- Ofcom looks to extend CSAM monitoring to file sharing and other providers
- It is recommended that applications do not “break end-to-end encryption.”“
- Experts are concerned about the precedent it could set in terms of user privacy
Having implemented one of the strictest age verification regimes in the world, the UK is now considering expanding its obligations on cloud storage, file sharing and other applications to help make the internet a safer place for children.
In its first report on the impact of the Online Safety Act, Ofcom pledged to “broaden our focus to other service providers who present the highest risk of CSAM”. [child sexual abuse material] to ensure stronger protections” in 2026.
Some of this work has already begun: Ofcom confirms that many large and medium-sized file-sharing platforms have voluntarily implemented technology to detect this type of content, while others have decided to leave the market entirely.
Following a four-month consultation period that ended in October, Ofcom is now assessing calls from industry and civil society to expand the law’s codes of practice. A report is expected next year.
However, Ofcom’s proposed increased surveillance has led experts to warn that the agency could be setting a dangerous precedent while doing “little to protect children”.
While it is unclear which other platforms will be affected, Ofcom told TechRadar that “our measures do not recommend that providers use proactive technology to analyze privately communicated content or metadata.”
The encryption enigma
The push to monitor CSAM in the UK echoes similar efforts in the EU, where the so-called Chat Control proposal has attracted heavy criticism from technologists, privacy experts and politicians due to its potential to lead to surveillance of private communications.
As in Europe, UK experts fear encryption could become a casualty in the battle to keep children safe online.
Apple has already removed iCloud Advanced Encryption Protection from the UK market after receiving a technical notice to create a backdoor. However, this order was made under the Investigatory Powers Act, not the Online Safety Act.
Know?
Encryption is the technology that secure messaging apps, cloud storage, and VPN services use to prevent their users’ data from being monitored by third parties, including themselves.
When we asked for clarification on its plans, an Ofcom spokesperson said the agency is considering measures that automatically detect illegal content and content harmful to children called “hash matching”. However, “the proposals do not recommend that services break end-to-end encryption,” Ofcom said.
According to the Internet Society’s Senior Director of Internet Trust, Robin Wilton, this suggests that any scanning should be done before the file is encrypted. “That would mean the service would have to have a client-side component to do that scanning,” Wilton said.
Client-side scanning was previously stopped under the Online Safety Act until it was “technically feasible to do so.” Experts in Europe have been highly critical of this type of scanning, arguing that it will create a vulnerability in the system even when it occurs before the content is encrypted, and Signal compares client-side scanning to malware on your device.
Two providers leaving the UK market, Krakenfiles and Nippydrive, offer end-to-end encrypted services, which may suggest they were concerned about the integrity of their systems.
As of today, companies like Proton Drive and NordVPN’s Meshnet have not yet been affected by new requirements, the companies told TechRadar.
For Wilton, however, the stakes are even higher. “If Ofcom continues with this policy, UK users will no longer have access to cloud storage that technically prevents third parties from accessing their data,” he said.
In its report, Ofcom repeatedly states that CSAM monitoring will be strengthened in more cloud storage and file-sharing applications in 2026, while also being extended to other user-to-user services.
So there’s a chance that other apps we all use regularly could soon become targets for increased monitoring. We will continue to monitor the situation and evaluate its impact on people’s privacy.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
