Tech Giants Continue AI-Based CSAM Scanning in EU Despite Legal Expiry

The event involves AI systems implicitly, as the scanning for CSAM material on platforms like Google, Meta, Microsoft, and Snap typically relies on AI technologies for detection. The expiration of the legal framework means these AI systems cannot be used as before, which could plausibly lead to increased harm (child sexual abuse material spreading undetected). Since no actual harm is reported yet but the risk is credible and significant, this fits the definition of an AI Hazard rather than an AI Incident. The companies' joint statement highlights the potential for harm, confirming the plausible future risk. Therefore, the event is best classified as an AI Hazard.

The chat monitoring scheme involved AI algorithms to detect CSAM in private messages, which is an AI system as it automatically infers from input data to generate outputs (detection flags). Its use directly contributed to identifying and mitigating harm related to child sexual abuse, a serious violation of rights and harm to communities. The discontinuation of this AI system removes a direct protective measure, thus the event concerns an AI Incident because the AI system's use was directly linked to harm prevention and its removal increases risk. Although concerns about privacy and false positives are noted, the primary harm context is the loss of an AI-enabled protective tool, which qualifies as an AI Incident rather than a hazard or complementary information.

The article focuses on the continued use of AI systems for CSAM detection and blocking by major companies after a legal derogation expired. There is no indication of harm occurring or plausible harm arising from the AI systems themselves; rather, it is an update on the companies' operational decisions in response to legal changes. This fits the definition of Complementary Information, as it provides context and updates on AI system use and governance without describing a new AI Incident or AI Hazard.

The AI system (CSAM scanning technology using hash matching) is explicitly involved in the event. Its use without a current legal basis in the EU constitutes a breach of obligations under applicable law intended to protect fundamental rights, specifically privacy rights. The scanning directly impacts individuals' communications and privacy, which are protected rights. The event describes ongoing scanning despite legal expiration, indicating the AI system's use is causing a violation of rights. This fits the definition of an AI Incident under category (c) violations of human rights or breach of legal obligations. Although the scanning aims to prevent harm to children, the legal and privacy violations are realized harms. Therefore, the event is best classified as an AI Incident.

The article explicitly mentions the use of automated tools (hash-matching technology) to detect CSAM, which qualifies as an AI system under the framework. The expiration of the legal derogation means these AI systems may no longer be legally used, creating a plausible risk that detection and reporting of CSAM will decrease significantly, leading to harm to children (harm to communities and individuals). Since the harm is not yet realized but is a credible and foreseeable consequence of the regulatory gap, this event is best classified as an AI Hazard. There is no indication of an actual incident or malfunction causing harm at this time, nor is the article primarily about responses or updates, so it is not Complementary Information.

The article explicitly mentions AI-enabled detection tools (hash-matching technology) used by major tech companies to identify CSAM. The expiration of the legal framework threatens the continued use of these AI systems, which have been crucial in preventing harm to children by detecting and reporting abusive content. Although the article does not report a current increase in harm, it warns of a likely drop in detection and reporting, which would plausibly lead to increased circulation of CSAM and associated harms. This fits the definition of an AI Hazard, as the AI system's reduced use could plausibly lead to significant harm. It is not an AI Incident because the harm is not described as currently occurring due to AI system failure or misuse, but rather as a potential consequence of legal and regulatory changes affecting AI system deployment.

The AI systems used for scanning and detecting CSAM are clearly involved, as these platforms employ AI to identify illegal content. However, the article does not report any new harm caused by these AI systems, nor does it describe a plausible future harm arising from their use. Instead, it discusses the continuation of existing AI-based detection practices and the platforms' criticism of regulatory inaction. This fits the definition of Complementary Information, as it provides context and updates on AI system use and governance without reporting a new AI Incident or AI Hazard.