More than half of the global webpages that contain confirmed child sexual abuse material (CSAM) are hosted in the European Union, at a time when "desperately needed" EU legislation on child protection continues to be blocked, according to a new report.
The report, released on Wednesday by the Internet Watch Foundation (IWF), reveals that the EU remains a prime destination for criminals determined to share, sell and buy sexual images and videos of children; thousands of webpages are traced back to EU servers.
"The time for delay is over. Children around the world need our help more than ever to protect them online," said Derek Ray-Hill, Interim CEO of the IWF, in a press release.
"These figures indicate the desperate need for the EU's pivotal legislation to tackle the pernicious spread of child sexual abuse online and should act as a clarion call for EU Member States to come together and act on this issue," he added.
'Safe haven for perpetrators'
Specifically, the IWF has demanded the immediate adoption of the Child Sexual Abuse (CSA) Regulation – also called "chat control" by those who oppose it over privacy concerns. This will ensure companies undertake proactive detection.
"We also call for the passage of the Child Sexual Abuse Directive, which would criminalise the production and dissemination of AI-generated child sexual abuse material," said Ray-Hill. "At the IWF, we are determined to see the establishment of a strong legal framework in the EU so that child sexual abuse imagery can be detected and prevented from being shared further."
"The EU cannot become a safe haven for perpetrators to freely abuse children and exchange criminal content."
Credit: Pexels
In 2024, another IWF report found that more than half (62%) of the child sexual abuse webpages which the Foundation examined contained content that was traced to hosting services in EU countries. This marks an 11-percentage point increase to 181,112 (up from 140,911 webpages in 2023).
When the IWF identifies child sexual abuse online, trained analysts perform a trace on the URL to identify the location of the physical server that is hosting the content to quickly remove it from the internet. This also tells them which partners they need to work with, whether law enforcement or another hotline, and in which country.
When the content is removed from the physical server, the imagery should be removed from any sites, such as blogs, forums or image hosts, which could be linking to it.
Thousands of webpages
The Netherlands hosts most of the global criminal content found online by IWF, with the percentage down from 33% in 2023 to 29% in 2024 (91,572 URLs to 83,037 URLs, respectively). Bulgaria, Romania, Lithuania and Poland – the next four countries in the EU list – have all seen an increase in the amount of content they host. Belgium is low on the EU list: there were 30 reports in the country, up by four last year.
Poland, which currently holds the EU Council presidency, is positioned as the fifth worst in the EU at 4% of the EU total (and eighth in the world) for hosting child sexual abuse material. The volume of content has grown by nearly 86 times (94 URLs in 2023 versus 8,077 in 2024) – an increase of more than 8,000%.
Expert analysts at the IWF say this is mostly down to one so-called 'problem website' with high volumes of criminal material moving to servers in Poland. The IWF has worked closely with the Polish hotline to ensure the content is taken down.
Some criminal child sexual abuse sites, especially those created specifically to share imagery for commercial gain, are dynamic and deliberately move their hosting from country to country to avoid removal. The IWF continues to track and count these sites when they change location and seeks to take them offline wherever they go.
Illustration image. Credit: Pixabay
The 'problem website' in Poland had previously been found and flagged by the IWF in more than ten other countries, including the Netherlands, Germany and Romania.
"Criminals exploit every opportunity and any weakness in CSAM content detection and mitigation systems to spread such material," said Martyna Różycka, Hotline Manager at Poland's Dyżurnet.pl / NASK hotline. "It is our responsibility, as a society, to ensure these actions are blocked and we respond to them quickly."
Currently, the Polish hotline is working on an advanced system for faster report analysis and rapid CSAM content detection using AI-based methods. "We are fully aware of the threat and the consequences we may face if we do not swiftly regulate the rules for reporting CSAM content by platforms operating within the EU."
Różycka said that if the CSA Regulation is adopted, "a European system can be created for combating this kind of material and prosecuting perpetrators of this type of crimes, which often have an international dimension," she said.
'Stop turning a blind eye'
The 2024 Annual Insights and Data Report also reveals that the IWF discovered child sexual abuse, or links to it, a record-breaking 291,273 times last year. Of those reports where the sex of children is recorded, 97% (or 278,492) showed the sexual abuse of girls only – an increase of 14,246 since 2023.
Almost a third of the images and videos "hashed" (given a unique digital code) by the IWF, 210,572 (29%) included Category A child sexual abuse – the most extreme imagery which can depict rape, sadism, or even bestiality.
Additionally, 245 reports processed in 2024 contained actionable AI-generated images of child sexual abuse. This is a 380% increase on 2023, where just 51 contained actionable AI-generated images of child sexual abuse.
Meanwhile, Sabine Saliba, Secretary General of the child protection network Eurochild, said that these figures "are an urgent wake-up call to the EU" to protect children online. "Member States must stop turning a blind eye to this crisis and urgently mandate the detection, reporting and removal of child sexual abuse online."
