Last month we slammed this list with a gigantic, long report. This month we will try to focus on a few key developments: child protection (CSAM and age-verification), the Franco-German Digital Summit and a minor DSA update.
=== CSAM === Regular readers of this monitoring report will know about the proposed Regulation to Prevent and Combat Child Sexual Abuse <https://en.wikipedia.org/wiki/Regulation_to_Prevent_and_Combat_Child_Sexual_Abuse> (and about the Wikimedia Foundation’s position <https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12726-Fighting-child-sexual-abuse-detection-removal-and-reporting-of-illegal-content-online/F3338612_en>). It has been stuck in Council for quite some time because Member States can’t agree on an obligation on mandatory direct message scanning for providers of interpersonal messaging services. The main criticism of this is that it would essentially vanish end-to-end encryption. — There is a very recent development. One of the staunchest supporters of the obligation, Denmark, which also currently holds the rotating Council presidency, announced it is dropping this demand <https://www.berlingske.dk/politik/dansk-forslag-om-digital-boernebeskyttelse-droppet-efter-tysk-kritik>. This could very well unblock the deadlock. — The European Parliament has a negotiating position since 2023 (without this obligation), so if the Council now manages to agree on its own position, we might see this legislation progress quickly. — There is also a looming deadline. Currently companies may scan for CSA material voluntarily, based on a temporary exception <https://www.europarl.europa.eu/news/en/press-room/20240408IPR20311/child-sexual-abuse-online-current-rules-extended-until-april-2026> to the ePrivacy Directive, which will expire in April 2026. — Other articles of this regulation will establish a European centre in The Hague, which will maintain a hash database with known and suspected material that platforms will be obliged to scan for and, if found, report. The scanning of content outside of “private chats” has not been controversial in the deliberations. === Blatant Plug === On 4 November we are organising an Online Child Safety Training <https://meta.wikimedia.org/wiki/Wikimedia_Europe/Advocacy/Child_Safety_Training> for Wikimedians (esp. project editors and contributors). You may still register <https://docs.google.com/forms/d/e/1FAIpQLSegC5G8LNiq4lGQXmXy3aO6GlccRBDOZQHySjUsNAps_gNPnw/viewform?usp=preview> . === Age-Verification === The other hot child protection topic is age-verification. 25 countries signed the so-called Jutland Declaration <https://www.euractiv.com/content/uploads/sites/2/2025/09/Euractiv_1252_001.pdf>, vowing to increase both national and European efforts to protect children online. Interestingly Belgium and Estonia abstained from signing. — Still, two fault-lines remain. First, EU countries can’t agree on the “age of majority” and whether there should be a universal one across the bloc. Second, should this be a hard age limit, or should parental consent be able to “override it”? — The European Commission is sending very mixed signals. They don't seem too keen to move, but are being forcefully pushed in different directions by Member States, MEPs and stakeholders. They are now focused on assembling a panel of experts <https://www.euractiv.com/news/von-der-leyen-eyes-tougher-social-media-restrictions-for-kids/> on this. Which does sound like kicking the can down the road. — The European Parliament passed one own-initiative report <https://www.europarl.europa.eu/news/fr/press-room/20251013IPR30892/nouvelles-mesures-pour-securiser-les-services-en-ligne-pour-les-mineurs> (of many) on child protection. In it, the parliamentarians declare that they want a university “digital majority” age of 16. Below this age access to social media and AI assistants should be possible only with parental consent. It also calls for the prohibition of dark patterns. Own-initiative reports are non-binding. — Two countries where the debate is already underway, and based on actual legislative proposals that are being negotiated, are Italy and Romania. In both countries Wikimedia affiliates are engaging. In Italy an amendment <https://www.senato.it/show-doc?leg=19&tipodoc=EMENDC&id=1476126&idoggetto=1474242> aims to clarify the definition of “social network” (thereby excluding non-commercial educational, scientific and encyclopedic projects). In Romania there are three (3!) separate age-verification proposals in the legislature. WMROMD <https://romd.wikimedia.org/wiki/Pagina_principal%C4%83> is working on public and direct communication, based on the notion of “protecting and empowering children online <https://wikimedia.brussels/protecting-and-empowering-children-online-a-wikimedia-perspective/> ” == Franco-German Digital Summit === Germany and France are preparing a high-level, politically very symbolic Franco-German Digital Summit <https://dig.watch/event/summit-on-european-digital-sovereignty> on 18 November. There will be many sessions on digital sovereignty, as one might expect. — Ahead of the summit the German government has signalled it wants the AI Act’s obligations to be delayed and to be clarified so it makes the lives of entrepreneurs and enterprises easier. Germany is also eyeing another simplification of the GDPR. — France is mostly pushing for age verification and “making big tech pay”. However the French position can be considered a bit weaker, seeing the inability to show off a stable government, budget or parliamentary majority. — Wikimedia Deutschland will be present and Wikimedia will join a call to advance open-source, public interest AI, including specific ideas how to do so. Watch this space. == DSA Data Access === A delegated act <https://digital-strategy.ec.europa.eu/en/library/delegated-act-data-access-under-digital-services-act-dsa> on how researchers should be given access to Very Large Online Platforms (VLOPs) to study systemic risks came into force. — It specifies that researchers must file requests for data to the national authorities first, which then decide whether to pass on their petitions to VLOPs. Researchers must provide information about their funding and research questions. — It is not the most important development in the world right now, but still important to note. Data about Wikimedia projects is mostly open by default. Still, some requests might add considerable workload on the Wikimedia Foundation or raise questions about which information could potentially harm volunteers if disclosed. — Recommended read: A deep-dive <https://verfassungsblog.de/dsa-platforms-digital-services-act/> on studying platform by using DSA provisions by Daphne Keller. *=== END ===* -- Wikimedia Europe ivzw
_______________________________________________ Publicpolicy mailing list -- [email protected] To unsubscribe send an email to [email protected]
