BSA sets out recommendations to EU co-legislators in the trilogue negotiations on the proposed Regulation to prevent and combat child sexual abuse (CSAM), supporting the objective of strengthening child protection while ensuring the rules are proportionate, legally certain, and technically feasible. 

BSA calls for:

• anchoring the Regulation in a clear “Controller-First” principle, so that detection, reporting, removal, and information orders (mandatory or not) are primarily addressed to the entities best placed to act, consistent with the GDPR and other EU laws, and
• explicitly excluding purely professional, non-public enterprise (B2B) communications services from the scope of the Regulation to protect confidential business information and reflect their limited risk profile.

Together, these recommendations aim to ensure the CSAM framework is effective, aligned with existing EU legal practice, and workable for enterprise technology providers.