Image TC i Stock 641775938

What is online child sexual exploitation and abuse (OCSEA)?

OCSEA refers to the usage of the internet or communication technologies to facilitate the sexual abuse of children and adolescents. Child sexual exploitation and abuse can exist in many forms, examples include - grooming, sexual extortion, live-streamed child abuse, perceived first-person (often called "self-generated"), and child sexual abuse materials (CSAM).

While there is no universally agreed-upon legal definition for CSAM, the term generally refers to sexually explicit imagery involving children (commonly known as child pornography). It is important to note that laws regarding CSAM can vary across jurisdictions, so be sure to consult with your legal teams for guidance on regulation and compliance.

It is a misconception that in order for an OCSEA incident to occur on a website or app, children must be users of the app. This is not true and many OCSEA harms occur between adults—trading CSAM amongst themselves, hosting chat forums that sexualize children, using CSAM for profile photos, grooming of other adults with the goal of exploiting their children. In addition, children can commonly evade age assurance tools and tactics and obtain access to online spaces meant only for adults.

Examples of OCSEA Harm Types

Child Sexual Abuse Material (CSAM)

CSAM includes still images, videos, and illustrated, computer-generated or other forms of realistic depictions, as well as live streaming broadcasts of a child in a sexually explicit context, or engaging in sexually explicit acts.

Online Grooming

Grooming broadly describes the tactics abusers use to build trust and rapport with a child in order to gain access to that child for the purpose of sexual activity or exploitation. This type of victimization takes place across every platform; social media, messaging apps, gaming platforms, etc., and may include instances when a child is being groomed to take sexually explicit images and/or ultimately meet face-to-face with someone for sexual purposes, or to engage in a sexual conversation online or, in some instances, to sell/trade the child’s sexual images.

Minor Sexualization

is the creation or sharing of content (including photos, videos, real-world art, digital content, and verbal depictions) that sexualizes real or non-real children.

Sextortion

is a form of child sexual exploitation where children are threatened or blackmailed, most often with the possibility of sharing with the public a nude or sexual images of them, by a person who demands additional sexual content, sexual activity or money from the child.

Live-streamed child abuse

Live-streamed child abuse, also known as online streaming, allows abusers to create child sexual abuse content in real-time. Livestreaming of child sexual abuse may include adult offenders who direct the child abuse whilst the acts are streamed live to an audience, or coerce children into using livestreaming platforms to produce child sexual abuse material.

Trafficking

Child sex trafficking is a form of child abuse that occurs when a child under 18 is advertised, solicited or exploited through a commercial sex act. A commercial sex act is any sex act where something of value – such as money, food, drugs or a place to stay – is given to or received by any person for sexual activity.

Establish operations in order to identify OCSEA

Create external standards that prohibit OCSEA

An important practice for fighting OCSEA is to incorporate public-facing language into a company’s external standards, for example their Terms of Service, Acceptable Use Policies and / or Community Guidelines, that prohibits this behavior.

For more information, companies can sign up for the Tech Coalition’s Pathways program and check out the External Standards that Prohibit OCSEA resource.

Create internal child safety guidelines that outline how to identify and take action on OCSEA

To facilitate fighting OCSEA, companies can create internal principles to gather definitions and document enforcement guidelines. This helps ensure alignment across teams as well as consistency, and can be used by reviewers in content moderation.

For more information, companies can sign up for the Tech Coalition’s Pathways program and check out the Writing a Child Safety Content Policy resource.

Method for surfacing cases

User reporting
Mechanisms must be in compliance with local legal requirements and made available to users of any Company’s product(s) to enable reporting or flagging of illegal or harmful content and/or behavior. These reports/flags can then be reviewed against company policies and guidelines. Add child safety reporting options to any surface / page and consider having a Help Center / Support article that provides a means for users to report potential child abuse.

Detection
Current technology solutions, open source or not, enable companies to detect OCSEA on their platform, including CSAM distribution, online grooming etc. The most common industry solutions include: hash-matching (such as PhotoDNA), image/video classifiers, text classifiers, keywords ingesting and URL blocking. Implementing detection capabilities may also require assessing additional needs for human review, so planning for moderation teams should be considered, if necessary.

Take Action when an OCSEA incident occurs

Report the case to the appropriate hotline based on your company’s location.

For US based companies
The National Center for Missing & Exploited Children (NCMEC) operates the CyberTipline, a national clearinghouse for leads and tips regarding child sexual exploitation. Once a company is registered with the CyberTipline (see section below for instructions on how to register), it can report OCSEA incidents to NCMEC via the CyberTipline Reporting API or the CyberTipline Manual Reporting Form. In addition to mandatory reporting obligations, companies must also comply with data preservation requirements.

To create an account with the CyberTipline a company should register as an ESP (Electronic Service Provider), or contact NCMEC at [email protected] for a form requesting the necessary information. Once the form is completed and submitted, NCMEC will issue the login credentials, enabling the company to begin submitting reports.

For more information, companies can sign up for the Tech Coalition’s Pathways program and check out the CyberTip Reporting Considerations resource.

For companies based outside the US
INHOPE serves as the umbrella organization for a global network of hotlines working to combat OCSEA. To locate the appropriate hotline, visit their website and select your country. INHOPE will redirect you to the relevant national hotline, who can help find the appropriate local reporting option. Some hotlines accept direct reports from companies while some will signpost to the relevant law enforcement channels.

Enforcement on your platform

Enforcement is the action a company takes when an account or content violates a company’s policies. There are various options for enforcement which can depend on a company’s business and capabilities. Some examples of enforcement include content removal, full termination of an account, device bans, etc.

For more information, companies can sign up for the Tech Coalition’s Pathways program and check out the Writing a Child Safety Content Policy resource.

Prepare for Law Enforcement to respond with legal process

An OCSEA report sent to NCMEC, after their prioritization and review, may be investigated by Law Enforcement. The Law Enforcement agency may follow up with the Company to request additional data. The additional information provided to Law Enforcement may enable them to locate and safeguard a minor victim, it may enable them to collect the necessary evidence against the bad actor, etc.

Prevention Techniques and Raising Awareness

Safety by design

  • Safety by Design is a proactive approach that focuses on preventing harm by incorporating safety into the design and development of products, services, and infrastructure.

  • By implementing Safety by Design techniques and processes, a company can prevent harm before it occurs, rather than mitigate harm after.

  • Please refer to the Tech Coalition’s Assessing OCSEA Harms in Product Development resource for more details.

Transparency Reports

  • Voluntary transparency reporting refers to reports that explain a company’s approach to addressing OCSEA, which should highlight the company’s policies, explain its processes, and document the outcomes of its efforts.

  • Transparency reporting is an essential component of industry efforts to combat online CSEA, and can also be a legal requirement. It drives accountability and plays a critical role in building trust with users, regulators, and the general public.

  • Please refer to the Tech Coalition’s TRUST Framework for more details on how to develop a Transparency Report. Please also consult with your legal teams for additional insight on regulation and compliance in this space.

Safety Education

  • Safety Education is a broad term to mean any education to users within your website or app. It can be help center articles about how to spot signs of OCSEA, or in-product tips to children when they are in a high risk situation (for example, someone has asked them to send a photo) or act as deterrence for potential offenders (for example, reinforcing that CSAM is illegal and promoting helplines to users who search it).

  • Safety education can have real world impact on preventing OCSEA and providing resources and support to those in need. It also relieves the workload to your operations team and its downstream stakeholders such as NCMEC and Law Enforcement.

Pathways mountains portrait

To learn more about these topics and others

Sign up for Pathways, expert advice, resources and opportunities for the tech industry to further build capacity to combat online child sexual exploitation and abuse.

Sign Up For Pathways

Disclaimer
All companies are different: We understand all companies are different and may take different approaches. These recommendations are intended to help facilitate internal, cross functional conversations and do not intend to define a standard of care – you may wish to add or subtract from them as needed.

This was not developed to provide legal guidance or regulatory compliance: We did not overlay or compare this information with current or drafted legislation.

For the purpose of this content, child or minor refers to someone who is under 18 years of age.