Every online platform that allows user-generated content faces a legal reality that most engineering teams discover too late: if your users can send each other messages, you may be a mandatory reporter under federal law. 18 U.S.C. Β§ 2258A requires Electronic Service Providers (ESPs) to report apparent child sexual exploitation material (CSEM) to the National Center for Missing & Exploited Children (NCMEC) CyberTipline. The statute covers any service that provides email, instant messaging, chat, cloud storage, or any capability for transmitting content. If you run a platform where users communicate, you are almost certainly covered. This is not hypothetical risk. Platforms that knowingly fail to report face criminal liability under Β§ 2258A(e). And "knowingly" has been interpreted broadly. The 24-Hour Clock When your system encounters apparent CSEM, the reporting window opens immediately. The standard is 24 hours for an initial report, with supplemental information to follow.β¦
