On 3 July 2026, the European Commission published a communication accepting the Council's first-reading position on a temporary derogation from the ePrivacy Directive, allowing providers of number-independent interpersonal communications services to continue voluntarily processing personal and other data to detect and report online child sexual abuse. The measure extends the existing Interim Regulation to prevent a legal gap while negotiations on a permanent long-term framework remain ongoing. The Council adopted its position on 2 July 2026, preserving the substance and safeguards of the original Commission proposal without retroactive effect. The derogation ensures continuity of voluntary detection activities under strict conditions, pending final agreement on the comprehensive regulation to combat child sexual abuse online. The Commission's acceptance paves the way for the European Parliament to approve the Council's position, after which the regulation will be formally adopted. The temporary measure balances the need to protect children against the privacy rights of users, with providers required to implement robust safeguards, including transparency obligations and data minimisation.
providers of number-independent services such as messaging apps can continue their voluntary detection efforts without legal uncertainty, while users' privacy is protected by strict conditions. National data protection authorities will oversee compliance, and the measure is limited in time to avoid a permanent erosion of ePrivacy rules. The European Parliament and Council are expected to finalise the permanent regulation in the coming months, which will establish a long-term framework for combating child sexual abuse online.