The European Union is grappling with a complex child safety crisis as key regulations face roadblocks, jeopardizing efforts to protect children from online harm. Notably, the expiration of the temporary ePrivacy derogation on April 3, 2026, has deprived tech companies of a legal framework that previously allowed voluntary detection and removal of child sexual abuse material (CSAM) from digital communications.

The derogation was intended as a stopgap measure, enacted to provide a legal basis for platforms like Meta and Google to scan private messages for CSAM without violating EU privacy laws. Its expiration has led to concerns about the potential rise in unaddressed predatory activities across digital platforms.

Compounding these challenges, the EU announced a new age verification app aimed at protecting minors online. However, the app was hacked in less than two minutes after its release, raising questions about its effectiveness. Designed as an open-source solution, the app aimed to verify users' ages while preserving individual privacy. Despite these promises, its immediate security flaws undermine its utility as a protective measure.

The EU's Chat Control Regulation, formally known as the CSA Regulation, is currently stalled in trilogue negotiations among EU institutions, with a target for completion by July 2026. This regulation is intended to mandate the detection and reporting of CSAM, but its failure to reach an agreement further complicates the existing child safety framework.

There is a growing consensus that the EU's drive to enhance child safety must not undermine its established privacy laws. The recent expiration of the ePrivacy derogation and the vulnerabilities exposed in the age verification app have crystallized a troubling paradox: while child safety measures call for data that privacy laws forbid collecting, the lack of coordinated action may ultimately endanger the very minors these regulations seek to protect.

Concerns are now rampant that without a robust legal framework, gaps in detection methods will fail to safeguard children from potential online exploitation. Industry advocates and child protection organizations are urging EU policymakers to move swiftly to restore a clear legal basis for CSAM detection and to secure a legislative framework that balances child safety with privacy rights.

As negotiations for the CSA Regulation continue, the urgency for a cohesive strategy to protect children while respecting privacy rights remains paramount. The EU faces the dual challenge of responding effectively to new technological threats while ensuring that the legal architecture designed to protect personal data does not hinder efforts to combat child exploitation online.