The debate surrounding Apple and its planned CSAM scans has been a source of confusion for years. The company announces features one moment, then puts them on hold the next, while legislators in several countries consider mandatory scans. The EU has now backed down, but Apple remains under scrutiny. The conflict between data privacy, child protection, and political pressure is far from resolved.
In 2021, Apple wanted to demonstrate that child protection and data privacy were compatible. The plan: devices would be automatically scanned for child sexual abuse material without revealing private content. Critics disagreed. At the same time, the EU was working on legislation that would require companies to perform CSAM scans, in some cases even considering removing end-to-end encryption. The interplay of technical plans, political demands, and public criticism sent Apple on a years-long rollercoaster ride.
Even though the EU has softened its demands, the issue remains uncomfortable for Apple. Discussions continue behind the scenes that could affect the company again at any time.
The CSAM rollercoaster ride at Apple
In 2021, Apple announced new systems designed to detect CSAM on devices. The solution was intended to be as privacy-friendly as possible, but experts identified four major vulnerabilities.
Following this criticism, Apple promised to revise its plans and remained silent for months.
In 2022, Apple stated that it did not share the counterarguments, but nevertheless abandoned the implementation. In 2023, the company officially confirmed for the first time that the technology did indeed exist. And in 2024, a clear about-face followed, this time with the same arguments that Apple had previously rejected.
This created a contradictory picture. On the one hand, Apple wanted to guarantee data privacy, but on the other hand, it also wanted to find a way to meet legal requirements. This led to a course that repeatedly shifted over several years.
The proposed EU law and why it was so sensitive
Parallel to Apple's own plans, the EU was working on legislation that would have required companies to actively scan for CSAM. This would have affected not only cloud storage services like iCloud. For a moment, there was even talk of disabling end-to-end encryption to make encrypted chats searchable.
This particularly stringent demand was later withdrawn. Nevertheless, the EU continued working on rules that would have made scanning data in the cloud or directly in apps mandatory.
For Apple, this would have meant being forced to implement some kind of scanning system again, despite its own abandonment of the CSAM plans. Either in the form of the originally planned device scans or following the example of other providers that scrutinize cloud storage.
The EU is backtracking, but not completely.
According to new information from Euractiv, EU member states have now agreed on a weakened version of the legislation. Mandatory scanning orders will be dropped. Instead, platforms will be required to implement stricter safeguards.
However, this doesn't automatically lead to a sense of calm. An unclear obligation to mitigate risk remains. This could indirectly lead companies to scan messages or cloud data after all, in order to remain compliant with the law.
So far, every attempt to enforce mandatory messenger scans has been rejected. Nevertheless, a compromise is considered possible that would require Apple to check iCloud data for CSAM.
The process is not yet complete. For the law to be finally passed, the EU co-legislators must reach an agreement. This could take months.
Why Apple remains under pressure despite the EU's reversal
Even though the EU has weakened the law, Apple is not out of the woods. A single EU country can always enact its own, stricter rules. This would force Apple to comply with different laws across Europe simultaneously.
As long as the final wording of the law is not yet established and unilateral national actions are possible, the issue remains open for Apple. The debate about the balance between data protection and child protection is therefore not over, but merely postponed.
Relaxed EU rules, but no all-clear for Apple
Apple remains at the center of a difficult debate. While the EU has refrained from making CSAM scans mandatory, the possibility of indirect regulations remains. National laws can impose additional requirements.
For Apple, this means continued pressure and the need to react flexibly to political developments. The question of how to reconcile child protection and privacy remains unresolved. And as long as this question remains open, the CSAM debate will remain relevant. (Image: Shutterstock / metamorworks)
- Cell Broadcast: All-clear completes DE Alert
- Perplexity delivers AI-powered shopping & PayPal payment
- Apple attacks India's antitrust reform and revenue formula
- Apple is being sued again over alleged conflict minerals
- China launch of Apple Intelligence is getting closer
- Apple dominates the global smartphone market thanks to the iPhone 17
- ChatGPT improves language mode and provides a clearer overview
- The Hunt canceled: New clues explain the decision
- Signal introduces new backup models for iPhone users
- Apple is being unfairly criticized for its ATT privacy feature
- Anthropic introduces new AI model Claude Opus 4.5
- Apple surprises with rare layoffs in sales
- OpenAI increases pressure on Apple through massive poaching efforts
- ChatGPT simplifies product search with new AI shopping tool
- Apple News without CNN: Background to the unexpected withdrawal
- French lawsuit puts Apple's App Store fees in the spotlight
- Apple publishes study on smart activity tracking
- macOS 26.2: The three biggest new features at a glance
- ChatGPT Atlas Update brings new features to macOS
- The EU is putting an end to annoying cookie banners across the entire internet
- Apple presents the finalists of the App Store Awards 2025
- Cloudflare outage explained: How the worldwide problem occurred
