Providers of hosting services and providers of interpersonal communication services that have received a detection order shall execute it by installing and operating technologies to detect” CSAM upon request by the competent judicial authority or independent administrative authority, the draft regulation states. The obligation also requires tech platforms to conduct risk assessments and “reasonable mitigation measures” that are targeted and proportionate. They will need to report to both the national coordinating authority and the newly-established, built-for-purpose EU agency in The Hague