On 2 July 2026, the Council of the European Union adopted its first-reading position on a Regulation temporarily derogating from Directive 2002/58/EC to allow providers of number-independent interpersonal communications services to process personal and other data for combating online child sexual abuse. The adoption, completed via written procedure, includes a statement from Italy expressing conditional support, stressing the need for strict proportionality, judicial oversight, and the exclusion of end-to-end encryption from scanning obligations.

The Regulation replicates provisions from Regulation (EU) 2021/1232 for a limited duration, ensuring continuity of enforcement actions against online child sexual abuse while a permanent regime is developed. The Council's position now moves to the European Parliament for second reading. Italy's reservations highlight ongoing tensions between child protection and data protection, as the derogation raises concerns about mass scanning by private entities potentially affecting privacy and fundamental rights. The outcome may set precedents for balancing cybersecurity, particularly end-to-end encryption, with law enforcement needs.

The Regulation directly affects providers of number-independent interpersonal communications services, who will be permitted to process data for child protection purposes but face compliance costs and potential legal challenges regarding privacy. EU citizens may see enhanced child safety but also reduced privacy protections if scanning expands. National authorities gain tools to combat online abuse but must ensure oversight. Civil liberties groups are likely to oppose the measure as disproportionate, while child protection organisations may welcome it as necessary. The European Parliament will now consider the Council's position, with debates expected on the proportionality and scope of the derogation.

← Atlas › News › Home affairs & Migration