Are there trends in CSAM website takedowns over the past five years?
Executive summary
Global takedowns and enforcement actions against CSAM have surged and shifted in character over the past five years: law enforcement shut major darknet and surface sites (e.g., Welcome to Video, Dark Scandals earlier, and Kidflix taken down in 2025 with 1.8 million users and 72,000 videos) [1][2]. Policy and technological responses also intensified in 2023–2025 — the EU moved to regulate provider obligations and the U.S. Congress reintroduced the STOP CSAM Act in 2025, provoking sharp debate about mandatory takedowns, scanning and encryption [3][4][5][6][7].
1. Enforcement is getting bigger and more visible — and more international
High-profile law-enforcement takedowns of large platforms demonstrate an upward trend in large-scale operations: investigations that once targeted dark-web markets in 2019–2020 now include takedowns of multi-million-user sites such as Kidflix in 2025, with Europol reporting 1.8 million users and 72,000 videos and arrests tied to the disruption [1][2]. These cases illustrate a pattern of cross-border coordination and reliance on crypto-tracing and international cooperation to seize servers, arrest operators and identify users [1][2].
2. Offenders are adapting: migration to dark web and AI-enabled content
Available reporting shows offenders have shifted tactics since roughly 2023: actors increasingly return to dark-web infrastructures to avoid the surface web’s takedown regime, and some are employing intermediary addresses and cryptocurrencies to complicate attribution [1]. At the same time, vendors and criminal groups are leveraging AI to generate and distribute abusive imagery — the IWF reported thousands of AI-generated images on a forum, and Europol-backed actions in 2025 targeted groups distributing AI-generated images [1].
3. Platform responsibilities and mandated takedowns are proliferating as law and regulation rise
Regulatory pressure escalated in multiple jurisdictions. The EU’s CSAM Regulation imposes duties on hosting and interpersonal communications providers to assess risk and to carry out detection, removal, blocking and delisting orders [3]. In the U.S., Congress reintroduced the STOP CSAM Act in 2025, which would require large providers to report and potentially remove material and to supply detailed reports to authorities [4][5]. The Congressional Budget Office judged the 2025 bill to narrowly expand duties and estimated the costs would fall below federal mandate thresholds [8].
4. Technology responses: scanning tools versus privacy trade‑offs
Cloud providers and security vendors offer proactive CSAM scanning and blocking tools; Cloudflare documents a CSAM scanning feature owners can enable to identify and block images [9]. These technical countermeasures coexist with robust debate: civil society and digital-rights groups warn that statutory takedown obligations and scanning could undermine end‑to‑end encryption and broader security, framing the policy push as likely to create incentives for platforms to avoid offering encrypted services [6][7][10].
5. Policy debate is intensifying and polarizing
Digital-rights organizations and industry voices oppose elements of proposed U.S. lawmaking, arguing STOP CSAM would erode privacy, force takedowns without adequate judicial review, and chill secure services [7][6][11][12]. Proponents and some lawmakers argue stronger mandatory reporting, takedown duties and transparency obligations are necessary to scale responses to a growing, global problem [4][5]. This split defines contemporary policy discussions and shapes how takedown trends are interpreted in public debate [10].
6. Data gaps and limits in public reporting
Available sources document notable incidents and policy moves but do not provide a continuous, quantified five‑year time series of takedowns (not found in current reporting). Government and NGO reports referenced here offer snapshots (e.g., Europol/Kidflix, EU regulation proposals, STOP CSAM legislative text) but comprehensive annual statistics on takedowns, successful removals, or false-positives over 2019–2024 are not in the provided material (not found in current reporting) [2][3][4][5].
7. What this pattern means going forward
The combined trends — larger, more public takedowns; offender migration to more resilient dark‑web and crypto-enabled models; rapid emergence of AI-generated content; and stronger regulatory pressure to force detection and removal — point to more sophisticated enforcement but also escalating technical and legal tradeoffs [1][3][4]. Whether takedowns will scale sustainably without eroding encryption or producing harmful over‑removal depends on policy choices now being debated in the EU and U.S., and on how platforms deploy scanning and transparency mechanisms [3][6][7].
Limitations: this analysis uses only the supplied reporting and legislation texts; sources document major incidents, technology options and policy proposals but do not include an authoritative longitudinal dataset of annual takedowns across jurisdictions (not found in current reporting).