EU CSAM scanning legislation expires, leaving tech firms in legal limbo

European Union legislation permitting voluntary scanning for child sexual abuse material by technology companies expired on April 3 after lawmakers failed to reach agreement on extension terms. The lapse leaves major platforms including Meta and Google without clear legal authority to deploy automated detection tools, creating uncertainty for content moderation operations across the bloc. Companies had utilized the temporary framework to scan encrypted messages and cloud storage for known abuse imagery while claiming protection from strict EU privacy laws. Privacy advocates and encryption supporters had contested broader scanning proposals over surveillance concerns. The legislative deadlock reflects enduring tensions between child protection imperatives and digital privacy rights. Tech firms now face difficult choices between suspending detection measures and risking regulatory enforcement under GDPR. Negotiations for replacement legislation are expected to continue, though timelines remain uncertain.