Threat Assessments & Data
WePROTECT Global Threat Assessment
The authoritative annual assessment of the global threat of online child sexual exploitation and abuse — used as the primary planning reference by 42+ governments and the baseline threat data source for leading platforms worldwide. The 2024 edition documents the accelerating growth of AI-generated CSAM, the geographic expansion of live-streaming exploitation across Southeast Asia, and the rapidly increasing scale of financial sextortion targeting teenage boys. Covers all six WePROTECT Model National Response domains with country-level maturity scores, enabling governments to benchmark progress and prioritize interventions. Essential reading for policymakers, law enforcement, and platform trust and safety teams — the most credible single source on the current scope and nature of the global child sexual exploitation threat.
NCMEC Annual Report on CyberTipline Data
The definitive statistical record of online child sexual exploitation reporting in the United States — and the most widely cited data source on the scale of the global CSAM crisis. The 2022 report documented 88.3 million CyberTipline files — a 329% increase over five years — with platform-by-platform breakdowns revealing the significant variation in detection and reporting rates across major providers. Provides essential trend data on CSAM volume, file types (images vs. videos vs. live streaming), geographic distribution of hosting, and the growing proportion of AI-generated material. Critical for compliance teams understanding mandatory reporting obligations under 18 USC 2258A, platform safety teams benchmarking detection performance, and researchers and policymakers tracking the threat trajectory. Published annually by the National Center for Missing & Exploited Children.
IWF Annual Report
The Internet Watch Foundation's annual report is the most detailed public accounting of CSAM detection and removal activity in the UK and globally — covering the volume of URLs assessed and actioned, the size and composition of the verified hash database (3.5M+ hashes), and the evolving trends in content type, severity, and hosting geography. Recent reports have documented the disturbing shift toward self-generated child sexual abuse material (SG-CSAM), the rapid growth of AI-generated imagery, and the increasing sophistication of hosting obfuscation techniques. Provides technical briefings for platform trust and safety teams on emerging detection challenges, and policy analysis for legislators considering content removal obligations. The IWF's hotline data is the primary evidence base for Ofcom's regulatory risk assessments under the UK Online Safety Act.
Thorn: Emerging Technology and Child Safety
Thorn's technology research series provides the most rigorous independent analysis of how emerging technologies are reshaping both the commission of child sexual abuse and the industry's capacity to detect and prevent it — bridging the gap between academic research and operational trust and safety practice. The 2024-2025 research covers: the exponential growth of AI-generated CSAM and its implications for hash-based detection systems built on real-image databases; the challenge of end-to-end encryption for detection infrastructure (and client-side scanning as a partial solution); the migration of child sexual exploitation to gaming platforms and live-streaming services; and the effectiveness of behavioral-signal detection as a complement to image hashing. Widely cited in Congressional testimony, Ofcom regulatory guidance, and EU Commission risk assessment guidance. Essential for technology policy teams, trust and safety engineers, and platform legal counsel navigating the evolving detection landscape.
Children's Digital Lives
OECD How's Life for Children in the Digital Age? (2025)
The most comprehensive cross-national comparative study of children's digital lives — covering cyberbullying prevalence, social media use patterns, digital skills, screen time, and wellbeing outcomes across all 38 OECD member countries. The 2025 edition reveals significant divergence in both online risk exposure and protective infrastructure between member states, with children in lower-income OECD countries facing substantially greater exposure to online harm with substantially less regulatory protection. Key findings: cyberbullying has increased in 28 of 38 member countries since the previous edition; heavy social media use shows consistent negative associations with adolescent wellbeing across all OECD contexts; and countries with mandatory digital literacy curriculum show measurably better child digital literacy scores. Cited in EU DSA Commission risk guidance, Ofcom's Children's Code enforcement priorities, and legislative evidence bases for KOSA and California AADC.
UNICEF State of the World's Children (Digital Edition)
UNICEF's flagship annual report is the authoritative voice on how digitalization is reshaping children's lives globally — and uniquely, it centers the perspectives and experiences of children in the Global South rather than defaulting to high-income country data. The Digital Edition documents the profound inequity in how children experience the internet: children in high-income countries navigate sophisticated platforms with extensive regulatory oversight, while children in low-income countries face the same harmful content and exploitation risks with limited connectivity, minimal digital literacy resources, and weak legal protections. Key themes include: digital inclusion as a child rights issue; the failure of age verification systems designed for civil-registry-equipped countries to function in contexts where many children lack official identity documents; and the importance of context-sensitive child protection frameworks. Essential reading for NGOs, international development agencies, and policymakers designing globally applicable child protection strategies.
Ofcom Children's Online Experiences Report
The most methodologically rigorous annual survey of children's digital lives in the UK — drawing on Ofcom's unique position as the UK's communications regulator with statutory data access rights. Based on nationally representative samples of children aged 3-17 and their parents, the report tracks platform use, content exposure, online harm experiences, parental mediation approaches, and children's own perceptions of online safety and risk. Data from recent editions has been directly influential in shaping UK regulatory policy: evidence of TikTok's dominance among 12-15s informed Ofcom's risk assessment priorities; data on pro-eating-disorder content exposure drove the inclusion of specific harmful content categories in the Children's Safety Code; and statistics on adult contact with children in gaming environments prompted expanded guidance on messaging restrictions. The primary evidence base for Ofcom's annual Online Nation report and a required reference for any organization conducting a UK Children's Risk Assessment under the Online Safety Act.
5Rights: Disrupted Childhood Report
The 5Rights Foundation's landmark research on how the default commercial design of digital services — optimized for engagement, data collection, and revenue — systematically disrupts children's development, wellbeing, and fundamental rights. Drawing on developmental psychology research, neuroscientific evidence on adolescent brain development, and qualitative testimony from children across 27 countries, the Disrupted Childhood report provides the empirical foundation for the Child Rights by Design framework. Key findings: the features most harmful to children (infinite scroll, social comparison, notification systems, algorithmic content amplification) are not incidental design flaws but the intentional commercial architecture of engagement-maximizing platforms. The report directly shaped the language of UNCRC General Comment No. 25, the UK Age Appropriate Design Code's 15 standards, and IEEE Standard 2089 — making it foundational reading for understanding why Safety by Design requires systemic architectural change rather than surface-level content moderation.
Policy & Regulation
OECD Age Assurance Legal and Policy Landscape (2025)
The most comprehensive comparative analysis of age assurance regulatory approaches globally — covering 40+ countries across six continents, categorized by regulatory model (mandatory hard verification, mandatory age estimation, technology-neutral mandates, voluntary certification, or no requirement). The OECD's 2025 landscape mapping documents the rapid convergence toward mandatory age assurance requirements following Australia's social media ban (2024), UK OSA's "highly effective" standard (2025), and Indonesia's IEEE 2089 mandate — while also identifying significant variation in how jurisdictions handle the privacy-accuracy tradeoff. Critical constitutional analysis examines First Amendment constraints in the US context versus ECHR Article 10 flexibility in European contexts. Widely referenced by government digital ministries designing age assurance legislation, by technology companies assessing compliance obligations across multiple jurisdictions, and by researchers evaluating the effectiveness of different approaches. The definitive starting point for any organization conducting a multi-jurisdictional age assurance regulatory analysis.
OECD Towards Digital Safety by Design for Children (2024)
The OECD's 2024 landmark report systematically maps Safety by Design implementation across member country jurisdictions and identifies eight key components that effective child-safe design systems share: risk assessment and management processes; age-appropriate design standards; user empowerment and control mechanisms; content moderation infrastructure; detection and reporting capabilities; transparency and accountability frameworks; data minimization practices; and age assurance systems. Each component is illustrated with case studies from platforms assessed as implementing it effectively — including YouTube Kids' curated-only content model, Instagram's age-based experience differentiation, and the eSafety Commissioner's Safety by Design assessment framework. Now cited in EU DSA Commission guidance on Article 35 risk mitigation, Ofcom's Children's Safety Code development, and UNICEF's D-CRIA methodology update. The primary international policy reference for regulators, legislators, and industry compliance teams implementing Safety by Design frameworks.
ITU National COP Assessment Reports
The ITU's national Child Online Protection assessments provide the most structured comparative analysis of government-level COP capacity available — covering legislation adequacy, policy framework comprehensiveness, industry regulatory environment, law enforcement capability, and multi-stakeholder coordination across all four ITU COP framework target audiences. Conducted in 13 countries to date across Africa, Asia-Pacific, Europe, and the Americas, the assessments use a standardized methodology enabling meaningful cross-country comparison while accounting for contextual differences in legal system, digital infrastructure, and resource levels. Each assessment produces a detailed gap analysis and prioritized action plan aligned with the WePROTECT Model National Response — giving governments an immediate roadmap for capacity building. Available in all six UN official languages, the assessments are the foundational tool for governments seeking to develop or strengthen a national child online protection strategy using internationally recognized benchmarks.
Ofcom Online Safety Act Annual Report
Ofcom's annual Online Safety Act compliance and enforcement report is the authoritative public record of how the UK's landmark child protection legislation is operating in practice — and the primary transparency mechanism for holding platforms accountable. The report covers: the volume and outcomes of Ofcom's compliance assessments across in-scope services; formal enforcement investigations opened and resolved (including penalties imposed and undertakings accepted); the overall state of age assurance implementation across the sector; the effectiveness of children's safety codes in practice (measured against Ofcom's risk register); and Ofcom's regulatory priorities for the coming year. For companies, the report is essential intelligence on enforcement priorities and the standard of evidence that satisfies Ofcom's assessment criteria. For policymakers and civil society, it provides the most detailed available picture of whether the Online Safety Act is achieving its child protection objectives. For researchers, it contains unique aggregate data on platform reporting, harm categories, and content removal rates across the UK's regulated digital ecosystem.
Industry Guidance
eSafety Commissioner: Safety by Design Research
The Australian eSafety Commissioner's Safety by Design research programme provides the most rigorous independent evaluation of whether proactive, architecture-level safety measures actually reduce harm to children on digital platforms — establishing the evidence base that is now referenced by Ofcom, the EU Commission, and OECD in their respective regulatory guidance. The research covers: before-and-after platform assessments following Safety by Design framework adoption; comparative analysis of user harm rates on platforms with and without proactive safety measures; evaluation of specific safety features (restricted messaging, content filtering, age-appropriate defaults) against measured harm outcomes; and the eSafety Commissioner's annual assessment of major platforms against its three-principle framework (provider responsibility, user empowerment, transparency). The Commissioner's research directly informs Australia's regulatory enforcement strategy under the Online Safety Act and provides the most compelling evidence base for the business and regulatory case for Safety by Design globally.
5Rights: Child Rights by Design (Full Framework)
The 5Rights Foundation's Child Rights by Design Full Framework is the most comprehensive rights-based design methodology available for digital services used by children — translating the UN Convention on the Rights of the Child into specific, actionable design standards that product teams, UX designers, and compliance leads can implement. The framework covers all five rights (to remove, to know, to safety and support, to informed and conscious use, and to digital literacy) with specific design guidance for each: right to remove includes data portability requirements, effective deletion mechanisms, and default data retention limits; right to know includes algorithmic transparency appropriate to developmental stage; right to safety and support includes in-product crisis resource integration and trauma-informed reporting flows. Directly cited as the normative foundation of UK AADC, IEEE Standard 2089, and UNCRC General Comment 25. The full framework includes an assessment tool enabling companies to audit their products against each right, with a gap analysis output that maps directly to regulatory compliance requirements in the EU, UK, and Australia.
Digital Trust & Safety Partnership: Age Assurance Guidance
The Digital Trust & Safety Partnership's age assurance guidance represents the most credible industry consensus position on implementing age verification and estimation at scale — developed by a consortium of major platforms (including Google, Meta, Microsoft, Twitter/X, and Twitch) to establish shared standards that satisfy regulators while preserving user privacy. The guidance covers: the technical comparison of self-declaration, age estimation, and hard verification approaches against the criteria of effectiveness, privacy preservation, user experience, and regulatory acceptability; the specific implementation patterns the Partnership recommends for different risk levels of platform content; the privacy-by-design principles that must be embedded in any age assurance system handling children's identity data; and the transparency reporting approach the Partnership has adopted to demonstrate industry accountability. Referenced by Ofcom in its Children's Safety Code guidance and by the EU Commission in its DSA age assurance implementation guidance. The key reference for companies seeking to demonstrate to regulators that their age assurance approach reflects industry best practice.