The ePrivacy derogation, a temporary EU law allowing technology companies to voluntarily scan for child sexual abuse material (CSAM), expired on April 3, 2026. The European Parliament and the Council of the European Union failed to agree on extension terms following a deadlock over privacy concerns and scanning scope.
Google, Meta, Microsoft, and Snap now operate in a precarious legal position. Continuing to scan for CSAM may violate the EU’s strict ePrivacy Directive, yet ceasing these activities creates significant online safety risks.
The legislative lapse leaves service providers without clear legal cover for detection practices that have been industry standards for years. These companies state the lack of legal clarity undermines established child protection efforts.