🚫

CSAM Hash-Matching & NCMEC CyberTipline Auto-Filing

NEEDS_ISKRA: requires vetting/registration — NOT IMPLEMENTED

This capability is intentionally not implemented in TrustDeskAI MVP.

Why this is not implemented

Automated CSAM (child sexual abuse material) detection via hash-matching requires specific legal agreements, technical approvals, and regulatory registrations that must be obtained BEFORE any implementation. Operating CSAM scanning infrastructure without these approvals creates serious legal and reputational risk.

Microsoft PhotoDNA Approval Required

PhotoDNA is Microsoft's hash-matching technology used by most major platforms for CSAM detection. Access requires a formal application to Microsoft, vetting of the organization's Trust & Safety practices, and a signed agreement. This is not a self-serve API — Microsoft approves organizations, not developers.

microsoft.com/en-us/photodna →

NCMEC CyberTipline ESP Registration Required

Automatic reporting to the National Center for Missing & Exploited Children (NCMEC) CyberTipline requires Electronic Service Provider (ESP) registration with NCMEC. Under 18 U.S.C. §2258A, hosting providers have a legal obligation to report actual knowledge of CSAM — but automated CyberTipline submissions require a separate API registration and vetting process.

NCMEC CyberTipline →

Your Current Obligations (U.S. Operators)

Regardless of whether you use TrustDeskAI, if you have actual knowledge of CSAM on your infrastructure you are required under 18 U.S.C. §2258A to report it to NCMEC. This is a legal obligation independent of any software tool.

Do NOT view, download, or analyze suspected CSAM material
Immediately preserve and isolate any suspected content
Report to NCMEC at cybertipline.org
Do NOT notify the account holder — this could compromise law enforcement action
Consult legal counsel immediately

Roadmap — What Would Be Required to Implement