Major online platforms continue to have significant gaps in detecting child sexual exploitation and abuse (CSEA) and sexual extortion, particularly by relying on user reports instead of proactively identifying harmful activity, according to Australia’s eSafety Commissioner.
In itsthird periodic transparency report, the regulator said providers still fall short in detecting newly created child sexual abuse material, preventing grooming, disrupting abuse during video calls, and tackling sexual extortion on their services.
The report covers the period from July 1 to December 30, 2025, and examines how Apple, Discord, Google, Meta, Microsoft, Snap and WhatsApp complied with Australia’s Basic Online Safety Expectations (BOSE). It focuses on providers’ responses to child sexual exploitation, grooming and sexual extortion involving both children and adults.
- Proactive detection remains limited: eSafety said providers continue to have significant gaps in proactively detecting new child sexual abuse images and videos before users report them, despite the availability of technologies that can identify such material earlier.
- Video call protections remain weak: Only Microsoft uses tools to detect and disrupt live online CSEA during video calls proactively. No other provider covered by the report uses proactive detection technologies in video-calling services.
- Grooming detection requires improvement: The regulator said providers should strengthen tools that detect and prevent online grooming, which can lead to children producing abuse material or meeting offenders in person.
- Encryption presents challenges: eSafety acknowledged thatend-to-end encryption makes proactive detection more difficultbut said providers should continue developing technologies andadopt layered approaches to detect unlawful activity while implementing reasonable safety measures.
- Some progress has been made: The report noted that several companies invested in improving or expanding detection tools during the reporting period while emphasising that significant safety gaps remain across the industry.
- 2,206 complaints: eSafety received 2,206 individual complaints of sexual extortion during the reporting period.
- Most complainants were men:85% of complaints came from males. Men aged 18–24 submitted the highest number of complaints (803), followed by men aged 25–39 (574).
- Most referenced platforms:Instagram appeared in 695 complaints, followed by WhatsApp (612) and Telegram (558). A single complaint could reference multiple services.
- Where threats occurred: Adults most commonly reported threats occurring on WhatsApp, Telegram and Instagram, while children most commonly identified Telegram, iMessage and Snapchat.
- Encrypted messaging: The report saidthreats often move to encrypted or ephemeral messaging services after initial contact. It stated that end-to-end encryption makes proactive detection more challenging but said providers should implement other reasonable measures, includingbehavioural signals, reporting tools and research into new detection technologies.
- Apple did not use language-analysis technology or other proactive detection tools to identify sexual extortion involving children or adults on iMessage.
- Instead, it relied on Communication Safety, which detects nudity in images and videos and blurs them for users under 18 by default. Adults could access similar protections only byopting inthrough Sensitive Content Warning.
- eSafety said these features detect only nudity after images have been sharedand cannot identify threats before content is sent. It also noted that victims cannot report threats in-app when no intimate image has been uploaded or when perpetrators falsely claim to possess images.
- Discord discontinued its trial of language-analysis technologyafter concluding that the tool did not provide sufficiently accurate signals. It said it continues exploring alternatives but did not commit to reintroducing the technology.
- The platform uses Safety Alerts on Senders for users aged 13–17 and employs models to identify and remove harmful communities engaged in sexual extortion.
- However, eSafety said Discorddoes not use language-analysis tools on non-encrypted parts of the service and lacks in-service reporting mechanisms for voice calls, video calls and Go Live sessions.
- Googledid not use language-analysis technology or other proactive detection tools to detect sexual extortion on Google Meet, Google Chat or Google Messages. It used language analysis only for YouTube.
- Google introduced in-app reporting mechanisms for Gmail and Google Messages.However, eSafety described the reporting process as lengthy and noted that Google received no reports relating to child sexual exploitation through Google Messages globally.
- Meta used language-analysis tools by default across Instagram, Facebook and Threads to detect sexual extortion.
- However, its tools were more limited on Facebook Messenger and Instagram Direct, where end-to-end encryptionrestricted proactive detection. There, language analysis primarily applied to public messaging features or user-reported content.
- The report noted that Meta announced Instagram would remove end-to-end encryption from private messages in May 2026. eSafety said it encouraged the company toexpand proactive detection tools once encryption is removed.
- Microsoft did not use language-analysis technology or other proactive detection tools to identify sexual extortion on Microsoft Teams, instead relying on user reporting.
- However, Microsoft used language-analysis technology on Xbox and was the only provider covered by the report using tools to detect and disrupt live online CSEA during video calls.
- Snap only appliedlanguage-analysis tools to content that users reported rather than proactively scanning material on the platform.
- The company used technology to block searches, usernames, and display names associated with sexual extortion and adopted Internet Watch Foundation keywords for detecting user-reported material.
- Snap also warned teenagers about potentially risky users based on factors including previous reports and location signals. However, eSafety said the company could improve detection by expanding proactive tools beyond user reports.
- WhatsApp did not use language-analysis technology to detect sexual extortion in end-to-end encrypted messages. It instead applied language analysis to user reports and WhatsApp Channels, which are not end-to-end encrypted.
- The company also used signals-based detection outside message content to identify words, phrases and harmful communities associated with sexual extortion.
- WhatsAppprovided an in-app reporting mechanism, although eSafety noted that it did not include dedicated reporting categories for child sexual exploitation or sexual extortion.
What the regulator has called for:The eSafety Commissioner called on online service providers and the broader technology industry to work together to develop technologies that prevent, detect and disrupt child sexual exploitation and sexual extortion.
The report said providers shouldproactively detect new abuse material, improve tools that identify grooming, strengthen behavioural and language-analysis systems where feasible, and ensure users can easily report abuse and receive support.
- Buffer Zones, Bias, and Deepfakes: Limits of Age Assurance Tools Exposed
- How Apple’s new Child Account feature raises privacy and data protection concerns
- Lawsuit Against xAI Raises Alarming Questions About Grok’s Child Sexual Abuse Safeguards
