Statement on end-to-end encryption and draft industry standards

eSafety is seeking feedback on draft industry standards for Designated Internet Services and Relevant Electronic Services.

These are aimed at ensuring relevant members of the online industry take steps to address the availability of horrific child sexual abuse and pro-terror material online.

The proposed standards will require some online services to do more than they currently do to detect this hugely harmful material.

However, eSafety has consistently stated it does not expect companies to break end-to-end encryption and the draft standards contain no such requirement.

The standards are not being created in isolation. Last week, five new codes developed by industry came into force covering social media companies, app stores, internet service providers, hosting providers and device manufacturers and suppliers. A sixth code covering internet search engines will come into force in March 2024.

The social media services code requires higher-risk social media services, including many of the largest social media services, to deploy technology to detect and remove known images of child sexual abuse material and pro-terror material.

In the case of Designated Internet Services and Relevant Electronic Services, a range of steps can be taken to limit the distribution of child sexual abuse and pro-terror material. These do not require systematic vulnerabilities or weaknesses to be introduced to end-to-end encryption.

Some end-to-end encrypted services are already taking useful steps, like scanning the non-encrypted parts of services – including profile and group chat names and pictures that might indicate accounts are providing or sharing child sexual abuse material – as well as taking into account behavioural signals to help identify perpetrators and sharing that information with law enforcement.

These and other interventions – such as making user reporting options readily accessible – are practical examples of measures companies with end-to-end encrypted services can take to reduce the risk of their services being misused to transmit horrific content.

eSafety recognises capacity to implement solutions may vary from company to company. The draft standards are designed to account for this.

eSafety has invited and welcomes feedback from companies, industry bodies, civil society groups, and other interested parties about all aspects of the standards. This formal feedback through the public consultation process will help eSafety consider whether refinements are required before the standards are finalised.

For more information or to request an interview, please contact: