← Knowledge Base

Reporting to NCMEC

What to report, what to include, and how to submit.

NCMEC's CyberTipline is the global clearinghouse for reporting child sexual exploitation. If you detect CSAM on your platform, this is where it goes. NCMEC reviews the report, adds confirmed content to the hash databases used by platforms worldwide, and routes the report to the appropriate law enforcement jurisdiction - whether that's a local US police department or an international agency.

If you are a US-based electronic service provider or remote computing service provider, reporting is mandatory under 18 U.S.C. ยง 2258A. If you are based outside the US, reporting is voluntary, and you should do it anyway. See our Legal Obligations page for the full breakdown by jurisdiction.

What to report

Report any confirmed CSAM that was live on your platform. In practice, this means hash matches detected on content that was present and accessible on your platform.

What to include

Include everything you have at the time of the report. There are no minimum requirements beyond the content itself. If all you have is a URL, report the URL. If you have the image, the uploader's username, their email address, their IP address, timestamps, and chat logs, include all of it.

The more you provide, the more useful the report is to law enforcement. The most valuable metadata is:

  • The content itself (image, video, or URL)
  • IP address and timestamp of the upload
  • Account information (username, email, phone number, account creation date)
  • Any communications or context associated with the content

Do not hold a report because you feel you don't have enough information. A report with a single URL is infinitely more useful than no report at all. NCMEC will work with what you give them.

Where possible, batch reports by user. If a single account has uploaded multiple pieces of CSAM, submit them as one report rather than several. This isn't required, but NCMEC requests it - it makes their review and law enforcement routing significantly more efficient.

How to submit

NCMEC accepts reports through two channels: the CyberTipline web form and the CyberTipline Reporting API. The web form is fine for low-volume manual reporting. If you are running hash matching at scale, you should be using the API so reports are submitted automatically when matches are detected.

You will need to register with NCMEC as an electronic service provider before submitting reports via the API. This is straightforward and free.

After you report

Once the report is submitted, delete the content from your platform immediately. Do not retain CSAM on your infrastructure. NCMEC has the content. Law enforcement can obtain it from NCMEC.

NCMEC will review the report, deduplicate it against existing reports, attempt to geolocate the activity, and route it to the appropriate law enforcement agency. You may be contacted by law enforcement for follow-up. In most cases you won't hear anything further - that's normal and doesn't mean the report wasn't acted on.

Lighthouse handles the full reporting flow for you. When a hash match is detected, Lighthouse compiles the available metadata, formats the CyberTipline report, submits it via the API, and logs the submission. See Integrating Lighthouse for setup.