ~~in particular on their effectiveness in detecting the dissemination of known or new child sexual abuse material or the solicitation of children, as applicable,~~ and on the consequences of those measures for the rights and legitimate interests of all parties affected.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 9 – paragraph 4 – subparagraph 1

In respect of the ~~detec~~investigation orders that the competent judicial authority or independent administrative authority issued at its request, the Coordinating Authority of establishment shall, where necessary and in any event following reception of the reports referred to in paragraph 3, assess whether any substantial changes to the grounds for issuing the detection orders occurred and, in particular, whether the conditions of Article 7(4) continue to be met. In that regard, it shall take account of additional mitigation measures that the provider may take to address the significant risk identified at the time of the issuance of the ~~detec~~investigation order.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 9 – paragraph 4 – subparagraph 2

That Coordinating Authority shall request to the competent judicial authority ~~or independent administrative authority~~ that issued the ~~detec~~investigation order the modification or revocation of such order, where necessary in the light of the outcome of that assessment. The provisions of this Section shall apply to such requests, mutatis mutandis.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 1

1. Providers of hosting services and providers of publicly available number- independent interpersonal communication services that have received a ~~detec~~n investigation order shall execute it ~~by installing and operating technologies to detect~~to collect evidence on the dissemination of known or ~~new~~previously unknown child sexual abuse material or the solicitation of children, as applicable, using ~~the corresponding indicators provided~~, if necessary specific technologies approved for this purpose by the EU Centre in accordance with Article 46.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 2

2. The provider shall be entitled to acquire, install and operate, free of charge, technologies specified in the orders and made available by the EU Centre in accordance with Article 50(1), for the sole purpose of executing the detection order. The provider shall not be required to use any specific technology, including those made available by the EU Centre, as long as the requirements set out in this Article are met. The use of the technologies made available by the EU Centre shall not affect the responsibility of the provider to comply with those requirements and for any decisions it may take in connection to or as a result of the use of the technologiesinvestigation order.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 3 – introductory part

3. The technologies specified in the investigation orders shall be:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 3 – point a

(a) effective in ~~det~~collecting evidence on the dissemination of ~~known or new~~ child sexual abuse material ~~or the solicitation of children~~, as applicable;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 3 – point b

(b) not be able to extract any other information from the relevant communications than the information strictly necessary to ~~detect,~~investigate , including using the indicators referred to in paragraph 1, patterns pointing to the dissemination of known or ~~new~~previously unknown child sexual abuse material or the solicitation of children, as applicable;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 3 – point c

(c) in accordance with the technological state of the art ~~in the industry~~ and the least intrusive in terms of the impact on the users’ rights to private and family life, including the confidentiality of communication, and to protection of personal data;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 3 – point d

(d) sufficiently reliable, in that they limit to the maximum extent possible the rate of errors regarding the ~~detec~~investigation.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 4 – introductory part

4. The ~~provider~~issuing authority shall:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 4 – point a

(a) take all the necessary measures to ensure that the technologies ~~and indicators, as well as the processing of personal data and other data in connection thereto, are used~~specified in investigation orders and indicators, are proportionate for the ~~sole~~ purpose of ~~detec~~investigating the dissemination of ~~known or new~~ child sexual abuse material or the solicitation of children, a~~s applicable, insofar as~~nd strictly necessary to execute the ~~detec~~investigation orders ~~addressed to them~~they issue ;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 4 – point b

(b) ~~establish effective~~include in investigation orders specific internal procedures for providers to prevent and, where necessary, detect and remedy any misuse of the technologies, indicators and personal data and other data referred to in point (a), including unauthorized access to, and unauthorised transfers of, such personal data and other data;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 4 – point c

(c) include in investigation orders specific obligations on providers to ensure regular human oversight as necessary to ensure that the technologies operate in a sufficiently reliable manner and, where necessary, in particular when potential errors and potential solicitation of children are detected, human intervention;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 4 – point d

(d) establish and operate an accessible, age-appropriate and user-friendly mechanism that allows users to submit to it, within a reasonable timeframe, complaints about alleged infringements of ~~its~~providers’ obligations under this Section, as well as any decisions that the provider may have taken in relation to the use of the technologies~~, including the removal or disabling of access to material provided by users, blocking the users’ accounts or suspending or terminating the provision of the service to the users,~~ and process such complaints in an objective, effective and timely manner;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 4 – point e

(e) inform the Coordinating Authority, as appropriate, at the latest one month before the start date specified in the ~~detec~~investigation order, on the implementation of the envisaged measures set out in the implementation plan referred to in Article 7(3);

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 5 – subparagraph 1 – point a

(a) the fact that it operates technologies to detect online child sexual abuse to execute the detection order, the ways in which it operates those technologies and the impact on the confidentiality of users’ communications;deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 5 – subparagraph 1 – point b

~~(b) the fact that it is required to report potential online child sexual abuse to the EU Centre in accordance with Article 12;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 5 – subparagraph 2

The provider shall not provide information to users that may reduce the effectiveness of the measures to execute the ~~detec~~investigation order.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 10 – paragraph 6

6. Where a provider detects potential online child sexual abuse through the measures taken to execute the detection order, it shall inform the users concerned without undue delay, after Europol or the national law enforcement authority of a Member State that received the report pursuant to Article 48 has confirmed that the information to the users would not interfere with activities for the prevention, detection, investigation and prosecution of child sexual abuse offences.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 11 – title

Guidelines regarding ~~detec~~investigation obligations

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 11 – paragraph 1

The Commission, in cooperation with the Coordinating Authorities and the EU Centre and after having conducted a public consultation, may issue ~~guideline~~delegated acts on the application of Articles 7 to 10, having due regard in particular to relevant technological developments and the manners in which the services covered by those provisions are offered and used.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 12 – paragraph 1

1. Where a provider of hosting services or a provider of interpersonal communications services becomes aware in any manner other than through a removal order issued in accordance with this Regulation of any information indicating potential online child sexual abuse on its services, it shall promptly submit a report thereon to the EU Centre in accordance with Article 13publicly available number-independent interpersonal communications services has actual knowledge of alleged online child sexual abuse on its services in any manner other than through a removal order issued in accordance with this Regulation, it shall promptly submit using state of the art encryption a report to the EU Centre in accordance with Article 13 and shall expeditiously remove such content , once the EU Centre confirms this will not prejudice an ongoing investigation . It shall do so through the system established in accordance with Article 39(2).

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 12 – paragraph 2 – subparagraph 1

Where the provider submits a report pursuant to paragraph 1, it shall ~~inform the user concerned, providing~~request authorisation from the EU Centre to inform the user concerned, , which shall reply without undue delay, at maximum within two days. The notification to the user shall include information on the main content of the report, on the manner in which the provider has become aware of the ~~potential~~alleged child sexual abuse concerned, on the follow-up given to the report insofar as such information is available to the provider and on the user’s possibilities of redress, including on the right to submit complaints to the Coordinating Authority in accordance with Article 34.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 12 – paragraph 2 – subparagraph 2

The provider shall inform the user concerned without undue delay, either after having received a communication from the EU Centre indicating that it considers the report to be manifestly unfounded as referred to in Article 48(2), or after the expiry of a time period of three months from the date of the report without having received a communication from the EU Centre indicating that the information is not to be provided as referred to in Article 48(6), point (a), whichever occurs first.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 12 – paragraph 2 – subparagraph 3

Where within the three months’ time period referred to in the second subparagraph the provider receives such a communication from the EU Centre indicating that the information is not to be provided, it shall inform the user concerned, without undue delay, after the expiry of the time period set out in that communication.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 13 – paragraph 1 – introductory part

1. Providers of hosting services and providers of publicly available number- independent interpersonal communications services shall submit the report referred to in Article 12 using the template set out in Annex III. The report shall include:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 13 – paragraph 1 – point c

(c) all ~~content data, including images, videos and text~~encrypted versions of all content data, being reported;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 13 – paragraph 1 – point d

(d) a list of all available data other than content data related to the potential online child sexual abuse preserved in line with the preservation order in Article 8a;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 13 – paragraph 1 – point d a (new)

(d a) a list of all traffic data and metadata retained in relation to the potential online child sexual abuse, which could be made available to law enforcement authorities, together with information concerning default storage periods.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 13 – paragraph 1 – point e

~~(e) whether the potential online child sexual abuse concerns the dissemination of known or new child sexual abuse material or the solicitation of children;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 13 – paragraph 1 – point f

~~(f) information concerning the geographic location related to the potential online child sexual abuse, such as the Internet Protocol address;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 13 – paragraph 1 – point g

~~(g) information concerning the identity of any user involved in the potential online child sexual abuse;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 13 – paragraph 1 – point i

(i) where the ~~potential~~alleged online child sexual abuse concerns the dissemination of known or ~~new~~previously unknown child sexual abuse material, whether the provider has removed or disabled access to the material;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 13 – paragraph 1 – point j

(j) ~~whether the provider considers~~an indication that the report requires urgent action;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 14 – paragraph 1 a (new)

1 a. Before issuing a removal order, the Coordinating Authority of establishment shall take all reasonable steps to ensure that implementing the order will not interfere with activities for the prevention, detection, investigation and prosecution of child sexual abuse offences.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 14 – paragraph 3 – point c

~~(c) the specific service for which the removal order is issu~~deleted;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 15 – paragraph 3 – point b

(b) the reasons for the removal or disabling, providing a copy of the removal order ~~upon the user’s request~~;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 15 – paragraph 4

4. The Coordinating Authority of establishment may request, when requesting the judicial authority or independent administrative authority issuing the removal order, and after having consulted with relevant public authorities, that the provider is not to disclose any information regarding the removal of or disabling of access to the child sexual abuse material, where and to the extent necessary to avoid interfering with activities for the prevention, detection, investigation and prosecution of child sexual abuse offences. In such a case: (a) the judicial authority or independent administrative authority issuing the removal order shall set the time period not longer than necessary and not exceeding six weeks, during which the provider is not to disclose such information; (b) the obligations set out in paragraph 3 shall not apply during that time period; (c) that judicial authority or independent administrative authority shall inform the provider of its decision, specifying the applicable time period. That judicial authority or independent administrative authority may decide to extend the time period referred to in the second subparagraph, point (a), by a further time period of maximum six weeks, where and to the extent the non- disclosure continues to be necessary. In that case, that judicial authority or independent administrative authority shall inform the provider of its decision, specifying the applicable time period. Article 14(3) shall apply to that decision.deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 19

Providers of relevant information society services shall not be liable for child sexual abuse offences solely because they carry out, in good faith, the necessary activities to comply with the requirements of this Regulation, in particular activities aimed at detecting, identifying, removing, disabling of access to, blocking or reporting online child sexual abuse in accordance with those requirements.Article 19 deleted Liability of providers

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 25 – paragraph 5

5. Each Member State shall ensure that a contact point is designated or established within the Coordinating Authority’s office to handle requests for clarification, feedback and other communications in relation to all matters ~~related to the application and enforcement of this Regulation in that Member State~~contributing to the achievements of the objective of this Regulation in that Member State , including for trusted organisations providing assistance to victims and providing education and awareness raising. Member States shall make the information on the contact point publicly available and communicate it to the EU Centre. They shall keep that information updated.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 25 – paragraph 7 – introductory part

7. Coordinating Authorities may, where necessary for the performance of their tasks under this Regulation, request the assistance of the EU Centre in carrying out those tasks~~, in particular by requesting the EU Centre to:~~

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 25 – paragraph 7 – point a

~~(a) provide certain information or technical expertise on matters covered by this Regulation;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 25 – paragraph 7 – point b

(b) assist in assessing, in accordance with Article 5(2), the risk assessment conducted or updated or the mitigation measures taken by a provider of hosting or interpersonal communication services under the jurisdiction of the Member State that designated the requesting Coordinating Authority;deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 25 – paragraph 7 – point c

(c) verify the possible need to request competent national authorities to issue a detection order, a removal order or a blocking order in respect of a service under the jurisdiction of the Member State that designated that Coordinating Authority;deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 25 – paragraph 7 – point d

~~(d) verify the effectiveness of a detection order or a removal order issued upon the request of the requesting Coordinating Authority.~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 25 – paragraph 8

8. The EU Centre shall provide such assistance free of charge and in accordance with its tasks and obligations under this Regulation ~~and insofar as its resources and priorities allow~~.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 26 – paragraph 5

5. Without prejudice to national or Union legislation on whistleblower protection, The management and other staff of the Coordinating Authorities shall, in accordance with Union or national law, be subject to a duty of professional secrecy both during and after their term of office, with regard to any confidential information which has come to their knowledge in the course of the performance of their tasks. Member States shall ensure that the management and other staff are subject to rules guaranteeing that they can carry out their tasks in an objective, impartial and independent manner, in particular as regards their appointment, dismissal, remuneration and career prospects.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 27 – paragraph 1 – point b

(b) the power to carry out remote or on-site inspections of any premises that those providers or the other persons referred to in point (a) use for purposes related to their trade, business, craft or profession, or to request other public authorities to do so, in order to examine, seize, take or obtain copies of information relating to a suspected infringement of this Regulation in any form, irrespective of the storage medium;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 27 – paragraph 1 – point d

(d) the power to request information, ~~including to assess whether the measures taken to execute a detection order, removal order or blocking order comply~~to assess the compliance with the requirements of this Regulation.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 28 – paragraph 1 – point b

(b) the power to order specific measures to bring about the cessation of infringements of this Regulation and, where appropriate, to impose remedies proportionate to the infringement and necessary to bring the infringement effectively to an end;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 29 – paragraph 1 – point b

(b) the infringement persists and;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 29 – paragraph 2 – point a – point i

(i) adopt and submit an action plan setting out the necessary measures to terminate the infringement , subject to the approval of the Coordinating Authority;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 29 – paragraph 2 – point b – point ii

(ii) the infringement persists and causes serious harm that is greater than the likely harm to users relying on the service for legal purposes and;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 29 – paragraph 4 – subparagraph 3 – point a

(a) the provider has failed to take ~~the~~ necessary and proportionate measures to terminate the infringement;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 30 – paragraph 2

2. Member States shall ensure that any exercise of the investigatory and enforcement powers referred to in Articles 27, 28 and 29 is subject to adequate safeguards laid down in the applicable national law to respect the fundamental rights of all parties affected. In particular, those measures shall ~~only~~be targeted and precise, be taken in accordance with the right to respect for private life and the rights of defence, including the rights to be heard and of access to the file, and subject to the right to an effective judicial remedy of all parties affected.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 31 – paragraph 1

Coordinating Authorities shall have the power to carry out searches on publicly accessible material on hosting services to detect the dissemination of known or new child sexual abuse material, using the indicators contained in the databases referred to in Article 44(1), points (a) and (b), where necessary to verify whether the providers of hosting services under the jurisdiction of the Member State that designated the Coordinating Authorities comply with their obligations under this Regulation.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 32

Notification of known child sexual abuse Coordinating Authorities shall have the power to notify providers of hosting services under the jurisdiction of the Member State that designated them of the presence on their service of one or more specific items of known child sexual abuse material and to request them to remove or disable access to that item or those items, for the providers’ voluntary consideration. The request shall clearly set out the identification details of the Coordinating Authority making the request and information on its contact point referred to in Article 25(5), the necessary information for the identification of the item or items of known child sexual abuse material concerned, as well as the reasons for the request. The request shall also clearly state that it is for the provider’s voluntary consideration.Article 32 deleted material

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 35 – paragraph 2

2. Member States shall ensure that the maximum amount of penalties imposed for an infringement of this Regulation shall not exceed 6 % of the annual ~~income or global~~worldwide turnover of the preceding business year of the provider.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 35 – paragraph 3

3. Penalties for the supply of incorrect, incomplete or misleading information, failure to reply or rectify incorrect, incomplete or misleading information or to submit to an on-site inspection shall not exceed 1% of the annual income or ~~global~~worldwide turnover of the preceding business year of the provider or the other person referred to in Article 27.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 35 – paragraph 4

4. Member States shall ensure that the maximum amount of a periodic penalty payment shall not exceed 5 % of the average daily ~~global~~worldwide turnover of the provider or the other person referred to in Article 27 in the preceding financial year per day, calculated from the date specified in the decision concerned.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 36 – paragraph 1 – subparagraph 1 – point a

(a) anonymised specific items of material and transcripts of conversations related to a specific person, specific group of people,or specific incident that Coordinating Authorities or that the competent judicial authorities or other independent administrative authorities of a Member State have identified, after a diligent assessment, as constituting child sexual abuse material or the solicitation of children, as applicable, for the EU Centre to generate indicators in accordance with Article 44(3);

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 36 – paragraph 1 – subparagraph 1 – point b

(b) exact uniform resource locators indicating specific items of material related to a specific person, specific group of people,or specific incident that Coordinating Authorities or that competent judicial authorities or other independent administrative authorities of a Member State have identified, after a diligent assessment, as constituting child sexual abuse material, hosted by providers of hosting services not offering services in the Union, that cannot be removed due to those providers’ refusal to remove or disable access thereto and to the lack of cooperation by the competent authorities of the third country having jurisdiction, for the EU Centre to compile ~~the~~a public list of ~~uniform resource locators in accordance with Article 44(3)~~states that facilitate crimes against children by not ensuring expeditious removal of child sexual abuse material.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 36 – paragraph 1 – subparagraph 2

Member States shall take the necessary measures to ensure that the Coordinating Authorities that they designated receive, without undue delay,the encrypted copies of the material identified as child sexual abuse material, the transcripts of conversations related to a specific person, specific group of people,or specific incident identified as the solicitation of children, and the uniform resource locators, identified by a competent judicial authority or other independent administrative authority than the Coordinating Authority, for submission to the EU Centre in accordance with the first subparagraph.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 37 – paragraph 1 – subparagraph 2

Where ~~the Commission has reason~~, in the reasoned opinion of the Commission , there are grounds to suspect that a provider of relevant information society services infringed this Regulation in a manner ~~involv~~causing harm ing at least three Member States, it may recommend that the Coordinating Authority of establishment assess the matter ~~and take the necessary investigatory and enforcement measures to ensure compliance with this Regulation~~.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 37 – paragraph 2 – point c

(c) any other information that the Coordinating Authority that sent the request, or the Commission, considers relevant, including, where appropriate, information gathered on its own initiative ~~and suggestions for specific investigatory or enforcement measures to be taken~~.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 37 – paragraph 3 – subparagraph 1

The Coordinating Authority of establishment shall assess the suspected infringement, taking into utmost account the request ~~or recommendation~~ referred to in paragraph 1.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 37 – paragraph 3 – subparagraph 2

Where it considers that it has insufficient information to asses the suspected infringement or to act upon the request ~~or recommendation~~ and has reasons to consider that the Coordinating Authority that sent the request, or the Commission, could provide additional information, it may request such information. The time period laid down in paragraph 4 shall be suspended until that additional information is provided.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 37 – paragraph 4

4. The Coordinating Authority of establishment shall, without undue delay and in any event not later than two months following receipt of the request or recommendation referred to in paragraph 1, communicate to the Coordinating Authority that sent the request, or the Commission, the outcome of its assessment of the suspected infringement, or that of any other competent authority pursuant to national law where relevant, and, where applicable, ~~an explanation~~details of the investigatory or enforcement measures taken or envisaged in relation thereto to ensure compliance with this Regulation.

2023/03/09
Committee: IMCO

Alexandra GEESE, Marcel KOLAJA

Proposal for a regulation
Article 55 – paragraph 1 – point d a (new)

(d a) a Survivors‘ Advisory Board as an advisory group, which shall exercise the tasks set out in Article 66a (new).

2023/03/09
Committee: IMCO

Alexandra GEESE, Marcel KOLAJA

Proposal for a regulation
Article 57 – paragraph 1 – point c

(c) adopt rules for the prevention and management of conflicts of interest in respect of its members, as well as for the members of the Technological Committee and of ~~any other advisory group it may establish~~the Survivors’ Advisory Board and publish annually on its website the declaration of interests of the members of the Management Board;

2023/03/09
Committee: IMCO

Alexandra GEESE, Marcel KOLAJA

Proposal for a regulation
Article 57 – paragraph 1 – point f

(f) appoint the members of the Technology Committee, and of ~~any other advisory group it may establish~~the Survivors’ Advisory Board;

2023/03/09
Committee: IMCO

Alexandra GEESE, Marcel KOLAJA

Proposal for a regulation
Article 57 – paragraph 1 – point h a (new)

(h a) consult the Survivors’ Advisory Board as regards the obligations referred to in points (a) and (h) of this Article.

2023/03/09
Committee: IMCO

Alexandra GEESE, Marcel KOLAJA

Proposal for a regulation
Article 66 a (new)

Article 66 a Survivors’ Advisory Board 1. The Survivors’ Advisory Board shall be composed of child sexual abuse victims over the age of 18 years, appointed by the Management Board on the basis of their personal experience and expertise, following the publication of a call for expressions of interest in the Official Journal of the European Union. Its members shall be independent from government and corporate interests. 2. The procedures for the appointment of the members of the Survivors’ Advisory Board, its functioning and the conditions for the submission of information to the Survivors’ Advisory Board shall be laid down in the rules of procedure of the Management Board and shall be made public. 3. The members of the Survivors’ Advisory Board shall act in the interest of child sexual abuse victims. The EU Centre shall publish the list of members of the Survivors’ Advisory Board on its website and keep it up to date. 4. If a member no longer meets the criterion of independence, he or she shall inform the Management Board. The Management Board may, on the proposal of at least one third of its members or of the Commission, determine a lack of independence and revoke the appointment of the person concerned. The Management Board shall appoint a new member for the remaining term of office in accordance with the procedure applicable to full members. 5. The term of office of the members of the Survivors’ Advisory Board shall be four years. It may be renewed once. 6. The Executive Director and the Management Board may consult the Survivors Advisory Board on any matter relating to the interests of the persons concerned. 7. The Survivors’ Advisory Board shall have the following tasks: (a) ensure visibility of the interests of victims; (b) advise the Management Board on matters set out in Article 57 point (h a); (c) advise the Executive Director and the Management Board as set out in paragraph 6 of this Article; (d) contribute experience and expertise in preventing and combating child sexual abuse and in providing help in the aftermath of such abuse; (e) submit proposals from the Coordinating Authorities; (f) serve as a networking platform for child sexual abuse victims by maintaining and publishing a list of existing national victims' networks.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 1 – introductory part

1. Providers of hosting services, providers of publicly available number- independent interpersonal communications services and ~~providers of internet access services~~ shall collect data on the following topics and make that information ~~available to the EU Centre upon request~~public:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 1 – point a – introductory part

(a) where the provider has been subject to a ~~detec~~n investigation order issued in accordance with Article 7:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 1 – point a – indent 1

— the measures taken to comply with the order, ~~including the technologies used for that purpose and the safeguards provided;~~

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 1 – point a – indent 2

— the ~~error~~ rates of false positives and false negatives the technologies deployed to detect online child sexual abuse ~~and measures taken to prevent or remedy any errors;~~related to specific person, specific group of people or specific incident and steps taken to mitigate the harm caused by any inaccuracy

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 1 – point b

(b) the number of removal orders issued to the provider in accordance with Article 14 and the average time ~~needed~~ for removing or disabling access to the item or items of child sexual abuse material in question , counting from the moment the order entered the provider’s system ;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 1 – point b a (new)

(b a) the number and duration of delays to removals as a result of requests from competent authorities or law enforcement authorities;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 1 – point c

(c) the total number of items of child sexual abuse material that the provider removed or to which it disabled access, broken down by whether the items were removed or access thereto was disabled pursuant to a removal order or to a notice submitted by a judicial authority, Competent Authority, the EU Centre or, a ~~third party~~national hotline, a trusted flagger or a private individual or at the provider’s own initiative;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 1 – point c a (new)

(c a) The number of instances the provider was asked to provide additional support to law enforcement authorities in relation to content that was removed;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 1 – point d

~~(d) the number of blocking orders issued to the provider in accordance with Article 16;~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 2 – introductory part

2. The Coordinating Authorities shall collect data on the following topics and make that information publicly available redacting operationally sensitive data as appropriate and proving an unredacted version to the EU Centre ~~upon request~~:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 2 – point a – indent 4 a (new)

- the nature of the report and its key characteristics such as if the security of the hosting service was allegedly breached;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 2 – point b

(b) the most important and recurrent risks of online child sexual abuse encountered , as reported by providers of hosting services and providers of publicly available number -independent interpersonal communications services in accordance with Article 3 or identified through other information available to the Coordinating Authority;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 2 – point c

(c) a list of the providers of hosting services and providers of interpersonal communications services to which the Coordinating Authority addressed a ~~detec~~investigation order in accordance with Article 7;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 2 – point d

(d) the number of ~~detec~~investigation orders issued in accordance with Article 7, broken down by provider and by type of online child sexual abuse, and the number of instances in which the provider invoked Article 8(3);

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 2 – point f

(f) the number of removal orders issued in accordance with Article 14, broken down by provider, the time needed to remove or disable access to the item or items of child sexual abuse material concerned, , including the time it took the Coordinating Authority to process the order and the number of instances in which the provider invoked Article 14(5) and (6);

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 2 – point g

~~(g) the number of blocking orders issued in accordance with Article 16, broken down by provider, and the number of instances in which the provider invoked Article 17(5);~~deleted

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 3 – introductory part

3. The EU Centre shall collect data and generate statistics on the ~~detection~~investigation order, reporting, removal of or disabling of access to online child sexual abuse under this Regulation. The data shall ~~be in particular on the following topics~~include:

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 3 – point a

(a) the number of indicators in the databases of indicators referred to in Article 44 and the ~~development~~change of that number as compared to previous years;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 3 – point b

(b) the number of submissions of child sexual abuse material and solicitation of children referred to in Article 36(1), broken down by Member State that designated the submitting Coordinating Authorities, and, in the case of child sexual abuse material, the number of indicators generated on the basis thereof and the number of still active uniform resource locators included in the list of uniform resource locators in accordance with Article 44(3);

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 3 – point c

(c) the total number of reports submitted to the EU Centre in accordance with Article 12, broken down by provider of hosting services and provider of publicly available number-independent interpersonal communications services that submitted the report and by Member State the competent authority of which the EU Centre forwarded the reports to in accordance with Article 48(3);

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 3 – point d

(d) the online child sexual abuse to which the reports relate, including the number of items of potential ~~known and new~~ child sexual abuse material and instances of potential solicitation of children, the Member State the competent authority of which the EU Centre forwarded the reports to in accordance with Article 48(3), and type of relevant information society service that the reporting provider offers;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 3 – point e

(e) the number of reports that the EU Centre considered unfounded or manifestly unfounded, as referred to in Article 48(2);

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 3 – point f

(f) the number of reports relating to potential ~~new~~previously unknown child sexual abuse material and solicitation of children that were assessed as not constituting child sexual abuse material of which the EU Centre was informed pursuant to Article 36(3), broken down by Member State;

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 3 – point h

(h) where materially the same item of potential child sexual abuse material was reported more than once to the EU Centre in accordance with Article 12 or detected more than once through the searches in accordance with Article 49(1), the number of times that that item was reported or detected in that manner.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 4

4. The providers of hosting services, providers of interpersonal communications services and providers of internet access services, the Coordinating Authorities and the EU Centre shall ensure that the data ~~referred~~stored pursuant to in paragraphs 1, 2 and 3, respectively, ~~is stored no longer than is necessary for the transparency reporting referred to in Article 84. The data stored~~ shall not contain any personal data.

2023/03/09
Committee: IMCO

Proposal for a regulation
Article 83 – paragraph 5

5. They shall ensure that the data is stored in a secure manner and that the storage is subject to appropriate technical and organisational safeguards. Those safeguards shall ensure, in particular, that the data can be accessed and processed only for the purpose for which it is stored, that a high level of security is achieved and that the information is deleted when no longer necessary for that purpose. All access to this data shall be logged and the logs securely stored for five years. They shall regularly review those safeguards and adjust them where necessary.

2023/03/09
Committee: IMCO