Which EU member states have implemented Article 5 of the CSAM Directive into national law, and what do their statutes say about knowingly accessing CSAM?
Executive summary
There is no record in the provided reporting that identifies any EU Member State that has already implemented "Article 5" of the recast CSAM Directive into national law; the sources instead document ongoing EU-level negotiation, an extended interim derogation authorising voluntary CSAM scanning, and heated legal and political debate about scope and legality [1] [2] [3]. Because the supplied documents do not include national transposition texts or a reproduction of Article 5 itself, this analysis limits itself to what the sources confirm about EU-level obligations, the interim regime, and why national implementation details are not available in the provided reporting [1] [4] [3].
1. What the EU files actually show: a regulation in flux, not national laws
The material supplied maps a European legislative process rather than a completed set of national statutes: the Commission’s 2022 proposal for a CSAM Regulation (also called the CSAR or "Chat Control") set out obligations for providers to detect, report and remove CSAM, but the status remains in negotiation with trilogues and member-state positions still being hammered out in late 2025 — not a finished EU act already transposed into national law [5] [2] [6]. The interim derogation that allowed voluntary provider scanning under the ePrivacy framework was repeatedly extended to preserve continuity and is in force until 3 April 2026, underscoring that the EU-level framework is still transitional, not an instruction to national parliaments to implement Article 5 domestically [1] [2].
2. What the CSAM proposal contemplates about detection obligations (context for "Article 5")
The Commission and Parliament texts discussed in the reporting contemplate a spectrum of options: obligations to detect "known" CSAM (hash‑matching) versus broader duties to detect "new" CSAM or grooming, and the choice between limiting orders to known material (Option C) or extending to new material (Option D) is central to the debate — this is the policy context that any Article 5 would sit within, but the exact wording and scope of Article 5 are not reproduced in the supplied sources [3] [7]. INHOPE and other stakeholders characterise the recast as expanding the definition of offences and creating a legal basis for hotlines and orders such as detection, removal and blocking, but that description is at the EU-policy level rather than evidence of national statute text [8] [4] [9].
3. Why reporting cannot answer which Member States have implemented Article 5
None of the supplied items cites national transposition measures or lists Member States that have adopted Article 5 language into domestic codes; the sources instead cover EU proposals, extensions of the interim derogation, and stakeholder reactions [1] [2] [10]. Without explicit references to national laws or a reproduced Article 5 text in these sources, it is not possible from this reporting to identify which Member States — if any — have implemented Article 5 or to quote statutory language about the criminalisation of "knowingly accessing" CSAM. Any assertion about specific national statutes would therefore go beyond the supplied evidence.
4. Legal and political friction that will shape national transposition
The sources document intense legal concern about indiscriminate scanning of private communications: leaked legal advice and academic analysis argue such screening risks running afoul of EU fundamental‑rights jurisprudence unless narrowly targeted and proportionate, and they predict court challenges that will shape any national implementation of onerous detection or access offences [11] [12]. Civil‑society actors warn that broad scanning and AI classification create false positive risks and privacy harms, while proponents emphasise child protection and successful voluntary detection cases — a classic rights-versus-security cleavage that will influence whether and how Member States draft statutes criminalising "knowing access" to CSAM [5] [2] [13].
5. Where to look next for definitive answers
To establish which Member States — if any — have implemented Article 5 and to read statutory language about "knowingly accessing" CSAM, the reporting suggests the necessary primary sources are national legislative registers and consolidated codes or the final adopted EU text on EUR-Lex; the supplied documents point readers to EUR-Lex and stakeholder analyses for EU-level text but do not supply national enactments themselves [3] [1]. Until those national texts or a final, adopted EU instrument are included among the sources, the question cannot be answered from the material provided.