What to build, in what order, before you have to.

The mental model many founders carry — that Section 230 immunity covers third-party user content — has explicit carve-outs for federal child exploitation law. 18 U.S.C. § 2258A requires US-based providers who become aware of apparent CSAM to report it to NCMEC's CyberTipline, with civil and criminal penalties for failure. FOSTA-SESTA (2018) narrowed Section 230 further for sex-trafficking-related claims. The ENFORCE Act (December 2025) and TAKE IT DOWN Act (May 2025) extend criminal-equivalent treatment to AI-generated CSAM and non-consensual intimate imagery, including a 48-hour platform takedown requirement.

The practical implication: building a platform that hosts user-generated images or video without an integrated detection-and-reporting pipeline is not a we'll-figure-it-out-later problem. It is a structural feature of the legal regime, and the cost of getting it wrong is regulatory, reputational, civil, and (in some scenarios) personal-criminal.

The baseline is achievable for a small team, mostly with free tooling provided by government and nonprofit infrastructure. Four pieces:

• PhotoDNA(Microsoft, free for qualified organizations) for perceptual-hash matching against known CSAM. Application-gated through Microsoft's portal; takes weeks to onboard. Plan for it before you launch user-generated content, not after (PhotoDNA).
• NCMEC Hash Sharing API for the verified industry hash list (5M+ vetted hashes, supports PhotoDNA, PDQ, MD5, and others). Free for qualified providers. This is what you match against (NCMEC Hash Sharing).
• CyberTipline reporting integration. Reports are submitted via API; designate a primary reporter and a backup, set up the legal escalation path internally, and document the report-handling SLA. Reports route to law enforcement automatically.
• Cloudflare's CSAM Scanning Tool if Cloudflare is in your stack. Free for all customers regardless of plan, fuzzy-hash matching against NCMEC databases, automatic HTTP 451 blocking. The fastest way to add a layer of coverage to an existing deployment (Cloudflare).

If you prefer open-source primitives end-to-end, Meta's PDQ (image, BSD-licensed) and TMK+PDQF (video) algorithms are listed as supported fingerprint types in the NCMEC API, so you can integrate from facebook/ThreatExchange rather than through proprietary PhotoDNA licensing (ThreatExchange).

Hash-matching covers known CSAM. It does not surface novel material or AI-generated imagery. As your volume grows, three additional layers are worth budgeting for.

• Thorn Safer is the commercial leader for hash plus AI classification of novel CSAM. 2025 numbers: 82M+ verified hashes, 86+ platforms in the SaferList cross-platform sharing network, 415.4B files processed. Available via AWS Marketplace. Pricing scales with volume; reasonable budget for mid-stage platforms (Safer).
• Hive AI if you specifically need AI-generated CSAM detection. Hive received a DHS Cyber Crimes Center contract in 2025 to distinguish AI-generated material from real-victim imagery. Commercial API; reasonable adjunct to Safer for the AI-generation surface (MIT Technology Review).
• Project Arachnid Shield API(Canadian Centre for Child Protection) is free for ESPs and offers proactive content scanning against the project's database. Project Arachnid has issued 141M+ takedown notices and processed 176B+ images; the Shield integration moves you from we-respond-to-reports posture to we-proactively-screen posture (Shield API).

See Chapter 06 → CSAM detection technologies for the full landscape.

A defensible program is not just integration work. Four operational pieces that founders consistently underinvest in:

• A primary CyberTipline reporter and a backup. The first-encounter engineer or moderator should always have a designated routing target. Without this, reports get delayed by “who should I tell?” friction at the worst possible moment.
• A 24/7 takedown SLA. The TAKE IT DOWN Act sets 48 hours as the statutory minimum for non-consensual intimate imagery. Industry best practice for confirmed CSAM is much tighter. Document your SLA, audit against it, and report it transparently.
• Trauma support for human moderators. The mental-health load on human content reviewers is severe and well-documented; the multi-million-dollar settlements (Meta, TikTok) have made this a known cost center. Budget for clinical support, rotation policies, exposure limits, and screening upon hire. Cutting corners here is morally and financially expensive.
• Law-enforcement-request protocol. Once you start filing CyberTipline reports, you will receive follow-up legal process. Outside counsel with experience in this area is not optional; the protocol for receiving, scoping, and responding to subpoenas, warrants, and emergency disclosure requests should be documented and rehearsed.

The Internet Watch Foundation's 2026 assessment found AI-generated CSAM videos increased 26,385% year-over-year in 2025. If your product generates images or video, you are operating in this risk space whether or not your intended use case is sexual. Four engineering decisions that matter:

• Training-data hygiene. The Stanford Internet Observatory found CSAM in the LAION-5B dataset in 2023, after which it was withdrawn and re-released without the matching items. If you train on web-scale image data, screen against NCMEC's industry hash list and document the chain of custody.
• Prompt and output filtering. Both layers; not one or the other. Hive AI and other classifiers can run on generated outputs; prompt-classifier ensembles handle the input side. Open-source detection like the Hugging Face NSFW classifiers cover the broader adult-content surface but are not CSAM-aware on their own.
• Provenance signals. C2PA-style content credentials and invisible-watermarking schemes are now the de-facto industry expectation. Implementing them does not by itself stop misuse, but the absence of them is increasingly an aggravating factor in regulatory and reputational terms.
• The ENFORCE Act equates AI-generated CSAM with traditional CSAM in US federal criminal law. The argument that “no real victim” means “no real crime” is no longer available. U.S. v. Anderegg is the first federal case heading to appellate court testing the First Amendment limits of private possession of wholly AI-generated CSAM; production and distribution charges have proceeded uncontroversially (Tech Policy Press).

The companies that operate well in this space publish detailed transparency reports. The structure to look for: total content reviewed, hash-match volume, AI classifier volume, CyberTipline reports filed, takedown SLA met percentage, false positive disclosure, appeals handled, and moderator wellbeing metrics.

A few reference points: Meta's Community Standards Enforcement Report, Google's YouTube Community Guidelines Enforcement Report, Cloudflare's Transparency Report, Discord's Transparency Report, and Thorn's Safer Impact Report. The Australian eSafety Commissioner's mandatory transparency notices have surfaced enforcement-level detail from Apple, Google, Meta, Microsoft, Discord, WhatsApp, Snap, and Skype that is worth reading even outside Australia.

The Stanford CIS analysis of NCMEC reporting data (January 2026) found that approximately 80% of “Generative AI” CyberTipline reports involved no AI-generated CSAM at all — many were hash hits to known CSAM in AI training data. The takeaway for executives: aggregate report numbers are not self-explanatory; ask vendors and your own teams what categories actually mean before quoting numbers externally (Stanford CIS).

Detection tooling is the easy part. The harder question is organizational: who, by name, is accountable when CSAM reaches your platform? Chapter 06 maps how TikTok, Meta, and X actually structure that accountability, and the contrast between them is the lesson. Four principles fall out of it — each worth adopting or rejecting deliberately, not by default.

• Name a single accountable owner. The thinnest structure in that comparison attributes child-safety enforcement to an unnamed “safety engineering team” with no individual accountable for it, and that gap is exactly what regulators moved against — including a A$650,000 Australian Federal Court penalty in May 2026 for failing to fully comply with a child-exploitation transparency notice. If you cannot name the person responsible for detection and CyberTipline reporting, you do not have a program; you have a hope.
• Keep child safety out of the pure legal chain. The most developed structure in the comparison deliberately moved Trust & Safety out of its parent company's legal reporting line and into platform operations. Legal's mandate is to manage the company's liability, which can sit in direct tension with the duty to detect, preserve, and report. Whistleblower testimony before the Senate Judiciary Committee in September 2025 — alleging that a major platform's legal department directed the alteration and deletion of internal child-exploitation research — is the cautionary version of getting this wrong.
• Give it a direct line and, eventually, board oversight. Day-to-day operations can live deep in the org, but the accountable owner needs an unobstructed escalation path to the CEO for the most serious cases, and at scale a board-level safety or risk committee. The strongest example in Chapter 06 pairs an operational owner with an independent board security committee; the weakest leaves the safety function reporting, in effect, to a single owner with no committee at all.
• Make the reporting line survive a reorg. Executives leave. One platform in the comparison left its safety organization reporting into an empty CEO seat for nearly a year after its chief executive resigned. Write the accountable role into your org chart as a role, not a person, so a departure does not silently orphan the function.

None of this requires headcount you don't have. A five-person company can still designate a named CSAM-response owner, put the CEO in the escalation path, and write the reporting line down. Child-safety accountability is a structural decision a founder makes deliberately — or, by not making it, makes badly.

The exposure landscape for tech executives has shifted in the last two years. The specific situations where Section 230 and limited-liability protections become materially weaker:

• Knowing facilitation. Once a senior officer has actual knowledge of CSAM on the platform and fails to act, the doctrine becomes less protective. Document your escalation chain so you can prove timely action; ensure that the CEO or general counsel is in the escalation path for the most serious cases.
• Failure to report under 18 U.S.C. § 2258A. Civil and criminal penalties for failure to report apparent CSAM. The penalty structure scales with knowing-and-willful failures and with corporate vs individual scope; getting the reporting plumbing right is the cheapest insurance you can buy.
• Apple NeuralHash is the cautionary tale. Apple announced client-side scanning, paused after privacy backlash, and formally abandoned the program. The December 2024 class-action alleges that abandoning detection facilitates CSAM proliferation on iCloud. Whatever you decide about client-side-scanning trade-offs, document the reasoning and the privacy review; announcing then retreating is worse than either option pursued consistently (CNET).
• Investor and acquirer due diligence. T&S maturity is now a line item in late-stage diligence. The absence of a documented program is increasingly a deal blocker rather than a punch-list item; the cost of building it after the diligence email arrives is far higher than the cost of building it on day one.

• Designate a primary CyberTipline reporter and a backup by name, today. Add it to your runbook. Brief them on the escalation path.
• Apply for PhotoDNA access via Microsoft's portal. It takes weeks; start the clock. While you wait, consider Meta's open-source PDQ as an interim path that doesn't require the application.
• If you use Cloudflare, enable the CSAM Scanning Tool. It is free and on by configuration; this is the lowest-effort coverage you can add this week.
• Retain outside counsel with experience in 2258A reporting and law enforcement requests. This is not a general-purpose litigation retainer. Ask specifically about CyberTipline workflow, emergency disclosure requests, and content-moderation testimony.
• Read three transparency reports: the one closest to your scale, the one from the platform whose model you find most defensible, and Thorn's Safer Impact Report for the operational benchmarks.
• If you generate images or video, audit your training data against NCMEC hashes, add a CSAM classifier to output filtering, and document the privacy review for any client-side detection you consider.

None of this is optional in the way founders sometimes treat it. It is one of the handful of foundational compliance areas where the question is not whether to do it but when, and the answer to when is always “earlier.”