- Ofcom seeks to extend CSAM monitoring to file sharing and other providers
- Applications are recommended not to “break end-to-end encryption”“
- Experts worry about the precedent this could set for user privacy.
Having implemented one of the strictest age verification regimes in the world, the UK is now considering expanding its obligations on cloud storage, file sharing and other applications to help make the internet a safer place for children.
In its first report on the impact of the Online Safety Act, Ofcom pledged to “widen our focus on other service providers who pose the highest risk of CSAM”. [child sexual abuse material] to ensure stronger protections” in 2026.
Some of this work has already begun, with Ofcom confirming that many large and medium-sized file sharing platforms have voluntarily implemented technology to detect this type of content, while others have decided to leave the market altogether.
Following a four-month consultation period which ended in October, Ofcom is now weighing calls from industry and civil society for an expansion of the law’s codes of practice. A report is expected next year.
However, Ofcom’s proposed increased scrutiny has led experts to warn that the agency could set a dangerous precedent while doing “little to protect children”.
While it is unclear which other platforms will be affected, Ofcom told TechRadar that “our measures do not recommend that providers use proactive technology to analyze privately communicated content or metadata.”
The encryption conundrum
The push for CSAM surveillance in the UK echoes similar efforts in the EU, where the so-called Chat Control proposal has drawn sharp criticism from technologists, privacy experts and politicians because of its potential to lead to surveillance of private communications.
As in Europe, UK experts fear encryption is becoming a casualty in the fight to keep children safe online.
Apple has already removed iCloud’s advanced encryption protection from the UK market after receiving technical advice aimed at creating a backdoor. However, this order was issued under the Investigatory Powers Act and not the Online Safety Act.
Do you know?
Encryption is the technology used by secure messaging apps, cloud storage, and VPN services to protect their users’ data from being monitored by third parties, including themselves.
When we asked for clarification on its plans, an Ofcom spokesperson said the agency was considering measures to automatically detect illegal content and content harmful to children, known as hash matching. However, “the proposals do not recommend that services break end-to-end encryption”, Ofcom said.
According to the senior director of the Internet Society’s Internet Trust, Robin Wilton, this suggests that any analysis should take place before the file is encrypted. “That would mean the service would have to have a client-side component to do that analysis,” Wilton said.
Client-side scanning was previously halted under the Online Safety Act until it was “technically feasible”. European experts have been highly critical of this type of scanning, arguing that it would create a vulnerability in the system even if it occurred before the content was encrypted, with Signal comparing client-side scanning to malware on your device.
Two providers leaving the UK market, Krakenfiles and Nippydrive, offer end-to-end encrypted services, which may suggest they had concerns about the integrity of their systems.
At this time, NordVPN’s Proton Drive and Meshnet are not yet affected by any new requirements, the companies told TechRadar.
For Wilton, however, the stakes are even higher. “If Ofcom continues with this policy, UK users will no longer have access to cloud storage that technically prevents third parties from accessing their data,” he said.
In its report, Ofcom repeatedly states that in 2026 CSAM monitoring tasks will be strengthened across more cloud storage and file sharing applications, while expanding to other user-to-user services.
So it’s possible that other apps that we all use regularly will soon become targets of increased surveillance. We will continue to monitor the situation and assess its impact on individual privacy.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
