A Detection Crisis Begins: Europe Made Child Protection Unlawful

A trust and safety analyst in a building somewhere in continental Europe arrives at her desk on the morning of Saturday 4 April 2026, opens her review queue, and finds it changed in a way that the interface does not visibly reflect. The thumbnails are still there. The hash matches are still streaming. The dashboards still glow. What has changed is the legal scaffolding under her seat. As of the previous day, the temporary legal derogation that authorised her employer, a large messaging platform headquartered in the European Union, to scan its private communications for child sexual abuse material has lapsed. Her job has not changed. The work she does, the harm she stops, the cases she refers to law enforcement, all of that continues. The legal authority under which she does it has evaporated, and the replacement statute has not arrived. She is not breaking the law. She is operating in a space the law no longer addresses, doing work that until yesterday was sanctioned and is today, on a strict reading, unauthorised.

That space is not abstract. It is the operational reality, on 30 May 2026, for the trust and safety teams of every major platform with operations in Europe that has, for the past five years, voluntarily scanned interpersonal communications for child sexual abuse material under the protection of Regulation (EU) 2021/1232, the temporary derogation to the ePrivacy Directive. The Regulation was extended once, in 2024, until 3 April 2026. On 26 March 2026, after a final round of negotiations between the European Parliament and the Council collapsed without agreement, the deadline arrived and the legal cover for voluntary detection ended. The permanent successor instrument, the Child Sexual Abuse Regulation that has come to be known across European policy circles as Chat Control, remains stuck in trilogue, with the next formal round scheduled for May 2026 and a target deal by July. The interregnum is real, and the interregnum is now.

The expiry coincides, with a timing that policy specialists have called either coincidental or grimly poetic depending on their priors, with the period in which the threat the derogation was written to address has changed its character entirely. On 28 February 2026, NBC News published a long investigation by reporters who had spent months mapping the criminal-court record of AI-generated child sexual abuse material in the United States. The piece documented thirty-six state and federal criminal cases brought within the previous three years across twenty-two states, and tracked a phenomenon that the Stanford policy fellow Riana Pfefferkorn, quoted in the article, described as outrunning the legal categories themselves. Less than a month later the Internet Watch Foundation, the UK-based hotline that processes reports of online child sexual abuse, published its annual analysis of AI-generated material. The report counted 8,029 AI-generated images and videos assessed in 2025 as depicting realistic child sexual abuse. It counted 3,443 AI-generated videos, against thirteen in 2024, a year-on-year change of 26,385 per cent. Sixty-five per cent of the videos were classified as Category A, the most severe under UK law, the category that covers depictions of penetrative sexual activity, sadism, or sexual activity with an animal. Girls comprised ninety-seven per cent of the illegal AI-generated images.

That is the surface. Beneath it sit the structural changes that make the numbers an undercount. The IWF report describes the spread of Low-Rank Adaptation, the technique known as LoRA, which allows a user with twenty existing images of a specific child and fifteen minutes of compute to fine-tune a generative model into a deepfake engine capable of producing infinite further imagery of that child. It describes the appearance of clear-web AI chatbot services that encourage users to act out simulated child sexual abuse scenarios in conversation. It describes the leap from still imagery to full-motion video as a step change that erases what little forensic distance had existed between synthetic and camera-captured material. Each of these developments, taken individually, would constitute a serious escalation. Taken together, with the regulatory cover for the principal mechanism of detection withdrawn at exactly the moment they begin to scale, they constitute the most adverse moment for online child protection in Europe since the IWF began publishing comparable data.

This is the question the next eighteen months will force a decision on. If the technology that creates the harm is advancing faster than the legal frameworks that authorise its detection, and a major jurisdiction has just removed the primary mechanism allowing platforms to look for it, what does meaningful protection for children actually require, and who bears the responsibility for building it? The honest answers are unflattering to almost everyone with a hand on the problem.

The Derogation, the Vote, and the Silence That Followed

The temporary derogation has always been an awkward instrument. It was drafted in haste in 2020 after the entry into force of the European Electronic Communications Code reclassified messaging services as electronic communications, and so brought them, for the first time, within the privacy protections of the ePrivacy Directive that had previously applied only to telephony. The reclassification had the unintended consequence of rendering legally precarious the voluntary scanning that companies like Meta, Google and Microsoft had been performing for years under the looser regime that preceded it. The European Commission acknowledged the problem, and the Parliament and Council adopted Regulation (EU) 2021/1232 to grant a time-limited carve-out. The Regulation was, at the time, framed as a stopgap pending the adoption of a permanent instrument that would either consolidate the legal basis for voluntary scanning or replace it with a mandatory regime.

The permanent instrument, the proposed Child Sexual Abuse Regulation, has been in negotiation since the Commission published its first draft in May 2022. The intervening four years have been some of the most contested in modern European digital policy. The Commission's original proposal would have required providers to assess the risk of their services being used to disseminate CSAM, and where the risk was high, to deploy detection technologies. The proposal included provisions for so-called detection orders that could compel scanning of end-to-end encrypted communications, a provision that critics, including the European Data Protection Supervisor, civil society coalitions across the continent, and a significant bloc of MEPs, argued would constitute an unjustifiable mass surveillance regime incompatible with the Charter of Fundamental Rights. The Parliament's position, agreed in November 2023, narrowed the scope considerably. The Council's position, agreed under the Danish presidency in November 2025, restored elements of the broader scanning regime. The trilogue rounds that began in December 2025 have been characterised by negotiators as substantive but slow, with the third round on 26 February 2026 ending without breakthrough and the next not scheduled until early May.

The narrower question of whether to extend the existing voluntary derogation, pending agreement on the broader regulation, came to a head in late March 2026. Negotiations between the Parliament and the Council on a short extension broke down on 26 March, with the Parliament voting against a further prolongation on the grounds, articulated by privacy-focused MEPs, that an extension would relieve pressure on the broader negotiation and entrench a regime that had been intended as temporary. The vote was the end of the road for the derogation. On 3 April 2026, the legal basis for voluntary scanning of interpersonal communications in the European Union ceased to exist.

The IWF's reaction was unsparing. Kerry Smith, the IWF chief executive, described the lapse as “a devastating failure for child protection in the EU, and globally.” Dan Sexton, the IWF chief technology officer, published a blog post under the title “Europe is about to make it illegal to protect children online,” which argued that the technology companies operating in the European Union would lose, on 3 April, the legal right to search their own platforms for child sexual abuse material because politicians tasked with replacing the derogation had failed to do so. The IWF's data carries weight here that abstract argument cannot. The hotline actioned 312,030 reports in the previous year where child sexual abuse material was confirmed, a 7 per cent increase on the year before. During a similar period of legal uncertainty in 2020, before the original derogation took effect, the IWF documented a 58 per cent drop in reports of child abuse material originating from EU-based services over a period of just eighteen weeks. The drop, the IWF noted at the time, reflected a decrease in detection, not a decrease in abuse. There is no plausible reason to expect a different pattern this time.

The vote against extension was not without its defenders. The Centre for Democracy and Technology's European office welcomed the Parliament's decision as a check on the normalisation of mass scanning. Their case, which is the case privacy advocates have made throughout, is that voluntary scanning is voluntary in name only when platforms operate under regulatory pressure and reputational exposure; that the technologies deployed are themselves imprecise, with false-positive rates that generate downstream harms for innocent users; and that any regime authorising routine scanning of private communications sets a precedent that can be expanded in directions the original drafters did not contemplate. These are not frivolous concerns. They are the substance of a serious civil-liberties argument, and they have not lost their force because the derogation has lapsed.

The argument is, however, an argument about what kind of detection regime Europe should have. It is not an argument for the absence of any regime, which is the situation Europe now occupies. The Parliament's vote did not produce an alternative. It produced a vacuum, and the vacuum is being filled, on the operational level, by the discretion of platforms and the patchwork of national laws that govern child protection across the twenty-seven member states. The IWF, the NSPCC, the European Commission directorate responsible for the home affairs file, and a coalition of child-rights organisations have all argued, in different registers, that the absence of a harmonised legal basis is a worse outcome than either the imperfect derogation or the contested permanent regulation. They are not, on the evidence, wrong.

What Detection Actually Looks Like

The mechanisms the derogation authorised are less monolithic than the public debate suggests. The principal technologies are hash-matching against known CSAM datasets, classifier-based detection of previously-unseen material, and behavioural analysis of grooming patterns in text-based communication. Each operates differently, generates different categories of false positive, and carries different implications for the privacy of users whose communications pass through them.

Hash-matching, the workhorse of the field for over a decade, depends on shared databases of known abuse imagery maintained by organisations like the IWF and the US National Center for Missing and Exploited Children. The image to be scanned is reduced to a perceptual hash, a numerical fingerprint that survives common transformations like resizing or recompression. The hash is compared against the database. A match flags the image for review. The system works well for known material because the false-positive rate, in the best implementations, is extremely low. It is useless against material that has not previously been seen and registered.

Classifier-based detection addresses that gap. A machine-learning model, trained on labelled examples of CSAM and non-CSAM, returns a probability that a given image is abuse material. The classifier can flag new content for human review. The false-positive rate is higher than for hash-matching, because classifiers operate on the statistical patterns of the training distribution rather than on identity-level matches. Behavioural analysis, the third category, looks for the conversational patterns associated with grooming, with similar trade-offs.

The volume the system handles is hard to overstate. Thorn, the child-safety non-profit founded by the actors Ashton Kutcher and Demi Moore, reports that its Safer classifier product has processed 658.6 billion files and 334 million lines of text since 2019, resulting in the detection of more than 12.4 million potential CSAM files and nearly 1.4 million instances of potential child exploitation. The NCMEC CyberTipline received 21.3 million reports in 2025, encompassing 61.8 million images, videos and files. Of those reports, approximately 1.5 million had a nexus to generative AI, with the categories breaking down across CSAM appearing in AI training data, generated or possessed AI CSAM, prompts attempting to elicit CSAM, and altered or manipulated existing CSAM files. Online enticement reports, including sextortion, reached 1.4 million, a 156 per cent increase on 2024.

These are not numbers a discretionary, post-hoc, human-only review can address. They are the operational baseline of a global industry whose ability to find children at risk depends on automated triage at every stage of the pipeline. When the legal authority for that triage is withdrawn in a jurisdiction the size of the European Union, the consequence is not that detection becomes manual. The consequence is that detection becomes selective, fragmented, and dependent on the legal interpretations of individual platform counsels who must decide, in the absence of harmonised cover, whether and on what basis their scanning operations can continue.

The Synthetic Flood

Into this volume, and into this newly precarious legal environment, has arrived the second crisis: the production at scale of imagery that is indistinguishable, to both human reviewers and existing detection systems, from photographs of real children, and which is not in fact photographs of real children at all. The category goes by various names in the trade: AI-generated CSAM, synthetic CSAM, AIG-CSAM. The producers do not care what it is called. The detection pipelines do.

The mechanism is now widely understood. A user with access to an open-source diffusion model, a small dataset of training images, and the technical literacy to operate a LoRA fine-tuning workflow can produce a personalised generator capable of synthesising indefinite quantities of imagery on demand. The compute requirements have fallen below the threshold of consumer hardware. The technical knowledge has been democratised through tutorials hosted on forums that are themselves often dedicated to the production of the resulting material. Thorn's research, summarised in their 2026 reporting on synthetic abuse, finds that one in ten minors say they personally know someone who has used AI tools to generate nude images of other children. The phenomenon is not confined to dedicated dark-web communities. It is in schools. It is in peer groups. It is, by the testimony of teachers and school safeguarding leads who have spoken on the record to UK and US outlets, a problem for which institutional response has not yet been developed.

Thorn's analysts have drawn the structural implication explicitly: the eliminations of contact abuse as a necessary precursor to the production of exploitation material. Historically, the production of CSAM required, in the technical sense, the abuse of an actual child. The image was a record of a crime that had occurred. The detection of the image was therefore also, in a meaningful sense, the detection of the abuse, and the rescue of the depicted child was a tractable goal of the investigative work that followed. The arrival of generative models capable of producing convincing synthetic abuse imagery from a model that has been trained on legal images, or that has been bootstrapped from a small set of photographs of an identifiable child obtained from social media, severs that link. The imagery exists. There may be no child to rescue, because the child in the image was never abused in the production of it. Or there may be a child to rescue, because the imagery has been produced with the explicit intent of extorting or coercing a real person whose photographs have been used as training data. The two categories cannot, on the face of the image, be distinguished.

The consequence for the detection pipeline is what investigators have come to describe, in interviews with technology and policy reporters across the past year, as a flooding problem. The volume of synthetic material entering review queues threatens to overwhelm the capacity of human analysts to triage it. Each item still requires assessment. Each assessment still consumes attention that, in an unbounded queue, is taken away from the assessment of material that may depict a real, identifiable child whose location can be determined and whose abuse can be stopped. The economic logic of the trust and safety function tips, under such conditions, toward the deprioritisation of marginal cases. The marginal cases include exactly the cases where rescue is still possible, and where the cost of failing to identify a real victim is highest.

The detection community has responded with the only tool it has, which is more AI. The US Department of Homeland Security's Cyber Crimes Center awarded a $150,000 contract in late 2025 to the San Francisco-based firm Hive AI for software designed to identify whether a given image was AI-generated. Kevin Guo, the Hive AI co-founder and chief executive, has described the underlying approach as the identification of pixel-level patterns characteristic of synthetic generation, patterns that the company's classifier has been trained to detect across the broad family of contemporary generative models. The tool sits alongside Hive's hash-matching system, which assigns unique identifiers to known CSAM, and which has been developed in collaboration with Thorn. The integration is necessary. Neither tool, alone, can address the combined problem of known abuse, novel abuse, and synthetic material that mimics both.

The technical viability of AI-versus-AI detection is, on the evidence to date, real but bounded. The detectors do not have the generality of the generators. A new model architecture, a new training procedure, a new post-processing pipeline can produce imagery whose statistical signature falls outside the distribution the detector was trained on. The arms race is, in the technical sense, asymmetric. Generators improve continuously and are released, in many cases, into the open-source commons where they cannot be recalled. Detectors must be retrained against each new generation. The lag between the appearance of a new generator and the deployment of an effective detector against it is the window in which synthetic material flows unimpeded into the pipeline. The window does not, at present, close.

The Platforms in the Middle

Telegram, on 21 April 2026, became the highest-profile object of UK regulatory scrutiny in the period covered by this article. Ofcom, the communications regulator that holds enforcement authority under the Online Safety Act 2023, opened a formal investigation into Telegram Messenger Inc., examining whether the platform had met its illegal-content safety duties in relation to child sexual abuse material. The investigation was triggered by evidence from Ofcom's own assessment of the platform and by referrals from the Canadian Centre for Child Protection. Compliance failures under the Act can result in fines of up to £18 million or 10 per cent of qualifying worldwide revenue, whichever is the greater, and Ofcom has the further power to apply to UK courts for business disruption measures that could require payment providers, advertisers, or internet service providers to withdraw services from a non-compliant platform.

The NSPCC's response to the investigation was supportive and specific. Rani Govender, the associate head of policy at the charity, said the scale of the abuse on the platform was stark and that the charity strongly welcomed Ofcom ramping up its enforcement. The position is consistent with the NSPCC's longer-running argument that there should be no part of any messaging service where perpetrators can act without detection, a position the charity has held throughout the Online Safety Bill's passage and during the early phase of its operationalisation. Telegram itself rejected the framing of the investigation, asserting that it had made significant strides since 2018 to nearly eliminate the public distribution of CSAM through sophisticated detection algorithms and collaborations with non-governmental organisations, and noting that it had joined the Internet Watch Foundation in December 2024 and deployed detection tools on its public channels.

The Telegram case sits inside a broader pattern of Ofcom enforcement that has accelerated through the spring of 2026. The regulator opened an investigation into X in January 2026 concerning the use of the Grok AI chatbot to generate sexually exploitative content. It opened investigations alongside the Telegram probe into the platforms Teen Chat and Chat Avenue over alleged failures to prevent grooming. It issued direct demands to Facebook, Instagram, Roblox, Snapchat, TikTok and YouTube for child-safety evidence by 30 April. The cumulative effect is to establish the UK as the most active regulatory jurisdiction in the developed world on platform-level CSAM enforcement, at exactly the moment that the EU has retreated from its own equivalent regime.

OpenAI's intervention, on 8 April 2026, took a different form. The company published a document called the Child Safety Blueprint, developed in consultation with NCMEC, the Internet Watch Foundation, and the Attorney General Alliance's AI Task Force, whose co-chairs Jeff Jackson of North Carolina and Derek Brown of Utah are named as contributing partners. The blueprint sets out three priority areas: the updating of legislation to cover AI-generated abuse material; the refinement of reporting mechanisms to law enforcement; and the integration of preventative safeguards into AI systems themselves. The company acknowledged, in figures included in the accompanying materials, that it had submitted eighty times more exploitation reports to NCMEC than in the prior year, a number that admits of two interpretations. The first is that its detection has improved. The second is that the volume of attempted abuse on its platforms has scaled accordingly. The two interpretations are not mutually exclusive.

The blueprint is, at one level, an exercise in industry leadership that takes the problem seriously and that engages constructively with the regulatory partners best placed to act on the information it provides. At another level, it is a document published by a single firm, in the absence of any binding cross-industry framework, that asks regulators and legislators to do work that the firm itself cannot do. The IWF's reporting indicates that 8,000 AI-generated CSAM reports were recorded in the first half of 2025 alone, a 14 per cent year-on-year increase, and the proliferation of open-source models means that the contribution of any single model provider to the overall problem is bounded by the contribution of every other model provider, regardless of how seriously each takes its own role. The blueprint is necessary. It is not sufficient.

The Question of Responsibility

The accountability question that the simultaneous expiry of the derogation and the scaling of synthetic abuse pose is one the existing institutional architecture is poorly equipped to answer. The candidates for primary responsibility include, in no particular order: the platforms that host the content; the model providers whose systems are used to generate it; the regulators who set the framework within which the platforms and models operate; the lawmakers who, at the EU level, have failed to replace the lapsed derogation with a workable successor; the hash-matching providers and child-safety hotlines whose pipelines are being flooded; the law-enforcement agencies whose victim-identification work is being undermined; and, in the limit, the users who produce and distribute the material itself.

The platforms argue, with some justification, that the regulatory framework within which they operate has been unstable for the past decade and is now, in the principal European jurisdiction, absent. The model providers argue, with less justification given the trajectory of the technology, that the open-source ecosystem within which much of the harmful generation occurs is beyond their direct control, that their own commercial products incorporate safety measures, and that the responsibility for downstream misuse lies with the user. The regulators argue, where they are willing to argue, that they enforce the laws that exist and cannot substitute for the legislative process. The lawmakers argue, where they argue at all, that the trade-offs between privacy and child protection are genuinely difficult and that the political process is the appropriate forum in which to resolve them. The hotlines argue, increasingly publicly, that the system they are asked to operate has been overwhelmed and that their warnings have been ignored. The law-enforcement agencies, in the figure of the various national crime agencies and Europol-affiliated units, argue that the resources available to them are not commensurate with the scale of the problem they are asked to address.

Each of these arguments is partially correct. None of them, taken alone, addresses the problem the question poses. What the question poses is the structural failure mode of a regulatory regime in which detection authority is withdrawn at exactly the moment the harm scales, in which the technology that produces the harm is advancing faster than the law that authorises its detection, and in which the human consequence (the inability to identify and rescue real victims) is borne by the children whose abuse is being depicted or whose images are being used as training data, not by the institutions whose decisions have created the gap.

The answer the question demands begins with the recognition that no single actor in the system can solve the problem alone. The platforms cannot, because they need legal cover to operate detection at the scale the volume requires. The model providers cannot, because the open-source ecosystem will continue to produce capable generators regardless of what the leading commercial firms do. The regulators cannot, because their authority extends only to the platforms within their jurisdiction. The lawmakers can, but only if they are willing to make difficult choices about the trade-offs between privacy and detection that the current political process has so far refused to resolve. The hotlines can scale detection technology, but only with the funding and the legal cover to do so. The law-enforcement agencies can prioritise victim identification, but only if the upstream pipeline delivers actionable material in a form that can be triaged.

A workable framework, on the evidence assembled in the preceding sections, would have several components. It would restore, at the EU level, a harmonised legal basis for voluntary detection of CSAM in interpersonal communications, with safeguards against scope creep that satisfy the civil-liberties objections that brought down the derogation. It would establish, at the model-provider level, binding commitments to safety-by-design that go beyond the voluntary principles articulated in the Thorn and All Tech Is Human framework and into auditable obligations enforceable by regulators. It would fund, at the hotline and law-enforcement level, the investigative capacity required to keep pace with the volume of reports the detection pipeline now generates. It would treat the distinction between synthetic and camera-captured CSAM as a triage variable, not as a legal exemption, with the production and possession of synthetic abuse material treated as serious criminal offences in all major jurisdictions. And it would, at every level, recognise that the asymmetry between the speed of technological development and the speed of legislative response is itself a structural problem requiring structural response, not a temporary mismatch to be addressed through ad hoc accommodation.

The analyst whose Saturday morning began this article is, on 30 May 2026, still at her desk. The work she does continues. The legal scaffolding under her seat remains absent. Her counterparts in the law-enforcement units that receive her referrals are reviewing review queues whose composition has changed, with synthetic material now a significant fraction of the inflow and the share of cases involving identifiable real victims a smaller fraction of the total. The IWF, the NSPCC, NCMEC, Thorn, Hive AI, and the operational teams inside every major platform continue to work on the problem with the tools that exist, the legal authorities that remain, and the budgets that have been allocated. They are not, in any meaningful sense, the parties whose decisions have created the gap. The parties whose decisions have created the gap are the legislators who failed to extend the derogation, the trilogue negotiators who have not yet agreed a successor, the model providers who released the systems that produce the synthetic material into the open-source commons, and, behind all of them, the political culture that has treated child protection as an issue to be balanced against other priorities rather than as a baseline obligation that the rest of the regime must accommodate.

The question of who bears responsibility for building meaningful protection for children does not, on a clear-eyed reading of the evidence, admit of a single answer. It admits of a distribution of responsibility across the actors who collectively constitute the system, with the heaviest weight falling on the institutions that have most explicitly chosen, through action or inaction, to allow the current state of affairs to obtain. The lapsed derogation will not extend itself. The trilogue will not resolve itself. The synthetic abuse will not abate of its own accord. The work the analyst is doing on Saturday morning will continue. Whether it continues to be authorised, funded, and supported by a regime that recognises its necessity is a choice that has not yet been made, and that the European political process, in the months remaining of 2026, is now required to make.

References

  1. European Parliament. “Child sexual abuse online: current rules extended until April 2026.” 8 April 2024. https://www.europarl.europa.eu/news/en/press-room/20240408IPR20311/child-sexual-abuse-online-current-rules-extended-until-april-2026
  2. Internet Watch Foundation. “EU Child Safety Crisis: The Failure to Restore CSAM Detection Laws.” 2026. https://www.iwf.org.uk/policy-work/eu/eu-failure-on-child-safety-why-csam-detection-laws-must-be-restored/
  3. Dan Sexton, Internet Watch Foundation. “Europe is about to make it illegal to protect children online.” 23 March 2026. https://www.iwf.org.uk/news-media/blogs/europe-is-about-to-make-it-illegal-to-protect-children-online/
  4. Internet Watch Foundation. “Harm without limits: AI child sexual abuse material through the eyes of our Analysts.” 2026. https://www.iwf.org.uk/media/hl1nvdti/iwf-ai-csam-report-2026.pdf
  5. Internet Watch Foundation. “AI CSAM Report 2026: Harm Without Limits.” 2026. https://www.iwf.org.uk/about-us/why-we-exist/our-research/how-ai-is-being-abused-to-create-child-sexual-abuse-imagery/
  6. Fortune. “Internet Watch Foundation finds 260-fold increase in AI-generated CSAM in just one year.” 3 April 2026. https://fortune.com/2026/04/03/internet-watch-foundation-260-fold-increase-ai-generated-csam/
  7. NBC News. “The AI child exploitation crisis is here.” 28 February 2026. https://www.nbcnews.com/tech/security/ai-child-exploitation-crisis-rcna259409
  8. Stanford Cyber Law. “The AI child exploitation crisis is here.” 28 February 2026. https://cyberlaw.stanford.edu/press/the-ai-child-exploitation-crisis-is-here/
  9. Centre for Democracy and Technology Europe. “Response to the European Parliament Rejection of the Chat Control 1.0's Extension.” 2026. https://cdt.org/insights/cdt-europes-response-to-the-european-parliament-rejection-of-the-chat-control-1-0s-extension/
  10. State of Surveillance. “Chat Control Dies Tomorrow: EU Voluntary Scanning Expires April 3.” 2026. https://stateofsurveillance.org/news/eu-chat-control-voluntary-scanning-expires-april-3-2026/
  11. Cybernews. “Privacy vs child safety? EU to stop scanning private chats for abuse material.” 2026. https://cybernews.com/tech/eu-chat-control/
  12. Bloomberg. “UK's Ofcom Opens Telegram Probe on Child Sexual Abuse Concerns.” 21 April 2026. https://www.bloomberg.com/news/articles/2026-04-21/uk-s-ofcom-opens-telegram-probe-on-child-sexual-abuse-concerns
  13. The Next Web. “After X and Grok, Ofcom opens child safety investigation into Telegram.” April 2026. https://thenextweb.com/news/ofcom-telegram-investigation-csam-online-safety-act
  14. Digital Watch Observatory. “Ofcom steps up child safety enforcement with Telegram and chat site investigations.” April 2026. https://dig.watch/updates/uk-target-telegram-and-chat-in-child-exploitation
  15. OpenAI. “Introducing the Child Safety Blueprint.” 8 April 2026. https://openai.com/index/introducing-child-safety-blueprint/
  16. OpenAI. “Protecting Children in the Age of Generative AI.” April 2026. https://cdn.openai.com/pdf/9886ee82-5a5e-4f0a-acaa-a47b01b0a68e/Child-Protection-Blueprint.pdf
  17. TechCrunch. “OpenAI releases a new safety blueprint to address the rise in child sexual exploitation.” 8 April 2026. https://techcrunch.com/2026/04/08/openai-releases-a-new-safety-blueprint-to-address-the-rise-in-child-sexual-exploitation/
  18. Thorn. “AI-generated child sexual abuse: The new digital threat we must confront now.” 2026. https://www.thorn.org/blog/ai-generated-child-sexual-abuse-the-new-digital-threat-we-must-confront-now/
  19. Thorn. “Safer's 2025 Impact Report.” 2026. https://www.thorn.org/blog/safer-impact-report-2026/
  20. Thorn and All Tech Is Human. “Safety by Design for Generative AI: Preventing Child Sexual Abuse Material.” 2024. https://info.thorn.org/hubfs/thorn-safety-by-design-for-generative-AI.pdf
  21. National Center for Missing and Exploited Children. “The Work Never Stops: A First Look at NCMEC's 2025 Data.” 2026. https://www.missingkids.org/blog/2026/the-work-never-stops-first-look-at-ncmecs-2025-data
  22. National Center for Missing and Exploited Children. “CyberTipline Data.” https://ncmec.org/gethelpnow/cybertipline/cybertiplinedata
  23. MIT Technology Review. “US investigators are using AI to detect child abuse images made by AI.” 26 September 2025. https://www.technologyreview.com/2025/09/26/1124343/us-investigators-are-using-ai-to-detect-child-abuse-images-made-by-ai/
  24. UK Government. Online Safety Act 2023. https://www.legislation.gov.uk/ukpga/2023/50/contents
  25. European Union. Regulation (EU) 2021/1232 on a temporary derogation from certain provisions of Directive 2002/58/EC. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32021R1232

Tim Green

Tim Green UK-based Systems Theorist & Independent Technology Writer

Tim explores the intersections of artificial intelligence, decentralised cognition, and posthuman ethics. His work, published at smarterarticles.co.uk, challenges dominant narratives of technological progress while proposing interdisciplinary frameworks for collective intelligence and digital stewardship.

His writing has been featured on Ground News and shared by independent researchers across both academic and technological communities.

ORCID: 0009-0002-0156-9795 Email: tim@smarterarticles.co.uk

Listen to the free weekly SmarterArticles Podcast

Discuss...