Report ofSystemic RiskAssessments 2025 Published December 2025 \- Google Ireland Limited is voluntarilypublishing this Report of Systemic Risk Assessments earlier thanrequired by Article 42(4) of the Digital Services Act. Table of Contents \________________________________________________________________________________________________________________________________________________________________ Table of Contents Table of Contents 1 1\. Introduction 7 Foreword 7 About this Report 8 Scope and Purpose 8 Structure of the Report 8 Our Risk Assessment Methodology 10 Assessing Risk for Each VLOSE and VLOP 10 Findings of Our 2025 Assessments 12 2\. Background 16 Maintaining User Trust and Safety 16 Our Commitments 16 Investing in Systemic Risk Prevention 17 Promoting Trustworthy Content and User Safety 20 One: Protecting Users from Harm 21 Preventing Harm with Safety by Design 21 Building Products that are Private by Design for Everyone 23 Preparing for the Unexpected 23 Designing Appropriate Content Policies 24 Reviewing Content Policies and Practices 25 Balancing Risks and Rights 25 Detecting and Responding to Harmful Content at Scale 26 Handling Government Removal Requests 27 Types of Enforcement Actions 28 Protecting Users with Applied AI 28 Scams and Generative AI 29 Offering Appeals 30 Reporting 30 Child Safety and Generative AI 31 Evaluating Content Across Languages 32 Two: Delivering Reliable Information 34 Surfacing High-Quality Information 34 Using Recommender Systems 34 Fighting Misleading Information 35 Supporting Election Integrity 35 Surfacing high-quality information 36 Safeguarding our platforms from abuse 36 Equipping campaigns and candidates with best-in-class security features and training 37 Confidential and commercially sensitive; prepared for the European Commission | 1 Table of Contents \________________________________________________________________________________________________________________________________________________________________ Helping people navigate AI-generated content 37 Addressing the Risks and Opportunities of Artificial Intelligence 38 Equipping Users 40 Our Approach to the Disclosure of Synthetic Content 42 Three: Partnering to Create a Safer Internet 44 Partnering for Information Quality 44 Consulting with Experts 44 Sharing Tools and Technology 45 Collaborating with Companies and Stakeholders 46 Developing Best Practices 47 Setting High Standards for Advertising 49 3\. Methodology 52 Introduction 52 Step One: Classifying Risk 53 Step Two: Identifying Risk 54 Engaging Stakeholders 55 Step Three: Assessing Inherent Risks 57 Step Four: Assessing Preparedness 58 Taking a Human Rights-Based Approach 59 Step Five: Identifying Mitigations 60 Step Six: Reporting the Results 60 4\. Results of the Assessments 61 Search 62 Description of Service and Associated Risk Profile 62 Systemic Risk Assessment Results and Associated Observations 65 2025 Highlights 65 Introducing AI Overviews 66 Removing Content 67 Removing Illegal Content 67 Addressing Violations of Intellectual Property Rights 67 Detecting, Removing, and Reporting CSAM 68 Removing NCEI and ISPI 69 Volume of Content Removed 70 Investing in Search Information Quality 70 Addressing Sensitive, Harmful, and Policy Violative Content 71 Informing Users 72 Providing SafeSearch 73 Tailoring our Content Policies 73 Addressing Civic Information 74 Respecting Freedom of Opinion, Expression, Media Pluralism, and Civic Discourse 74 Promoting Accurate Information About Elections 75 Service Design 76 Confidential and commercially sensitive; prepared for the European Commission | 2 Table of Contents \________________________________________________________________________________________________________________________________________________________________ Addressing Unfair Commercial Practices and Fraudulent Content about a Business 76 Respecting Privacy 77 Protecting Minor Rights 78 Obtaining Age Assurance 78 Enabling Parental Control 79 Providing Ads Protections 80 Enabling SafeSearch by Default 80 Built-in safeguards 80 Maps 81 Description of Service and Associated Risk Profile 81 Systemic Risk Assessment Results and Associated Observations 83 2025 Highlights 84 Content Moderation 84 Removing Illegal Content 84 Addressing Content that Violates our Policies 85 Developing Content Policy 85 Enforcing Content Policy 85 Undertaking Automated Detection and Removal 86 Undertaking Human Review 86 Undertaking Enforcement Proactively 86 Posting Restrictions 87 Posting Restrictions for Repeat Violators 87 Assessment Results for Specific Content Risks 87 Protecting Civic Discourse 87 Protecting Consumers and the Freedom to Conduct a Business 88 Respecting Freedom of Opinion, Expression, and Media Pluralism 89 Service Design 89 Respecting Privacy 89 Protecting Users of Maps 89 Protecting Contributors to Maps 90 Addressing Risks Relating to Images and Personal Information on Maps 90 Protecting Minors’ Rights 90 Play 91 Description of Service and Associated Risk Profile 91 Systemic Risk Assessment Results and Associated Observations 93 2025 Highlights 93 Content Moderation 94 Removing Illegal Content 94 Addressing Content that Violates our Policies 94 Maintaining Developer Policies 95 Developing Policy 96 Enforcing Policy 97 Confidential and commercially sensitive; prepared for the European Commission | 3 Table of Contents \________________________________________________________________________________________________________________________________________________________________ Addressing Specific Content-Related Risks 98 Preventing Review Bombing and Ensuring Rating and Review Integrity 98 Protecting Civic Discourse 99 Platform Design 100 Knowing Developers and Protecting Users 100 Protecting Privacy 101 Protecting Minors’ Rights 103 Maintaining Additional Policies for Minors 103 Providing a Teacher-Approved Program 104 Obtaining Age Assurance 104 Enforcing Content Ratings and Content Restrictions 104 Shopping 106 Description of Service and Associated Risk Profile 106 Systemic Risk Assessment Results and Associated Observations 107 2025 Highlights 107 Content Moderation 108 Removing Illegal Content 108 Identifying and Blocking Illegal Products and Services 108 Prohibiting and Detecting Violations of Intellectual Property Rights 108 Addressing Content that Violates our Policies 109 Maintaining Google Shopping Policies 109 Maintaining Guardrails for User-Contributed Content 109 Preventing Unfair Commercial Practices 110 Preventing Fraudulent Business Information 110 Service Design 111 Respecting Privacy 111 Vetting Merchants 111 Monitoring Merchants and Listings 112 Protecting Minors’ Rights 113 YouTube 114 Description of Service and Associated Risk Profile 114 Systemic Risk Assessment Results and Associated Observations 116 2025 Highlights 117 Content Moderation 117 Removing Illegal Content 117 Two Examples: Terrorist or Violent Extremist Content and Child Sexual Abuse Material (CSAM) 118 Identifying and Removing Violent Extremist Content 118 Detecting, Removing, and Reporting CSAM 118 Prohibiting and Detecting Infringement of Intellectual Property Rights 119 Addressing Content that Violates our Policies 120 Developing Policy 120 Providing EDSA Exceptions 121 Confidential and commercially sensitive; prepared for the European Commission | 4 Table of Contents \________________________________________________________________________________________________________________________________________________________________ Enforcing Policy 121 Undertaking Automated Detection and Removal 121 Maintaining a Priority Flagger Program 122 Enforcing a Three-Strike System for Repeat Violators 122 Evolving with Generative AI content 123 Measuring Success: Violative View Rate 124 Elevating High-Quality Sources 126 Providing Information Panels with Topical Context 126 Addressing Specific Content Risks 126 Addressing Content That Violates Our Policies 126 Addressing Public Health Related Violative Content 127 Addressing Civic-Discourse-Related Violative Content 127 Detecting and Removing Harassment and Bullying in YouTube Comments 128 Prohibiting and Removing Hate Speech 130 Service Design 130 Respecting Privacy 130 Protecting Minors’ Rights 131 Maintaining Guardrails for Minors’ Access to Content 131 Addressing Potentially Addictive Behaviour in Minors 133 Protecting Minors’ Data 134 Protecting Minors’ Safety in YouTube Comments 134 Equality of Access 135 5\. Conclusions 136 Annex A: Full List of Risk Statements 137 Illegal Content, Behaviour, and Products and Services 137 Freedom of Expression and Media Pluralism 137 Privacy and Data Protection 137 Human Dignity 138 Consumer and Business 138 Child Rights 138 Equality and Non-Discrimination 139 Civic Discourse 139 Public Health 139 Annex B: List of Mitigations 141 Background 141 Article 35 Mitigation Types 141 Mitigations Aligned to Article 35(1) Categories 142 Annex C: Key Engagements 153 R\&R 2025 - Risk \& Rights European Summit 2025 153 EMEA Anti-Scams and Fraud Summit 2025 153 Growing Up in the Digital Age Summit 2025 154 Google Responsible AI Summit 2024 154 Confidential and commercially sensitive; prepared for the European Commission | 5 Table of Contents \________________________________________________________________________________________________________________________________________________________________ Confidential and commercially sensitive; prepared for the European Commission | 6 Introduction \________________________________________________________________________________________________________________________________________________________________ 1\. Introduction Foreword In their first letter to shareholders, our founders described Google’s goal as developing services that significantly improve the lives of as many people as possible. Since then, we have sought to expandopportunity by providing people with the information, tools, and services necessary to help them build knowledge, fuel curiosity, and unlock opportunity. This is all in service of our mission to organise the world’s information and make it universally accessible and useful. We have long designed services and policies, built teams, and developed technologies with the wellbeing ofusers in mind. Billions of people use our services every day, so it is essential that we protect our users withindustry-leading security, responsible data practices, and easy-to-use privacy controls. The ability to accessinformation on our services as well as the quality and safety of our services are directly linked to our abilityto attract users, which in turn is critical to our continued success as a business. It is in this spirit that we strive to make our products safe, transparent, and accountable, while ensuring thateveryone around the world and in the European Union (EU) continues to benefit from the open web. This is ashared goal requiring a whole-of-society effort across the entire digital ecosystem, including companies,governments, civil society organisations, experts, and those using our services. With billions of usersglobally and hundreds of millions in the EU, Google has an especially important role to play. This report sets out the results of the third annual systemic risk assessments that we have undertaken forour designated very large online search engine (VLOSE) and very large online platforms (VLOPs) to meet therequirements of Articles 34 and 35 of the Digital Services Act (DSA). These assessments representcontinuous improvement in our approach to systemic risk and benefit from nearly three years of the DSA’srequirements being in effect. The results of these assessments illustrate that our mitigations are well-matched to the evolving systemicrisk landscape, such as the growing public availability of generative artificial intelligence (AI) tools, theincreased prevalence of scams, the continued focus on child safety, and shifting geopolitical conflicts. Theyhelp confirm that many longstanding Google commitments—such as safety by design, enforcing policiesthat protect users from harm and respect freedom of expression, and providing user reportingchannels—address risks to people and society in the EU. We believe that the notion of “systemic” risk rightly conveys the need for collaborative approaches thatreach across sectors, platforms, and stakeholders. In this context, these 2025 systemic risk assessments are noteworthy for their emphasis on new and growing collaborative efforts, such as joining the Global Anti-Scam Alliance and establishing the Global Signal Exchange, partnering with Livity to produce the “Future Report,” a project to survey and engage with teens on wellbeing related to tech use, launching a new supervised experience to help parents receive insights into their teens’ channel activity on YouTube, and our commitment to the Safety by Design Generative AI Principles to prevent AI-generated child sexual abuse and exploitation. Confidential and commercially sensitive; prepared for the European Commission | 7 Introduction \________________________________________________________________________________________________________________________________________________________________ We welcome the opportunity to review our analysis and discuss how we can all benefit from an open webthat is safe, transparent, and accountable. About this Report Scope and Purpose This report is issued by Google Ireland Limited. The report and the appendices meet the requirement under Article 42(4) of the DSA that the providers of VLOSEs or VLOPs make available to the Digital Services Coordinator of establishment and the European Commission a report setting out: (a) the results of the systemic risk assessment undertaken to meet the requirements of Article 34 of the DSA; (b) the mitigation measures consistent with Article 35(1) of the DSA; and (c) information about the consultations conducted in support of the risk assessments and design of the risk mitigation measures. Article 34 of the DSA requires VLOSEs and VLOPs to identify, analyse, and assess enumerated systemic risks in the EU stemming from the design or functioning of their services and related systems, while Article 35 requires providers of VLOSEs and VLOPs to put in place reasonable, proportionate, and effective mitigation measures to address systemic risks identified in the Article 34 risk assessment. This is our 2025 (i.e., third) annual report of systemic risk assessments and covers the period July 1st, 2024 - June 30th, 2025. In scope for this report are Google’s designated VLOSE (Google Search) and VLOPs (Google Maps, Google Play, Google Shopping, and YouTube). Separately, we also publish VLOSE and VLOP Transparency Reports pursuant to Articles 15, 24, and 42(1) of the DSA. Structure of the Report This report has five sections: ● Background: We describe how Google uses service design and content moderation to create and maintain services that balance maximising the benefits they provide with minimising potential negative externalities. ● Methodology: We outline the six-step methodology used to conduct the systemic risk assessments. ● Results: We share the results of the systemic risk assessments for each of our VLOPs (Google Maps, Google Play, Google Shopping, and YouTube) and our VLOSE (Google Search). Each section includes: Confidential and commercially sensitive; prepared for the European Commission | 8 Introduction \________________________________________________________________________________________________________________________________________________________________ ○ Discussion of the identification and assessment of the most important inherent and residual risks. ○ Description and assessment of our long standing content policies, safety- and private-by-design practices, and other measures designed to mitigate systemic risk. ○ Mitigation enhancements that represent additional commitments by Google to further address systemic risk in the EU and, in many cases, globally. Taken in combination with our existing measures, these enhancements help ensure that our mitigations are reasonable, proportionate, and effective, and address the evolving nature of systemic risk. Throughout each VLOP and VLOSE section, where relevant, we describe how the internal and external factors articulated in Article 34(2) of the DSA and regional or linguistic considerations had an impact on the assessment of risks or mitigations. ● Conclusion: We provide observations on the future of systemic risk assessments at Google, in the EU, and beyond. ● Appendices: We outline more details about the systemic risk assessment. ○ A complete list of risk statements for each VLOSE and VLOP. ○ A list of the mitigations consistent with Article 35 of the DSA. ○ A discussion of key consultations with external stakeholders relevant to the risks assessed. Confidential and commercially sensitive; prepared for the European Commission | 9 Introduction \________________________________________________________________________________________________________________________________________________________________ Our Risk Assessment Methodology Article 34 of the DSA requires VLOSEs and VLOPs to identify, analyse, and assess systemic risks in the EUstemming from the design or functioning of their services and their related systems or from the use of theirservices. Absent regulatory guidance, we developed our systemic risk assessment methodology bycombining the systemic risk assessment requirements of the DSA with proven risk assessmentmethodologies, such as those used to assess enterprise risk, human rights risk, compliance risk, andsystemic risk assessments in other sectors. We used the same risk assessment methodology in our 2025assessments as we used in our 2023 and 2024 assessments, with targeted enhancements that reflect ourculture of continuous improvement and build feedback, learning, and growth into our risk assessmentprocess. Assessing Risk for Each VLOSE and VLOP Step One: Classification. We established 42 “risk statements” across the four categories of systemic risk in Article 34 of the DSA. The risk statements describe the potential adverse impacts for each risk category and provide the focus for each systemic risk assessment. Step Two: Identification. We identified the risk drivers that may lead to inherent risk for each risk statement and pinpointed the quantitative and qualitative insights needed to assess systemic risk. Step Three: Assessment of Inherent Risks. We assessed each risk statement to determine the potential severity of the adverse impacts that could arise from that risk and the probability or frequency of occurrence. Combined, these elements produce an estimate of the inherent risk—i.e., the risk absent our risk reduction efforts. In practice, the inherent risk does not reflect actual risk on the service because we launch services with risk mitigations. Step Four: Assessment of Preparedness. We reviewed the mitigations (e.g., product features, policies, enforcement practices, and other measures) we have in place to address each risk and assessed our level of preparedness, resulting in an estimate of residual risk for each risk statement—i.e., the risk after our mitigation efforts. This evaluation considers the extent to which those mitigations address the probability of occurrence and the potential adverse impact associated with each risk. This assessment of preparedness included, but was not limited to, our progress implementing the additional mitigations we identified in the 2023 and 2024 assessments consistent with Article 35 of the DSA. Confidential and commercially sensitive; prepared for the European Commission | 10 Introduction \________________________________________________________________________________________________________________________________________________________________ Step Five: Mitigations. We compile the most relevant mitigation measures identified during our assessment process. A non-exhaustive list of the mitigations we have established consistent with Article 35 of the DSA can be found in Annex B. Step Six: Reporting. We disclose the results of the systemic risk assessments in this report, including a discussion of the most important inherent and residual risks and our efforts to address them. We will publish this report (subject to removal of confidential information) in due course, consistent with the requirements of Articles 35 and 42 of the DSA. We discuss this methodology in more detail in Section 3. Confidential and commercially sensitive; prepared for the European Commission | 11 Introduction \________________________________________________________________________________________________________________________________________________________________ Findings of Our 2025 Assessments Building on our 2024 assessments, we concluded that our mitigation measures address the highest inherentrisks and are well-tailored to the purposes of the Google services we assessed. We describe thesemitigations throughout the report. Many themes arising in our 2025 systemic risk assessments align with the findings of our 2023 and 2024assessments. For example, the service type and corresponding risk profile remain key factors in determiningthe greatest inherent risks, highly motivated bad actors are a primary concern, and we continue to invest inprograms aimed at reducing levels of residual risk. Changes in external factors, such as the wider geopolitical context of the past year, resulted in somerevisions to our inherent risks during the assessment period. For example, generative AI presents powerfulbenefits to users and society, but the wide public availability of generative AI tools has the potential to lowerbarriers to the creation of large volumes of content and influences several inherent risks, including fraud,scams, misleading information, and child sexual abuse material (CSAM). This evolution in inherent risk is tobe expected given the changing external context, the ever-expanding tactics of adversarial bad actors, andthe transformational capability of new technologies. Our 2025 systemic risk assessments demonstrate thatour experience, tools, and methods allow us to adapt quickly to address evolving risks and respond rapidlyto unfolding events. During the assessment period we engaged with external stakeholders (such as civil society organisations,academics, regulators, and consumer organisations) to discuss how we address inherent risk, asencouraged by Recital 90 of the DSA. Topics included our approach to generative AI tools and mitigationsto address the risk that generative AI may be used to create content that violates the law or our policies, ourcommitment to safety for minors and combating Child Sexual Abuse and Exploitation (CSAE) materials, aswell as our commitment to tackling online scams. We incorporated these topics in the 2025 assessments. Our 2025 assessments found lower residual risk (i.e., risk after our mitigation efforts) for some riskscompared to our 2024 assessments. In this report we expand upon the following highlights for bothcross-Google and service-specific progress: ● Generative AI: As AI continues to evolve, we are committed to remaining at the forefront ofresponsible AI practices. We govern AI development with robust internal governance, riskassessments, and continuous improvements to our processes. This includes embedding our updated AI Principles into AI development.1 As AI technology continues to advance, we are using these practices to remain responsible as we deploy AI at scale. We have developed AI-assisted red teaming, a practice where we develop AI models with the capability to test our own systems and help address issues like adversarial prompting and problematic outputs. Read more in Addressing the Risk and Opportunities of Artificial Intelligence. ● Election Integrity: We played our part in whole-of-society efforts to achieve high standards of civic discourse by deploying a three-part strategy of (1) surfacing high-quality information, (2) safeguarding our services from abuse that undermines democratic participation, and (3) equipping political 1 Responsible AI Progress Report February 2025 Confidential and commercially sensitive; prepared for the European Commission | 12 Introduction \________________________________________________________________________________________________________________________________________________________________ campaigns and elected officials with best-in-class security tools and training.2 Read more in Supporting Elections Integrity. ● Content Provenance: In 2024 we supported the development of technical standards for certifying the source and history of media content by joining the Coalition for Content Provenance and Authenticity (C2PA) as a steering committee member, participating in the Partnership on AI’s efforts to advance responsible practices for synthetic media, and pioneering our own cutting edge technology for imperceptible but detectable digital watermarking via SynthID. We have also introduced a new tool in YouTube Creator Studio requiring creators to disclose when realistic content is made with altered or synthetic media. Read more in Our Approach to the Disclosure of Synthetic Content. ● AI Enhancements: We continue to pursue opportunities to use AI to prevent, detect, and respond toillegal and harmful content at scale, such as continuing to invest in the quality and the accuracy of ourmoderation systems across languages, including languages spoken in the EU. Using large languagemodel technology (LLMs), we are now able to build and train models capable of finding specific kinds of abuse in our services faster than ever before. Read more in Protecting Users with Applied AI. ● Scams and Fraud: In 2024 we joined the Global Anti-Scam Alliance as a Foundation Member, a large network of organisations committed to protecting consumers from the activities of online fraudsters. In partnership with the Global Anti-Scam Alliance, we have now announced the launch of the Global Signal Exchange, a multi-stakeholder, cross-sector clearing house for bad actor signals. We are joining with over 100 organisations, including governments, law enforcement, consumer protection, financialauthorities, and internet companies, to address the proliferation of online scams and fraud globally. InMay 2025, Google convened over 200 global experts at the inaugural EMEA Anti-Scams and FraudSummit to address the escalating $1 trillion crisis of online fraud. The summit focused on amulti-pronged approach to scams, emphasising prevention, data sharing, and a collective defensestrategy. Google also showcased AI-powered interventions across products. Due to the rise of accessible generative AI technology we have updated our Misrepresentation Policy to address public figure impersonation scams in Google Ads, and we suspend Google Ads accounts that are in violation of the policy.3 Read more in Promoting Trustworthy Content and User Safety. ● Child Safety: We continue to improve our child safety protection measures, such as enhancing CSAMdeterrents, introducing an age-indeterminate video classifier on Search to improve our ability todetect possible CSAM when the subject’s age is ambiguous, defaulting users under 18 to our SafeSearch filter setting, and restricting sensitive ad content for minors. We launched Google’s Credential Manager API to create a secure pipeline for age assurance, without sharing additionalpersonal information. In March 2025 Google also hosted the third annual “Growing Up in the DigitalAge” Summit and gathered over 250 key online safety figures to address the critical mission of protecting and empowering young people online. We announced our commitment to the Safety by Design Generative AI Principles to prevent the creation, dissemination, and promotion of AI-generated child sexual abuse and exploitation, and worked with the Tech Coalition to launch Lantern, the first cross-platform signal sharing program for companies to strengthen how they enforce their child safety policies. Read more in Child Safety and Generative AI. 3 New way we are helping others track frauds and scams online 2 As of the date of this report, Google allows political advertisements. Google plans to stop serving political advertising before October2025\. Read more here. Confidential and commercially sensitive; prepared for the European Commission | 13 Introduction \________________________________________________________________________________________________________________________________________________________________ ● Search: We continue to promote privacy and security by enhancing user control over their onlinepresence. We redesigned the “Results about you” tool to provide users more monitoring solutions andoptions for requesting removal of pages with highly personal information. We have also employed advanced AI technologies to enhance our ability to identify and remove scam pages from our search results. These improvements help ensure users find results that are high quality and trustworthy, while also protecting them from harmful sites.4 Read more in Search. ● Maps: We have continued deploying AI assisted tools to detect fraud and scams on Maps. Forexample, we trained a new model with the help of Gemini to identify potentially suspicious businessprofile edits and updated content abuse detection models, improving performance across multiple EU languages. Read more in Maps. ● Play: We launched a “Verified” badge for consumer-facing VPN apps designed to signify an app’s compliance with security and safety guidelines and completion of an independent Mobile Application Security Assessment (MASA) Level 2 validation. We refined our Android and Google Play security and developer tools to create a safer and more efficient app ecosystem, improve fraud protection, and enhance user safety measures. We also updated our developer policies for topics such as health apps, photo/video permissions, manipulated media, generative AI, and child safety, and introduced newchannels for users to flag reviews that may violate policy and appeal removals that they may disagree with. Read more in Play. ● Shopping: We enhanced our methods of reviewing and verifying merchant identity-related signals toaddress the risk of misleading information about businesses. For example, when a Merchant Center account is disapproved under the Misrepresentation policy, we may ask the merchant to go through an identity verification step as part of the appeal process. Also, as described above, we invested in ourpartnership with GASA and GSE to strengthen our ability to identify bad actors on Shopping. We updated our dangerous products policies to further protect users, including by restricting the promotion of pill presses, encapsulating machines and related components used for compacting or filling powders, granules or other materials into tablets or capsules. We also implementedinfrastructural changes aimed at reducing the time required for detection and enforcement, enabling prompt identification and enforcement action. Read more in Shopping. ● YouTube: This year we took a number of steps focused on minors’ experiences on YouTube. We increased the age eligibility for live streaming from 13 to 16. In collaboration with our Youth and Family Advisory Committee, we added safeguards to limit video sequencing for certain categories of videos like non-contact fights and idealized body images.5 We continue to improve AI Safety. For example,any content published on YouTube that was created on Veo, Google DeepMind’s video generation model, will be embedded with a watermark using SynthID. Users will also be able to identify these creations through a content label that clearly communicates if a piece of content was generated using AI. We have also developed identification technology that will allow our partners, creators, actors, musicians, and athletes to automatically detect AI-generated content using their faces that constitutes misuse based on our Community Guidelines. Read more in YouTube. 5 Investing to protect teen wellbeing across Europe and globally 4 How we’re using AI to combat the latest scams Confidential and commercially sensitive; prepared for the European Commission | 14 Introduction \________________________________________________________________________________________________________________________________________________________________ We will continue to monitor external changes that influence our inherent risks and establish reasonable,proportionate, and effective measures to address risks. This will include measures that we can take aloneand whole-of-society efforts that are best pursued collaboratively with other companies and stakeholders. Confidential and commercially sensitive; prepared for the European Commission | 15 Background | Maintaining User Trust and Safety \________________________________________________________________________________________________________________________________________________________________ 2\. Background Maintaining User Trust and Safety We have a longstanding commitment to examining and addressing the impacts our services can have onsocietal risks. We have built teams, service protections, tools, and partnerships to address risks arising fromthe increasing use of the internet by society and risks that may result from the use of our services. We beginwith an overview of key teams at Google that work to promote user safety and combat potential harm, thendetail our approach to preventing risk at scale. Our Commitments Our approach to maintaining user trust and safety on a global scale stems from our focus on how our services affect people and societies. This is reflected in several policy frameworks: ● Our Human Rights Policy and White Paper, which set out our commitment to respecting human rights and upholding the standards established in the United Nations Guiding Principles on Business and Human Rights (UNGPs). ● Our AI Principles, which describe our commitment to developing and deploying technology responsibly. ● Our Information Quality and Content Report, which outlines the key considerations that guide our product, policy, and enforcement decisions. ● Our Transparency Center, which outlines the policies that help keep users safe from harm and abuse, our reporting and feedback channels, as well as information about how we develop and enforce those policies. ● Our Privacy and Terms Center, which sets out our Privacy Policy, Terms of Service, Privacy and Security Principles, and other relevant guides and resources. ● Our Safety Center, which sets out how we help keep everyone safe online, including as regards content safety, family safety, and cybersecurity. We provide regular updates on The Keyword, our official blog for product and technology announcements, news, and stories. Confidential and commercially sensitive; prepared for the European Commission | 16 Background | Investing in Systemic Risk Prevention \________________________________________________________________________________________________________________________________________________________________ Investing in Systemic Risk Prevention Each of our services seeks to help users while keeping them safe from potential harms. Within each VLOPand VLOSE are well-developed functions that refine and enforce content policies, and design and maintainfeatures aimed at avoiding and/or mitigating risks to our users. We also invest in another layer of systemicrisk mitigation via central cross-service teams that lead our efforts to mitigate specific types of systemicrisk associated with our services. These teams include: ● Trust and Safety: Our Trust and Safety teams include professional experience in content moderationor sensitive workflows, knowledge in the relevant content matter, and linguistic expertise. Thelinguistic expertise required varies depending on the specific workflow of a product or service, thetype of content, and languages that content is available in. Some products or services require nativeproficiency in global supported languages. Others may use translation tools, and some videos orimages do not require any language proficiency to review (e.g., some static imagery may be subject toour policies even when not accompanied by any written or spoken words). Our teams also monitoremerging trends to address new harm vectors before they can become a larger issue. ○ Google Trust and Safety: We pioneered the now industry-wide practice of investing in Trust andSafety specialists who are trained to analyse bad actors, abusive practices, content issues, and theeffectiveness of existing policies. Today, our Trust and Safety teams consist of experts, specialists,and engineers working to keep people safe online by using the latest technology (including AI andLLMs) to enforce our policies and moderate content. These teams partner with external expertsand teams across Google to carry out our mission to keep people safe online and protect ourservices and products from abuse. ○ YouTube Trust and Safety: YouTube has built its own Trust and Safety team, with expertise inaddressing the unique content challenges that arise on an open video-first service. Like Google’scompany-wide Trust and Safety organisation, YouTube Trust and Safety partners with members ofour legal, operations, public policy, product management, and engineering teams to developinnovative ways to combat potentially harmful content. Hundreds of hours of new content areuploaded to YouTube every minute, and we use a combination of people and automated systemsto detect problematic content at scale. ● Kids and Families: Our Kids and Families program includes a Kids and Family Steering Committee,which brings together executives and leaders from relevant services. It also includes a central teamtasked with managing minors’ accounts, creating age-appropriate experiences across our services,and advancing child safety protections. The program and its staff have built on years of input fromexperts and research insights to build tools and features that empower kids and teens while alsogiving families the ability to exercise choice over their minor’s relationship with technology. The results are products, features, and policies such as YouTube Kids, Assistant for Families, Family Link, and Google Play Families Policies. ● Human Rights: The Human Rights program is a central function responsible for ensuring that we are meeting our human rights commitments across all functions, products, and services. The program advances company-wide strategy on civil and human rights, advises product teams on potential civil Confidential and commercially sensitive; prepared for the European Commission | 17 Background | Investing in Systemic Risk Prevention \________________________________________________________________________________________________________________________________________________________________ and human rights impacts, conducts human rights due diligence, and engages external experts andstakeholders. ● Privacy, Safety, and Security: The Privacy, Safety, and Security (PSS) organisation combats digitalthreats to users and is committed to keeping the internet as a whole protected. We do this becausewe are an internet company, and our fate is tied to the fate of the internet. So we do not just designsolutions to protect our users, we eliminate entire classes of threats from being effective on ourservices and products and across the internet. PSS comprises industry-leading experts focused on protecting users and data, improving governanceand assurance practices related to security, and increasing our technical and operational capabilities.PSS develops and implements automatic protections from bad actors in the data and security spaceacross our services. Our PSS efforts include the following focus points: ○ Privacy: Our Privacy program teams drive strategy for and provide leadership on Google’s privacypriorities. The central Privacy program teams are responsible for administering privacy policies,training, and documentation that ensure that our products and services protect the privacy of ourusers. We have also embedded privacy teams and specialists in product areas to ensure thatprivacy goals are part of product work, and to ensure that we maintain a consistent and highstandard of privacy protection and support across the company. Central and product privacyspecialists coordinate across the company in working groups that focus on privacy issues that arerelevant to particular products or sectors and track best practices and developments relating toparticular policy topics. Our privacy subject matter experts also oversee privacy review processesto verify that our services and products vigilantly protect the privacy of our users. ○ User Protection: Within our User Protection framework, our Google Threat Intelligenceorganisation (composed of Google’s Threat Analysis Group (TAG) and Mandiant Intelligenceteams) is responsible for countering threats from government-backed attackers, coordinatedinformation operations, and serious cybercrime networks. TAG actively monitors threat actors andstudies the evolution of their tactics and techniques, using research to continuously improve thesafety and security of our products, improve Google’s defences, and protect users. TAG shares intelligence with our industry peers and publicly releases information about the operations it disrupts via public bulletins highlighting the group’s work. For example, TAG continues closely tracking and terminating coordinated influence operation campaigns on ourplatforms. The group also works closely with product teams to detect and remove malicious ads,videos, or channels that may be spreading misleading information, malware, or other types ofcyber threats. TAG and the team at Mandiant Intelligence help identify, monitor, and tackle emerging threats to elections, ranging from coordinated influence operations to cyber espionage campaigns. Theymeet regularly with experts in industry, academia, and elsewhere to share threat information andsuspected election interference, and help organisations build holistic election security programsand harden their defences. Confidential and commercially sensitive; prepared for the European Commission | 18 Background | Investing in Systemic Risk Prevention \________________________________________________________________________________________________________________________________________________________________ Complementing the work of TAG, our Account and Device Integrity (ADI) team within UserProtection keeps users safe by ensuring products interact with legitimate users and devices. ADI’stechnology works to ensure that accounts and devices have access to Google products andservices in ways that are proportional to their demonstrated integrity. In addition, ADI’s offeringlimits opportunities for accounts to be created, compromised, or operated at scale to abuse ourproducts or violate the privacy and security of people who use our services. ● Civics: Our dedicated Civics team works across our services, addressing threats to democraticparticipation in partnership with specialists across the company. The Civics team oversees products,initiatives, and promotional efforts that aim to safeguard the integrity of elections-related informationand provide users with candidate information from high-quality sources. These teams also provide24/7 support to triage emergent issues during elections. ● Health: People frequently come to Google services with health-related questions. Because of the tiesbetween these queries and our users’ health and wellbeing, we have prioritised building products toempower people with accurate, actionable health information. To implement this goal, we haverecruited experts with decades of experience in health care, public health, and life sciences who helpus translate clinical knowledge into product impact. Many of our product areas have policiesprohibiting content that contradicts well-established medical consensus, and our Clinical Team helpsenforcement teams calibrate medical claims and ensure we are not exposing users to misleadinginformation. These teams and experts are some of the key groups that partner with other teams across Google toassess and mitigate systemic risks. Their work helps us make good on our commitments to protect usersfrom harm, deliver reliable information, and partner to create a safer internet. Confidential and commercially sensitive; prepared for the European Commission | 19 Background | Promoting Trustworthy Content and User Safety \________________________________________________________________________________________________________________________________________________________________ Promoting Trustworthy Content and User Safety Our product, policy, and enforcement decisions are guided by a set of principles that enable us to preservefreedom of expression, while curbing the spread of content that is damaging to users and society. 1. We value openness and accessibility: We lean towards keeping content accessible by providingaccess to an open and diverse information ecosystem. 2. We respect user choice: If users search for content that is not illegal or prohibited by our policies,they should be able to find it. 3. We build for everyone: Our services are used around the world by users from different cultures,languages, and backgrounds, and at different stages in their lives. We take the diversity of our usersinto account in policy development and policy enforcement decisions. These principles are addressed in three key ways to provide our users with access to trustworthyinformation and content: ● First, we protect users from harm through built-in advanced protections, policies, and a combinationof scaled technology and specially trained human reviewers. These mechanisms enable us to preventdistribution of harmful and illegal content before it reaches users; detect and evaluate potentiallyviolative content; and respond to bad actors and abusive content in an appropriate way. ● Second, through our ranking and recommendation systems, we deliver reliable information to usersand provide tools to help users evaluate content themselves, giving them added context and control. ● Third, we partner to create a safer internet and scale our impact, collaborating with experts,governments, and organisations to inform our tools and share our technologies. While we pursue these principles in all of our endeavours, we also recognise that working towards user trustand safety requires constant adaptation to changing social context, evolving threats, and new techniquesemployed by bad actors. We can never bring the threat of systemic risks to zero, but these principles guideour efforts to constantly increase trust and safety across all of our services. Confidential and commercially sensitive; prepared for the European Commission | 20 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ One: Protecting Users from Harm We work hard to keep users and society safe through built-in protections that enable us to prevent, detect,and respond to illegal and harmful content. Preventing Harm with Safety by Design Our first line of defence is the set of safety features we build into our products to protect user data andprevent abuse. Clear account settings options, robust account verification, and a secure sign-in process arefundamental to user safety and data security. Strong protections around these processes help guard userdata from bad actors, empowering users and their family members to interact with our services the waythat they wish. We present risk assessment results for our four VLOPs and our VLOSE as one report because many of themost effective protections we offer to users are implemented at the Google account level, and theseprotections are effective across our different service offerings. These account design features protect userswhether they are browsing Google Search or downloading books on Google Play. And because we scaleprivacy and security solutions across all our services, we are able to minimise the number of times ourservices collect user data and the number of places we store that data. Clear account settings options, robust account verification, and a secure sign-in process are fundamentalto user safety and data security. Strong protections around these processes help guard user data from badactors, empowering users and their family members to interact with our services the way that they wish.We invest in protecting these processes because they are the primary entry points for many risks. That’swhy we have developed features like Google’s 2-Step verification, which requires a second layer ofverification after a user enters a password, and helps guard against compromised passwords. We use passkeys across Google Accounts as an easier and more secure way to sign in to apps and websites, and a major step towards a “passwordless” future. Passkeys let users sign in to apps and sites thesame way they unlock their devices: with a fingerprint, a face scan, or a screen lock PIN. Unlike passwords,passkeys are resistant to online attacks like phishing, making them more secure than solutions like SMSone-time codes. We also apply protections for signed-in and signed-out users who we believe are minors, and have engineered easy management of ads preferences and privacy settings through the My Ads Center. These protections, and many others, are designed as an integral part of our services, making it simple and quickfor our users to benefit from advanced security infrastructure. We launched Google’s Credential Manager API to create a secure pipeline for sharing identity information,including age. Sites and apps can use this tool to “call” a visitor’s credential holder and secure only thenecessary age information. Credential Manager is backed by Zero-Knowledge Proof (ZKP) technology forage verification. This cryptographic method enables visitors today to prove they are over 18 withoutrevealing any additional information, like who they are. In July 2025 we announced our partnership withSparkasse, a German network of over 300 regional savings banks with over 50 million customers, to useZKP cryptography and Google Wallet for EU age assurance. This partnership will enable customers to Confidential and commercially sensitive; prepared for the European Commission | 21 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ securely and privately prove their age online using a trusted credential issued by their Sparkasse withoutneeding to share personal data. In turn, apps and sites will gain a unique and reliable way to only admit age-appropriate visitors. In addition, we have open sourced our ZKP libraries, fulfilling a promise and building on our partnership with Sparkasse to support EU age assurance. Open sourcing these powerful cryptographic tools will make it much easier for private and public sector developers to build their ownprivacy-enhancing applications and digital ID solutions, meeting an urgent need. We also build services that consider safety at the outset and incorporate safety considerations into servicedesign. For example, on Play, we reduce the risk of “review bombing” and sham ratings by using apercentage of the most recent reviews, not the average of all ratings, to determine the overall rating for anapp. Across Google we have focused on implementing safeguards for young users by ensuring that internal policiesand tools are available to provide guardrails for minor accounts. A key focus is to provide parents and families withadditional controls. On Search, Family Link parental controls are available in the Family Link app and also via web browsers. Parents/guardians of minors under the applicable minimum age can create Google Accounts for their children and must manage those accounts using Family Link parental controls. On YouTube, Supervised experience on YouTube is for parents who decide their tween or teen is ready to access YouTube through a supervised Google Account. Videos a child can watch depend on the content setting their parent selects when setting up a supervised experience for tweens. In September 2024, we launched a new supervised experience for teens to help parents receive insights into their teens’ channel activity on YouTube, including the number of uploads, subscriptions, andcomments. We are committed to developing safe, high-quality, age-appropriate products with the unique developmentalneeds of young people in mind and ensuring that the online interface for our products offers an age-appropriateexperience. We hosted the third annual “Growing Up in the Digital Age” Summit to support the critical mission of empowering young people online and partnered with Livity to produce the Future Report to study teen wellbeing related to tech use. Research like this has contributed to the tools we have developed to support minor wellbeing,including time management tools to increase minors’ awareness of the time they spend on our platforms, such as Take A Break and Bedtime reminders. For minors on YouTube, our built-in timer increases minors’ and parents’ awareness of the time spent on the platform and helps them to implement time limits. YouTube also implements safeguards to reduce repeated recommendations of certain content to specificallysupport the well-being and mental health of young people. For example, while some types of content may seeminnocuous in a single view, experts have found that repeatedly viewing some types of content can be problematicfor young people, such as content that displays social aggression, compares physical features or idealises somebody types, fitness levels, or weight over others. We remain committed to working with third-party child development and mental health experts, like the American Psychological Association, World Health Organization, and Poynter Institute’s MediaWise, to launch educational content, improve media literacy, and inform our products and policies. Confidential and commercially sensitive; prepared for the European Commission | 22 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ Building Products that are Private by Design for Everyone When people use Google, they trust us with their information, so we work hard to protect that information, as outlined in the Google Privacy Policy. We set clear expectations with the Google Terms of Service to help define our relationship with users when they interact with our services. Protecting user privacy and securityis a responsibility that comes with creating products and services that are accessible for all. We have developed a set of Privacy and Security Principles to guide our products and processes to keep sensitive data private, safe, and secure. Preparing for the Unexpected Other protections focus on less likely but potentially serious events. These policies, like many othersdescribed in this report, permit us to more nimbly respond to unexpected events. For example, Google Ads’ sensitive events framework is designed to prevent ads that potentially profit from or exploit a sensitive event, such as a natural disaster, public health emergency, act of terrorism, conflict, or act of mass violence.We disallow ads that seek to profit from a tragic event with no discernible benefit to users, engage in pricegouging that restricts access to vital supplies, or use keywords related to a sensitive event to drive traffic.We enforced our sensitive event framework in response to both the war in Ukraine and the Israel-Hamaswar by prohibiting ads that exploit, dismiss, or condone the wars. Confidential and commercially sensitive; prepared for the European Commission | 23 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ Ads prohibited under our Sensitive Events policy Designing Appropriate Content Policies We design content policies across our services to protect users from harm and observe a high standard ofquality and reliability for advertisers, publishers, and content creators. Our content policies, which are publicly available, articulate the purpose and intended use of each service to which they apply. They explain what types of content are allowed to be created, uploaded, sent, shared, and monetised, and the processby which a piece of content, or the user responsible for it, may be removed from a given service. We regularly update our content policies as our services evolve and new threats arise. You can find them here for Google Search, Google Maps, Google Play, Google Shopping, and YouTube. Additionally, these services may present ads, for which there are distinct Google Ads content policies. We carefully tailor the rules about allowable content on each service according to the core purpose of thatservice and available levers to enforce the rules. While our content policies share the same goal to keep allusers safe while respecting the right to freedom of expression by only making necessary and proportionateremovals, they may differ across Google for several reasons: ● Hosted versus indexed content: When we are hosting content versus when we are indexing content. ● Public versus private content: When we enable public dissemination versus when privacyexpectations are higher. ● Recommended content: When there are features that organise or suggest content to users. ● Direct versus indirect services: When we own a service versus when we only provide theinfrastructure for someone else. ● Monetisation: When a feature enables monetisation or facilitates transactions. For example, Search is intended to facilitate the exploration of a broad range of information from a wide variety of sources on the open web. Search’s objective is to maximise access to information, and we remove web results from Search in only very limited and clearly defined circumstances. When listings and otherinformation are presented as Search features (like featured snippets), however, users may interpret theinformation as having greater quality or credibility, and we apply more restrictive policies. Our advertising services have policies that restrict certain types of harmful content because we do notbelieve the digital advertising ecosystem should profit from the sale of harmful content or experiences.Similarly, because Maps is designed to be a source of reliable information about places and experiences, itspolicies place a greater emphasis on accuracy, authenticity, and relevance. Additionally, YouTube values freedom of expression and is built on the premise of openness. Its policies aimto support the interest of its creators and their incredible array of diverse voices and perspectives. YouTubeis committed to protecting its community from harmful content, while giving creators the freedom to sharea broad range of experiences and perspectives through video. Because YouTube hosts and servesuser-generated content, it has unique content policies. Confidential and commercially sensitive; prepared for the European Commission | 24 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ Reviewing Content Policies and Practices Promoting high-quality content and responding to harmful content is a dynamic challenge that requiresconstant adaptation. Data, law, world events, experts, and user feedback all inform our policy developmentby helping us to identify emerging harms and gaps in our existing policies. This is part of a four-phase policydevelopment process that each VLOP and VLOSE engages in with respect to all of its policies: ● Identify emerging trends and novel safety concerns: Our expert teams assess emerging issuesand consider external feedback. ● Gather examples and identify common themes: We review evidence of harm, identify commonthemes, and view similar examples. ● Draft policy standards and enforcement guidance: We assess impact, determine enforcementmechanisms, and consult experts. ● Assess effectiveness and continuously review: We launch, test, and refine policy, assesseffectiveness, and review enforcement actions and appeals. For example, YouTube regularly reviews its policies to make sure that they are effective at preventing real-world harm, and to ensure they properly address changes occurring both on and off our service.YouTube works directly with civil society organisations, academics, and relevant experts with varyingviewpoints and from different countries to inform this policy review. Much of YouTube’s work on contentpolicies, which we call the YouTube Community Guidelines, focuses on analysing, assessing, and addressingemerging issues before they reach, or become widespread on, YouTube. Similarly, as risks change andevolve, so do our content policies for Maps (e.g., fake engagement, misrepresentation, and misleadinginformation policies), Play (e.g., user-generated content policies), Search (e.g., highly personal information),and Shopping (e.g., restricting dangerous products). Balancing Risks and Rights Fundamental rights are interdependent. The fulfilment of one right (e.g., freedom of expression) may facilitate the fulfilment of other rights (e.g., civic participation and democracy) or come at the expense of others (e.g., freedom from discrimination). As a result, fundamental rights are sometimes in tension with each other.6 For example, the pursuit of child safety may limit adult users’ rights and present risks to different rights held by minors, such as their rights to participation, privacy, and freedom of expression and information. We address these tensions through various means, such as providing parents or guardians with controls that 6 This is recognised in the DSA. Recital 153 of the DSA states that “in situations where the relevant fundamental rights conflict,a fair balance between the rights concerned, in accordance with the principle of proportionality” should be achieved. Confidential and commercially sensitive; prepared for the European Commission | 25 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ allow them to supervise minors’ access to content, and giving users extensive controls over their privacy settings. When efforts to protect or advance one right may result in the limitation of another right, our approach is to identify and implement sensible mitigation measures to address potential adverse impacts to both rights. This balancing involves considering appropriate and proportionate mitigation techniques, such as protecting freedom of expression via appeals mechanisms or raising high-quality content to address other lower quality content that may exist on the service. We also recognise that our products and services may be used in ways which enable users to exercise their rights to freedom of expression and access to information in contexts that also advance other human rights. As such, our policy and enforcement decision-making is guided by public interest considerations to protect access to information on our products and services and safeguard against over-restrictive or improper content removals. As the European Court of Human Rights has noted, the demands of pluralism require protection for information and ideas, even those that are not inoffensive received favorably.7 We consider additional protections for information deemed to be in the public interest when it contains context which furthers the understanding of social, political, cultural, civic, or economic affairs. This includes information concerning history, public health, safety, the arts, business practices, or promoting accountability and transparency by public authorities. These principles underlie each product area’s approach to evaluating if the content warrants an enforcement exemption in order to respect users rights to free expression and access to public interest content. We acknowledge the importance of taking a rights based approach and value engagement with civil society. In June 2025, Google participated in a multistakeholder event convened by the Global Network Initiative on “Centring the Protection of Human Rights in Online Risk Regulation,” bringing together regulators, civil society organisations, academics, and technology companies to explore how the protection of human rights can be effectively achieved in the context of risk-based regulatory frameworks. Throughout the VLOSE- and VLOP-specific sections of this report, we explain why one risk may take precedence over another in certain circumstances, describe how the nature and purpose of the service being assessed inform these choices, and set out the reasonable and proportionate mitigations we believe strike the right balance. Detecting and Responding to Harmful Content at Scale In every country in which we operate, different laws govern what is considered permissible expression. Toaddress these nuances, we have teams and systematic processes to develop and deploy localised policies 7 Google and Others vs. Russia, European Court of Human Rights, July 2025 Confidential and commercially sensitive; prepared for the European Commission | 26 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ and enforcement practices. When users report content they believe violates the law, we review whether to block, limit, or remove access to it. The enforcement of content policy involves both human review and an array of technologies, includingautomated systems that use machine learning technology, working together to achieve high levels ofaccuracy when reviewing content. We design models and train classifiers8 to identify potentially violativecontent, use machine learning to constantly improve those classifiers, take automated actions when thatcontent violates our policies, and enqueue content for review by specialist teams when we have lowerconfidence in fully automated techniques. These human content moderators help confirm whethermachine-identified content should be removed, and we use the results of the human review to further trainour classifiers and improve their ability to detect evolving violative content. This collaborative approach helps improve the accuracy of our models over time, as models continuouslylearn and adapt based on human feedback. And it also means our enforcement systems can manage thesignificant scale of content that’s available on our services, while still rendering nuanced decisions onwhether a piece of content violates our policies. Examples of automated systems and humans working incombination are provided in each of the VLOSE and VLOP sections that follow. Handling Government Removal Requests Courts and government agencies around the world regularly request that we remove user-generated content from our services. We were the first company to publish (in 2010) a formal transparency report about such requests. You can read more about our process and the volume of requests we receive in the Government Requests to Remove Content segment of our latest Transparency Report. In addition, we use automated systems and reporting channels to detect content that may violate our content policies (such as YouTube’s Community Guidelines) and remove that content if it is found to violate them. Some content that violates our policies may also be illegal. We maintain a robust process to receive, evaluate, and act on government removal requests. We review these requests closely to confirm that they are supported by local laws and international norms of human rights and to determine whether we should remove content as a matter of national law or our platform-wide policies. Consistent with our commitment to the Global Network Initiative Principles, we assess the legitimacy and completeness of government requests, which must be in writing, made through appropriate channels, as specific as possible about the content to be removed, and clear in their explanation of how the content is illegal. In some narrow cases, to protect the rights of users, we do not act on orders that appear illegitimate or inapplicable. For example, we examine the legitimacy of documents we receive, and 8 A classifier is an algorithm that identifies and sorts content into different categories. For example, a classifier may identify contentlikely to violate a specific Google policy. Confidential and commercially sensitive; prepared for the European Commission | 27 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ if we determine that a court order is forged, we won’t comply with it. In other cases, we do not need to take action because the content has already been removed by the uploader. Types of Enforcement Actions We take a wide range of enforcement actions on our services to support information and content quality and maintain a trusted experience for all. Enforcement actions, like policies, differ from service to service and are tailored to the purpose of each service, based on what is reasonable, proportionate, and effective,taking into consideration the appropriate approach to freedom of expression for each service. Action maybe taken on the content, such as limiting monetisation opportunities, restricting access to content viainterstitials,9 or removing content from the service entirely; action may also be taken at the account level ifthe issue is serious enough, such as temporarily pausing an account owner’s ability to access a service or, inthe case of serious violations, disabling an account entirely. Protecting Users with Applied AI We are pursuing opportunities to use LLMs to prevent, detect, and respond to illegal and harmful content at scale. Using LLMs, we are now able to build and train models capable of finding specific kinds of abuse in our services faster than ever before. This is especially valuable for new and emerging abuse areas, such as a new narrative or derogatory term, where we can now quickly prototype a model to detect potential abuse and automatically route it to our teams for enforcement. We frequently evaluate both the accuracy (i.e., precision) and completeness (i.e., recall) of both our automated and human review systems. LLMs can rapidly review and interpret content at a high volume, while also capturing important nuances within that content, and these advanced reasoning capabilities have already resulted in larger-scale and more precise enforcement decisions on some of our Ads policies. One example is our policy against Unreliable Financial Claims, which includes ads promoting get-rich-quick schemes. The bad actors behind these types of ads adjust their tactics and tailor ads around new financial services or products, such as investment advice or digital currencies, to scam users. While traditional machine learning models are trained to detect these policy violations, LLMs are more capable of addressing the fast-paced and ever-changing nature of financial trends, differentiating between legitimate and fake services, and quickly scaling our automated 9 In this context, an interstitial is an element (e.g., a blurred image or a warning) that appears before the desired content is displayed,such as before shocking, disturbing, or graphic content. Confidential and commercially sensitive; prepared for the European Commission | 28 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ enforcement systems to combat scams. This has helped our teams become even more nimble in confronting emerging threats of all kinds. We are still testing these new techniques and deployment remains at an early stage, but they have demonstrated impressive results so far. This effectiveness results from both the power of Google’s LLMs and the quality of our abuse experts who provide “seed” intelligence and tune the models to ensure the results are reliable. We anticipate this type of innovation significantly advancing our efforts to protect our users at scale across Google products, especially from new and emerging risks. We also believe that these advances will both improve our ability to identify problematic content and reduce the need for human moderators to review disturbing content. Scams and Generative AI Scams are increasing in both volume and complexity and are often carried out by bad actors who operate at scale, constantly adapt their methods, and combine online and offline activity to lure people into their fraudulent schemes. The rapidly expanding accessibility of AI tools has not necessarily led to novel scam categories but it has allowed bad actors to develop new efficiencies in existing fraud and abuse vectors. Transformer-based large language models, text-to-image, and video and audio generators have all been leveraged to scale traditional scams by exploiting existing vulnerabilities more efficiently. Our product and Trust \& Safety teams are responsible for tracking and fighting scams to protect the public and the broader digital ecosystem. AI tools play a crucial role in the fight against scams, allowing us to accelerate the detection of abuse, generate insights, and scale our efforts against harm on Google’s platforms. In 2024 we blocked or removed 415 million ads and suspended over 5 million accounts for violating our ads policies most closely associated with scams. For example, one industry-wide trend that emerged was the rise of public figure impersonation ads – bad actors using AI-generated imagery or audio to imply an affiliation with a celebrity to promote a scam. To fight back, we quickly assembled a dedicated team of over 100 experts across the company to analyse these scams and develop effective countermeasures, such as updating our Misrepresentation policy to suspend advertisers that promote these scams. As a result, we were able to permanently suspend over 700,000 offending advertiser accounts. This led to a 90% drop in reports of this kind of scam ad last year. While we are encouraged by this progress, we continue to work to prevent these scams. Confidential and commercially sensitive; prepared for the European Commission | 29 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ AI tools also help us detect and block hundreds of millions of scammy search results everyday. Our Fighting Scams in Search Report showcases how the investments we’ve made in our AI-powered scam detection systems, along with continuous improvements to our classifiers, have enabled us to detect 20-times the number of scammy pages. These improvements help ensure the results users see are legitimate. Advancements in AI have bolstered our scam-fighting technologies — enabling us to analyse vast quantities of text on the web, identify coordinated scam campaigns and detect emerging threats. Offering Appeals We heavily invest in the training of automated tools and human content reviewers to increase accuracy.However, sometimes we make errors and remove content on our services that does not actually violate ourpolicies. In many cases, appeals channels are an appropriate way to fulfil our commitment to freedom ofexpression and to the UN Guiding Principles on Business and Human Rights by providing a check againstincorrect removal and ensuring that content creators have redress. Our appeals process for removals aims to ensure due process, efficiency, and transparency for usersappealing our enforcement decisions, without facilitating abuse by bad actors. Different services providedifferent methods to appeal, and while users often can access appeals forms via their violation notification, we present a non-exhaustive list of appeals forms on our website. Our VLOP services allow users to appeal enforcement actions they believe may have occurred in error. We address incoming appeal requests asquickly as possible to clarify requirements and help users understand the actions taken on their account. Whether an appeal is valid requires a case-by-case determination. In some cases, consideration of otherequities counsels against providing appeals, such as those involving repeat or abusive violators, ancillarycontent, or egregious conduct. We seek to ensure that these mechanisms are accessible and work to learn from appeals outcomes,including making our content moderation efforts more accurate. Insights gained from these appealsprocesses also inform policy changes to prevent future adverse impacts. Sections of this report specific toeach VLOP will describe our appeals mechanisms and where we are expanding them to mitigate risks tofreedom of expression. Reporting In addition to our own review, legal removal requests, and user flags of illegal content (described above), weoffer a variety of mechanisms for users to report and request removal of policy violating content. For example, Maps users can flag content that may violate our policies or profiles of users who are contributing false information, uploading offensive content, or taking other abusive actions. On YouTube, users can flag Confidential and commercially sensitive; prepared for the European Commission | 30 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ videos that may violate our policies. Trained content moderators then review credible flags and take appropriate action, which may result in content being removed, age-restricted, geo-restricted, or left up. While the option to report will be found in the service itself or within its policies, we have also created a dedicated page to help users find ways to report harmful content on several of our services. Our approach to flagging also involves partnering with other organisations. Our Priority Flagger Program provides channels for participating organisations to notify us of potentially harmful issues on certain of ourproducts and services that violate our policies. We use a dedicated intake channel to expedite review ofpotential policy violations. We also participate in ongoing discussions and feedback about Google andYouTube content policies. This program is most suitable for organisations such as non-governmentalorganisations (NGOs) and government agencies with an identified expertise in recognising and fightingharm online in at least one policy area. Child Safety and Generative AI Generative AI may be used by bad actors to create new outputs that exacerbate some existing child safety risks and introduce new risks. There are three risks we are particularly focused on addressing: ● AI-generated CSAM or computer-generated imagery depicting child sexual abuse, including new material that has never been seen before, or the editing of either benign or abusive images of real minors. ● The sexualisation of minors across a range of modalities, such as graphic sexual stories involving minors, or images that may not be illegal but objectify and sexualise minors. ● The use of generative AI to support other child sexual abuse behaviours, such as providing text instructions on how to carry out abuse, supporting offenders to groom or sextort minors, or promoting or normalising sexual interest in minors. We have policies addressing each of these risks. The key is to ensure that we can detect this sort of content effectively at scale even when it is AI-generated and can work in collaboration with others to stay ahead of these risks. Our child safety experts rigorously test our generative AI products before launch, and we also seek to address generative AI-created CSAM appearing elsewhere across the web. Our work to detect, remove, and report CSAM has always included violative content involving actual minors, modified imagery of an identifiable minor engaging in sexually explicit conduct, and Confidential and commercially sensitive; prepared for the European Commission | 31 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ computer-generated imagery that is indistinguishable from an actual minor engaging in such conduct. We are working to ensure that our Child Safety Toolkit performs well with AI-generated CSAM. We are also proactively engaging with child safety experts from industry, academia, government, and civil society, such as at our recent “Growing Up in the Digital Age” summit hosted at the Google Safety Engineering Center (GSEC) in Dublin. We are also committed to the Safety by Design Generative AI Principles, developed by Thorn and All Tech is Human, to help make it as difficult as possible for bad actors to misuse generative AI to produce content that depicts or represents the sexual abuse of minors. The mitigations set out in these principles complement our existing work to prevent the creation, dissemination, and promotion of AI-generated child sexual abuse and exploitation. During the assessment period, Google.org committed €10M to non-profit organisations with the goal of helping teens understand AI so they can use it safely as part of Google.org’s commitment to support AI training and skills in Europe. Google also partnered with Livity to produce the “Future Report,” a project to survey and engage with 7,000 teens across Europe on wellbeing related to tech use and online safety. The final report will be published in September. We will continue to support organisations who focus on reaching teens who are most underserved as well as their support networks, such as educators and parents. Evaluating Content Across Languages External stakeholders have asked about our ability to undertake effective content moderation across languages spoken in the EU, including the effectiveness of both automated systems and human reviewers. Given the important role played by automated systems, we continue to assess the risk that algorithms may be less well trained in some languages, dialects, and vernaculars than others. We deploy automated systems that detect violating content and behaviour at scale; however, human operators are often required to review, validate, and train these automated systems because humans can evaluate content or other signals in ways that might be difficult for current automated systems, such as understanding nuance, context, and slang. Taken together, Google services maintain Trust and Safety coverage, including human content moderators, across official EU languages, as well as many other languages commonly spoken in the EU. Our EU DSA Biannual VLOSE/VLOP Transparency Report provides data for our human Confidential and commercially sensitive; prepared for the European Commission | 32 Background | One: Protecting Users from Harm \________________________________________________________________________________________________________________________________________________________________ resources evaluating content across the official EU Member State languages, segmented by service. One important element of this assessment is the review of how significant advances in machine translation assist with review of content at scale. We use both human content moderators and machine learning to constantly train these classifiers and improve their ability to accurately detect such content across different languages, dialects, and vernaculars. During the assessment period we have begun to leverage our advanced AI model, Gemini, to assist with content moderation across languages. Gemini offers improved text understanding across a wide range of languages and so increases the diversity of policy violations that our automated systems can understand. Google strives for a high degree of accuracy for automated content moderation across EU languages and reports accuracy broken down by language where available. For instance, from July 2024 to December 2024, the accuracy level for all automated content moderation decisions for Maps was 91%. Given the operational challenge of having content moderators available 24/7 for less widely used languages, use of these tools enables us to undertake moderation of content at scale more rapidly, consistently, and effectively, while relying on human review for close calls. Our systemic risk assessments found some residual risk remaining for the performance of automated systems across languages, dialects, and vernaculars for all VLOP and VLOSE services reviewed. Google-wide advances (such as continuous improvement in machine translation or the development of LLMs that can learn quickly across multiple languages) will over time support the work of different Google services as each develops custom models, thresholds, and confidence levels tailored to their own policy enforcement needs. During the assessment period, we refreshed our models to improve the accuracy of our Maps moderation systems across languages, improving our ability to automatically detect content policy violations in multiple EU languages. For Play, we implemented a broader Gemini-powered content spam mitigation system for user reviews, significantly improving our detection of nuanced, unwanted content like profane slang in multiple EU languages. Going forward, we will continue to test the performance of classifiers to identify differences in performance across languages and pursue continuous improvement, including a rolling program to identify priority languages for investment in enhancing translation and content moderation quality. We will also continue to keep pace with developments in local contexts—including how language and terminology may evolve with potential for higher-risk events, such as elections—and use human content moderators and native speakers to improve the quality of automated systems, including classifiers. Confidential and commercially sensitive; prepared for the European Commission | 33 Background | Two: Delivering Reliable Information \________________________________________________________________________________________________________________________________________________________________ Two: Delivering Reliable Information Providing access to high-quality information to all users is core to our mission. We also provide users withbest-in-class tools that give additional context that help them evaluate content. Surfacing High-Quality Information The world wide web holds an unprecedented, and growing, volume of information that is not ordered oreasily navigable. But automated systems operating at scale to sort, organise, and deliver relevantinformation can help users find the needles in the world’s largest haystack. Algorithms power our services by prioritising relevant information in search results, making apprecommendations on Play, and providing relevant product listings in Shopping. Our algorithms sort throughhundreds of billions of pieces of content to find the most relevant and useful results. Algorithms enable us to advance quality and relevance while reducing systemic risk to users and society. Search uses signals such as meaning, relevance, quality, usability, and context to help determine which results are returned and prioritised for each query. Our systems use these and hundreds of other signals to prioritise the results that seem most helpful, in particular content that seems to demonstrate expertise,experience, quality, and trustworthiness. These signals are especially important for what we call “YourMoney or Your Life” (YMYL) topics, defined as those that may significantly impact or affect the health,financial stability, or safety of individual people, or the welfare of society. To help us test and improve our Search algorithms we continue to put all possible changes to Search through a rigorous evaluation process to analyse metrics and decide whether to implement a proposed change. Our Search Quality Rating Program, which includes external Search Quality Raters, helps us evaluate if our Search systems are generating helpful results that demonstrate experience, expertise,quality, and trustworthiness. This overall approach is summarised in How Search Works. Using Recommender Systems Some risk factors under Article 34(2), such as the use of recommender systems, may increase or decrease risk. Poorly designed or controlled recommender systems may increase the risk that harmful content goes viral. But properly functioning recommender systems should decrease risk by increasing the visibility of high-quality and trustworthy content and by promoting a diversity of topics and sources for users to explore. Recommender systems are an essential tool as we navigate the inherent tensions that come with respecting countervailing fundamental rights while fulfilling our mission to organise the world’s Confidential and commercially sensitive; prepared for the European Commission | 34 Background | Two: Delivering Reliable Information \________________________________________________________________________________________________________________________________________________________________ information and make it universally accessible and useful. We aim to make all of our recommendations useful, inclusive, and empowering. Using recommender systems to order the presentation of content, including by elevating high-quality and trustworthy content, is often a more proportionate approach to addressing harmful content risk than removing content altogether, which can present risks to freedom of expression and information. Fighting Misleading Information We continue to invest heavily in elevating high-quality sources and countering misleading information,particularly as it relates to people’s finances, health, livelihood, or civic participation and to sensitive events.Misleading information can manifest itself in different ways on different services across the open web, suchas misleading pages attempting to monetise their content with our Ads services, deceptive videos onYouTube, or websites spreading misleading information appearing in search results. Other examples ofmisleading practices include fraud, deceptive behaviour (such as the use of deep fakes), impersonation,misrepresentation of ownership, and misleading medical information. We take action to prevent the spreadof this type of content at scale. For example, during a breaking news cycle, speculation, and misleading information can outrun facts whilelegitimate news outlets are still investigating. Bad actors may publish content with the intent to mislead, orto attract attention and traffic on the basis of unverified information. To defend against these risks, YouTubeand Search have systems designed to promote high-quality content. We have long recognised the importance of multi-stakeholder approaches to misleading information, including the EU’s 2018 Code of Practice on Disinformation and a Strengthened Code that Google signed in June 2022. As part of the Strengthened Code, we have committed to providing the European Commission with reports detailing how we have implemented our commitments. Our commitment to the Strengthened Code applies to Search, YouTube, and Google Ads, and you can read more about it in the Search and YouTube sections of this report. We are continuing to monitor the threat landscape in Eastern Europe, disrupt coordinated influence operations from threat actors, and remove content and YouTube channels that violate our CommunityGuidelines and Terms of Service. Our breaking news and top news shelves on the YouTube homepagecontinue to receive tens of millions of views in Ukraine and, as the largest video-sharing service in Russia,YouTube continues to provide Russian citizens uncensored news and information. Supporting Election Integrity We are committed to playing our part in whole-of-society efforts to achieve high standards of civicdiscourse and election integrity. We are focused on the following three priorities: Confidential and commercially sensitive; prepared for the European Commission | 35 Background | Two: Delivering Reliable Information \________________________________________________________________________________________________________________________________________________________________ ● Surfacing high-quality information: Supporting the democratic process by connecting people toreliable, trustworthy, and high-quality information. ● Safeguarding our services and disrupting the spread of misleading information: Developing andenforcing policies that safeguard our services from abuse that undermines democratic participationand trust in the civic process. ● Equipping campaigns: Providing political campaigns and elected officials with best-in-class securitytools and training for election-related security challenges. All three priorities include a focus on risks and opportunities presented by AI to the information landscaperelated to elections. This strategy builds on work we do around elections in other countries and regions, and the commitmentswe made in the EU Code of Practice on Disinformation. We believe our approach to reinforcing internalprocesses that mitigate election-related risks aligns well with the recommendations made in the Communication from the European Commission set out in Guidelines for providers of Very Large Online Platforms and Very Large Online Search Engines on the mitigation of systemic risks for electoral processes pursuant to the Digital Services Act. Surfacing high-quality information During the assessment period, we worked to ensure that election-related information was high-quality. For example, people searching for topics like “how to vote” or “how to register” found details such as IDrequirements, registration, voting deadlines, information on voting abroad, and guidance for differentmeans of voting, like in person or via mail. This was available in 22 languages and included a country selectorfor the 12 million people who are eligible to vote in a different country than the one they live in. From thebeginning of April 2024 to the end of the EU Parliamentary elections, these features were viewed over 55million times. Keeping advertisements free from abuse is an important safeguard for the democratic process, so it isimportant to note that our existing ads policies outline a variety of other advertisements that are neverallowed, including manipulated media intended to deceive, defraud, or mislead others, ads with unreliableclaims, and ads that are exploitative during sensitive events, such as civil emergencies, natural disasters, orconflict. Safeguarding our platforms from abuse We continue to enhance our enforcement systems and invest in trust and safety operations to better secureour services and prevent abuse, including policies around demonstrably false claims that could underminedemocratic processes. To help enforce our policies, our AI models are enhancing our abuse-fighting efforts with faster and moreadaptable enforcement systems that enable us to remain nimble and act even more quickly when new threats emerge. You can read more in Protecting Users with Applied AI. Confidential and commercially sensitive; prepared for the European Commission | 36 Background | Two: Delivering Reliable Information \________________________________________________________________________________________________________________________________________________________________ In 2021, we contributed €25 million to help launch the European Media and Information Fund, an effort designed to strengthen media literacy and fight misleading information across Europe. The Fund has sincebacked 70 projects across 24 countries, including improving the media literacy of harder-to-reach populations. We also have supported the Global Fact Check Fund and numerous civil society, research, and media literacy efforts from partners, including TechSoup Europe, the Civic Resilience Initiative, Baltic Centre for Media Excellence, and the Central European Digital Media Observatory (CEDMO). We announced support for Elections24Check, a coalition of 40+ organisations working together to provide information about the European Parliamentary Elections. Elections24Check created a comprehensivedatabase of election-related information, claims, and narratives. Implementation of these collaborative efforts was informed by a convening of experts across government, academia, civil society, and industry at our election-focused Fighting Misinformation Online summit in Brussels in 2024, organised with our partners the European University Institute and the Calouste Gulbenkian Foundation. This convening discussed key topics including media literacy, civic engagement, AI deepfakes, and the importance of working together. We took action in instances where content, including deepfakecontent, violated our policies. We observed only limited volumes of content around political violence. Equipping campaigns and candidates with best-in-class security features and training Elections come with increased cybersecurity risks, so we have been helping high-risk users—such ascampaigns and election officials—to improve their security in light of existing and emerging threats andinforming them on how to use our products and services. We offer free services like our Advanced Protection Program and Project Shield, which provides unlimited protection against Distributed Denial of Service (DDoS) attacks. We also partner with Possible, The International Foundation for Electoral Systems (IFES), and Deutschland sicher im Netz (DSIN) to scale account security training and provide security tools including Titan Security Keys, which defend against phishing attacks and prevent bad actors from accessing Google Accounts. Google Threat Intelligence also helps identify, monitor, and tackle emerging threats, such as coordinatedinfluence operations and cyber espionage campaigns against high-risk entities. We report on actions taken in our quarterly TAG bulletin and meet regularly with government officials and others in the industry to share threat information and suspected election interference. Mandiant also helps organisations build holisticelection security programs and harden their defences with comprehensive solutions, services, and tools,including proactive exposure management, proactive intelligence threat hunts, cyber crisis communication services, and threat intelligence tracking of information operations. Helping people navigate AI-generated content Like any emerging technology, AI presents new opportunities as well as challenges. For example, generativeAI makes it easier than ever to create new content, but can also raise questions about the trustworthinessof information. There are three risks we are particularly focused on: ● Use of generative AI to deceive the public about matters of civic and public concern in a way thatcould harm overall discourse about elections, though not directly interfering with it. Confidential and commercially sensitive; prepared for the European Commission | 37 Background | Two: Delivering Reliable Information \________________________________________________________________________________________________________________________________________________________________ ● Use of generative AI tools as a force multiplier for bad actors (state-backed or otherwise) to identifynew attack vectors or make existing attack vectors more efficient/scalable. ● Use of generative AI tools to interfere with the democratic process, either by disrupting the processitself, or by disrupting voter intent—for example, misleading information about an election, such as afake image of a long line at a polling station. One important step we took to help people navigate AI-generated content was in the realm of political advertising. We expanded our political content policies to require all election advertisers to prominently disclose when their election ads include synthetic content that inauthentically depicts real orrealistic-looking people or events, including image, video, and audio content, becoming the first companyto do so. This disclosure must be clear and conspicuous and must be in a location where it is likely to be noticed by users. Our ads policies already prohibit the use of manipulated media, like deepfakes or doctored content, to mislead people. We also joined the Coalition for Content Provenance and Authenticity (C2PA) coalition and standard, a cross-industry effort to help provide more transparency and context for people on AI-generated content. Other parts of Google’s approach are described elsewhere in this report, including content labels on YouTube to indicate altered or synthetic content, providing users with additional context (such as Backstory), tackling spammy, low-quality content on Search, and SynthID, a tool from Google DeepMind that directly embeds a digital watermark into images, text, audio, and video generated with Google’s AItools.10 Addressing the Risks and Opportunities of Artificial Intelligence In 2017 we announced our intention to be an “AI-first company,” and we wholeheartedly believe AI has the potential to transform our societies for the good. We continue to develop artificial intelligence tools to help solve some of society’s biggest challenges. AI is embedded in many of our services, such as on Maps where we are cutting carbon emissions by reducing stop-and-go traffic. AI also presents important challenges that must be addressed clearly, thoughtfully, and affirmatively. In 2018 we set out our AI Principles and accompanying framework for responsible AI innovation that describe our commitment to developing and deploying technology responsibly. The recent momentum behind large-scale machine-learning models (including generative AI) has sparked additional dialogue around the impacts to society of AI and surfaced concerns, which we discuss in more detail throughout this report. 10 Backstory launched after the assessment period on 21 July 2025. Confidential and commercially sensitive; prepared for the European Commission | 38 Background | Two: Delivering Reliable Information \________________________________________________________________________________________________________________________________________________________________ The opportunities and challenges presented by large-scale machine-learning models require global, multi-stakeholder, and collaborative approaches. For this reason we are a founder or active participant in several new and ongoing initiatives, such as: ● The Frontier Model Forum, a new industry body focused on ensuring safe and responsible development of frontier AI models. ● The Partnership on AI’s (PAI) Responsible Practices for Synthetic Media: A Framework for Collective Action, an initiative to foster best practices in the development, creation, and sharing of media created with generative AI, and PAI’s Guidance for Safe Foundation Model Deployment. ● The Coalition for Content Provenance and Authenticity (C2PA), an effort to develop technical standards for certifying the source and history (or provenance) of media content. ● The Digital Trust \& Safety Partnership, a non-profit organisation focused on promoting a safer and more trustworthy internet through developing industry best practices, verified through internal and independent third-party assessments. ● The Coalition for Secure AI, an open-source initiative dedicated to enhancing the security of AI systems by providing security practitioners and developers with accessible guidance, resources, and tools to create secure AI systems. ● The EU AI Pact, a voluntary initiative by the European Commission for companies to commit to promoting trustworthy and safe AI development ahead of the full implementation of the EU AI Act. ● The European Union’s General Purpose AI Code of Practice, which we signed in the hope that this Code, as applied, will promote European citizens’ and businesses’ access to secure, first-rate AI tools as they become available. In these systemic risk assessments we considered the risks to our services presented by the use of generative AI by bad actors, such as influence campaigns, scams, phishing, cyberattacks, and spam. The development of LLMs has altered the scale and possible severity of some risks, especially those relating to the generation of illegal or harmful content (such as child abuse and exploitation content, terrorist and violent extremist content, and hate speech); scams and fraud; misleading information relating to elections, civic discourse, and democratic participation; and digital threats such as account hijackings, phishing attempts, or malware. We believe our existing mitigations perform well, but we must keep pace with the latest developments in AI technology. Additional mitigations (see Our Approach to the Disclosure of Synthetic Content below) include integrating watermarking, metadata, and other innovative techniques into our latest generative AI models. For non-consensual explicit imagery, we have provided users with easier ways for users to request the removal of the imagery. We have also Confidential and commercially sensitive; prepared for the European Commission | 39 Background | Two: Delivering Reliable Information \________________________________________________________________________________________________________________________________________________________________ improved our ranking systems that will lower explicit fake content for many searches. The updates we have made in the past year have reduced exposure to explicit image results in search queries by over 70%.11 We have developed identification technology that will allow our users on YouTube to detect AI-generated content depicting their face that constitutes misuse based on our Community Guidelines.12 However, large-scale machine-learning models are evolving rapidly, and we expect to assess the impact of these developments across all relevant risks in our future systemic risk assessments. In addition, we rigorously test the AI models we develop. Red teaming exercises, conducted both internally and externally, proactively assess AI systems for weaknesses and areas of improvement. Our AI Red Team combines security and AI expertise to simulate attackers who might target AI systems. Based on intelligence from teams like the Google Threat Intelligence Group, the AI Red Team identifies vulnerabilities and surfaces insights to mitigate risks. As AI technology develops, so do our methods for testing it. We have developed AI-assisted red teaming, training AI agents to find potential vulnerabilities in other AI systems.13 More detail about our overall approach to addressing the risks and opportunities of AI is described in our recent paper, End-to-end responsibility: A lifecycle approach to AI. Building on our previous efforts, this paper describes our four-phased AI Responsibility Lifecycle process (Research, Design, Govern, Share) that guides responsible AI development at Google. In the paper we share insights into how we developed this process, with recent examples and practical tips for implementation. Our Secure AI Framework (SAIF) is also designed to address top-of-mind concerns for security professionals, such as AI/ML model risk management, security, and privacy. This helps to ensure that when AI models are implemented, they are secure-by-default. Equipping Users In addition to raising the visibility of high-quality information, we aim to equip users with the tools they needto evaluate information they come across on our services. 13 Responsible AI Progress Report 12 A future full of opportunities, made on YouTube 11 How Google Search is addressing explicit fake content Confidential and commercially sensitive; prepared for the European Commission | 40 Background | Two: Delivering Reliable Information \________________________________________________________________________________________________________________________________________________________________ The ‘About this result’ feature in Google Search allows usersto learn more about the information they are seeing For example, our “About this result” feature in Search allows users to learn more about where the information they are seeing is coming from and how our systems determined it would be useful for theirquery. This feature is available in all languages where Search is available. With this context, users can makemore informed decisions about the sites they may want to visit and what results will be most helpful to them. Similarly, My Ad Center gives users greater control of the ads they see on Google services—like Search and YouTube—by providing options for customising ads, managing privacy settings, and influencinghow we determine what ads to show. Be Internet Awesome is a Google-created educational program that teaches kids the fundamentals of digital citizenship and safety so they can explore the online world with confidence, such as how tocommunicate responsibly, discerning between what’s real and what’s fake, and safeguarding valuableinformation. On Google Play, the Teacher Approved program identifies apps approved by teachers and minors’ education specialists, and then offers a description of the apps’ quality attributes. This information helpsfamilies easily review the apps and make informed choices about whether they want their minors using anapp or game. Informed users are able to make better use of and see more benefit from our services, a win for bothour users and us. Confidential and commercially sensitive; prepared for the European Commission | 41 Background | Two: Delivering Reliable Information \________________________________________________________________________________________________________________________________________________________________ Our Approach to the Disclosure of Synthetic Content Generative AI is a type of machine learning model that can help generate new content, including text, images, audio, video, and code. While it is important to note that generative AI content is not inherently a systemic risk, we know that AI will introduce new risks and will require new approaches. Computer-generated content, also known as “synthetic content,” is becoming harder to distinguish from content that has not been created by an AI system. This creates new challenges for the trustworthiness of content across the web, and we are committed to helping users understand and evaluate what they find online. For example, we have launched SynthID, a tool for watermarking and identifying AI-generated content. This technology embeds a digital watermark directly into the images, text, audio, and video generated with Google’s AI tools in a way that is imperceptible to the human eye but detectable for identification. We are not exposing SynthID labels to users, but the ability to identify computer-generated content is one method for helping promote high-quality information. In addition, any content published by Lyria—our AI music generation model used by YouTube—will be watermarked with SynthID. Similar to how it handles images, SynthID embeds a watermark into AI-generated audio content that is inaudible to the human ear and doesn’t compromise the listening experience. This watermark is designed to maintain detectability even when the audio content undergoes modifications such as noise additions, compression, or speeding up and slowing down the track. However, synthetic content is also created using non-Google products, and for this reason it is important for Google to participate in collective efforts to shape AI responsibly and address shared challenges. In February 2024 we joined the Coalition for Content Provenance and Authenticity (C2PA) as a steering committee member. The C2PA is a cross-industry effort to address the prevalence of misleading information online through the development of technical standards for certifying the source and history (or provenance) of media content. We will support its work by helping to develop its technical standard and support the development and adoption of Content Credentials, a new type of tamper-resistant metadata that provides an interoperable method to share information about how content was made and edited over time. We continue to participate in the Partnership on AI’s Responsible Practices for Synthetic Media: A Framework for Collective Action, an initiative to foster best practices in the development, creation, and sharing of media created with generative AI. Confidential and commercially sensitive; prepared for the European Commission | 42 Background | Two: Delivering Reliable Information \________________________________________________________________________________________________________________________________________________________________ A variety of other resources also help users distinguish synthetic content, such as Backstory and Search with an Image.14 YouTube now requires creators to disclose to viewers when realistic content—content a viewer could easily mistake for a real person, place, scene, or event—is made with altered or synthetic media, including generative AI and the alteration is not inconsequential. Despite these efforts, it is important to acknowledge that bad actors can and do seek to remove or hide watermarking when they have reason to believe it will restrict their misuse of a generative AI product. Strategies to address the new risks arising from generative AI should be multi-faceted and not limited to efforts focused on the disclosure of synthetic content. 14 Backstory launched after the assessment period on 21 July 2025. Confidential and commercially sensitive; prepared for the European Commission | 43 Background | Three: Partnering to Create a Safer Internet \________________________________________________________________________________________________________________________________________________________________ Three: Partnering to Create a Safer Internet We recognise that the systemic risks associated with VLOSEs and VLOPs are not unique to Google andcannot be addressed by Google alone. We scale our industry-leading practices to help keep users safeonline through proactive partnership with experts and organisations to both inform and share our resourcesand technologies. Partnering for Information Quality To effectively combat online abuse, technology companies already collaborate with academics,policymakers, publishers, and civil society organisations who possess the expertise that helps informeffective methods to address the issue at scale. In 2024, with many countries in Europe lowering the age of voting to 16 years old, Google.org awarded a $1 million grant to ThinkYoung to fund youth-led hackathons across Europe, empowering young voters to promote accurate election information. Google.org also launched a €15M open call for European nonprofits, civic entities, academic institutions, and social enterprises to help scale initiatives promoting democratic resilience in the region, including through the use of advanced technology and AI. This builds on Google.org’s longstanding commitment toyouth media literacy and online safety, with support for more than 60 organisations in this field since 2018. We worked closely with civil society to tackle misleading information ahead of the 2024 European electionsby partnering with a diverse range of organisations across the EU. These partnerships helped develop anddisseminate initiatives designed to increase media literacy among voters. This included organisations likeLibraries without Borders, Debating Europe, BBC Media Action, AFP, European Parliament, and EDMO. Also during 2024 we supported Elections24Check, which created a comprehensive database ofelection-related information, claims, and narratives. Consulting with Experts We scale our industry-leading practices to help keep users safe online through proactive partnership withexperts and organisations to both shape and share our resources and technologies. In 2023, we launched the Trust and Safety Research Awards, providing unrestricted grants to support research efforts across areas of interest related to trust and safety in technology. In our first year wegranted a total of $600,000 to nine applicants and in 2024 we funded twenty-one grants—with sevengrantees representing faculty at EU institutions—for a total of $2 million of funding. Also in 2024, we hosted research workshops and roundtables with nearly 200 researchers from academiaand civil society, covering topics of safety by design, child safety, and the use of AI in content moderation. The Google Safety Engineering Center (GSEC) in Dublin is a regional hub for Google experts working to tackle the spread of illegal and harmful content, and a place where we can share this work with Confidential and commercially sensitive; prepared for the European Commission | 44 Background | Three: Partnering to Create a Safer Internet \________________________________________________________________________________________________________________________________________________________________ policymakers, researchers, and regulators. In the 2024/2025 period, GSEC Dublin held over 40 public andprivate engagements to share our experience of managing content risk and hear from experts across awide range of topics, including child welfare online, AI safety and content moderation, scams, and fightingchild sexual abuse and exploitation online. For example: ● In March 2025, GSEC Dublin convened experts from industry, academia, government and civil society at a Growing up in the Digital Age summit to continue the dialogue around the protection of young people online. Key themes included strengthening privacy and safety, promoting healthy digital habits, and helping teens and families navigate new technologies confidently and safely. This year’s summit highlighted a new Google sponsored research report, Balancing Supervision and Independence in the Digital Age, which incorporated insights from multi-country studies on parents’ and teens’ perspectives on online parental supervision tools. ● In May 2025, Google convened over 200 global experts from tech companies, law enforcement, and government for the inaugural EMEA Anti-Scams and Fraud Summit in Dublin. The summit focused on a multi-pronged approach to the $1 trillion crisis of online fraud, emphasising prevention, data sharing, and a collective defense strategy. In addition to Google’s announcement of a $5 million Google.org commitment to anti-scams research and awareness in Europe, Google showcased its AI-poweredinterventions across products and highlighted programs such as the Global Signal Exchange (GSE)and Be Scam Ready, a prototype game utilising an inoculation theory-based learning approach andsignificantly improving users’ ability to recognise scams. ● In October 2024, Google held our first Responsible AI Summit, a multi-day event in Paris bringing together 240 government ministers as well as experts from academia and industry. Key topicsaddressed during the summit included AI governance, with discussions on regulations andinternational cooperation for responsible AI development, and AI economic opportunity, exploring AI'srole in European competitiveness. A significant focus was also placed on AI responsibility and safety,covering how to ensure AI systems are reliable and how AI can contribute to cybersecurity. Interactive demos showcasing Google’s AI work were a notable feature, including Alphafold, SynthID (for detecting AI-generated content), and presentations on AI’s role in sustainability, and cybersecurity. YouTube regularly updates its family product experiences and policies in consultation with experts in minors’media, child development, digital learning, and citizenship from a range of academic, non-profit, and clinical backgrounds. A key channel for this consultation is YouTube’s Youth and Families Advisory Committee, a collection of independent experts who provide advice on the policies and services YouTube offers to youngpeople and families. YouTube also sponsored the National Academy of Medicine to convene an independent advisory group to develop principles and attributes to guide digital services companies in identifying and elevating crediblesources of health information in their channels. The outcome of this project was a peer-reviewed discussion paper and the use of these principles when providing content from reliable health sources on Google. Sharing Tools and Technology We also share tools to help organisations protect platforms and users, including safety APIs across child safety, security (such as cyber attacks, malware, and phishing), and information quality. Confidential and commercially sensitive; prepared for the European Commission | 45 Background | Three: Partnering to Create a Safer Internet \________________________________________________________________________________________________________________________________________________________________ For example, our Child Safety Toolkit consists of two APIs: the Content Safety API (which classifies previously unseen images of potential child sexual abuse and exploitation) and CSAI Match (which matchesknown abusive video segments). We offer these APIs to qualifying partners free of charge. Our partners usethese technologies to process billions of files each year, allowing them to evaluate millions of images andvideos for abusive behaviour and prioritise the most concerning content for review. Perspective API (which uses machine learning to identify “toxic” comments, making it easier to host better conversations online) and Harassment Manager (an open-source codebase that allows users to document and manage abuse targeted at them on social media) help journalists, activists, politicians, and other publicfigures document and manage abusive comments on their sites. During the assessment period, Google became a founding member of the Global Signal Exchange (GSE) in partnership with the Global Anti-Scam Alliance (GASA) and the DNS Research Federation (DNSRF). The GSE is designed to be a global, multi-stakeholder, and cross-sector clearinghouse for online scam and fraudsignals from bad actors. This collaboration leverages the strengths of each partner: GASA’s extensivenetwork of stakeholders, the DNS Research Federation’s robust data platform with initially over 40 millionthreat signals, and Google’s experience in combating scams and fraud as well as its AI capabilities. Byjoining forces and establishing a centralised platform, GSE aims to improve the exchange of abuse signals,enabling faster identification and disruption of fraudulent activities across various sectors, platforms andservices. The goal is to create a user-friendly, efficient solution that operates at an internet-scale and isaccessible to qualifying organisations, with GASA and the DNS Research Federation managing access. As ofAugust 2025, the number of fully accredited GSE partners has risen to over 30 and there are over 375million signals available to partners. Collaborating with Companies and Stakeholders Many of the risks reviewed in this systemic risk assessment cannot be addressed by a single companyacting alone, so we have established and continue to fund and participate in a mix of multi-company andmulti-stakeholder efforts that take system-wide approaches to the most intractable problems. This includessharing signals of illegal and harmful content, collaborating with civil society to gain deeper insights into risk,and sharing best practices across companies. ● Global Internet Forum to Counter Terrorism (GIFCT): In 2017, YouTube co-founded GIFCT with a group of companies dedicated to disrupting terrorist abuse of members’ digital platforms. GIFCTprovides a formal structure to accelerate and strengthen our work and present a united front againstthe online dissemination of terrorist content, such as by identifying and sharing signals of terrorist andviolent extremist activity via the GIFCT hash sharing database. During 2023 we worked with GIFCT, Tech Against Terrorism, and the Christchurch Call to launch Altitude, a new free and open-source tool to help small- and medium-sized online platforms protect their communities from terrorist and violent extremist content. Altitude provides online platforms asingle elevated view of potential terrorist and violent extremist content on their sites, helping them totriage and remove the content. In 2024, we formally handed Altitude over to Tech Against Terrorism,which will continue its development and maintenance. Confidential and commercially sensitive; prepared for the European Commission | 46 Background | Three: Partnering to Create a Safer Internet \________________________________________________________________________________________________________________________________________________________________ ● Tech Coalition (TC): In 2006, we joined the Tech Coalition, teaming up with other tech industry companies to develop technical solutions that disrupt the ability to use the Internet to exploit minorsor distribute CSAM. For example, we have been one of two members to test a system to increase the chances of detecting CSAM videos through hash matching, while our child safety experts also chair or actively participate in half a dozen key working groups of the Tech Coalition. During 2023, we were among the first wave of tech platforms to join Tech Coalition’s Lantern, the first cross-platform signal sharing program for companies to strengthen how they enforce their childsafety policies. Until now, no consistent procedure existed for companies to collaborate againstpredatory actors evading detection across services, and Lantern fills this gap. ● Global Network Initiative (GNI): We were a founding member of the GNI in 2008, and since then we have worked closely with civil society, academics, investors, and industry peers to protect andadvance freedom of expression and privacy globally, especially when faced with demands fromgovernments that conflict with international human rights standards. GNI brings together academics,civil society, companies, and investors around thematic workstreams, including enabling sharedlearning on key trends and emerging developments in the technology sector. ● Global Anti-Scam Alliance (GASA): During 2024 we joined the Global Anti-Scam Alliance, a large network of over 100 organisations committed to protecting consumers from the activities of onlinefraudsters. We will link up with hundreds of organisations, including governments, law enforcement,consumer protection, financial authorities, and internet companies, to address the proliferation ofonline scams and fraud globally. ● Coalition for Content Provenance and Authenticity (C2PA): During 2024 we joined the Coalition for Content Provenance and Authenticity as a steering committee member. The C2PA is across-industry effort to address the prevalence of misleading information online through thedevelopment of technical standards for certifying the source and history (or provenance) of mediacontent. ● Robust Open Online Safety Tools (ROOST): We have partnered with other leading companies to form a new non-profit organisation dedicated to improving child safety online. The initiative aims tomake core safety technologies more accessible for companies and provide free, open-source AI toolsfor identifying, reviewing, and reporting child sexual abuse material. Developing Best Practices We actively participate in efforts to develop best practices that advance responsible and effectiveapproaches to risk assessment across the industry, as well as to develop the field of trust and safety morebroadly. ● EU AI Pact: We joined dozens of other industry leading organisations in signing the voluntary EU AI Pact, an initiative by the European Commission for companies to commit to promoting trustworthyand safe AI development ahead of the full implementation of the EU AI Act. Confidential and commercially sensitive; prepared for the European Commission | 47 Background | Three: Partnering to Create a Safer Internet \________________________________________________________________________________________________________________________________________________________________ ● Digital Trust and Safety Partnership (DTSP): In 2021 we co-founded the DTSP alongside nine other companies. The DTSP is committed to developing industry best practices, verified through internaland independent third-party assessments, to ensure consumer trust and safety when using digitalservices. ● Partnership on AI (PAI): In 2016 we were a co-founder of the Partnership on AI, a non-profit partnership of academic, civil society, industry, and media organisations helping AI advance positive outcomes for people and society. We are also a member of PAI’s Responsible Practices for Synthetic Media: A Framework for Collective Action, which is fostering expertise and best practices for responsibility in the development, creation, and sharing of media created with generative AI. ● World Economic Forum: We have been an active participant in the Global Coalition for Digital Safety to accelerate public-private cooperation to tackle harmful content online, exchange best practices fornew online safety regulation, take coordinated action to reduce the risk of online harms, and drive forward collaboration on programs to enhance digital media literacy. We are part of the Partnership Against Cybercrime, a leading initiative promoting public-private cooperation to combat cybercrime. We have also participated in the AI Governance Alliance to foster inclusive, ethical, and sustainable AI across industries. ● Trust and Safety Professional Association: We support the Trust and Safety Professional Association, a non-partisan membership association that supports the global community ofprofessionals who develop and enforce principles, policies, and practices that define acceptablebehaviour and content online and/or facilitated by digital technologies. ● Frontier Model Forum: During 2023, we partnered with other leading AI labs to launch the Frontier Model Forum, an industry body focused on ensuring safe and responsible development of frontier AImodels. The Frontier Model Forum draws on the technical and operational expertise of its membercompanies to benefit the entire AI ecosystem, advancing AI safety research and supporting efforts todevelop AI applications to meet society’s most-pressing needs. ● MLCommons: We participate in this engineering consortium to measure and improve the accuracy, safety, speed, efficiency, and safety of AI technologies, helping companies and universities around theworld build better AI systems that will benefit society. For example, we contributed to the proof of concept for the first AI Safety Benchmark. ● UN B-Tech Project: We participate in this UN Human Rights project that provides high-quality guidance and resources for implementing the UN Guiding Principles on Business and Human Rights inthe technology industry. Launched in 2019 after consultations with civil society, businesses, states,and other experts, the B-Tech project has four strategic focus areas: (1) human rights risks in businessmodels; (2) human rights due diligence and end use; (3) accountability and remedy; and (4) regulatoryand policy responses to the human rights impacts of technology. Confidential and commercially sensitive; prepared for the European Commission | 48 Background | Three: Partnering to Create a Safer Internet \________________________________________________________________________________________________________________________________________________________________ Setting High Standards for Advertising We strive to create a healthy, trustworthy, and transparent digital advertising ecosystem that supports users and advertisers. Our advertising policies are designed to ensure a safe and positive experience for our users. This may include prohibiting content that is harmful to users and the overall advertising ecosystem. Our advertising policies and review processes help address risks across our VLOSE and our VLOPs and cover four broad areas: ● Prohibited content: Content that cannot be advertised, such as counterfeit goods, dangerous products, and inappropriate content. ● Prohibited practices: Practices that advertisers may not engage in, including those related to misrepresentation and data collection and use. We also prohibit ads that would abuse the Google ad network by trying to circumvent or bypass our ad review processes. ● Restricted content and features: Topics that are sometimes legally or culturally sensitive, such as alcohol, gambling and games, healthcare and medicines, financial services, and political content. This content can be promoted, but on a limited basis with the appropriate advertiser certifications. ● Editorial and technical: Editorial standards for ads and destination requirements for websites and apps. We set a high standard of quality and reliability for advertisers. We have processes in place to identify bad ads on our services and to monitor violations on an ongoing basis. We do not permit advertisers to run personalised ads on content designated as “made for kids,” and we maintain a separate Ads \& made for kids content policy. Advertisers may not run personalised ads, make use of any third-party trackers, or otherwise attempt to collect personal information from minors or on content designated as made for kids. Advertising that is intended for minors or is on content designated as made for kids must not be deceptive, unfair, or inappropriate for its intended audience. This review covers the content of ads, including the ad content (e.g., text, images, video, audio of ad), targeting (e.g., search keywords), and destination (e.g., advertiser’s web page). Ads that do not comply with Google policies are disapproved and are not able to run until the policy violation is fixed and the ad is reviewed again. Users can also report ads that they find inappropriate or which they believe may violate the law or Google policies. All advertising content is subject to Ads Policies, regardless of how it’s created, and generative AI content is held to the same set of content standards, reviews, and enforcement for any policy violations. Furthermore, all images generated by Google Ads include mechanisms that allow them to be identified as generated, such Confidential and commercially sensitive; prepared for the European Commission | 49 Background | Three: Partnering to Create a Safer Internet \________________________________________________________________________________________________________________________________________________________________ as open-standard markup that will surface on tools like Google Image Search, as well as a SynthID, which is an imperceptible, digital watermark that’s resistant to manipulations of the image, such as screenshots, filters, and compression. Accounts may be suspended if we detect an egregious violation. In 2024, we removed over 5.1 billion ads, restricted15 over 9.1 billion ads, and suspended over 39.2 million advertiser accounts worldwide. Over the course of the last year, we continued to invest heavily in making our LLMs more advanced, launching over 50 enhancements to our models to enable more efficient and precise enforcement at scale. Prioritising these technical advancements allows our teams to focus on more complex, ambiguous problems, which in turn provides our LLMs with nuanced training data to better address these instances in the future. LLMs have also improved our ability to be more proactive than ever in preventing abuse. These AI-powered tools accelerate complex investigations, enhancing our ability to uncover and prevent networks of bad actors and repeat offenders. These preventative efforts kept billions of policy-violating ads from ever showing to a consumer, while simultaneously ensuring that legitimate businesses can show ads to potential customers quickly. Of the 39.2 million advertiser accounts that we suspended, the vast majority were suspended before they ever served an ad. For repeat violations of an Ads policy, we issue strikes to the Google Ads account and penalties progressively increase with each subsequent strike leading up to account suspension. To address the risk of over-enforcement, advertisers can appeal potentially erroneous ad reviews, strikes, and suspensions. In addition, in the EU, our Google Ads Transparency Center provides a searchable hub of all served ads and is designed to give users more information about the ads they see on Google services. In the Ads Transparency Center, users can see the ads an advertiser has run, find out which ads were shown in a certain region, and learn more about the advertiser. We are also committed to delivering ads responsibly in ways that respect user privacy, which we seek to achieve by applying the following five privacy principles to our ads business: 1. We never sell your personal information to anyone. This includes for ads purposes. 2. We are transparent about what data we collect and why. We clearly label ads and sponsored content on our services and make it easy for users to understand why specific ads are shown, what information is used, and how users can control their Google ad experience. 3. We make it easy for users to control their personal information. My Ad Center allows users to customise their ad experiences on Google services. Ads personalisation can be turned off altogether, and activity data tied to an account can be permanently deleted at any time. 15 Restricted ads are legally or culturally sensitive and can run only in limited contexts. Confidential and commercially sensitive; prepared for the European Commission | 50 Background | Three: Partnering to Create a Safer Internet \________________________________________________________________________________________________________________________________________________________________ 4. We reduce the data we use to further protect users’ privacy. We never use sensitive information like health, race, religion, or sexual orientation to tailor ads, and never use the content users create and store in apps like Drive, Gmail, and Photos for ads purposes. We do not allow ads personalisation for users we know are under 18. 5. We protect users by building products that are secure by default. We verify advertisers globally and work to detect bad actors and limit their attempts to misrepresent themselves. Our Ads Political Content Policy requires all verified election advertisers to prominently disclose when their ads contain synthetic or digitally altered content that inauthentically depicts real or realistic-looking people or events. Their disclosure must be clear and conspicuous, and placed in a location where it is likely to be noticed by users. Changes made to our Ads policies during the assessment period are available here.16 To learn more about our commitment to maintaining a responsible advertising service, see our Ads Safety Report. 16 As of the date of this report, Google allows political advertisements. Google plans to stop serving political advertising beforeOctober 2025. Read more here. Confidential and commercially sensitive; prepared for the European Commission | 51 Methodology \________________________________________________________________________________________________________________________________________________________________ 3\. Methodology Introduction Article 34 of the DSA requires providers of VLOSEs and VLOPs to identify, analyse, and assess systemic risksin the EU stemming from the design or functioning of their services and their related systems or from theuse made of their services. The DSA requires that these systemic risk assessments are undertaken annuallyand prior to deploying functionalities that are likely to have a critical impact on systemic risks. We have undertaken a separate systemic risk assessment for each Google service designated as a VLOSE(Google Search) or VLOP (Google Maps, Google Play, Google Shopping, and YouTube). The DSA enumerates four categories of systemic risks to be addressed: A. The dissemination of illegal content. B. Any actual or foreseeable negative effects for the exercise of fundamental rights enshrined in theCharter of Fundamental Rights of the European Union (EU Charter), in particular human dignity,privacy, data protection, freedom of expression and information, non-discrimination, rights of thechild, and consumer protection. C. Any actual or foreseeable negative effects on civic discourse and electoral processes, and publicsecurity. D. Any actual or foreseeable negative effects in relation to gender-based violence, the protection ofpublic health and minors, and serious negative consequences to the person’s physical and mentalwellbeing. Absent regulatory guidance, we developed our systemic risk assessment methodology by combining thespecific systemic risk assessment requirements of the DSA with proven risk assessment methodologies,such as those used to assess enterprise risk, human rights risk, compliance risk, and systemic riskassessments in other sectors. In the 2025 assessments we incorporated several enhancements (describedbelow) in pursuit of continuous improvement. To help ensure that our methodology was sound and well-executed, we retained the services of twoconsultancies with expertise in different kinds of risk assessments. Each reviewed and contributed to thedevelopment of our risk assessment, bringing points of view from their respective fields. Teams fromBusiness for Social Responsibility (BSR), with extensive experience in the field of human rights assessments,and KPMG, with expertise in systemic risk assessments in the financial, energy, and pharmaceutical sectors,contributed to the development of our systemic risk assessment methodology, as well as the execution ofthe assessment. Confidential and commercially sensitive; prepared for the European Commission | 52 Methodology \________________________________________________________________________________________________________________________________________________________________ Importantly, we designed our systemic risk assessment methodology to identify and prioritise risk to peopleand society, rather than risk to business objectives. Our methodology has six steps: Our systemic risk assessment methodology Step One: Classifying Risk In this step we established a list of 42 “risk statements” across the four categories of systemic risk. The riskstatements are plain-language articulations of the potential adverse impacts for each risk category andprovide the core focus for each VLOSE and VLOP systemic risk assessment. By using specific risk statements, we were able to assess related risks that may require different mitigations,or competing risks that need to be balanced against each other. Risk statements are commonly used in riskassessments to clarify the scope of the risk assessment and focus risk assessor responses on specificexposures. We relied on insights from a range of internal and external sources to generate these risk statements,including human rights due diligence, outputs from external stakeholder engagement (e.g., surveys,dialogue, roundtables), literature review, and discussions with relevant teams, staff, and subject matterexperts at Google. Confidential and commercially sensitive; prepared for the European Commission | 53 Methodology \________________________________________________________________________________________________________________________________________________________________ The 2025 risk statements are substantially the same as 2024. The complete list of 42 risk statements can be found in Annex A. We also ensured full coverage by reviewing the risk statements against all articles in the EU Charter andcross-referencing against rights contained in international human rights instruments. We created 39 risk statements to apply to each VLOSE and VLOP and added a small number ofVLOP-specific risk statements where unique service features warranted it. Specifically, because Play is aservice that hosts other apps, we created three additional risk statements to determine whether those appofferings were adequately diverse to serve many demographic groups. Step Two: Identifying Risk In this step we identified the risk drivers that may lead to inherent risk for each risk statement relevant toeach VLOSE and VLOP, and pinpointed the quantitative and qualitative insights supporting the assessmentof systemic risk. This included establishing clarity on the purpose, function, and features of each VLOSE andVLOP, including the volume and type of content and the service’s potential contribution to the virality ofcontent. The systemic risk assessment included a mix of quantitative factors (e.g., the number of actions takenagainst illegal or policy violative content) and qualitative factors that required professional judgement (e.g.,the impact of a privacy violation or the severity of hate speech). Confidential and commercially sensitive; prepared for the European Commission | 54 Methodology \________________________________________________________________________________________________________________________________________________________________ Engaging Stakeholders Recital 90 of the DSA sets out the expectation that providers of VLOSEs and VLOPs engage with external stakeholders (such as representatives of the recipients of the service, representatives of groups potentially impacted by their services, independent experts, and civil society organisations) when undertaking risk assessments and designing mitigation measures. We have long engaged external stakeholders to provide expertise related to emerging and evolving issues that intersect with our services. This input is important to the business, and helps inform our decision-making, our due diligence efforts regarding human rights obligations, and our design of mitigation measures. Consistent with Recital 90, we systematically catalogued and synthesised insights relevant for each risk statement from these engagements, as well as engagements focused specifically on the systemic risk assessments required by the DSA: ● Google’s Government Affairs and Public Policy engagements with independent experts and civil society organisations for due diligence, decision-making, and strategy. ● Google’s Human Rights Program stakeholder engagement on human rights issues with civil society and human rights organisations, government officials, and others. ● Engagements through the Google Safety Engineering Center (GSEC) led by Google’s Trust and Safety team with policymakers, researchers, and regulators with an interest in Google’s content policy and its enforcement. GSEC has held several convenings that inform the risk assessments, including on the topics of growing up in the digital age, online scams, and AI. ● Foundational research led by the Google Trust and Safety Research organisation on ecosystem-wide technology risks and policy issues, including information generated via direct user feedback and insights. The team’s portfolio includes reports that encompass time series studies, deep investigations, and secondary research for rapid decision-making. ● Google’s participation in relevant multi-stakeholder and multi-company efforts, such as the Global Network Initiative (GNI), the Global Internet Forum to Counter Terrorism (GIFCT), Partnership on AI, the Tech Coalition, the Family Online Safety Institute, the Content Authenticity Initiative, the Global Anti-Scam Alliance, the Frontier Model Forum, the World Economic Forum AI Governance Alliance, MLCommons, and the Digital Trust and Safety Partnership (DTSP). ○ In June 2025, the DTSP and GNI convened a multistakeholder event in Brussels on “Centring the Protection of Human Rights in Online Risk Regulation.” The event brought Confidential and commercially sensitive; prepared for the European Commission | 55 Methodology \________________________________________________________________________________________________________________________________________________________________ together regulators, civil society organisations, academics, and technology companies to explore how the protection of human rights, particularly freedom of expression and privacy, can be effectively achieved in the context of emerging risk-based regulatory frameworks. Google hosted the event and contributed to the costs of travel for staff and civil society participants. This year’s event built on GNI and DTSP’s ongoing efforts to foster dialogue across stakeholder groups around the practice of digital risk management. It was followed by the third edition of the European Rights \& Risks Stakeholder Engagement Forum, a two-day series of dynamic workshops focused on systemic risk assessments and mitigation under the DSA. ● Engagements that content policy teams within VLOSEs and VLOPs have with civil society organisations, academics, and relevant third party experts to inform the review, development, and enforcement of content policy and get ahead of emerging issues. ● YouTube’s Youth and Families Advisory Committee, a collection of independent experts that provide advice on the policies and services YouTube offers to young people and families. ● User engagements facilitated by marketing functions and specific product teams to test service features or understand user sentiments about Google and its services. Taken collectively, the insights gleaned from external stakeholder engagements like these help ensure that the risk statements developed for the assessment appropriately address the categories of systemic risk identified in the DSA and inform our assessment of inherent and residual risk. The insights also informed the development of additional mitigations consistent with Article 35 of the DSA. The perspectives of external stakeholders contributed to the overall mix of information that was used to assess systemic risk and design mitigations. The insights gained tended to be qualitative rather than quantitative in nature and were especially useful for assessing impact and preparedness. Many of the issues raised by external stakeholders are ongoing issues, such as concerns relating to freedom of expression, content policy enforcement, and removing illegal content. However, some of the themes more specific to this assessment period included: ● Elevated scam and fraud risk, including scams arising from the use of generative AI. ● Research and resources for minors’ welfare online, image-based abuse, including content created using generative AI tools (such as synthetic CSAM or involuntary synthetic pornographic imagery) and gender-based/LGBTQIA+ harassment, hate, and bullying. ● Enforcement of content policy during times of conflict. Confidential and commercially sensitive; prepared for the European Commission | 56 Methodology \________________________________________________________________________________________________________________________________________________________________ ● Information and content moderation quality across geography and language. ● Cross-platform and collaborative approaches to systemic risk. ● Use of generative AI to support improved content moderation. Step Three: Assessing Inherent Risks In this step we assessed each risk statement according to the potential severity of the negative effects thatthe risk could cause and the probability or frequency of the risk’s occurrence. Combined, these elementsproduce an estimate of the inherent risk—the risk absent our risk reduction efforts. This step is necessarilya theoretical and high-level estimate because we have long been dedicated to mitigating all the systemicrisks identified in the DSA. That estimate was then used in the later steps as the foundation to review howwell we address each risk. This enabled us to understand the inherent systemic risks that could stem fromthe design, functioning, and use of VLOSE and VLOP services, as well as from potential misuses by others. This step included two important elements: First, we considered whether the following factors set out in the DSA would impact the risk positively,negatively, or both:17 A. Design of recommender systems and any other relevant algorithmic system B. Content moderation systems C. Applicable terms and conditions and their enforcement (e.g., content policy) D. Systems for selecting and presenting advertisements E. Data-related practices of the provider F. Intentional manipulation of the service, including by inauthentic use or automated exploitation of theservice G. Amplification and potentially rapid and wide dissemination of illegal and policy-violating content We also considered whether linguistic or regional differences could affect the risk or any of the abovefactors. 17 See Article 34(2) of the DSA. Confidential and commercially sensitive; prepared for the European Commission | 57 Methodology \________________________________________________________________________________________________________________________________________________________________ Second, we used the quantitative and qualitative metrics and insights pinpointed in Step Two (Identification)to assess each risk statement according to the following objective criteria:18 ● Severity, meaning the potential consequences of the risk for people and societies, as defined by twocriteria: ○ Scope: The number of users and/or persons who could be primarily affected by the risk—forexample, we considered whether the risk would impact all users of the service or only a subset,and whether the risk would impact non-users as well as users of the service. ○ Impact:19 The potential to reverse the effects of the risk were it to occur—for example, weconsidered the adverse effects on physical, mental, or financial wellbeing, and whether apost-hoc remedy could restore those affected to their condition prior to the adverse effect. ● Probability: The likelihood and frequency of the risk—for example, the prevalence and potentialvirality of violative content, the volume of cases or data involved, or the number of successful appeals.The assessment of probability in particular drew upon quantitative data contained in our various Transparency Reports, with the 2025 assessment benefiting from quantitative data published in our EU DSA Biannual VLOSE/VLOP Transparency Report. In line with human rights guidance and risk assessment best practices, we used a weighting system so thatseverity, rather than probability, would be the predominant factor, meaning that “high severity/lowprobability” risks received higher prioritisation than “low severity/high probability” risks. These inherent risks do not actually manifest in our services because each of our services take steps (asdescribed below) to mitigate these inherent risks. The inherent risk associated with specific risk statements may have altered between the 2024 and 2025assessments owing to changes to the external context, such as the evolving geopolitical environment,growth in availability of AI tools, and new insights from external stakeholders. To reflect these changes, weundertook a calibration exercise to maintain consistency in our analysis of inherent risk across our services. Step Four: Assessing Preparedness In this step, we reviewed the mitigations (e.g., policies, enforcement practices, and other measures) wehave in place to address each risk and assessed the level of our preparedness, resulting in an estimate ofresidual risk (i.e., the risk after our mitigation efforts) for each risk statement. To achieve this estimate, we identified mitigations and other measures that contribute to our preparednessincluding (1) the existence and coverage of design decisions, features, policies, processes, metrics, 19 In our 2023 and 2024 systemic risk assessments, Google described this criteria as “remediability.” We have updated the terminologyto "impact” which is a more intuitive term to understand. Impact may have a different, specific meaning in certain specific contexts(such as in other human rights assessments), but we use the term as defined here. 18 Recital 79 of the DSA states: “In determining the significance of potential negative effects and impacts, providers should consider theseverity of the potential impact and the probability of all such systemic risks. For example, they could assess whether the potentialnegative impact can affect a large number of persons, its potential irreversibility, or how difficult it is to remedy and restore thesituation prevailing prior to the potential impact.” Confidential and commercially sensitive; prepared for the European Commission | 58 Methodology \________________________________________________________________________________________________________________________________________________________________ accountability, and formal controls, and (2) other relevant measures, such as participation in industry andmulti-stakeholder efforts to address risks. Ultimately, we considered the extent to which the combination ofmitigations prevents or significantly addresses adverse impacts of the risk. Many of the factors the DSA directs to be considered—and which we incorporated in our assessment ofinherent risk (such as recommender systems, content systems, terms and conditions, and systems forselecting and presenting advertisements)—are also important measures for addressing risk, so we alsoconsidered them in our determination of preparedness. The residual risk associated with specific risk statements may have altered between the 2024 and 2025assessments owing to changes in inherent risk (described above) or changes to preparedness, such asimplementing the additional mitigations we identified in the 2023 and 2024 assessments consistent withArticle 35 of the DSA, other new mitigations established during the assessment period, and continuousimprovement. A discussion of the most important residual risks for each VLOSE and VLOP is found in the results sectionbelow. Taking a Human Rights-Based Approach We have long been committed to respecting the rights enshrined in the Universal Declaration of Human Rights and its implementing treaties, and to undertaking human rights due diligence (including human rights assessments) using methods based on the United Nations Guiding Principles on Business and Human Rights (UNGPs). The systemic risk assessment requirement of the DSA shares a common goal with the ongoing human rights due diligence processes we undertake to fulfil our commitment to upholding the UNGPs. For example, the DSA requirement that a systemic risk assessment consider actual or foreseeable negative effects for the exercise of fundamental rights enshrined in the EU Charter is very similar to the UNGPs expectation that companies assess any actual or potential adverse human rights impacts using internationally recognised human rights as a reference point. Other elements of systemic risk assessment (such as impacts on civic discourse, electoral processes, public security, gender-based violence, public health, and physical and mental wellbeing) are also clearly relevant to ongoing human rights due diligence. While we designed our systemic risk assessment methodology to meet the requirements of the DSA, we were able to build upon our prior experience undertaking ongoing human rights due diligence based on the UNGPs. This included the generation of risk statements, which was informed by our prior ongoing human rights due diligence, and the creation of assessment criteria, which were based on the notions of severity and likelihood used during human rights due diligence. Confidential and commercially sensitive; prepared for the European Commission | 59 Methodology \________________________________________________________________________________________________________________________________________________________________ Step Five: Identifying Mitigations In this step we compile the most relevant mitigation measures, both existing mitigations and any mitigationmeasures that were implemented during the assessment period. We identified these measures to ensurethat there were reasonable, proportionate, and effective mitigations in place to address the specificsystemic risks we identified, consistent with Article 35 of the DSA. This step concluded the systemic risk assessment and mitigations process. We calibrated the results acrossour VLOPs and VLOSE to ensure the consistent application of the methodology, and they were approved bycentral Google stakeholders as well as risk owners and leadership teams from each VLOP and VLOSE. OurIndependent Compliance Function ensured that the risks were properly identified and reported, and thatidentified risk mitigations were reasonable, proportionate, and effective. A non-exhaustive list of the mitigations we have established consistent with Article 35 of the DSA in our 2025 assessments can be found in Annex B. Step Six: Reporting the Results We disclose the results of the systemic risk assessments in this report. We will publish these reports(subject to removal of confidential information) in due course, consistent with the requirements of Articles35 and 42 of the DSA. Some information in this report is confidential or security-sensitive. This includes specific discussion ofvulnerabilities, or details of security and programs that could be abused by bad actors. We reserve the rightto remove this information from the publicly available version of this report, as contemplated by Article42(5) of the DSA. Confidential and commercially sensitive; prepared for the European Commission | 60 Results of the Assessments \________________________________________________________________________________________________________________________________________________________________ 4\. Results of the Assessments Dedicated sections below contain the 2025 systemic risk assessment results for each VLOSE (GoogleSearch) and VLOP (Google Maps, Google Play, Google Shopping, and YouTube). Those VLOP and VLOSEsections each describe: ● The service and its associated systemic risk profile based on its use. ● A summary of assessment results, emphasising elevated inherent and residual risks, and describingany significant changes compared to the 2024 assessment results. ● The existing mitigations such as content and service design choices that address systemic risk, consistent with Article 35 of the DSA, also listed in Annex B. Taken in combination, existing and enhanced mitigations are intended to be reasonable, proportionate, and effective for the risk beingaddressed. Four important observations emerged across the five systemic risk assessments. First, the purpose of a service is a primary factor in determining the greatest inherent risks, which are risksabsent any of the substantial risk reduction efforts described herein. For example, services prioritisingbroad access to information (such as Search) had lower risks to freedom of expression and higher risksassociated with potentially harmful content; services oriented toward a narrower purpose (such as Maps)had higher risks to freedom of expression and lower risks associated with potentially harmful content.Product and content policies are tailored to allow or disallow certain types of content and conduct based onthis purpose. Second, the highest evaluations of preparedness (i.e., our existing mitigations) generally correlated with themost significant inherent risks, confirming that we are appropriately allocating resources to the mostsignificant risks. Third, improvements to automated systems, including those now powered by Google’s frontier AIfoundation models like Gemini, have resulted in gains in mitigation effectiveness across several risk areas,resulting in incremental but encouraging decreases in residual risk between 2024 and 2025. Fourth, and despite our existing and additional measures, risk from highly motivated bad actors continues tobe of concern in connection with threats such as fraud, malware, scams, and malicious sharing of privateinformation. Notable shared characteristics of these areas include the wider availability of increasinglysophisticated technology, the determined nature of highly motivated bad actors, and the importance ofindustry-wide and multi-stakeholder efforts to address the challenges. Confidential and commercially sensitive; prepared for the European Commission | 61 Search | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ Search Description of Service and Associated Risk Profile Google’s mission to organise the world’s information and make it universally accessible and useful startswith Google Search. Search continuously sorts through hundreds of billions of web pages and othercontent in our Search Index to connect users to the most relevant and helpful search results for their queries. You can read more in our description of How Search Works. Search plays an essential role in supporting the enjoyment, realisation, and fulfilment of the right to freedomof opinion and expression. Over 364 million users in the EU20 exercise their right to seek and receiveinformation21 through Search, and web publishers are better able to express themselves and reachinterested audiences through search results. We remove pages from search results when we have a legal obligation to do so and where they violate ourclearly defined policies. However, where there is clear user intent to find certain content, returningresponsive results that some may find objectionable, offensive, or problematic is not just tolerable, but theright outcome, ensuring users’ access to information they seek. When a user wants to know where on theweb a particular piece of content can be found, the user should be able to construct a query that seeks itout and Search should return responsive information with links to relevant sources, subject to any legalobligations. Content appearing in response to sufficiently clear queries indicates that Search is working asintended. Failure to deliver this content would harm both the rights of the speaker to freedom of expressionand the rights of the user to seek and receive information. This approach is consistent with our understanding of the DSA, which acknowledges the importantdistinction between search engines and hosting services22 and states that VLOPs and VLOSEs should payparticular consideration to the impact on freedom of expression when mitigating content risks and avoidunnecessary restrictions on the use of their service.23 To protect the right to freedom of expression, it is therefore essential that any restrictions we implement be reasonable and proportionate. We first outlined our approach to freedom of expression in 2007, and while 23 Recital 86 states that mitigations should “avoid unnecessary restrictions on the use of their service, taking due account of potentialnegative effects on those fundamental rights...providers should give particular consideration to the impact on freedom of expression.” 22 For example, Recital 19 recognises “the different nature of the activities” between caching services and hosting services. 21 Article 19 of the Universal Declaration of Human Rights states: “Everyone has the right to freedom of opinion and expression; thisright includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any mediaand regardless of frontiers”; Article 11 of the EU Charter: “Everyone has the right to freedom of expression. This right shall includefreedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless offrontiers.” 20 Average monthly counts based on distinct signed-in accounts of recipients (August 18, 2025). Confidential and commercially sensitive; prepared for the European Commission | 62 Search | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ we have refreshed and refined our principles, our philosophy on this issue has remained largely consistent since then. Content policies for Search are designed to minimise restrictions on freedom of expression and promoteaccess to information. Our focus on search quality means that Search is designed not to surface low qualitylinks, which are those most likely to contain potentially illegal or “legal but harmful” content. At the sametime, Search is unique in that it is a product that indexes the open web. This means that some degree ofmanageable risk associated with potentially illegal or “legal but harmful” content will always be presentwithin Search results, simply because open web content may still be discoverable if it is available on theinternet. When returning search results, we take action to avoid surfacing egregious content, such as CSAM, or content that violates our policies relating to highly personal information, including doxxing and non-consensual explicit imagery. We take protective measures to avoid showing shocking or harmful results when a user is not deliberatelylooking for such content, and provide tools such as SafeSearch to limit unwanted explicit results. Thisincludes turning SafeSearch on by default for known minors, and applying the SafeSearch explicit-imageblurring by default for new users. These measures help address risks relating to content that may beobjectionable, offensive, or problematic, especially to those who are not seeking it out. Our approach is informed by several important factors. First, search results should not unexpectedly present content that may be objectionable, offensive, orproblematic. We deploy a range of measures such as ranking algorithms, quality testing, and contentpolicies (described below) to ensure that results are relevant, helpful, and trustworthy. We acknowledge therisks of problematic content and provide users with relevant contextual information where appropriate. Second, we are cognisant of the unique concerns around protecting minors who use Search, and haveimplemented tools like SafeSearch and Family Link, described further below, to address those concerns. Third, our approach distinguishes between core web results (such as links to external pages) and certainother features of Search (such as Autocomplete, Featured Snippets, and Discover). To keep informationaccessible, we remove content from the core web results that are relevant to a query only in limitedcircumstances: this includes blocking CSAM, spam, highly personal information, and content that is subjectto valid legal complaints or site owner requests. By contrast, Search features offer additional value—such asproviding extra context, helping users formulate queries, or creating a personalised feed—and weunderstand that users may perceive this content to have higher credibility because of how it is presented.Here we apply content policies that cover a wider variety of issues, including barring harassing, hateful, andviolent content. We carefully consider what appears in Search features because our presentation canemphasise and highlight the content in a manner beyond the simpler ordered list we use to display coreweb results. Lastly, and critical to understanding the nature of systemic risk on Search, search engines do not have thesame relationship with users and user-generated content as website owners and hosting providers,including online services. Search engines cannot remove content from the web. Only website owners andhosting providers can remove content or moderate illegal and harmful content on their sites. Confidential and commercially sensitive; prepared for the European Commission | 63 Search | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ Placing broad restrictions on the types of content that can be accessed through search engines wouldinterfere with the right to freedom of opinion and expression, including the right to seek, receive and impartinformation, and the ability to access and hear different views. That’s why we remove content from searchresults only in very limited circumstances, including legal removals, violations of our web search spampolicies, or violations of our narrowly-scoped policies that address highly personal information where it israrely, if ever, in the public interest to display. Confidential and commercially sensitive; prepared for the European Commission | 64 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Systemic Risk Assessment Results and AssociatedObservations In this systemic risk assessment, we considered risks associated with Search and features that appear onSearch. We assessed 39 different risk statements24 for inherent risk (i.e., risk absent any action taken byGoogle), preparedness (i.e., the cumulative measures currently in place to mitigate the risk), and residualrisk (i.e., risk after mitigation by Google). Residual risk serves as a guide for where further investment may be warranted. The full list of risk statements is found in Annex A to this report. One important theme for Search is the ongoing presence of residual risk relating to the availability ofharmful content in search results for those seeking this content. This arises from our chosen emphasis onmaximising access to information and awareness of the risk of over-broad restrictions to freedom ofexpression and information; we believe this result to be appropriate given the nature and purpose of Searchand the DSA’s goals relating to freedom of expression and information. In the next three sections (“Removing Content”; “Investing in Search Information Quality”; “Service Design”)we address each of the categories of systemic risk articulated in Article 34(1) of the DSA. We emphasisewhere the assessment showed elevated inherent or residual risks and describe what Search is doing andplans to do to mitigate them. We also highlight external factors and improvements to our mitigationmeasures that changed the levels of inherent or residual risk between 2024 and 2025. As explained above, fundamental rights are closely interconnected and there is a high degree ofdependency between different risk statements. The improvement or deprivation of one fundamental rightcan advance or adversely affect the fulfilment of other fundamental rights, while the controls and measuresto address one risk statement may address other risk statements too. With this in mind, we have groupedrisks and mitigations together based on how these risks manifest for Search and how they are addressed.This allows for efficient explanation of Search’s existing mitigating practices, as well as improvementsconsistent with Article 35 of the DSA. 2025 Highlights ● Enhanced AI Search features by introducing AI Overviews.25 ● Employed advanced AI technologies to enhance our ability to identify and remove scam pages from our search results. These improvements help ensure the results our users get are legitimate, and protect them from harmful sites.26 26 How we’re using AI to combat the latest scams 25 Expanding AI Overviews and introducing AI Mode 24 See Methodology Step One: Classification. Confidential and commercially sensitive; prepared for the European Commission | 65 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ ● Strengthened users’ ability to protect their online presence from content violating their privacy rights through a redesigned “Results about you” tool that enables monitoring and removal.27 Introducing AI Overviews In 2025, Search launched AI Overviews, a Search feature that is designed to enhance the user experienceon Search and provide access to the same information that’s always been available on Search in a faster andmore efficient manner. AI Overviews does this while incorporating tools and methods to mitigate risks thatmay be associated with the feature. Some of these mitigations were designed and implemented based onlessons learned from the earlier launch of the feature to US users, thus making the product safer foreverybody, including new EU users. AI Overviews use our core Search ranking systems. As in Search more broadly, the links that are included inAI Overviews are dynamic and change based on the information that is most relevant, high quality, helpful,and timely for a given search. We have also leaned on our core Search safety systems with AIOverviews–with guardrails designed to prevent harmful, hateful or explicit content from appearing. AI Overviews must be supported by high-quality web pages and are tightly grounded to the content onthose pages, similar to the goal behind our existing snippets feature. This makes “hallucinations” that areoften associated with generative AI technology very rare. AI Overviews use various classifiers to identifyqueries that may seek out policy-violative content and rely on automated protections to providehigh-quality and safe responses. Before an AI Overview is generated, the service runs the query against aseries of safety classifiers designed to detect requests, for example, that may be seeking hate speech,sexually explicit content, content about individuals who are not public figures, or violent content. Oursystems aim to automatically prevent policy-violating content from appearing in AI Overviews. In the rareinstances where policy-violating content does appear, we also have user reporting and feedback channelsthat allow us not only to take action on violations but train the underlying model to improve over time. Prior to launching in any market, all Search features undergo a rigorous evaluation process and extensiveadversarial testing to ensure they meet our high bar for quality and safety. More information on Search’stesting process, which utilises methods long deployed at Google like search quality rating programs and side-by-side analyses, is available at our How Search Works website. We also engaged in a thorough adversarial red-teaming process designed to identify and address potential issues, including novelapproaches focused on issues specific to generative AI. AI Overviews adhere to our overall content policies for Search, as well as some of our unique policies forSearch features like featured snippets and autocomplete, which include careful considerations for contentthat may be explicit, hateful, violent, or contradictory of consensus on public interest topics, for example. AIOverviews will continue to benefit from a broad suite of Search and Search feature mitigations. 27 Protect your personal information and easily take action on outdated content in Search results. Confidential and commercially sensitive; prepared for the European Commission | 66 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Removing Content Removing Illegal Content We remove pages from search results when we have a legal obligation to do so. In many cases, content that is manifestly illegal also violates our policies, so we remove it before we receive a legal order to do so. For example, CSAM is illegal regardless of the context in which it appears, so we use automated methods suchas hash matching to swiftly detect and remove CSAM from search results, and this significantly lowers thelevel of residual risk. This is described in more detail below. Other types of potentially illegal content (such as terrorist and violent extremist content, hate speech, ornon-consensual explicit images) either have no standard definition or require contextual understanding,such as whether the subject of the content consents to its availability online, whether the content haseducational value, appears as part of a documentary, represents artistic expression, or is being distributedfor a malicious purpose (such as to promote terrorist groups). Deciding whether content is illegal is notalways a determination that Google is equipped to make, and we balance taking action against content withrespect for the right to freedom of expression and information. Based on the mitigation measuresdescribed below, we assess risks relating to potentially illegal content to have lower levels of residual risk.However, risks relating to potentially illegal online activity (such as sharing of non-consensual explicitimages) are more complex to address and require notification to Google by affected persons to determinetheir illegality, and we have assessed these to have more elevated levels of residual risk. We hold ourselves to a high standard when it comes to our legal requirements to remove content fromsearch results. We encourage people and authorities to alert us to content they believe violates the law, andwe make every effort to respond appropriately to legal notices.28 Addressing Violations of Intellectual Property Rights Search responds to clear and specific notices of alleged copyright infringement and delists content andURLs that violate applicable copyright law from search results. However, a search engine cannot automatically confirm whether a given page has a licence to host content,so we depend on reports from copyright owners. To initiate the process to delist content from searchresults, a copyright owner who believes that a URL points to infringing content sends us a takedown noticefor allegedly infringing material. When we receive a takedown notice, our teams and automated systemscarefully review it for completeness and validity. If the notice is complete and we find no other issues, wedelist the URL from search results. Because of our established frameworks for understanding and mitigating risks associated with intellectualproperty violations (including copyright), as well as our internal processes for legal review and removal afterclaims of infringement, our assessment did not find elevated residual risk with respect to these concerns. You can read more in our Copyright Help Center and the Content Delistings Due to Copyright section of the Google Transparency Report. The latter provides data for the number of URLs requested to be delisted, the 28 See supra at Handling Government Removal Requests. Confidential and commercially sensitive; prepared for the European Commission | 67 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ number of unique individuals or entities that have claimed an exclusive right to content specified incopyright delisting requests, and the reporting organisations, specified domains, and copyright owners whohave submitted or been cited in the most requests. Detecting, Removing, and Reporting CSAM The presence of CSAM on a page is illegal in most jurisdictions regardless of context and causes clear harmto victims, so we develop ways to automatically identify that content and prevent it from showing in ourresults. We invest heavily in fighting CSAM and exploitation online, and use our proprietary technology to deter,detect, remove, and report it on our services. We identify and report CSAM with trained specialist teamsand tools, including machine learning classifiers and hash matching technology which creates a “hash,” orunique digital fingerprint, for an image or a video so it can be compared with hashes of known CSAM. Whenwe detect content that appears to be CSAM, we report it to the National Center for Missing and ExploitedChildren (NCMEC), which liaises with law enforcement agencies around the world. For many years, we have been working on automated systems that allow us to identify never-before-seenCSAM imagery so it can be reviewed and, if confirmed as CSAM, removed from search results and reportedas quickly as possible. In addition to consistently applying it to eliminate CSAM from Search, this technology also powers the Content Safety API, which we developed to help partner organisations classify and prioritise potential abuse content for review. The Content Safety API is one part of our child safety toolkit—alongside CSAI Match, YouTube’s proprietary technology for combating child sexual abuse imagery (CSAI) videos online. Every month, our partners use the toolkit to process over 4 billion images and videos,helping them identify problematic content faster and with more precision so they can report it to theauthorities. When we help our online partners identify more abusive content, the entire internet benefits. This is complemented by a Priority Flagger Program for trusted NGOs. It is our policy to block search results that lead to child sexual abuse imagery or material that appears to sexually victimise, endanger, or otherwise exploit minors. We are constantly updating our algorithms tocombat these evolving threats. We continue to enhance our technical detection capabilities, including thedevelopment of an age-indeterminate video classifier to improve the detection of possible CSAM where thesubject’s age is ambiguous. We apply extra protections to searches that our systems identify as likely seeking CSAM content. We filterout explicit sexual results if the search query seems to be seeking CSAM. For queries seeking adult explicitcontent, Search will not return imagery that appears to include minors to help break the associationbetween minors and sexual content. In many countries, users who enter queries clearly related to CSAM areshown a prominent warning that child sexual abuse imagery is illegal, with information on how to report thiscontent to trusted organisations like the Point de Contact in France and FSM in Germany. When thesewarnings are shown, users are less likely to continue looking for this material. Our evaluations of the effectof the prominent warning show a 20-27% increase in queries with no interactions and a 15% reduction inCSAM-seeking follow-on queries. Confidential and commercially sensitive; prepared for the European Commission | 68 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ During 2024, we reported and removed more than 1.2 million URLs for CSAM from search results by usingautomated and manual methods. This is in addition to our efforts to deter CSAM-seeking queries as noted above. You can read more about the scale of our efforts to combat online CSAM in our transparency report. External stakeholders have raised the question of whether generative AI may exacerbate CSAM risks bylowering barriers to the creation of new CSAM, including the editing of otherwise benign images of minors.We did not see an increase in CSAM during the assessment period, and we believe that our existingmethods to detect, remove, and report human-generated CSAM are as effective at protecting againstcomputer-generated CSAM. However, we will continue to monitor this important risk, and you can readmore about our approach to guard against computer-generated CSAM, including our commitment to the Safety by Design Generative AI Principles in Child Safety and Generative AI. Removing NCEI and ISPI Globally, we have policies to remove both non-consensual explicit images (NCEI) and involuntary synthetic pornographic images (ISPI) upon receiving a request that meets certain requirements. Online sharing of this type of material can be extremely distressing to the subjects. In some contexts and jurisdictions, thiscontent is not only offensive and harmful, but also illegal to post or distribute. For people who wish to remove NCEI and ISPI depicting them from Search, we provide a process to request removal of links to the content from search results pursuant to our policies against this type of content. People can also submit a separate legal removal request if they believe the content violates particular laws, such as copyright laws or local laws prohibiting the non-consensual sharing of explicit images. Once NCEI has been reported, if it meets removal requirements and Search has removed the content fromresults, then we also begin to block duplicates and filter explicit results on queries that return results similarto the previously reported NCEI content. Further, if we process a high volume of personal informationremovals involving a site with exploitative removal practices (i.e., sites that require payment to removecontent), we demote other content from the site in our results. We also look to see if the same pattern ofbehaviour is happening with other sites and, if so, apply demotions to content on those sites. We may applysimilar demotion practices for sites that receive a high volume of doxxing content removals. We alsomaintain automatic protections designed to prevent non-consensual explicit personal images from rankinghighly in response to queries involving people’s names. While Search has a robust set of policies and tactics to mitigate the risk of this content appearing insearch results, especially for users who are not looking for explicit content, the volume and virality ofNCEI represents a higher level of inherent risk. We are well prepared to address this risk, but highlymotivated bad actors, and the difficulty of proactively detecting NCEI and ISPI, means that there is alwaysroom to improve our mitigations. During the assessment period, and consistent with Article 35 of the DSA, we enhanced our removals process making it easier for people to remove NCEI and updated our ranking systems to reduce the prominence of this content in Search. The updates we have made in the past year have reduced exposure toexplicit image results in search queries by over 70%.29 These updates were developed based on 29 How Google Search is addressing explicit fake content Confidential and commercially sensitive; prepared for the European Commission | 69 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ consultation with experts and victim-survivors. Generally, if a site has a high proportion of pages that we’veremoved from Search under our policies, that can be used as a strong signal that that site does not meetSearch’s guidelines for quality and should be factored into how Search ranks other pages from that site.Search therefore demotes certain sites that, proportionally, have received a high volume of removals forfake explicit imagery. This approach has worked well for other types of harmful content, and our testingshows that this mitigation is an effective way to help reduce ISPI in Search results.30 As generative imagery technology has continued to improve in recent years, there has been a concerningincrease in generated images and videos that portray people in sexually explicit contexts, distributed on theweb without their consent. This risk has been raised by external stakeholders, and we have also observedthe increase in reports of non-consensual explicit content when monitoring our own systems. We willcontinue to monitor this risk, and believe that our existing methods to detect, remove, and reporthuman-generated NCEI and ISPI are as effective at protecting against computer-generated content. Volume of Content Removed Our EU DSA Biannual VLOSE/VLOP Transparency Report discloses the number of actions we took on Search, segmented by type of illegal content or violation of terms and conditions. For URL-level removals (i.e., the number of individual URLs removed due to legal or policy violations) themost common reason for removal was intellectual property infringement (over 1.7 billion), followed byprotection of minors (over 11 million), data protection and privacy violations (over 200,000), andnon-consensual behaviour (over 110,000). During the reporting period, \>99.99% of all fully automatedremoval decisions on Web Search that impacted users based in the EU were unchanged while <0.01% werereinstated as a result of a counter notice. For URL-level filtering (i.e., the number of times individual URLs were filtered algorithmically from Discoverfeeds based on content policies), the most common reasons for action were sexualised content (over 30million) and violence (over 19 million). We use precision metrics to measure our effectiveness, defined as theratio of true positive instances (i.e., correct automated decisions) as a proportion of both true and falsepositives, and these range from 73% - 90% for racy, commercial, violent, and profane content and over 99%for spam. Taken in combination, these numbers provide an illustration of inherent risks for illegal and policy violativecontent prior to the removal actions taken by Search. Investing in Search Information Quality The systemic risk assessment reviewed several risks relating to a wide variety of harmful content such ashate speech, violent extremist content, gender-based violence, content inciting violence, contentpromoting practices harmful to health, and content that constitutes harassment and bullying. We deploy awide array of measures to address the risks related to harmful content, including Search ranking (such assurfacing credible and high-quality content over lower-quality content in web results) and content policyenforcement, especially in Search features. 30 How Google Search is addressing explicit fake content Confidential and commercially sensitive; prepared for the European Commission | 70 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ However, Search has indexed hundreds of billions of web pages, images, videos, and other content, sosearch results might occasionally contain material that some find objectionable, offensive, or problematic.Content that Search has no legal obligation to remove and is not prohibited by our policies remains availablein search results for users who express an intent to explore that content, even if indicators suggest it is ofrelatively low-quality or potentially harmful. While we believe our approach to be reasonable, proportionate,and effective in the context of a search engine service, the continued availability of this content results inelevated levels of residual risk for several risk statements relating to harmful content in the fundamentalrights and public health dimensions of the systemic risk assessment. Below we describe some of themitigating measures we take. Our automated systems are our first line of defence to limit the appearance of harmful content in searchresults for the most common queries, but we may also have trained experts who manually review and remove content that violates our Search features content policies. Search employs advanced AI technologies to detect and block hundreds of millions of fraudulent results daily. AI implementation has significantly enhanced our ability to identify and remove scam pages from our search results, achieving asignificant increase in detection rates. These improvements help ensure the results our users get arelegitimate, and protect them from harmful sites.31 Advanced AI models also enhance Search’s ability to understand the intent behind all users’ queries, guiding them towards supportive resources and away from violative content. The Trust and Safety team, in conjunction with automated systems, is responsible for reviewing andaddressing user reports of violative content per the Reporting and Removals process. This includes anend-to-end centralised policy enforcement system that tracks, audits, and enforces content policies forillegal content across Search. Search has also invested in an off-platform training program on information literacy called “SuperSearchers.” Super Searchers is a train-the-trainer program that focuses on educating users how to examineand analyse the content they find online. This training program has been rolled out across the U.S., EMEA,and APAC. Search has also been industry leading in its investments in media and information literacy. Thisincludes not only off-platform training (e.g., “Super Searchers” and “Be Internet Awesome”) but also in ourinformation literacy features. Addressing Sensitive, Harmful, and Policy Violative Content We use ranking systems to sort through hundreds of billions of web pages and other content in our Search index to present the most relevant and useful results in a fraction of a second. Our ranking systems arecentral to addressing systemic risks relevant to Search. Search ranks and prioritises content using signals that align with meaning, relevance, quality, usability, andcontext. Our approach is to raise the ranking of the highest quality information, rather than removinglow-quality information. Our emphasis on the ranking rather than availability of content allows us to addressthe risk of harm in a proportionate manner and reduce risks to freedom of expression and information. Thiscore ranking work ensures that most queries surface highly useful and accurate information, and tends tocause violative content–including coded and less obvious violative content–to rank lower. 31 How we’re using AI to combat the latest scams Confidential and commercially sensitive; prepared for the European Commission | 71 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Our ranking systems are especially designed to surface high-quality content for what we call “Your Moneyor Your Life” (YMYL) topics, defined as those that may significantly impact the person who is directlyviewing or using the content, other people who are affected by the person who viewed the content, orgroups of people or society affected by the actions of people who viewed the content. YMYL topics candirectly and significantly impact people’s health, financial stability or safety, or the welfare or wellbeingof society–for example, pages that offer financial advice or information regarding investment, taxes,retirement plans, loans, banking, insurance, or which facilitate purchases or online money transfers. You can read more about our more notable ranking systems in our guide to Google Search ranking systems. To help us test and improve our Search algorithms we put all possible changes to Search through a rigorous evaluation process to analyse metrics and decide whether to implement a proposed change. We utilise our Search Quality Program, which includes external Search Quality Raters, to help us evaluate the quality of these automated ranking systems based on the expertise, experience, quality, and trustworthiness of content. This approach to testing our ranking systems is explained more in How insights from people around the world make Google Search better and An overview of our rater guidelines for Search. During the assessment period we made further progress in our efforts to address the risk of content thatpromotes practices harmful to health by improving our ability to accurately detect a range of personal crisissearches, such as suicide, substance abuse, self harm, and eating disorders, and to recognise the intentbehind the search. This has meaningfully improved our ability to connect users with contact information fornational hotlines and more reliably show trustworthy and actionable information during times of personalcrisis. For instance, our partnership with various European hotlines and helplines has led to theimplementation of various helpline features in Google Search for users in crisis. Informing Users Our About this result tool enables users to learn more about the source of a search result–such as a description of the source and how others describe them–so that users can make more informed decisionsabout the sites they visit and the results that are most useful to them. We also recently introduced an About this image tool that can be used from Search, Circle to Search, or Google Lens, to provide context about images users encounter online. The About this image tool helps users get more information about how other sites use and describe the image, an image’s metadata (such as the creator of the image and some information about how that image may be created) and whether theimage was generated using AI, provided it contains Google DeepMind’s SynthID watermark embeddedwithin its pixels. The growth of deepfakes and the emergence of new technologies require our ranking methods tocontinually adapt to evolving risks. In addition to tools empowering users to discern the trustworthiness ofinformation for themselves, Search continues to invest in methods to prioritise the ranking of the mostrelevant and reliable information available and ensure effectiveness of our algorithms across languages,countries, cultures, and contexts. Confidential and commercially sensitive; prepared for the European Commission | 72 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Providing SafeSearch Keeping people safe on Search also means helping them steer clear of unexpected, shocking results. One way we tackle this is with SafeSearch settings, which help detect and manage access to explicit content like pornography and graphic violence in Search. We also offer options for parents and schools to lock this onSearch for supervised minors. To help protect people from inadvertently encountering explicit imagery on Search we provide a SafeSearchsetting that blurs explicit images in search results. This setting is enabled by default for users that do nothave the SafeSearch Filter setting turned on. Users have the option to enable the SafeSearch “Filter” setting(blocking any explicit content) or turn the SafeSearch protections “Off” at any time. For Google Accounts for people under 18, we take additional steps to help minors make choices to avoidresults that may be shocking or harmful. The SafeSearch Filter setting is enabled for declared minors underthe age of 13 (or the applicable age of consent in the relevant country) when signed in to an accountmanaged with Family Link. Additionally, SafeSearch is turned on automatically when our systems indicatethat a user may be under 18. When SafeSearch is “Off,” users find all relevant results for their search, even if they are explicit, but ourSafeSearch signals still apply to suppress irrelevant explicit content when the user does not appear to beseeking it out. Our safety algorithms improve hundreds of millions of searches globally on a daily basisacross web, image, and video modes. Supervised users are unable to change their SafeSearch setting–for example, for child and studentaccounts, parents and schools can lock SafeSearch, while parental controls on an operating system orantivirus software may override an individual’s SafeSearch setting. Parents can use Family Link to set upsupervision on a child’s account, with the SafeSearch Filter setting turned on automatically and locked so that the child cannot change the setting. You can read more in Manage Search on your child’s Google Account. Tailoring our Content Policies In Search, we take a multi-tiered approach to content policies to balance the need to protect freedomof expression with providing users with high-quality information. Search policies apply to content surfaced anywhere within Search, which includes web results (i.e., webpages, images, videos, news content or other material that Google finds from across the web). Search’spolicies cover essential content restrictions such as CSAM, spam, and valid legal requests. We maintain the following three categories of content policies. Search policies include a highly personal information policy under which we remove certain personal information that creates significant risks of identity theft, financial fraud, or other specific harms suchas doxxing content, explicit personal images, and involuntary fake pornography. These policies weredeveloped following an extensive stakeholder consultation to help inform how we balance taking action to protect user privacy and safety with the right to freedom of expression, and were enhanced in 2022 to Confidential and commercially sensitive; prepared for the European Commission | 73 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ include the removal of additional personal information (such as contact information, confidential login credentials, and confidential biometric data) from Search in cases that do not involve doxxing. Search features policies apply to many of our search features, such as Autocomplete, Featured Snippets,and Google Discover. The presentation of these features emphasises and highlights the content differentlythan our relevance-based web results. Search feature-specific policies explain how certain search features work and set forth any additionalfeature-specific restrictions. Examples include prohibiting predictions about medically hazardous healthclaims on Autocomplete and applying a higher quality threshold for recommending content for YMYL topicson Discover. Addressing Civic Information Search aims to enable users’ informed participation in democracy by providing high-quality information thatis accurate, up-to-date, and protected during elections. One way we ensure reliable information is returnedto users in the elections context is through our use of classifiers to identify elections-related queries, so thatour systems know that returning high-quality information is especially important. As part of this effort,Search has developed a number of features aimed at ensuring we show users trustworthy elections-relatedcontent from reliable third parties. These features are activated during elections and in response toelections-related queries to mitigate the risk of low-quality content and ensure we return organised searchresults pages that include comprehensive high-quality information in all EU Member States during theirnational elections. In addition to developing Search features with trustworthy third parties, we also utilise Search QualityRaters, as described above, and elections-specific classifiers to ensure search results surface high-qualityinformation about key persons or entities. Search information quality processes, including ranking, and our robust policies allow us to remove violativecontent. For example, in 2021, the Leibniz Institute for the Social Sciences conducted a comparativealgorithm audit of presence of conspiracy-related information in top search results across five searchengines: Google, DuckDuckGo, Yahoo, Bing, and Yandex. Their research found that “all search enginesexcept Google consistently displayed conspiracy-promoting results and returned links toconspiracy-dedicated websites in their top results, although the share of such content varied acrossqueries.”32 Respecting Freedom of Opinion, Expression, Media Pluralism, and Civic Discourse We reviewed several risks relating to content removal, users making informed decisions about what to view,and media pluralism (e.g., the plurality, polarisation, and diversity of perspectives available). Consistent withour findings in 2023 and 2024, Search’s approach to making information universally accessible reduces thelevel of inherent risk and results in low residual risk overall. These results are consistent with Search methods and initiatives like the Search Quality Rater Guidelines and Google News Initiative. Search endeavours to play an essential enabling role for the realisation, enjoyment, and fulfilment of these rights. 32 Urmana A, Makhortykhb M, Ulloac R, Kulshresthad J (2021) Where the Earth is flat and 9/11 is an inside job: A comparative algorithmaudit of conspiratorial information in web search results: Leibniz Institute for the Social Sciences. Confidential and commercially sensitive; prepared for the European Commission | 74 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ We believe, and studies have shown, that Search returns relevant and helpful sources with “no evidence ofideological bias” when users are looking for news.33 Search is not designed to favour or disfavour anyparticular publications based on ideology. Instead, our systems look at signals such as relevance,prominence, freshness, quality, or trustworthiness to determine the most helpful, relevant content to show users. Search does not take the political viewpoint of a web page into account when ranking. In the Google Search Quality Rater Guidelines, Search instructs evaluators that ratings should not be based on personal opinions, preferences, religious beliefs, or political views. Reputable studies consistently find that Search is fair. For example, two studies by The Economist evaluatedclaims of bias in Google News results and found no evidence of ideological bias, concluding that “Googlerewards reputable reporting, not left wing politics”.34 An extensive study by academics at Stanford Universitydrew a similar conclusion. Over a six-month period, researchers reviewed search results appearing on thefirst page for every candidate running for federal office in the 2018 U.S. general election. Four million URLswere scraped from Search and audited, and the researchers found that search results did not excludesources from either the left or the right of the political spectrum.35 Search is also best-in-class in displaying diverse results, which are indicative of strong support formedia pluralism. In 2022, the Hamburg University of Applied Sciences published a paper reporting thefindings of a study examining the difference between results retrieved by four major web search engines.Researchers compared the top 10 results from Google, Bing, DuckDuckGo, and Metager, using 3,537queries generated from Germany and the US. The findings of the study showed that “Google displays moreunique domains in the top results than its competitors, and Wikipedia and news websites are the mostpopular sources overall.”36 Promoting Accurate Information About Elections We believe that elevating high-quality information is of utmost importance to systemic risks relevant forSearch. These efforts are especially relevant to issues such as public health, elections, and civicengagement. While our ranking systems seek to connect people with high-quality sources and are described elsewhere inthis report, we are cognisant that these are complex issues that no single actor is able to solve on their own. We have supported a multi-stakeholder approach, including the EU’s 2018 Code of Practice on Disinformation and a Strengthened Code that we signed in June 2022. As part of the Strengthened Code, we have committed to providing the European Commission with reports detailing how we have implemented our Commitments under the Code. Our baseline report under the Code highlighted the breadth of our work across EU Member States todetect and counter a range of threats to the integrity of our services, empower users, and work with a 36 Nurce Yagci, Sebastian Sünkler, Helana Häußler, Dirk Lewandowski (2022) A Comparative of Source Distribution and Result Overlap inWeb Search Engines: Hamburg University of Applied Sciences. 35 Danae Metaxa, Joon Sung Park, James Landay, Jeff Hancock (2019) Search Media and Elections: A Longitudinal Investigation ofPolitical Search Results, Proceedings of the ACM on Human-Computer Interaction, Volume 3 Issue CSCW. Article No.: 129. 34 Id. 33 The Economist (2019) Google rewards reputable reporting, not left-wing politics. Confidential and commercially sensitive; prepared for the European Commission | 75 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ variety of stakeholders. The report also provided information about the quantitative impacts of our work atthe Member State level. Following this baseline report, we have published subsequent versions of this report biannually. In addition,we expect to remain a committed and productive member of the Code of Practice’s Permanent Task-force. Service Design Addressing Unfair Commercial Practices and Fraudulent Content about a Business We take many actions to mitigate the risks of unfair commercial practices and fraudulent content aboutbusinesses, such as prioritising the highest-quality results as part of the ranking process described above,removing policy-violating content from Search features, and removing fraudulent content subject to legalremoval requests. However, this type of content will continue to be returned in search results when a userseeks it out, provided it is not the subject of a valid legal removal request or prohibited by Google policies(e.g., spam), and is still available on the internet. For this reason, the assessment found that some residualrisk of fraudulent business information appearing on Search remains. We employ a higher standard and a different approach to address unfair commercial practices and fraudulent content about a business in the advertising context. Our Ads Policies, which apply to ads on Search and our VLOPs, have several policies relevant to mitigating this risk, such as policies prohibitingmisrepresentation (e.g., phishing, obscuring charges associated with financial services, misleading claimsregarding weight loss or financial gain) and policies prohibiting the sale or promotion of counterfeit goods,dangerous products and services, and products or services enabling dishonest behaviour (e.g., hackingsoftware, fake documents, or academic cheating). Google Ads does not allow ads that deceive users by excluding relevant product information, such asbilling details or charges, interest rates, fees, and penalties, or by providing misleading information aboutproducts, services, or businesses. This includes impersonating brands or businesses, concealing ormisrepresenting a business identity, and implying endorsement by another individual, organisation, product,or service without their knowledge or consent. For egregious violations (those so serious that they areunlawful or pose significant harm to our users), we will suspend Google Ads accounts upon detection andwithout prior warning, and not allow the advertiser to advertise with us again, unless an appeal brings tolight compelling grounds for a different outcome. We previously updated our spam policies to better address new and evolving abusive practices that lead to unoriginal and low-quality content showing up on Search. We have long had a policy against usingautomation to generate low-quality or unoriginal content at scale with the goal of manipulating searchrankings, but we have strengthened our policy to allow us to take action on more types of content with littleto no value created at scale, like pages that pretend to have answers to popular searches but fail to deliverhelpful content. We also now consider (1) very low-value third-party content produced primarily for rankingpurposes and (2) expired domains that are purchased and repurposed with the primary intention ofboosting search ranking of low-quality or unoriginal content to be spam. Confidential and commercially sensitive; prepared for the European Commission | 76 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Respecting Privacy Privacy is an enabling right, furthering rights such as freedom of expression, association, opinion, religion,movement, and bodily security.37 Once violated, the right to privacy can be challenging to remediatebecause private or highly personal content can remain in circulation on the internet. Given the role of Searchin surfacing information from nearly anywhere on the open web, privacy risks in the context of Search canbe important inherent risks. Search has addressed these inherent risks by (1) ensuring responsible stewardship of user data by refrainingfrom selling user data, constantly refining data collection practices, and providing users with easy-to-use data settings; (2) providing avenues for highly personal information to be removed from Google (described above) and respecting the “right to be forgotten”; and (3) complying with requirements under applicable data protection and privacy laws, including minimising the data being collected, purpose limitation, andproviding transparency to users. To be responsible stewards of user data, we take a private by design approach: we encrypt every search, build controls so that users can choose the privacy settings that are right for them, and never sell personalinformation to anyone. Search also offers privacy controls so that users can decide what to save to theirGoogle Account and can turn on auto-delete to automatically delete data on an ongoing basis. An example of this private by design approach took place when we launched Circle to Search, a new way to search anything on your phone with a simple gesture and without switching apps. We put trust and safety at the centre of Circle to Search, engaging privacy experts–including academics, civil society organisations, researchers, and privacy and safety professionals–in a series of structured workshops during the productdevelopment process. Some of the priorities we implemented following this process included dataminimisation (i.e., only using the selected area of the screen to begin a search), an easy process to deletehistory, and not saving images from Circle to Search to a user’s search history. We do not use biometricsmatching to inform Circle to Search results–for example, a Circle to Search for a public figure would returnthe same picture in different news articles, but a Circle to Search for a picture of a friend would not surfaceother pictures of that friend from the web. Since 2014 we have been responding to requests to delist content under European privacy law, whichprovides individuals with the right to ask search engines like Search to delist certain results for queries onthe basis of a person’s name if the links in question are “inadequate, irrelevant or no longer relevant, orexcessive.” We evaluate each request on a case-by-case basis, and may not delist content where there is an overriding public interest in the information remaining available in search results. Our requests to delist content under European privacy law report provides information and data about the volume of requests, the URLs delisted, the individuals submitting requests, and the content of websites and URLs identified inrequests. Since 2014, we have received around 1.5 million requests to remove around 5.6 million URLs.We take our responsibility to ensure compliance with European privacy law seriously while being committedto providing access to information, and carefully balance these commitments when assessing each request.As a result, we have refused to delist around 50% of the requests we have received to date; a large majorityof those refusals are sustained when challenged in court or before data protection agencies. 37 UN Special Rapporteur on the right to privacy. Confidential and commercially sensitive; prepared for the European Commission | 77 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ These measures are typically sufficient to reduce many privacy risks to much lower levels of residual risk.However, our assessment concluded that some elevated residual risks remain for Search, most notablythe unintentional or malicious sharing of private or highly personal information in search results. Thisinformation can be challenging to verify and requires that we be informed of and verify a privacy violationbefore removing content from search results. During the assessment period, we enhanced user control over their online presence by redesigning our “results about you” tool to facilitate personal information monitoring and removal. The redesign also simplifies the process for requesting removals. Users can now easily request removal directly within Search.By clicking on the three dots next to a result users can access an updated menu that clarifies which contentis eligible for removal and allows submission of removal requests with just a few clicks. Additionally, ourmonitoring feature will notify users if new results are found, ensuring we support them to maintain theirprivacy.38 Protecting Minor Rights Our services provide vital opportunities for learning, communication, and social interaction, and can beformative for a child’s cognitive and social development. However, these opportunities are accompanied byrisks to which minors are particularly vulnerable given their unique stages of development, nascent digitalliteracy, and evolving cognitive abilities and decision-making skills. It is important for us to address theserisks with mitigations, such as user guidance and parental controls, that help minors navigate their onlineexperiences now and over the course of their lifetimes. The systemic risk assessment reviewed several risks relating to minors’ rights, such as behaviouraladdictions in minors, use of minors’ data for ads targeting, and unnecessary or disproportionate limitationson minors’ access to Search. We found the highest inherent risk to be the risk that minors under a definedminimum age access services that they should not be able to, and may be exposed to harmful, hateful, orage-inappropriate content or conduct. Based on the mitigation measures described below, we concludedthat Search (and our VLOPs) are taking actions that significantly reduce residual risks for minors’ rights. The following protections apply horizontally across all our services, and thus pertain to Search and our fourVLOPs. These protections will be described here and cross-referenced in the VLOP sections. Our efforts inthis space must balance adults’ rights to access services and information with a reasonable level of privacy,and the need to protect minors from accessing services and information that are not appropriate for theirage. Obtaining Age Assurance We require users to manually enter their date of birth (without pre-populated options, referred to as aneutral age-screen) during Google Account sign up to help estimate which users are likely under the age of18 so that we can apply heightened privacy, content, and safety protections. To reduce the burden on our users and in accordance with data minimisation principles, these processes are carried out at the Google Account level so that the results can then be used in connection with all signed-in services (including Search) that are accessed by the user. 38 Protect your personal information and easily take action on outdated content in Search results. Confidential and commercially sensitive; prepared for the European Commission | 78 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Depending on what birth date a user provides at the time of Google Account creation, we applydifferent protections. ● If a user provides an age that is under the minimum age to have a Google Account in their country, we require approval from a parent/guardian before continuing with account creation, and theaccount must be supervised until the user attains the minimum age (see further information onFamily Link below). ● If a user provides an age under 18, we apply a number of default protections to the account, and wedisable access to age-restricted features and settings across some of our services. Parents/guardianswho manage their child’s account through Family Link may choose to change some of these defaultsettings if a different approach works best for their family. We independently assess whether or not a user is likely an adult, both for users who sign into their accountsand those who do not. We use a variety of signals, such as the types of apps a user has downloaded or thecategories of videos a user has watched on YouTube, as well as indicators like the longevity of an account.For example, searches for mortgage lending sites or tax assistance might be signals that the user is likely anadult. Once our model has sufficient signals about a user’s age, it sends a signal to our services toautomatically set appropriate default settings and protections, such as by turning on the SafeSearch filtersetting for those under 18. This approach does not involve collecting additional information from users. Enabling Parental Control Family Link parental controls are available in the Family Link app and also via web browsers. Parents/guardians of minors under the applicable minimum age can create Google Accounts for their minors and must manage those accounts using Family Link parental controls. Family Link parental controlsare also available for parents/guardians to supervise minors over the applicable minimum age, but consentfrom these minors is required before supervision may be enabled. Family Link helps parents/guardians stay informed about and manage their child’s experience on compatibleAndroid and ChromeOS devices. For example, Family Link empowers parents/guardians to set digitalground rules for their family by managing the apps their child can use, keeping an eye on screen time, orsetting a bedtime and daily limits for their child’s device. On iOS devices, parents can give consent for theirchild’s Google Account sign-in and manage some YouTube and Search settings. These controls helpparents/guardians manage their child’s experience in ways that make sense for their family. AI Overview safeguards for young users AI Overviews incorporates robust safeguards tailored to younger audiences. We recently implementedenhancements to the warnings for users under 18 based on feedback from teens and our own research.Internal policy guardrails, developed with child development experts, specifically address potential harms toyounger users. Additionally, in-product disclaimers trigger for age-restricted goods and dangerousprocedures. The team also makes improvements using feedback from the Teen Trusted Tester program,conducted in collaboration with other generative AI product teams and with global child safety NGOs, toensure ongoing refinement of safety measures. Confidential and commercially sensitive; prepared for the European Commission | 79 Search | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Providing Ads Protections We prohibit age-sensitive ad categories from serving to users under 18, including ads that feature adult orsexually suggestive content, alcohol, or gambling and games. We also prohibit the display of personalisedads based on age, gender, or interests to any users we determine to be under the age of 18. Ads shown tothese users must meet our under-18 ads policies, and may only be served based on non-personalisedcontextual information, such as the content on the current site a user is visiting. Enabling SafeSearch by Default Using age-appropriate default settings is one way that we incorporate “safety by design” into our products. Specific to Search, SafeSearch filtering is enabled by default for Google accounts for minors younger than 18, and parents and schools have the option to lock it on for supervised minors. As described above,SafeSearch filtering blocks explicit content (like sexual activity and graphic violence) from search resultsacross images, videos, and websites–when the filter setting is on, explicit results will be filtered even whenthey might be relevant for the query. Built-in safeguards These age-appropriate settings are also used in built-in safeguards applied to all users to address content which may be harmful to minors or other vulnerable users. The controls are designed to help make Search aplace where the whole family can confidently search for new information. For example, in many markets, asearch for information on suicide, sexual assault, substance abuse, and domestic violence will returncontact information for national hotlines alongside the most relevant and helpful results. Confidential and commercially sensitive; prepared for the European Commission | 80 Maps | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ Maps Description of Service and Associated Risk Profile Google Maps is a service that helps users navigate and explore the world. The service also includesaccurate and reliable information about places, businesses, and experiences, and helps businesses build anonline presence, engage with customers, and grow their business. Some of the key elements that make theservice compelling include satellite/aerial views, digital street maps, information about places and business,360° interactive panoramic views of streets, real-time traffic conditions, and route planning for driving,walking, cycling, public transportation, and flying. The information about places and businesses includes some user-generated content, such as content from consumer users and merchant users (including ratings, reviews, and photography) and content provided by the merchant users interested in listing or advertising their business on Maps. Maps is free, available in over 100 languages, and used by over 288 million users in the EU every month.39 You can read more in Google Maps Help and our Maps 101 blog series. The primary purpose of Maps is to help users navigate from place to place and explore the world, withelements such as images, reviews, and information about places being in service of that goal. This systemicrisk assessment validated that the most important risks are not intrinsic to the primary purpose ofMaps—helping users to get from A to B—but associated with the various features designedto enhance the user experience when fulfilling this purpose. The service emphasises being a source of reliable information and a reflection of genuine user experiences. For this reason we lean towards user-generated content policies that are designed to maximise the quality, accuracy, and authenticity of information for consumer and merchant user contributions. We go to greatlengths to make sure content published by our consumer and merchant users is helpful and reflects the realworld, recognising that this means accepting some attendant limitations to freedom of expression. Contenthas a low likelihood of going viral because of the way Maps is designed, thereby reducing inherent risksassociated with illegal and policy violative content. Risks relating to conducting a business (e.g., unfair commercial practices, such as paying, incentivising,or encouraging the posting of positive or negative reviews that do not represent a genuine experience) areimportant to address given the role of Maps in connecting potential customers with businesses (e.g.,helping users find a restaurant or auto repair shop that meets their needs). 39 Average monthly counts based on distinct signed-in accounts of recipients (August 18, 2025). Confidential and commercially sensitive; prepared for the European Commission | 81 Maps | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ Finally, the locational nature of the Maps service, combined with the existence of user-generatedcontent, makes it important to address privacy-related risks (e.g., data practices and risks to personalinformation, such as unintentional or malicious sharing of private or personal information), as we describe inthe “Service Design” section below. The privacy of our users is of utmost importance to us, and whilewe welcome content that illustrates our world, it’s critical to do so in a manner that respects users’ rightto privacy. Confidential and commercially sensitive; prepared for the European Commission | 82 Maps | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Systemic Risk Assessment Results and AssociatedObservations We assessed 39 different risk statements40 for inherent risk (i.e., risk absent any action taken by Google),preparedness (i.e., the cumulative measures currently in place to mitigate the risk) and residual risk (i.e., riskafter mitigation by Google). Residual risk serves as a guide for where further investment may be warranted. The full list of risk statements is found in Annex A to this report. This systemic risk assessment surfaced important themes relating to the inherent and residual risk. Overall,we found that the highest inherent risks were addressed by Maps’ existing mitigations, confirming that wehave been prioritising action on the most significant risks. The two most significant inherent risk themes for Maps are directly related to the nature of Maps: risksassociated with information about businesses shown on Maps (e.g., fake reviews, unfair commercialpractices) and risks associated with the locational nature of Maps (e.g., privacy-related risks). However, wehave long recognised these risks and our efforts to address them result in much lower residual risks. We also found higher inherent risks relating to illegal and harmful content, but concluded that these havemuch lower residual risk given emphasis on the quality, accuracy, and authenticity of information, our robustmoderation systems and processes to promptly remove this type of content, along with the low likelihoodof content going viral on Maps. Article 34(1) of the DSA encompasses a range of systemic risks that are interconnected and cannot be dealtwith in isolation; our policies and practices for Maps often address multiple risks at the same time. Toprovide a comprehensive understanding of Maps’ existing mitigating practices and align with Article 35 ofthe DSA, we have categorised specific manifestations of systemic risks into groups for efficient explanationof our mitigations. In the next two sections we consider content on Maps, including the development and enforcement ofcontent policies (“Content Moderation”), and explore service design choices that target risks associatedwith Maps’ functionality, including privacy (“Service Design”). Taken in combination, these two sections address each of the four systemic risk categories outlined inArticle 34(1) of the DSA. We emphasise areas where the assessment has identified elevated inherent orresidual risks, elucidating the measures already implemented by Maps to tackle these risks, as well as anyfuture plans to address systemic risks, as appropriate. We highlight where changes in the external contextor improvements to our mitigation measures cause significant modifications to inherent or residual riskbetween the 2024 and 2025 systemic risk assessments. 40 See Methodology Step One: Classification. Confidential and commercially sensitive; prepared for the European Commission | 83 Maps | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ 2025 Highlights ● New content abuse detection models based on Gemini, with improved performance across multiple EU languages ● Catching scammers by preventing business identity changes with Gemini41 ● More sustainable transportation choices to encourage sustainable travel42 Content Moderation In this section we show how Maps has designed and enforced its user-generated content policies toaddress the systemic risks articulated in Article 34(1) of the DSA. We detail some risks in the assessmentwith elevated inherent and residual risk, and describe what Maps is doing and plans to do about thosesystemic risks. Maps is a local discovery and navigation service with a focus on providing topical and high-qualityinformation and genuine experiences, rather than being a forum for dialogue. For this reason, we maintaincontent policies to guard places and businesses from off-topic content and fake engagement, especiallywhen there’s potential for this type of content to lead to harmful and targeted abuse. Removing Illegal Content Maps has clear policies in place prohibiting illegal content on the service through its policies related to restricted, dangerous, and illegal user-contributed content. This includes images or any other content that infringes on anyone else’s legal rights, including copyright, as well as content that relates to hate speech,sexual abuse imagery or sexualisation of minors, dangerous or illegal acts (such as rape, organ sale, orhuman trafficking), or illegal products and services (such as endangered animal products and illegal ordiverted drugs). We prohibit potentially illegal online activity such as doxxing or content that contains aspecific threat of harm or depicts illegal activity. Despite elevated inherent risks related to illegal content, such as CSAM and illegal activity, the results of thesystemic risk assessment showed Maps’ preparedness—such as taking action to stop fake review scamsand tackling fake contributions—enabled it to achieve low levels of residual risk for illegal content andactivity. As explained earlier in this report,43 we have a well-developed process for responding to legalorders to remove content, and the efforts described below to enforce our policies ensure the removal ofcontent that is illegal or that violates our policies. 43 See supra at Handling Government Removal Requests. 42 New Maps updates to help you get around Europe more sustainably 41 New ways AI helps keep business information trustworthy Confidential and commercially sensitive; prepared for the European Commission | 84 Maps | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Addressing Content that Violates our Policies The systemic risk assessment reviewed several risks relating to a wide variety of potentially harmful content,such as hate speech, violence and gore, harassment and bullying, gender-based violence, and contentpromoting practices harmful to health. However, the enforcement of Maps’ user-generated contentpolicies, which favour high-quality information and genuine experiences, lowers residual risks. Developing Content Policy We have created strict policies to make sure that user-generated content is based on real-worldexperiences and to keep irrelevant and offensive comments off Maps. Our policies againsttopics like fake engagement, misrepresentation, and misleading information continually evolve in responseto changing threats. Our user-generated content policy describes our overall approach while our prohibited and restricted content policies clearly set out what is not allowed on Maps, covering civic discourse, deceptive content, mature content, regulated goods and services, dangerous and illegal content, and low-quality information.These user-generated content policies are more restrictive than those for many other Google services,reflecting our increased emphasis on relevant, high-quality information and genuine experiences for Maps.Our “off-topic” and “fake engagement” policies are good examples of Maps’ unique approach to content.These policies have evolved over time to guard places and businesses from violative and off-topic contentwhen there’s potential for this type of content to lead to harmful and targeted abuse. For example, whengovernments and businesses started requiring proof of COVID-19 vaccination before entering certainplaces, we put extra protections in place to remove Google reviews that criticised a business for its healthand safety policies or for complying with a vaccine mandate. Other policies relevant for content on Maps include our Local Guides Program Terms and Conditions, which set out who is qualified to be a Local Guide and appropriate conduct standards; and Guidelines for representing your business on Google, setting out guidelines for Business Profiles. Once a policy is written, it’s turned into training material—both for our operators and classifiers—to help ourteams catch policy-violating content and behaviour. Enforcing Content Policy On Maps, people can share content and information about places they experience in the real world. We’vedesigned our policies to maximise the helpfulness, accuracy, and authenticity of information on ourplatform, benefiting consumers and businesses alike. Contributions to Maps should accurately represent the location in question. We strictly prohibit fake or misleading reviews, inaccurate information, and other forms of harmful content. Where user-generated contributions distort truth, we remove content, includingreviews, photos, or videos not related to the location or business where they are tagged. If user-generatedcontent is inaccurately placed on the map, or is associated with an incorrect listing, the contribution may berejected. For example, when a user submits a review or photo, we automatically send it to our machinelearning system to make sure the content doesn’t violate any of our user-generated content policies beforeposting it. Given the volume of reviews and photos we regularly receive, we have found that we need both Confidential and commercially sensitive; prepared for the European Commission | 85 Maps | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ the nuanced understanding that humans offer and the scale that automated detection provides to help usmoderate contributed content. Undertaking Automated Detection and Removal Automated detection is our first line of defence because automated systems are good at identifyingpatterns that help determine if the content is legitimate. For example whether a review contains offensive oroff-topic content, or whether the Google account posting it has a history of suspicious behaviour, such asposting violative content, and whether there has been uncharacteristic activity on a business profile, suchas many reviews over a short period of time. The vast majority of fake and fraudulent reviews are removedbefore anyone sees them because all reviews are run against classifiers before being posted. Our human operators regularly run quality tests and complete additional training to remove bias from themachine learning models. By thoroughly training our models on all the ways certain words or phrases areused, we improve our ability to catch policy-violating content and reduce the chance of inadvertentlyblocking legitimate reviews from going live. We review and update our classifiers, including reviews forquality and accuracy across languages, genders, ethnicities, and religions, and our assessment identifiedthis as a priority for continuous improvement over time.44 If our systems detect no policy violations, then the review can be posted within a matter of seconds.However, our automated systems continue to analyse the contributed content and watch for questionablepatterns, such as a group of people leaving reviews on the same cluster of Business Profiles or a placereceiving an unusually high number of 1- or 5-star reviews over a short period of time. In addition, we make it easy for people using Maps to flag any policy-violating reviews, with businesses and consumers both able to report reviews and flag inappropriate user profiles. Undertaking Human Review A team of human operators works alongside automated systems to remove reviews that violate our policies,and when appropriate suspend user accounts. We deploy thousands of trained operators and analystsglobally who help with content evaluations that might be difficult for automated systems, such asunderstanding reviews that include local slang. Our EU DSA Biannual VLOSE/VLOP Transparency Report discloses the human resources capacity evaluating Maps content across the official EU Member State languages. Undertaking Enforcement Proactively In 2022 we launched a significant update to our machine learning models that helped us identify novelabuse trends many times faster than in previous years. For example, our automated systems detected asudden uptick in Business Profiles with websites that ended in “.design” or “.top”, which our team of analystsquickly confirmed to be fake. They were therefore able to quickly remove the Business Profiles and disablethe associated accounts. 44 See supra at Evaluating Content Across Languages for further discussion of how Maps, and Google as a whole, are addressing thisidentified residual risk for Maps. Confidential and commercially sensitive; prepared for the European Commission | 86 Maps | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Our EU DSA Biannual VLOSE/VLOP Transparency Report discloses the number of actions we took on Maps, including advertisements presented on Maps, segmented by type of illegal content or violation of terms andconditions. The most recent report (February 2025) demonstrates that scams and fraud and content that isinappropriate or unhelpful (e.g., doesn’t reflect the real world) are the most common policy violations onMaps, accounting for over 95% of cases. Other violations (e.g., hate speech, data protection and privacyviolations, unsafe or illegal products) are much less prevalent. Over 99% of these actions were takenfollowing automated detection. The report also discloses the number of complaints received from userslocated in EU Member States about content moderation decisions and the outcome of these complaints. Going forward, Maps will continue to invest in new technologies and processes to keep information on ourservices helpful and reliable. Posting Restrictions When we find that user contributions for certain types of places are consistently unhelpful, harmful, oroff-topic, we may limit or suspend user-generated content for those places. Maps has developed a measured response regarding posting restrictions: ● Short-term restrictions, when posting may be turned off for a particular place for a short period oftime to help protect the place or area from a spike in irrelevant or offensive content. ● Long-term restrictions, when posting on a particular place may be turned off for a longer period oftime if its category or geographic area has experienced a continuous pattern of low value or off-topicposts. ● Partial or full restrictions, when, depending on the volume and pattern of policy-violating content, aparticular place may have posting restrictions on some or all of the types of user-generated content(including text reviews, ratings, photos and videos). Posting Restrictions for Repeat Violators We found that policies such as our posting restrictions greatly reduce the opportunity for repeat offendersto manipulate our systems through inauthentic use, reducing residual risks across the board. Assessment Results for Specific Content Risks Protecting Civic Discourse We found that there is a low risk that misleading information relating to elections, civic discourse,democratic participation, or civil unrest may be available on Maps. Maps is designed for a low likelihood ofcontent going viral, and more severe outcomes are highly unlikely. Our preparedness for elections andprohibition of any information that may be deceptive or misleading about civic processes, newsworthyevents, or civic discourse significantly reduce residual risk. In addition to reviewing flagged content, our team proactively works to identify potential abuse risks, whichreduces the likelihood of successful abuse attacks. For instance, when there is an upcoming event with asignificant following—such as an election—we implement elevated protections for the places associated Confidential and commercially sensitive; prepared for the European Commission | 87 Maps | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ with the event and other nearby businesses that people might look for on Maps. We continue to monitorthese places and businesses until the risk of abuse has subsided. We also prevent people from editing thephone numbers, addresses and other information for places like voting sites. This approach was especially significant during the assessment period given the large number of elections taking place globally and in the EU. You can read more about Google’s overall approach in Delivering Reliable Information. Protecting Consumers and the Freedom to Conduct a Business Maps provides information to users that enable them to find and navigate to a business. For this reason,prominent inherent risks include the risk that misleading or fraudulent content about a business is availableor that unfair commercial practices take place on Maps. This is typically driven by intentional manipulation ofthe Maps service and might include positive or negative fake reviews, “review bombing” by competitors,fraudsters creating false business listings, or “predatory removals,” which occur when a bad actor demandspayment for the removal of fake reviews. These risks can disproportionately impact less technologicallyliterate users and newly opened businesses, which are typically more vulnerable than established brands. We work to stay ahead of scammers and protect small businesses by continuously monitoring forfraudulent content on our products, using a combination of people and technology. One of the best toolswe have to fight back is our understanding of inauthentic use patterns on Maps, which informs ourclassifiers. These classifiers detect and remove policy-violating content across a variety of languages, andalso scan for signals of abnormal user activity. Our teams and protections are built to fight two main types of bad actors: content fraudsters and contentvandals. Fraudsters, who are ultimately motivated by money, try to trick people with scams like fake reviews toattract customers or fake listings to generate business leads. To deter them, we preemptively removeopportunities for them to profit from fake content, and have focused efforts on detecting content comingfrom click farms where fake reviews and ratings are being generated. Through better detection of click farmactivity, we are making it harder to post fake content cheaply, which ultimately makes it harder for a clickfarm to sell reviews and make money. Content vandals, who may be motivated by social and political events or simply want to leave their markonline, often post fake reviews or edit the names of places to send a message, or add off-topic photos aspranks. Content vandalism can be more difficult to tackle than fraud as it is often random. Impeding contentvandals requires anticipation and quick reaction, and as certain places become more prone to vandalism,we adjust our defences—such as when we modified our algorithms to preemptively block racist reviewswhen we observed anti-Chinese xenophobia associated with COVID-19. These risks are further mitigated by the implementation of our Ads policies, such as the Misrepresentation Ads Policy, which disallows ads that deceive people, and the Restricted Businesses Policy, which restricts certain kinds of businesses with products prone to abuse. These Ads policies are complemented by relevant Maps User Contributed Content policies, such as the Misrepresentation Policy, which doesn’t allow users to Confidential and commercially sensitive; prepared for the European Commission | 88 Maps | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ mislead or deceive others, and the Impersonation Policy, which doesn’t allow users to impersonate any person, group, or organisation. We have long recognised these inherent risks as priorities, and our wide range of measures to removepolicy-violating reviews, stop fake Business Profiles, and protect targeted businesses serve to reduce theseto much lower residual risks. Our actions here also address equality and non-discrimination risks, since thisactivity can disproportionately be targeted at those under-represented as content contributors, such asminority businesses. Respecting Freedom of Opinion, Expression, and Media Pluralism The systemic risk assessment explored several risks relating to content removal, users reporting potentiallyviolating content, and media pluralism (e.g., the plurality, polarisation, and diversity of perspectivesavailable). Maps’ focus on providing topical and high-quality information and genuine experiences ratherthan being a forum for dialogue lowered freedom of expression and media pluralism as an inherent risk.Maps does remove high volumes of content that violates our policies against off-topic or misleadinginformation about locations and businesses, and for this reason the systemic risk assessment found thatsome residual risk remains for over-moderation of user-generated content. Maps’ merchants have long been able to appeal potentially erroneous account and listing suspensions, butthe new appeals channels offer users a path to redress and also gives Maps better information forimproving in the first instance. Overall, we believe that this approach is reasonable, appropriate, and proportionate given the nature,purpose, and intended use of Maps. Service Design Respecting Privacy Some prominent inherent risks for Maps relate to privacy, reflecting the locational nature of the Mapsservice, the existence of user-generated content, and challenges associated with reversing privacy impactsonce they have occurred. Our privacy risks and mitigations cover three dimensions: users of Maps;contributors to Maps; and images shown on Maps that may involve users, non-users, and contributors. Protecting Users of Maps Maps uses location data to make its service functional and useful for users. Real-time location information plays a very important role for Maps, such as assisting in providing accurate driving directions, the latesttransit status, and useful search results. The Google Privacy Policy governs how user data is collected and used by Maps and other Google services and is designed to ensure that we collect data only where it is necessary for the user’s intended purpose. Inaddition to the use of real time location data, users may turn on Location History in their Google accountsettings to opt into preserving precise historical location data. Location History is off by default. On Maps,real time location data is used even when Location History is off, and people who use our services can also Confidential and commercially sensitive; prepared for the European Commission | 89 Maps | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ choose to share (or not share) their real-time location with others regardless of their choice of settings forLocation History. Our well-established policies, procedures, and options for users result in low residual risk for Mapscollecting, processing, aggregating, or sharing more user information than is necessary for the statedpurposes. Protecting Contributors to Maps The nature of user-generated content tied to locations on Maps opens up the potential for unintended ormalicious disclosure of private or highly personal information about users attached to a specific location.While the complexity of data choices, and the link between content and location, means that theunintentional sharing of information will always remain a risk, the user’s choice of whether to submit contentresults in much lower levels of residual risk. Maps is primarily a local discovery and navigation service andnot designed for sharing personal information, so we also concluded that malicious data sharing is unlikelyto occur on the service and that, when considered alongside our existing mitigations, the residual risk ofmalicious data sharing is low. Addressing Risks Relating to Images and Personal Information on Maps We take several steps to protect the privacy of individuals when Street View imagery is published to Maps.We have developed cutting-edge face and licence plate blurring technology that is designed to bluridentifiable faces and licence plates within Google- and user-contributed imagery in Street View. If we do not automatically or completely blur an image, users and non-users can request that Maps do so if their face or licence plate requires additional blurring, or if they would like us to blur an entire house, car, or body. Protecting Minors’ Rights The nature and purpose of Maps (helping users navigate from A to B, making available accurate and reliableinformation about places, businesses, and experiences) results in lower levels of inherent risk for minors’rights. With policies designed to ensure accuracy and relevance of content we are able to place fewerrestrictions on minors when compared to other Google services. The Maps experience is largely the same for minors in the EU, except that those under the applicable age ofconsent cannot contribute content (including photos, ratings, and reviews), publish public place lists, add oredit places on the map, or turn on Location History. Children under the applicable age of consent whoseaccounts are managed with Family Link can only share their real-time location with their parents. You can read more in Google Maps and your child’s Google Account. Because of the underlying nature of the service design, the safety functionality built into Maps resulted inlower residual risk for minors’ activity. Confidential and commercially sensitive; prepared for the European Commission | 90 Google Play | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ Play Description of Service and Associated Risk Profile On Google Play, users find and download their favourite apps, games, books, and more. Play provides millions of apps and games to over 297 million users45 in the EU. Play ranks and organises apps in order to help users discover the most relevant apps for them on Play through features such as categories, For You,and Recommended For You. Ads and sponsored content are clearly marked. Multiple factors are considered to decide which apps to show when users search, how many apps to show,and how they appear, including: ● Relevance: We show apps that are relevant to the page users are on or what they searched ● Quality of the app experience: We show apps that have good in-app user experiences based onseveral factors, including app design ● Editorial value: We curate recommendations based on what’s noteworthy and interesting ● Ads: When developers advertise their apps, we make sure the ads are appropriately identified ● User experience: We show apps that perform well in the Play Store and that users continue to enjoyafter installation These factors are weighted differently depending on the user device, user preferences, and where they arelooking in Play. Users can manage how their experience is personalised on the Activity Controls of their Google accounts, where they can turn off personalisation by turning off Web and App Activity, or by deleting past activity. Play connects millions of developers to billions of users worldwide and invests in the platform, tools,services, and marketing opportunities that support developers. This investment allows small or nascentdevelopers to benefit from economic opportunity and contribute to a healthy, competitive ecosystem. In fact, 97% of developers pay no service fees to benefit from Play. We believe higher numbers of active developers, subject to compliance with our consumer-protection policies, result in wider choices for users. 45 Average monthly counts based on distinct signed-in accounts of recipients (August 18, 2025). Confidential and commercially sensitive; prepared for the European Commission | 91 Google Play | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ This report will primarily focus on apps and games (collectively referred to as apps) as the main drivers ofsystemic risk relevant to Play. Our assessment also examined the other forms of content on Play, such asbooks, and found they posed less risk to users because the more standardised content lacks the dynamicdata and user-generated challenges inherent in apps. We take our responsibility to provide a safe and trusted experience for all users very seriously and provide aplatform for developers to deliver apps safely to billions of people worldwide. To help achieve this, we establish and seek to enforce clear expectations via our Google Play Developer Program Policies, which cover topics such as restricted content, privacy, malware, and monetisation. We also help keep users safeby building protections into Play, requiring developers to follow high safety standards. You can read more in our description of How Google Play Works. Play is a “platform of platforms.” Many of the apps available through Play are also platforms themselves; inthese instances, the app hosted on Play is the front door into a user experience controlled by thethird-party app or game developer. This structure creates two dimensions of risk, which you will seereflected in our systemic risk assessment: risks related to the Play platform (e.g., hate speech in a review lefton Play) and risks created by third-party apps on the Play platform (e.g., hate speech in a post within a socialmedia app). This separation reflects the appropriate allocation of systemic risk among Play and the apps that appear onthe Play platform. While Play’s risk assessment references both dimensions of risk, it is focused on our role inthe mitigation of risks to the Play platform, with app-level mitigations most appropriately taken by thedevelopers of those apps. As Recital 27 of the DSA notes, requests or orders related to the removal of illegalcontent should be “directed to the specific provider that has the technical and operational ability to actagainst specific items of illegal content, so as to prevent and minimise any possible negative effects on theavailability and accessibility of information that is not illegal content.” Confidential and commercially sensitive; prepared for the European Commission | 92 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Systemic Risk Assessment Results and AssociatedObservations We assessed 42 different risk statements46 for inherent risk (i.e., risk absent any action taken by Google),preparedness (i.e., the cumulative measures currently in place to mitigate the risk), and residual risk (i.e., riskafter mitigation by Google). Residual risk serves as a guide for where further investment may be warranted. The full list of risk statements is found in Annex A to this report. This systemic risk assessment surfaced important themes relating to the inherent and residual risk. In the first of the two sections that follow (“Content Moderation”) we consider risks and mitigations relatingto content moderation on Play, which primarily pertains to apps themselves as content. While there isinherent risk of illegal or harmful content appearing on apps, this section explains Play’s app review andmoderation program, which results in much lower levels of residual risk. We also discuss how we addressother types of user-generated content, such as reviews on Play. In the second of the two sections that follow (“Platform Design”), we consider risks and mitigations relatedto the way Play functions. Three important inherent risk themes that emerged during the assessment wererelated to privacy, security, and child rights. These risks reflect Play’s role in the overall app ecosystem, andthis section explains the actions we take that result in much lower levels of residual risk. Taken together, these two sections address the four broad categories of systemic risks articulated in Article34(1) of the DSA and the specific manifestations of those systemic risks that we evaluate. This reportemphasises those risks for which the assessment showed elevated inherent or residual risk, and describesPlay’s current risk mitigation practices as well as improvements consistent with Article 35 of the DSA. Wehighlight where changes in the external context or improvements to our mitigation measures causesignificant modifications to inherent or residual risks between the 2024 and 2025 systemic riskassessments. 2025 Highlights ● Improved pre-review checks in Play Developer Console and introduced new tools such as Policy Insights in Android Studio to help app developers better understand policy requirements and potential issues before an app’s launch ● Launched a “Verified” badge for consumer-facing VPN apps designed to signify an app’s compliance with security and safety guidelines and completion of an independent Mobile Application Security Assessment (MASA) Level 2 validation 46 See Methodology Step One: Classification. Confidential and commercially sensitive; prepared for the European Commission | 93 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ ● Refined our Android and Google Play security and developer tools to create a safer and more efficient app ecosystem, improve fraud protection, and enhance user safety measures Content Moderation Removing Illegal Content Play has appropriate policies in place prohibiting illegal content on the platform through policies related to restricted content, intellectual property rights, and other policies preventing fraudulent or malicious apps. As discussed previously in this report, Google has a developed process for evaluating government requeststo remove content.47 Additionally, Play has reporting channels for users to report illegal content or contentthat violates Play policies. There is extensive overlap between content prohibited by Play’s product policiesand content that is illegal, meaning that our policy development and enforcement efforts work to mitigatethe risks of both illegal and policy-violative content. These efforts are described in detail in the next section. The Play risk assessment identified a range of relevant illegal content-related inherent risks, including riskssuch as CSAM, terrorist content, apps infringing intellectual property rights, and illegal activity like scams.However, the assessment found that robust policies that are binding on apps (as described below) andenforcement of these policies resulted in much lower levels of residual risk. As noted above, illegal content appearing within apps available on Play is primarily the responsibility ofdevelopers, though (as described below) Play takes a variety of enforcement actions against developerswith multiple or egregious policy violations. Addressing Content that Violates our Policies The systemic risk assessment reviewed numerous risks relating to a wide variety of harmful content, such ascontent impacting human dignity, promoting discriminatory beliefs, inciting, praising, or glorifying violence,promoting practices harmful to health, inciting gender-based violence, or constituting harassment andbullying. There were several factors that caused us to conclude that these risks are of much lower residual risk forPlay. There are high costs associated with developing an app as compared to a single piece ofuser-generated content, thus well-designed policies ensure developers are effectively disincentivised fromspending time and resources developing apps that clearly violate Play policies. Additionally, when appdevelopers submit their apps to Play, we use a combination of automated processes and human review toassess these apps before they can be published for distribution on the Play Store. The automatedprocesses—which include static and dynamic components—scan an app’s code, app images, the developerprofile, and the app description. 47 For more information on how YouTube and Google respond to government requests to remove content, see supra at HandlingGovernment Removal Requests. Confidential and commercially sensitive; prepared for the European Commission | 94 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the source of download, to combat code-level, hidden, and emerging threats. This built-in protection scansmore than 200 billion apps every day, automatically revokes app permissions for potentially dangerousapps, and displays reminder notifications to remind users that an app installed from an Internet-source may not be safe. In 2024, Google Play Protect identified more than 13 million new malicious apps from outside Google Play and prevented 10 million Android devices from potentially fraudulent installations.48 We review millions of apps submitted to Play each year, including technical reviews of code for malware. Ifwe identify policy violations at this pre-publication stage, we reject the developer’s submission and give thedeveloper an explanation of the policy issues along with instructions on how to correct them. Once theissues are addressed, the developer can resubmit their app or app update for further review. If we find nopolicy violations, we publish the app or app update to the Play store. As explained below, we also haverobust developer education processes to keep apps in compliance with evolving policies and enforcementmechanisms when they fall out of compliance. In addition, Google Play continues to run safety checks on every app offered on the platform. These checkshappen not only before an app is available on Google Play but also before a Play app is updated and continuously while the app is in the Google Play store. These efforts helped Google Play prevent 2.36 million policy-violating apps from being published last year.49 These estimates of residual risk also rest on the distinction raised earlier: between user-generated contentmoderation that Play can undertake and content moderation responsibilities held by app developers, whomay themselves be providing a user-generated content platform. For example, we establish clear requirements around robust, effective, and ongoing user-generated content (UGC) moderation in apps. But only an app developer operating a UGC platform can remove specific pieces of content (e.g., a specific post in a social media app; a video from a streaming app) from itsplatform. Google can only remove the UGC platform app in its entirety—including all legitimate contentwithin it—from Play. This limitation raises questions of proportionality, fairness, freedom of expression, anduser impact, all of which must be balanced against the risks that may be posed by the specific underlyingcontent. In 2024, we launched a Policy Violations Form for Play Reviews for users to flag reviews that potentiallyviolate Play policies. We added an Appeals Form for reviewers that allows them to appeal removals that theymay disagree with. We also created a Help Center article covering all reports. Maintaining Developer Policies Our Play Developer Policies set out what developers can and cannot provide users on the Play platform and are the foundation upon which Play delivers apps and games safely to billions of people worldwide. Thesepolicies cover areas such as restricted content, impersonation, monetisation and ads, privacy, malware, andmobile unwanted software, and are relevant across most of the risk statements included in this systemic riskassessment. 49 6 ways Google Play helps keep you safe 48 How we kept the Google Play \& Android app ecosystems safe in 2024 Confidential and commercially sensitive; prepared for the European Commission | 95 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Our User Generated Content (UGC) Policy requires providers of apps that contain UGC services to implement ongoing UGC moderation and sets out requirements in the areas of informed consent, definingobjectionable content and behaviours on the app, and undertaking reasonable UGC moderation that isconsistent with the type of UGC hosted by the app. It also includes requirements for reporting channels andan in-app system for blocking UGC and users. We believe that requiring providers of apps that contain UGCservices to implement these policies—and requiring developers to play a role in enforcing them—provide anappropriate, proportionate, and effective approach for Play. Developing Policy We update the Developer Policies over time to reflect insights into new and emerging risks, and conduct regular reviews of our policies based on developer feedback, external media, expert and stakeholderfeedback, and internal enforcement data. The practice of constantly updating our policies based onemerging threats also reduces many or most of the systemic risks considered in this risk assessment. We maintain a page detailing changes to our policies, including when these changes take effect and resources to help developers prepare for app updates. Over the years, Play has taken strides in developing our policies such that the risks posed by apps and thecontent that appears on apps have been appreciably lowered. For example, we created the UGC Policy mentioned above in response to the evolution of social mediaplatforms, which included significant fleeting and/or real-time content, and new types of UGC, which hadresulted in heightened societal concern about user safety. After market research, user studies, andcollecting insights from developers in global markets, Play established a developer policy requiring in-appmoderation for all UGC apps. Play’s UGC Policy reflects the belief that users should have a direct means tocontact social media platforms, which should be held accountable for consistently moderating content. When specific user harm concerns arise, Play’s policy development team goes through a rigorous processto understand the issue, develop guardrails, internally test those guardrails, and then introduce new policiesinto our ecosystem. After introduction, we monitor the impact of our policies to refine or expandprotections, as needed. For example, in 2021, we introduced our Personal Loans policy. This policy was developed in response to user feedback from India and several Southeast Asian markets that developers were charging high andoften illegal interest rates to users, and that some developers were blackmailing users with the permissionsthey had obtained through apps. We mandated declaration and disclosure of financial agreements betweenusers and financial apps or their developers, so that we can verify the legitimacy of the loan agreementsand make sure the loan terms are clear to users. We later expanded the policy to prohibit these apps fromaccessing sensitive data, such as photos and contacts, which were being used to verify credit worthiness inmarkets without formal credit-scoring mechanisms. In 2020, we added a Stalkerware policy to address code within apps that collects personal or sensitive user data from a device and transmits the data to a third party. Our policy requires prominent disclosure andconsent for a narrow set of permissible uses and prohibits these apps for all other uses. Only apps designedand marketed for enterprise management or for parents to monitor their minors’ activities are allowed to Confidential and commercially sensitive; prepared for the European Commission | 96 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ have such functionality. Play prohibits apps used to track anyone else, even with their knowledge andpermission. Some of the main policy changes made relative to this theme included: ● Adding a new Health apps policy to introduce new requirements and disclosures for apps that meet the definition of Health apps and updating the policy to reflect current public health guidance. ● Expanding our Health Connect policy to improve safeguards to users’ sensitive health information and require developers to justify why an app needs access to health record data and explain how thisaccess will directly benefit the user.50 ● Introducing a new Photo and Video Permissions policy to reduce the number of apps permitted to request broad photo and video permissions. ● Updating our Manipulated Media policy to include audio as an additional example of a type of media covered under the policy. ● Introducing a Child Safety Standards policy requiring Social and Dating apps to follow specific child safety standards and self-certify compliance on Play Console before publishing. ● Emphasising to developers that all generative AI apps must comply with our policies and have in-app user reporting or flagging features that allow users to report or flag offensive content to developerswithout needing to exit the app. Developers should utilise user reports to inform content filtering andmoderation in their apps. We recognise that smaller developers may have fewer resources to help them understand our policies orkeep up with changes, so over the last three years we have expanded our education and support efforts. We now offer the Google Play Academy, where developers can take courses to better learn our platform, and PolicyBytes videos about policy updates. We stream global webinars throughout the year where we make major policy announcements, and we offer the Google Play Developer Help Community for developers to get advice from other expert developers. In addition to our internal security standards, we also work with our industry peers to set industry-wide best practices for a healthy app ecosystem. The App Defense Alliance, a partnership with fellow steering committee members Microsoft and Meta, launched new standards to help developers build more secure apps.51 Well-developed policies were a significant factor in lowering the content-specific residual risks on Play. Westrive to ensure these policies are constantly reexamined and updated, as well as binding for developers. Enforcing Policy Play uses a combination of human and automated evaluation to review apps and app content to detect andassess content which violates our policies and is harmful to users and the overall Play ecosystem. Using 51 How we kept the Google Play \& Android app ecosystems safe in 2024 50 The Latest from Google Play: Q1 2025 Confidential and commercially sensitive; prepared for the European Commission | 97 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ automated models helps us detect more potential violations and evaluate potential issues faster, whichhelps us better protect our users and developers. The policy-violating content is either removed by Play’sautomated models or by trained operators and analysts. The results of these manual reviews are then usedto help build training data to further improve our machine learning models. Our EU DSA Biannual VLOSE/VLOP Transparency Report discloses the human resources capacity evaluating Play content across the official EU Member State languages. If an app does violate any of our policies, we take appropriate, necessary, and proportionate action pursuant to our enforcement processes. These actions may include app rejection (for apps and app updates submitted for review prior to being made available on Play), app removal (for existing apps), appsuspension, limited visibility, limited regions, and account termination (for multiple suspensions or an egregious policy violation). Additionally, Play users can report an app policy violation and flag individual app reviews as inappropriate through a link on the Play listing. We offer an appeals mechanism for developers who believe there has been an enforcement error. In order to protect developers’ rights, when we deploy new policies on Play, developers generally have atleast 30 days from the announcement of the new policy to make changes to their apps, and longer if theupdates are likely to require significant technical changes. Because app removal can negatively impactusers and developers, in addition to giving time for compliance, we invest heavily in efforts to educatedevelopers about our policies and how to comply. Education lessens the need for enforcement and keepswell-intentioned developers and apps on Play. Enforcement of, and education about, our policies are keyaspects of Play’s moderation and user safety program that resulted in lower residual risks for much of ourassessment. Addressing Specific Content-Related Risks Specific content-related risks feature less prominently as inherent or residual risks for Play, since individualapps (rather than Play) have a greater determining role in creating and managing these risks. For example,social media apps are available on Play, but those apps are primarily responsible for enforcing their ownUGC policies. Play does face risks when it comes to UGC in the form of app reviews, such as efforts toinfluence the visibility of apps, either positively or negatively, with inauthentic reviews (known as “reviewbombing”). However, our efforts to address this risk, combined with the fact that users are often searchingfor a specific app, reduces the residual risks considerably. Preventing Review Bombing and Ensuring Rating and Review Integrity While Google cannot undertake content moderation for all in-app content of apps available on Play, wework to ensure the integrity of app, game, books, and movie reviews on Play. There are several ways that we work to moderate ratings and reviews. Both qualitative comments andquantitative ratings (i.e., one to five stars) are monitored, especially to detect coordinated campaigns toeither artificially boost or downgrade a listing’s rating. We deploy specialised algorithms to identify signalsthat may indicate coordinated attacks (e.g., duplicate or repeat reviews), which are then reviewed by Confidential and commercially sensitive; prepared for the European Commission | 98 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ humans. And as discussed earlier in this report, we are improving our systems’ ability to detect violativecontent across different languages.52 We also work to ensure app ratings present an accurate picture of the current user experience bycalculating ratings using a percentage of the most recent reviews, not the average of all the ratings, todetermine the overall rating for an app. This methodology protects against impact spikes that sham ratingscan have on an app’s rating and helps lead instead to more accurate ratings that reflect true user sentimenttowards app experiences. We believe that the work we do to root out sham ratings leads to a moretransparent app ecosystem, which ultimately supports the visibility and availability of a diversity ofviewpoints and content on our platform. The Play Reviews team enacted a process that temporarily pauses the ability for users to post reviewsduring sensitive events and times of conflict to allow more time for our systems and teams to detect,address, and enforce issues as they arise and help ensure correct enforcements at scale. Our EU DSA Biannual VLOSE/VLOP Transparency Report discloses the number of actions we took on Play, including advertisements presented on Play, segmented by type of illegal content or violation of terms andconditions. The most recent report (February 2025) demonstrates that spam and content that isinappropriate or unhelpful are the most common policy violations, accounting for over 95% of cases. Otherviolations (e.g., privacy and data protection, scams and fraud, illegal and harmful speech) are much lessprevalent. Over 99% of these actions were taken following automated detection. The report also disclosesthe number of complaints received from users located in EU Member States about content moderationdecisions and the outcome of these complaints. In addition, this year we introduced AI-generated app reviews and FAQs to provide a summary of user review highlights, helping users decide whether an app or game is right for them. This new AI-poweredfeature allows users to get important details at a glance and easily compare apps in similar categories,further enhancing user choice and transparency.53 Protecting Civic Discourse We conducted a comprehensive evaluation of systemic risks associated with civic discourse. Some inherentrisks relate to (1) the risk of apps providing deceptive information relating to elections, civic discourse, ordemocratic participation and (2) digital threats such as targeted account hijacking, phishing, and electioninterference. While significant mitigations are in place to address these inherent risks (described below),room for improvement with respect to these dynamic threats remains. We have made significant investments in addressing these risks through the introduction and enforcementof clear Play Policies. For example, we introduced minimum requirements that apps must meet prior to being classified in the News category, including transparency requirements about the source and ownership of in-app news 53 The Latest from Google Play: Q1 2025 52 See supra at Evaluating Content Across Languages for further discussion of how Play, and Google as a whole, are addressing thisidentified residual risk for Play. Confidential and commercially sensitive; prepared for the European Commission | 99 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ content, requirements applicable to news subscription services, and requirements regarding the use ofaffiliate marketing and ad revenue. To protect integrity in elections, our Deceptive Behaviour policy prohibits apps from making misleading claims or providing false information about the app, including demonstrably deceptive or false contentabout an app’s capabilities or functionality that may interfere with voting processes. For example, an appthat misleads voters into believing they can cast their vote through the app would violate these policies. Thepolicy additionally prohibits apps that promote or help create false or misleading images, video, and/or text,and requires apps that manipulate or alter media to prominently disclose or watermark the altered media. We found that app development and usage were the most relevant for the systemic risk assessmentbecause apps contain layers of their own hosted content, may collect user data, and are constantly beingupdated and evolving. However, the assessment also considered other types of content, such as books on Play. Our Publisher Content Policies for Google Play Books are specific to book publishers and set out what books publishers can and cannot distribute to users on the Play platform. These policies cover areas such ashate speech, child safety, misleading content, and copyright. Because of well-developed and enforcedpolicies in this area, we did not identify a significant residual systemic risk with respect to offerings on Playother than apps, such as books. Platform Design Knowing Developers and Protecting Users One of the many ways we keep Play a safe and trusted platform is by verifying the identity of developersand their payment information. This helps prevent the spread of malware, reduces fraud, and helps usersunderstand who’s behind the apps they’re installing. These mitigations help enable us to address the higherinherent risks arising from the wide availability of generative AI tools—such as the greater ease by whichbad actors can create fake apps and scams—to achieve lower levels of residual risk. In July 2023, we announced new verification requirements for anyone creating new Play developer accounts, and are now in the process of implementing these verification requirements with all existing Playdevelopers. These verification requirements were introduced to boost trust and transparency on Play (suchas preventing bad actors from distributing malware) and help ensure that developers comply with Play policies. This year we invested in new developer tools that help developers safeguard their apps and users from malicious attacks and unauthorised access.54 We also provide developers with anti-fraud guidance and our Google Play Academy to provide training to create safe and secure experiences while staying compliant with Google Play policies. Our revised list of verification requirements now include the use of D-U-N-S numbers, a unique nine-digit identifier that is widely used to verify businesses, alongside requirements such as legal name and address,email, and Google payment profile. In addition, developers with unverified bank accounts will have theirdeveloper presence and apps removed from Play. 54 Making the Play Integrity API faster, more resilient, and more private Confidential and commercially sensitive; prepared for the European Commission | 100 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ These and other investments enabled us to identify bad actors and fraud rings more effectively. During 2024 we banned 158,000 bad accounts from Play for violations like confirmed malware and repeated severe policy violations. We also prevented 2.36 million policy-violating apps from being published on Play, inpart thanks to our investment in new and improved security features, policy updates, and app reviewprocesses. Developers are able to appeal enforcement actions on Play apps, though our most recent EU DSA Biannual VLOSE/VLOP Transparency Report (February 2025) shows that less than 1% of all automated enforcement actions are reversed following a successful appeal submitted by EU developers. The verification methods differ between individual accounts and organisation accounts. In November 2023we introduced new app testing requirements for individual developers publishing new apps on Play, as wellas a review by Play before production. Called “Start on Play,” this requires individual developer accounts torun a closed test with a minimum of 20 testers for 14 days before an app can be distributed on Play. Thesenew requirements are intended to address the risk that new individual developer apps on Play may violatePlay policies. In early 2024, we rolled out a new “Government” badge in the Play Store to help identify official government-made apps. Completing the government declaration requirements also allows governmentapps to become eligible for official endorsement signified by a clear visual treatment on the Play store,provided further eligibility criteria are also verified. At launch, the label appeared on official state and federalgovernment apps in Australia, Brazil, Canada, France, Germany, India, Indonesia, Japan, Mexico, SouthKorea, United Kingdom, and the United States, with plans to grow over time. In January 2025, we introduced a new VPN badge system to help Google Play users find “verified” VPN apps. These badges were designed to highlight apps that prioritise user privacy and safety. To earn a VPN badge, we assess an app’s adherence to Play safety and security guidelines, and the app must successfully pass an independent Mobile Application Security Assessment (MASA) Level 2 validation.55 While our strategy is focused on knowing developers and preventing policy-violating apps from beingpublished in the first place, sometimes we have reason to take legal action against fraudsters with multiple egregious violations. For example, in 2024 we filed a lawsuit against two fraudsters who made multiple misrepresentations to upload fraudulent investment and crypto exchange apps on Play to scam usersglobally. This lawsuit is a critical step in holding these bad actors accountable and sending a clear messagethat we will aggressively pursue those who seek to take advantage of our users. Protecting Privacy Reflecting the fact that Play exists in the app ecosystem and offers apps in categories that are likely toinvolve the use of personal data (e.g., banking or government services) some of the highest inherent risksfor users who access content through Play relate to privacy. While we strive to maintain an open and accessible Play and maximise user choice, we also enforce safetystandards for apps through our developer policies, ensuring we provide a safer and more secureenvironment for app users than would exist without Play. These measures are typically sufficient to lower 55 Helping users find trusted apps on Google Play Confidential and commercially sensitive; prepared for the European Commission | 101 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ residual risk considerably, such as risks relating to the collection and use of sensitive personal data withoutconsent; however, the determined and constantly evolving nature of bad actors caused us to conclude thatsome elevated residual risk for phishing, malware, and malicious apps remains. An explanation of thiselevated residual risk and related Article 35 mitigations are below. Our developer policies create consistent safety standards for apps that appear on Play, and generally giveusers additional transparency and control over their personal data. These policies include heightened protections for personal and sensitive user data, which prohibit developers from selling personal and sensitive user data, and require developers to limit the access, collection, use, and sharing of personal andsensitive user data acquired through the app to purposes reasonably expected by the user. We maintain data deletion requirements that require developers to delete associated data when they receive an account deletion request unless the user indicates they want their data preserved or certain other exceptions apply. We also offer a “Data safety section” for apps. The Data safety section provides developers with a transparent way to show users if and how they collect, share, and protect user data, before users install anapp. Developers are required to tell us about their apps’ privacy and security practices by completing a formin Google Play Console. After a developer completes and submits the Data safety form, Play runs automaticchecks on key elements of the information provided as part of the app review process. This information is then shown on the app’s store listing on Google Play. We cannot wholly know what data a developer collects and shares and so compliance remains the responsibility of the developer; however, if we becomeaware of a discrepancy between app behaviour and this declaration, we may take appropriate action,including enforcement action. With strengthened platform protections and policies, and developeroutreach and education, we prevent submitted apps from unnecessarily accessing sensitive permissions. Apps that are deceptive, malicious, or intended to abuse or misuse any network, device, or personal dataare strictly prohibited. You can read more about our approach to topics such as user data, permissions, misrepresentation, and deceptive behaviour in Privacy, Deception and Device Abuse. However, motivated bad actors are constantly evolving their tactics to circumvent known protections on Play, so we assessedthis as having some medium levels of residual risk remaining. In recognition of this challenge, during theassessment period Play established new verification requirements and pre-publication reviews (describedabove) that help address this risk. Other privacy concerns relate to the use of software developer kits (SDKs). App developers often rely onthird-party code, or SDKs, to integrate key functionality and services for their apps. We are clear withdevelopers that our existing privacy and security requirements apply in the SDK context and are designed to help developers safely and securely integrate SDKs into their apps. In 2022, we launched the Google Play SDK Index to help developers evaluate an SDK’s reliability and safety and make informed decisions about whether an SDK is right for their business and their users. You can read more about our approach in SDK Requirements. During the assessment period we partnered with certain SDK providers to limit sensitive data access and sharing, adding 80 SDKs to the Google Play SDK Index in 2024, and preventing 1.3 million apps fromaccessing sensitive user data.56 We worked closely with SDK and app developers to address potential SDK 56 How we kept the Google Play \& Android app ecosystems safe in 2024 Confidential and commercially sensitive; prepared for the European Commission | 102 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ security and privacy issues to help build safer and more secure apps for Google Play. This valuable resourcehelps developers make better SDK choices, boost app quality, and minimise integration risks. This year, we also launched Play Policy Insights, a new way to inform developers of potential issues and policy requirements before they submit an app to the Play store. These insights at the pre-submission stagehelp developers mitigate unexpected delays and disruptions to the launch plan.57 We believe these policies are investments to protect our users and help developers meet consistentstandards. When it becomes apparent that a developer is not meeting our established requirements forprivacy and user safety, we take action to remove offending apps or developers from Play. We haveprevented policy-violating apps that were submitted for publishing from appearing on Play with improvedsecurity features and policy enhancements. Protecting Minors’ Rights The systemic risk assessment reviewed several risks relating to child rights, and found the highest inherentrisks to include the risk that minors under a defined minimum age may access services that they should notbe able to, that minors’ data may be used for ads targeting, that apps may not function equitably for minorsof varied learning styles, and that apps primarily directed at minors may not be of an adequate qualityacross languages, markets, and age groups. However, the systemic risk assessment concluded that the combination of platform and service designmeasures and policies that Play has in place are reasonable, proportionate, and effective mitigationmeasures. The assessment reinforces our view that we provide a safer and more secure environment forapp users than would exist without Play. Several important features of Play address child safety risks on the platform: Maintaining Additional Policies for Minors We have additional requirements for apps that are targeted at children under the age of 13. Before an app ispublished on Play, the developer must certify whether children under the age of 13 are part of the target audience and, if so, the app must comply with the Google Play Families Policies (in addition to the standard Play Developer Program Policies). While developers generally are in the best position to identify the correctaudience for their apps, in some instances, we may disagree with a developer’s stated age designations andredesignate the app. The Play Families Policies establish heightened obligations for developers regarding age-appropriatecontent, data practices (e.g., not making use of precise location data and no personalised ads for usersknown to be under 18), and social app features. Apps subject to these policies must also disclose in greaterdetail how they use the user data they collect. A dedicated enforcement workstream that uses bothautomated protections and human reviewers enforces the Google Play Families Policies. 57 Smoother app reviews with Play Policy Insights beta in Android Studio Confidential and commercially sensitive; prepared for the European Commission | 103 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Providing a Teacher-Approved Program Play makes it easy for families to find quality content for minors. Play’s Teacher Approved program is aquality review program for apps that specifically target children under the age of 13. It collects ratings fromteachers, minors’ education specialists, and media specialists, who rate and approve apps based on a rangeof quality criteria (i.e., whether apps are fun and inspiring, age-appropriate, and thoughtfully designed).Approved apps are included in Play’s Kids Tab, along with a description of their quality attributes, to helpfamilies easily review the apps and make informed choices for their minors. The program provides an additional layer of review, insight, and quality control on top of the Google PlayFamilies Policies. Obtaining Age Assurance Users can view Play on the web without being signed into a Google Account, but must sign in to download,purchase, or install content on Play, whether on the web or on the mobile store. Adult content is notavailable in a signed-out state and is blocked for signed-in users under the age of 18. As described furtherabove, Google utilises age assurance technology, along with a neutral age-screen in the Google Accountsign up process, to help determine which recipients are likely under the age of 18. Recipients identified aslikely being under 18 are subject to heightened privacy, content, and safety protections. To reduce theburden on our recipients and in accordance with data minimisation principles, these processes are carriedout at the Google Account level, so that the results can then be used in connection with all Google services,such as on Play. As a part of age assurance during Google Account sign up, if a user is under 13 (or the minimum age in theircountry) then a parent, guardian, or caregiver’s consent is needed to continue to sign up for or use theGoogle Account. When a child reaches their country’s minimum age to manage their own Google Account, the child can choose to continue their current parental supervision settings or manage their own account. Family Link facilitates a range of parental controls on Play for supervised Google Accounts, including purchase controls, approving or blocking apps, and filtering content based on content ratings. To help keep kids safe in app stores, this year we outlined a series of legislative proposals that offer solutions for data minimisation, age assurance, parental controls, and bans on personalised ads for usersunder 18 years of age.58 Enforcing Content Ratings and Content Restrictions We incorporate official content ratings from the International Age Rating Coalition (IARC) into Play ratings.The IARC is administered by a group of participating regional ratings agencies. IARC ratings are designed tohelp developers communicate locally relevant content ratings to recipients. Ratings are assigned by aregional authority based on a rating questionnaire completed by the developer and displayed in each app’slisting page on Play. IARC ratings may be updated when developers make changes to their app’s content orfeatures that affect issues in the IARC questionnaire. 58 Google’s legislative proposal for keeping kids safe online Confidential and commercially sensitive; prepared for the European Commission | 104 Google Play | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ IARC ratings are used to aid parental controls and to restrict access by recipients under the age of 18 tomature-rated content where legally required. For supervised Google Accounts, parents can filter or blockcontent based on IARC ratings (i.e., limit their child to seeing content rated PEGI 16 or below). Unrated appsare treated as high-maturity apps for the purpose of parental controls until they receive a rating. Play blocks the purchase or download of mature-rated content in the EU, unless we have signals providingsufficient confidence that the recipient is an adult. In some circumstances, we require users to provideadditional verification (e.g., by providing evidence of a government ID or credit card) of their age. We mightrequire such verification if a user is trying to access mature-rated content or services, and we cannototherwise establish with sufficient certainty that they are an adult, or if our model has classified the user asunder 18 but the user wishes to verify eligibility to access such content. We launched the “Restrict Declared Minors” feature to help Play developers ensure that their apps reach age-appropriate audiences. Developers can toggle a block that prevents minors from downloading orpurchasing an app, continuing a subscription, or making new purchases on an app that is already installed.59 59 The Latest from Google Play: Q4 2024 Confidential and commercially sensitive; prepared for the European Commission | 105 Google Shopping | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ Shopping Description of Service and Associated Risk Profile Google Shopping helps users discover and learn about the products they are interested in, whether from abig-box retailer, direct-to-consumer brands, or the local store. Users use Shopping to search for productsand compare prices between different merchants. They then buy products directly from the merchant onthe merchant’s website or at their physical store, not on Google. Our mission is to democratisee-commerce by supporting an open network of retailers and shoppers, help businesses get discovered, andgive users more options when they are looking to buy. Shopping uses a variety of factors to determine which products are displayed in search results, including aproduct’s price, availability, and relevance to the user’s query. Users can filter Shopping results by price,brand, and other criteria. Merchants use the Merchant Center to manage their product data for Shopping and either use free product listings or ads to promote their products. All ads are clearly marked as “Sponsored” or “Ad.” Our Shopping Graph is a dynamic, AI-enhanced, and real-time dataset of product listings, sellers, brands, reviews, product information, and inventory. Listings are updated constantly based on information retailersshare directly via Google Merchant Center or from what retailers and brands post across the web. TheShopping Graph makes those sessions more helpful by sorting through a vast set of products to connectpeople with around 50 billion listings globally across the web. Every hour more than 2 billion of thoseproduct listings are refreshed on Shopping. Shopping is used by over 8 million average monthly users in theEU.60 In addition to the content promoted by merchants, Shopping includes user-generated content in the formof product and merchant reviews and ratings. Google collects some reviews and ratings directly through Google Customer Reviews, a free program that merchants enable to allow Google to collect feedback on their behalf. Shopping also features reviews and ratings collected using a merchant’s own UGC service or athird party service working in a software as a service model (e.g., Yotpo, Avis Vérifiés). You can read more in How Shopping Works, How Merchant Center Works, and Shopping Graph. 60 Average monthly counts based on distinct signed-in accounts of recipients (August 18, 2025) Confidential and commercially sensitive; prepared for the European Commission | 106 Google Shopping | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Systemic Risk Assessment Results and AssociatedObservations We assessed 39 different risk statements61 for inherent risk (i.e., risk absent any action taken by Google),preparedness (i.e., the cumulative measures currently in place to mitigate the risk), and residual risk (i.e., riskafter mitigation by Google). Residual risk serves as a guide for where further investment may be warranted. The full list of risk statements is found in Annex A to this report. This systemic risk assessment surfaced important themes relating to the inherent and residual risk. BecauseShopping operates on limited types of content that are directly related to products available on Shopping,many of the risks covered by the systemic risk assessment have a lower likelihood of appearing. However, risks relating to privacy, the freedom to conduct a business62, consumer protection63, andintellectual property64 feature more prominently given the role of Shopping in presenting and raising thevisibility of products sold by merchants. For these themes the systemic risk assessment identified severalareas of important inherent risk that are being appropriately addressed, as seen through high preparednessevaluations, resulting in much lower levels of residual risk. In the following two sections we consider the risks and mitigations relating to illegal and policy violatingcontent (“Content Moderation”) and the design and functioning of Shopping (“Service Design”), though inpractice there are several interactions and relationships between the two. Taken together, these two sections address the four broad categories of systemic risks articulated in Article34(1) of the DSA and the specific manifestations of those systemic risks that we evaluate. This reportemphasises those risks for which the assessment showed elevated inherent or residual risk, and describesShopping’s current risk mitigation practices as well as improvements consistent with Article 35 of the DSA.We continue to invest in efforts to reduce residual risk, but did not identify any significant modifications toinherent or residual risk between the 2024 and 2025 systemic risk assessments. 2025 Highlights ● Enhanced methods of reviewing and verifying signals related to merchant identity to further reduce misrepresentation. ● Updated Shopping’s Dangerous Products policy to explicitly restrict promotion of pill presses, encapsulating machines and related components used for compacting or filling powders, granules or other materials into tablets or capsules. 64 Article 17 of the EU Charter: Right to Property. 63 Article 38 of the EU Charter: Consumer Protection. 62 Article 16 of the EU Charter: Freedom to Conduct Business. 61 See Methodology Step One: Classification. Confidential and commercially sensitive; prepared for the European Commission | 107 Google Shopping | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Content Moderation Removing Illegal Content Identifying and Blocking Illegal Products and Services One risk associated with Shopping is that merchants may promote or attempt to sell illegal products andservices through Shopping. Here, we assessed that determined bad actors seeking to use Shoppingservices for the sale of illegal products or services constitute higher levels of inherent risk, but our effective mitigations result in much lower levels of residual risk. For example, our EU DSA Biannual VLOSE/VLOP Transparency Report discloses that we take action on cases relating to animal welfare, healthcare and medicine, and other unsafe or illegal products millions of times per year. Shopping has a robust set of policies that prohibit the sale of illegal products and services, including those relating to gambling, abuse of the network, local legal requirements and safety standards, dishonest behaviour, and healthcare and medicines. Prohibiting and Detecting Violations of Intellectual Property Rights Shopping maintains policies that address the sale of goods that infringe on the intellectual property rights of others, such as our counterfeit, trademark, and copyright policies. Shopping prohibits the sale or promotion of counterfeit products. Malicious actors may attempt to leverageShopping to disseminate counterfeit goods, but our robust reactive and proactive enforcement schememeans Shopping is well prepared to address this risk, resulting in low residual risk. Shopping uses well-established proactive detection measures for counterfeit violations, which includetechniques like keyword matching and detection of signals that may indicate merchants are promotingtrending products with unrealistically low prices. Additionally, trademark owners can report merchants offering counterfeit goods in a dedicated reportingchannel. Where a merchant is identified as promoting counterfeit goods, its Merchant Center account istypically suspended. Trademark owners can also report Shopping content that uses their trademarks in a way that is likely tocause confusion about the origin of a product. Our teams review each notice carefully, including confirmingthat the reporter has valid trademark rights. Where the notice is complete and we determine that thecontent violates our trademark policies, we remove the content from Shopping. We provide a simple and efficient mechanism for copyright owners from countries/regions around theworld. To initiate the takedown process, a copyright owner who believes content is infringing sends us atakedown notice for that allegedly infringing material. When we receive a valid takedown notice, our teamscarefully review it for completeness and check for other problems. If the notice is complete and we find noother issues, we remove the content from our services. Confidential and commercially sensitive; prepared for the European Commission | 108 Google Shopping | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Addressing Content that Violates our Policies Maintaining Google Shopping Policies We have two categories of policies—Free Listings Policies and Shopping Ads Policies—that outline what is and is not permitted on Shopping, including for product listings pulled from what retailers and brands poston their websites. The Free Listings Policies and Shopping Ads Policies prohibit content that is harmful to customers or theoverall shopping and advertising ecosystem. Both sets of policies cover four broad areas: 1. Prohibited content, meaning content that is not allowed to be listed, such as counterfeit products,dangerous products, and inappropriate content; 2. Prohibited practices, meaning things merchants cannot do if they want to list products, such asmisrepresentation of content; 3. Restricted content that can be listed with limitations or in certain locations only, such asadult-oriented content, alcoholic beverages, and healthcare-oriented content; and 4. Editorial and technical content, meaning website standards, such as irresponsible data collection anduse. In addition, Shopping enables users to report listings and ads that violate policies and/or contain illegal content, and enables brand and trademark owners to report merchants misusing their brand or trademark. A dedicated team reviews and actions these incoming complaints. Maintaining Guardrails for User-Contributed Content User-contributed product and seller reviews are intended to enhance the user experience by helping usersdiscover and select products and online sellers on the basis of opinions and feedback from other customers. We have developed user-contributed content policies and product rating policies covering content such as hateful content, misrepresentation, and fake reviews to help ensure everyone who viewsuser-generated content has a positive experience. An automated system processes reviews before they show up on Google to remove spammy orinappropriate language, and we may also take down reviews that are flagged to us, in order to comply withlegal obligations. After a review is published, it will not be modified or updated by Google, and we will not contact reviewersor ask reviewers to update what they wrote.65 However, we may take down reviews that are flagged to us, inorder to comply with legal obligations. 65 Google Shopping has collected some reviews from the EU via the Google Customer Reviews program, and in this case users are ableto delete their own reviews. Confidential and commercially sensitive; prepared for the European Commission | 109 Google Shopping | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Google also enables users to report user reviews that may violate the law and to provide feedback on userreviews to improve the user experience. We are in the process of introducing additional reportingfunctionality to allow users to report policy-violating content as well. Preventing Unfair Commercial Practices We strive to create a healthy digital shopping ecosystem that is trustworthy and transparent. Customersshould feel confident about the offers they are browsing and the businesses they are purchasing from.Unfair commercial practices—such as scams or representing products inaccurately—pose an inherent riskto the overall ecosystem. Shopping’s policy enforcement processes significantly address this risk, resultingin low levels of residual risk. For example, our policy on misrepresentation requires merchants to be upfront, honest, and provide users with the information that they need to make informed decisions. We disallow promotions that representproducts in ways that are not accurate, realistic, and truthful. In addition, merchants are encouraged to takepart in user-generated content programs to help shoppers review “real world” feedback (from Google andexternal sources) about product and merchant quality. Our policy on counterfeit products prohibits the listing of products that contain a trademark or logo that is identical to or substantially indistinguishable from the trademark or logo of another product. We rely on acombination of proactive and reactive enforcement techniques to prevent products that are inauthenticfrom being surfaced in Shopping listings. Our abuse of the network policy bans malicious content, sites that offer little unique value to users and are focused primarily on traffic generation, retailers who attempt to gain an unfair advantage in Shoppingcampaigns, and retailers who attempt to bypass our review processes. We also maintain a list of certainkinds of businesses with products prone to abuse. This list informs prioritisation in risk management and isregularly updated based on Google reviews, feedback from users, regulators, and consumer protectionauthorities. Preventing Fraudulent Business Information We assessed the risk that misleading or fraudulent content about a business, such as fake reviews, arediscoverable on Shopping. For some time, we have been using signals such as IP location, social mediapresence, and third party consumer research sources to mitigate these risks. In addition, over the past twoyears we have introduced several new mitigations, such as reviewing and verifying merchantidentity-related signals, including VAT information and in some cases requiring explicit identity verification. Regarding fake reviews, Shopping has automated content checks that focus on content quality, and weemploy intermittent analyses aimed at identifying anomalous review contributions. We run these checksboth on an individual level (a specific merchant) and on the review source level (a review aggregator).Examples of what we might investigate further include elevated levels of 1-star or 5-star reviews or anunusual number of reviews provided by a single user or for a specific entity. We also deploy teams of trainedoperators and analysts who audit reviews and ratings. Confidential and commercially sensitive; prepared for the European Commission | 110 Google Shopping | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Service Design Respecting Privacy The use of sensitive data in eCommerce (such as credit card numbers, user names, and passwords) resultsin critical inherent risks relating to data collection and use, and data sharing. There are two dimensions toprivacy risk and mitigation on Shopping: the privacy practices of merchants, and our own privacy practices. We do not process payments and are not involved in shipping products, so we do not collect sensitivepayment data (e.g., credit cards) or pass it onto merchants, nor do we control the actions of merchants and retailers. However, we do set high expectations for merchant and retailer data collection and use on their websites, and prohibit unsafe collection or use of personal information, and misuse of personal information.Under this policy, merchants may not collect data for unclear purposes, use personal information in wayscustomers have not consented to (e.g., re-selling users’ contact information), or without appropriatesecurity measures in place (e.g., not obtaining certain data over non-secure SSL server connections). We have also established checkout requirements covering aspects such as accurate pricing, user information, and language use. Where our privacy practices are concerned, storage of signed-in user data by Google is controlled by Web \& App Activity and the collection and use of data is controlled by the Google Privacy Policy. To block specific advertisers or opt into personalised ads, users can visit My Ad Center. Shopping ranks product listings based on relevance to a user’s search terms and–where appropriate user controls areenabled–other Google activity. Vetting Merchants Reviews of both merchants and products are an important component of Shopping’s protections forusers.66 These reviews use a combination of automated and/or human evaluation to ensure compliance withour policies, with the more complex, nuanced, or severe cases often reviewed by specially trained experts. Thanks to the Shopping Graph, our dataset of the world’s products and sellers, our automated systems can quickly review whether a business is legitimate, whether the products shoppers see are accurate, andwhether merchant content follows our policies. This automated vetting process has helped us moreefficiently and accurately review a massive amount of merchants and products. Shopping’s automated detection systems are always monitoring for violating activity. Some examples ofautomated content moderation processes include: ● policy checks for harmful, regulated, or illegal content (e.g., weapons, recreational and prescriptiondrugs, tobacco products); ● product image checks for policy violations such as graphic overlays or nudity; ● product data quality checks; ● landing page checks; and 66 Google Shopping does not physically inspect products. Product review is limited to a review of virtual signals that may indicateviolations of our policies. Confidential and commercially sensitive; prepared for the European Commission | 111 Google Shopping | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ ● checks for recalled products such as those listed in the Rapid Exchange of Information System(RAPEX) or Organization for Economic Co-operation and Development (OECD) public databases. Sometimes we make mistakes in our decisions when vetting merchants and enforcing our policies, whichmay result in the unwarranted removal of products or accounts from our services. For this reason, we haveenhanced our appeals process by (1) creating an appeals path for content removed based on counterfeitcomplaints, (2) creating appeals paths for all content removals, and (3) enabling merchants suspected offraudulent activities to submit their EU VAT ID as an additional data option during appeal, which increaseslikelihood of successful account reevaluation. Monitoring Merchants and Listings Our safety efforts do not stop once a product listing goes live. Our automated systems are alwaysmonitoring for violating activity, and our team of human reviewers is on standby to review issues that mightneed a more nuanced perspective, such as a sudden drop in prices, a significant shift in product mix, or achange in business information. After they are onboarded, we review merchants and their listings, makingsure nothing has suspiciously changed since they first came to Google. We take different types of actionswhen we see odd behaviour, such as removing listings that violate our policies or suspending a merchant’sMerchant Center account. In most cases (all except sanctioned accounts), these actions can be appealedby the merchant. Our EU DSA Biannual VLOSE/VLOP Transparency Report discloses the number of actions we took on Shopping (including unpaid content and advertisements), by type of illegal content or violation of terms andconditions. The most recent report (February 2025) demonstrates that aside from technical violations (suchas data defects, which account for more than 93% of cases), the most common violations are in the areas ofsexualised content, unsafe/illegal products and services, healthcare and medicine, animal welfare, andscams/fraud. Other violations (e.g., hate speech, public security, protection of minors, negative effects oncivic discourse) are much less prevalent. Over 99.9% of these actions were taken following automateddetection. Furthermore, the majority of the actions that Google Shopping takes on such content happenbefore the content is shown publicly. The report also discloses the number of complaints received from users located in EU Member States aboutcontent moderation decisions and the outcome of these complaints. During the reporting period, <0.07% ofall automated content moderation actions on Shopping were appealed by content or account owners basedin the EU and consequently <0.05% of all original content moderation actions were overturned. Of therelatively few original content moderations that were appealed and subsequently closed within thereporting period, 74% were overturned. To strengthen Google’s ability to identify bad actors, there has been significant partnership and investmentwith the Global Anti-Scams Alliance (GASA) and the Global Signal Exchange (GSE) is an important part ofGoogle’s strategy to protect the entire ecosystem. The GSE is a global, multi-stakeholder, cross-sectorclearinghouse for bad actor signals. It was launched in October 2024 by Google, GASA, and the DNSResearch Foundation (DNSRF). As of August 2025, Google has shared over seven million signals andingested close to 16 million signals via the program. Google considers the GSE to be a strategic solution foringestion and sharing of bad actors signals and will continue to invest in growing its footprint. Confidential and commercially sensitive; prepared for the European Commission | 112 Google Shopping | Systemic Risk Assessment Results and Associated Observations \________________________________________________________________________________________________________________________________________________________________ Protecting Minors’ Rights Shopping leverages measures applied to all Google services for age assurance for signed-in (includingcentralised Google Account solutions) and signed-out recipients. In addition, Google ensures that adult and non-family safe ads on Shopping are restricted from minors and recipients for whom we do not have an inferred or declared age. When we have insufficient signals toindicate that a user is an adult, we err on the side of turning on minors’ protections by default because ofthe critical importance of protecting minors. In this Shopping context, this makes sure that by default theycannot access products which may not be safe for their age. Lastly, Google has a suite of automated and manual processes aimed at scalably identifying and preventingcontent that depicts harm to minors, such as CSAM. For product images that we get from merchantsdirectly we use automated tools and human reviews to identify and block instances of CSAM. Due to theway in which we source user reviews (directly from merchants and from third-party aggregators), Google expects those third parties hosting the content to moderate it before it reaches our service; however, we still run our own protections for images and remove and report any CSAM we find on our service. Confidential and commercially sensitive; prepared for the European Commission | 113 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ YouTube Description of Service and Associated Risk Profile YouTube’s mission is to give everyone a voice and show them the world. We believe that everyone deservesto have a voice, and that the world is a better place when we listen, share, and build community through ourstories. From music to education, from comedy to news, YouTube touches every corner of society, offeringaccess to information in the video format to anyone with an internet connection. The internet is a force forcreativity, learning, and access to information, and supporting the free flow of ideas has always been andremains at the heart of YouTube’s video-first mission. YouTube allows users to watch, upload, and share videos. YouTube is available to all EU users free of charge,and users can opt to pay for a premium subscription that removes paid ads and offers other features. Bothare covered in this systemic risk assessment. YouTube’s focus on voice, stories, and community means that the service potentially impacts a wide rangeof rights afforded by the EU Charter, such as freedom of expression and information, media pluralism,freedom of the arts and sciences, freedom to conduct a business, as well as broad civic participation rights. We strive to make YouTube as open as possible and empower users to easily access, create, and shareinformation. In addition to providing a service for users to express their creativity and ideas, we are animportant source of economic opportunity for creators, with whom we share revenue from ads that areserved on their video content. Yet, as with all open internet services, there are inherent challenges and risksthat arise that we must also address, including those from users who upload violent or dangerous content,sensitive and graphic content, and misleading information. Bad actors actively seek to exploit open serviceslike YouTube for their own nefarious purposes, even as we continue to invest in robust systems designed tostop and deter them. Over the years, we have worked tirelessly to develop policies and products that protect the YouTubecommunity. As reflected in our Community Guidelines (policies broadly covering spam and deceptivepractices, violent or dangerous content, misleading information, sensitive content, and regulated goods)and Legal Removals processes (procedures to ensure we comply with legitimate user and governmentrequests to remove illegal content), YouTube is committed to keeping the service safe, for our users,advertisers, and society at large, while balancing open and free creative expression across the service.Beyond removing harmful content, we also leverage our recommendations systems and monetisation toolsto promote a healthier ecosystem that meets user needs by connecting them to what they want to watch,helps users navigate information online, and elevates high-quality voices. YouTube’s prominent role as an online video-sharing service means that we naturally have a responsibility toprotect the service from harmful content that may be uploaded, as well as other abuses of the service.YouTube’s business model only works when our viewers, creators, and advertisers have confidence that weare maintaining a level of quality that maximises user value, enables advertiser success, and allows creatorsto thrive. In other words, maintaining a healthy ecosystem is a business imperative: viewers do not want to Confidential and commercially sensitive; prepared for the European Commission | 114 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ see harmful content, advertisers do not want to be associated with it, and creators and YouTube depend oneach other to attract users and advertisers alike. Confidential and commercially sensitive; prepared for the European Commission | 115 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ Systemic Risk Assessment Results and AssociatedObservations We assessed 39 different risk statements for inherent risks (i.e., risk absent any action taken by YouTube),preparedness (i.e., the cumulative measures currently in place to mitigate the risk), and residual risks (i.e.,risk after mitigation by YouTube). Residual risk serves as a guide for where further research or new strategies may be warranted. The full list of risk statements is found in Annex A to this report. At a high level, the sorts of risks addressed in this report can be divided into two sets: risks posed by thepresence of a particular type of illegal or policy-violating content, and risks posed to users based on thedesign and functioning of a service. Thought of another way, some risks are mitigated by processes forreporting illegal content and by enforcing YouTube’s policies, and others are mitigated by changing thedesign or functioning of the service or the way users interact with the service (i.e., service design). Important inherent risks identified in this assessment include risks associated with the presence of illegal orpotentially harmful content, which we address via content moderation. Our investments enable us toachieve much lower levels of residual risk; however, given the complexity of balancing YouTube’s mission ofgiving everyone a voice, while addressing harmful content, elevated levels of residual risk remain in relationto misleading information, civic discourse, harassment and bullying, and public health. Other notable inherent risks are associated with the design and functioning of a service, such as privacy,security, and minors’ rights. Below we explain the service design choices that significantly lower residualrisks related to the way YouTube functions, such as privacy and security measures as well as protections forminors on YouTube. However, while we have made significant investments in the safety of our youngerusers, such as preventing access to age-inappropriate content and introducing new controls for families,the state of research regarding causes of potential overuse remains unsettled, and we assessed elevatedlevels of residual risk related to problematic internet use as a result. The structure below follows this division. We first address content moderation on YouTube, explainingYouTube’s legal reporting process as well as its content policy development, enforcement, and themeasures, like the Violative View Rate (VVR), which we use to gauge the efficacy of our moderationpractices. The second section explains service design choices, which address risks related to the wayYouTube functions, such as privacy risks or protections for minors using YouTube. Most of the systemic risks addressed in Article 34(1) of the DSA are related to fundamental rights, which areindivisible and interdependent. Because these rights (and associated risks) are interrelated, the practicesYouTube employs to ensure users’ rights frequently address more than one, or many, rights and risksarticulated in Article 34(1) of the DSA. With this in mind, we have gathered together specific manifestationsof systemic risks into groups that allow for efficient explanation of YouTube’s existing mitigating practices,as well as improvements consistent with Article 35 of the DSA. We highlight where changes in the externalcontext or improvements to our mitigation measures change inherent or residual risk estimations betweenthe 2024 and 2025 systemic risk assessments. YouTube’s overall risk profile has remained relatively stable. Confidential and commercially sensitive; prepared for the European Commission | 116 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ 2025 Highlights ● New Family Center hub to link accounts of parents and teens into one collaborative space and offer parents supervision tools and safety resources ● Raised the minimum age required to livestream from 13 to 16 years old ● Improved AI safety and transparency features including watermarks for videos generated by Google DeepMind and developing likeness management technology ● Continued misleading information policies where content could pose a serious risk of egregious harm ● Revised gambling policy to include a stricter stance on content facilitating access to uncertified gambling sites, content promising guaranteed returns, and age restrictions on gambling content ● Improved appeals experience, with channel appeals now available on more surfaces ● Improved violent or graphic content policies to bring existing policies into closer alignment with TV and film industry standards for mature content Content Moderation Removing Illegal Content YouTube is one of the world’s largest open video-sharing services. It is not surprising that bad actors workto upload content that may be illegal on YouTube in violation of our express prohibitions (such as child sexualabuse material, terrorist and violent extremist content, hate speech, and non-consensual intimate images).This is why illegal content is one of our most critical inherent risks, and the reason we invest significantly toaddress the same—both alone and in collaboration with others, as described below. Similarly to our 2024assessment, these investments and partnerships have resulted in low estimates for illegal content residualrisks. As discussed previously in this report, YouTube, and Google more broadly, have a robust process forevaluating government requests to remove content.67 But in the absence of an order to remove content or avalid complaint from a rightsholder (as in the case of content infringing on intellectual property rights),YouTube enforces its Community Guidelines. There is extensive overlap between content prohibited by our 67 For more information on how YouTube and Google respond to government requests to remove content, see supra at HandlingGovernment Removal Requests. Confidential and commercially sensitive; prepared for the European Commission | 117 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ Community Guidelines and content that is illegal, meaning that our enforcement efforts work to mitigatethe risks of both illegal and policy-violative content. Two Examples: Terrorist or Violent Extremist Content and Child Sexual Abuse Material (CSAM) Terrorist or violent extremist content and CSAM are examples of the overlap between illegal andpolicy-violative content. Enforcement efforts in both areas make use of signal sharing and hash matching(i.e., digital fingerprinting) to identify potentially violative content. Although CSAM is always illegal, the legalstatus of violent and extremist content varies widely according to context (based on the jurisdiction and theway the content is presented, as in the case of a documentary). Identifying and Removing Violent Extremist Content Content that violates our policies against terrorist and violent extremist content includes material producedby designated terrorist organisations, content glorifying violent acts carried out by designated terroristorganisations, and recruiting or fundraising on behalf of extremist groups. YouTube also prohibits violent orgory content intended to shock or disgust viewers, or content encouraging others to commit violent acts. YouTube is committed to identifying and removing content that promotes terrorism or violent extremism onour service. Over the years, we have heavily invested in human review and machine learning technology thathelps us quickly detect, review, and remove this content. Content that is removed is also used to improveour automated detection tools for better coverage in the future. In the rare cases users do see a video theybelieve is violative of our policies, we provide users with the option to flag, including for videos that“promote terrorism.” We’re also a founding member of the Global Internet Forum to Counter Terrorism (GIFCT), where we workwith other tech companies to keep terrorist and violent extremist content off the web and train and provideresources to smaller companies. In 2016 we created a hash-sharing database with industry partners wherewe share hashes (a type of “digital fingerprint”) of terrorist content to inhibit its further spread. Today, this shared database is formally operated by GIFCT, which consists of 36 member companies (and growing), and the hash-sharing database contains 2.2 million hashes corresponding to hundreds of thousands of distinct images, videos, and textual items. This industry-wide collaboration helps address the systemic riskthat illegal terrorist and violent extremist content spreads across services and supports smaller companiesfacing similar challenges. YouTube also uses these hashes for its own detection purposes and to testpertinent policies. Whether violent extremist content is first detected by our own automated detection systems, by a GIFCThash, or by a user flag, these moderation decisions are fed back into our machine learning technology toimprove future detection. Detecting, Removing, and Reporting CSAM Similarly, we have heavily invested in engineering resources to detect CSAM in ways that are precise andeffective, and have long used this technology to prevent the distribution of known CSAM videos onYouTube. This is an area where Google as a whole has been an industry leader, and this report previouslyaddressed other company-wide efforts to combat the distribution of child sexual abuse material.68 We have 68 See supra Detecting, Removing, and Reporting CSAM. Confidential and commercially sensitive; prepared for the European Commission | 118 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ always had clear policies prohibiting content on YouTube that sexualises or exploits minors. We use machinelearning systems to proactively detect and enforce violations of these policies and also have humanreviewers around the world who quickly remove violations detected by our systems or flagged by users andour priority flaggers. While some content featuring minors may not violate our policies, we recognise that the minors could be atrisk of online or offline exploitation. This is why we take an aggressive approach when enforcing thesepolicies, including for a feature like comments (i.e., a minor and ancillary feature pursuant to Recital 13 of theDSA). Our automated systems help to proactively identify videos that may put minors at risk and apply ourprotections at scale, such as restricting live features, disabling comments, and limiting videorecommendations for videos featuring minors. Our proprietary CSAI Match technology,69 which we licence to several other technology companies free of charge, allows us to detect known CSAM images and videos. In cases where a video contains CSAM or auser solicits CSAM through comments or other communications, our team reports it to the National Centerfor Missing and Exploited Children (NCMEC), who then liaise with global law enforcement agencies such asInterpol and Europol. Once we have identified a video as illegal and reported it to NCMEC, the content is hashed (given a “digitalfingerprint”) and used to detect matching content. This hashing and scanning technology is highly precise atdetecting known CSAM and enables us to detect illegal content more quickly. We maintain a database ofknown CSAM hashes and any content that is matched against this list is removed and reported to NCMEC. Prohibiting and Detecting Infringement of Intellectual Property Rights While losses due to copyright infringement can be serious, the risk of intellectual property (IP) infringementproduced only elevated levels of inherent risk because of the relatively small number of users that areprimarily affected, and because the related harms are not as difficult to remediate as, for example, seriousphysical harm or harms to vulnerable populations. Additionally, considering the suite of options protectingboth institutional and individual rightsholders—such as the copyright webform, Copyright Match Tool, andContent ID, which are explained in more detail below—our assessment produced high preparedness ratingsfor our industry-leading protection tools. All rightsholders have access to the YouTube copyright removal request webform, which is a streamlinedand efficient way to submit copyright removal requests, and is available in more than 80 languages. It isdesigned for infrequent use by creators who hold few copyrights and rarely find their content on YouTube.For the vast majority of rightsholders, the webform is the only tool they need. Nevertheless, creators whohave used the webform to remove videos from YouTube have access to powerful features, including theability to ask YouTube to automatically prevent copies of the removed videos from being reuploaded. For creators who experienced a higher amount of reposting of their copyrighted content and needed tosubmit more frequent copyright removal requests, we built the Copyright Match Tool to facilitate thosecreators’ attempts to protect their intellectual property rights. The Copyright Match Tool is available to anyYouTube user who has submitted a valid copyright removal request through the webform. Once a takedownrequest is approved, the Copyright Match Tool starts scanning YouTube uploads for potential matches to 69 CSAI is child sexual abuse imagery and is a subset of content that can be considered CSAM. Confidential and commercially sensitive; prepared for the European Commission | 119 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ the videos reported in the removal request. The tool surfaces these potential matches to the claimant so they can decide what action to take next. For creators in the YouTube Partner Program, the tool automatically scans for potential matches on other channels, maintains a log of those matches for review,and through an easy-to-use interface allows the creator to archive the match, submit a takedown request,or contact the user. As of December 2024, over 3 million channels on YouTube have access to the CopyrightMatch Tool. Efforts such as the Copyright Match Tool equip creators with the resources they need to protect theircontent, and are evidence of YouTube’s high level of preparedness to prevent the non-authorised use of copyright-protected materials. You can read YouTube’s bi-annual Copyright Transparency Report for a description of the other means by which YouTube protects rightsholders. Addressing Content that Violates our Policies Our open service embraces a wide diversity of voices to entertain, teach, showcase talents, advocate, andbuild businesses. YouTube’s commitment to free expression enables this diversity. But free expression on anopen service can create tension with other fundamental rights, such as the right to security or the right toprivacy. YouTube is available in over 80 languages, with billions of monthly active users worldwide (over 400million in the EU). Because of YouTube’s scale, even a relatively small number of bad actors can havesystemic impacts on the service. YouTube acknowledges that its scale and extensive reach necessitate thatwe carefully balance the fundamental rights of users with any potential harms that may arise from misusesof our service. Content that may be lawful but still creates potential harm (such as content impacting human dignity,promoting discriminatory beliefs, inciting, praising, or glorifying violence, promoting practices harmful tohealth, inciting gender-violence, or that constitutes harassment and bullying) can be uploaded to YouTube’sopen service, rendering it one of our most critical inherent risks. We have continued to develop thoughtfuland comprehensive approaches for addressing this type of content (described below), but several factorsmake these risks more challenging to address than illegal content, including the need to take proportionateand reasonable measures that respect the right to freedom of expression and information, the need toconsider the likelihood of real world harm, and the need to consider context to determine whether contentactually violates policy, such as when there is a prevailing public interest in access to content. This results insome remaining elevated residual risk, such as in relation to content promoting practices potentially harmfulto health (including misleading health related information) or harassing or bullying content. Below we describe some of YouTube’s new and continuing efforts to identify and respond to all policyviolative content. We then address some of the specific types of content violations we examined in this riskassessment, and discuss the mitigations for these specific risks. Developing Policy Preventing systemic risks related to content starts with YouTube’s Community Guidelines. These “rules of the road” allow creative expression while prioritising the protection of the YouTube community frompotentially harmful content. As explained previously in this report,70 YouTube’s policy development process 70 See supra at Designing Appropriate Content Policies. Confidential and commercially sensitive; prepared for the European Commission | 120 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ is robust, involving extensive internal analysis before implementation, regular reviews and updates, andengagement with internal and third-party experts to address issues before they reach, or become widespread, on our service. You can read more in How YouTube Works and in our blog post on policy development at YouTube. It is not a coincidence that our Community Guidelines closely mirror many of the potential systemic risksaddressed by Article 34 of the DSA. For years, YouTube has been attuned to these same risks. Our policiescover areas (such as harassment, child safety, and violent extremism) across five broad categories: spamand deceptive practices, sensitive content, violent or dangerous content, regulated goods, and misleadinginformation. Dozens of individual policies fall under these five categories, and our assessment concludedthat YouTube’s policies provide excellent coverage of the risks identified both in Article 34(1) of the DSA andthe Recitals elaborating on those systemic risks. Some of the most relevant Community Guidelines areexplained below, such as those related to harassment and bullying. But one can find Community Guidelinesthat correlate with any of the DSA systemic risks. For example, YouTube’s Community Guidelines related tosensitive content, violent and dangerous content, and regulated goods provide complete coverage of theillegal content related concerns detailed in Recital 12 of the DSA. Over the past year, we also updated several policies, including those governing gambling as well as harassment and cyberbullying. The world moves quickly and our policies need to keep up. That’s why we regularly review our policies tomake sure that—similar to the laws that govern civil society—they reflect the changes that occur both onand off our platform. Providing EDSA Exceptions We recognise that some content that may otherwise violate our Community Guidelines but nonethelessprovides compelling educational, documentary, scientific, or artistic value should remain available for viewers. We call this the “EDSA” (Educational, Documentary, Scientific, or Artistic) exception, and it is a critical way to make sure that important speech stays on YouTube, while protecting the wider YouTube ecosystem from harmful content. To educate creators, we include information about EDSA in our Help Center. To help determine whether a video might qualify for an EDSA exception, we look at multiple factors, including the video title, descriptions and the context provided in the video’s audio or imagery, as well as thepublic interest of the content. These decisions are nuanced and context is important. Examples include realworld violence shown in a documentary about war, content targeting minors with insults that might appearas part of an educational anti-bullying campaign, or nudity that has scientific value or constitutes artisticexpression. Enforcing Policy In addition to developing robust policies, we use a wide range of tools to enforce these policies. Bycombining multiple methods and approaches, YouTube continually improves the service for our viewers andcreators. Undertaking Automated Detection and Removal Automated detection of potentially problematic content enables YouTube to enforce our CommunityGuidelines at scale. Sophisticated automated systems are our primary tool. In Q1 2025, over 96% of videos Confidential and commercially sensitive; prepared for the European Commission | 121 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ (compared to 95% in Q2 2024) and over 99% of comments that were removed were first detected byautomated means. And automated detection isn’t just identifying huge amounts of potentially problematiccontent; it’s doing so quickly, before the impact is widespread. For example, thus far in 2025, over 81% of thevideos we removed had ten views or fewer. Once models are trained to identify potentially violative content, YouTube either automatically removes thecontent or the model nominates the content for human review against our Community Guidelines (withcontent moderators then confirming or denying whether the content should be removed). YouTube alsomonitors and identifies potentially violative trends to detect emerging issues before they becomewidespread on YouTube. This collaborative approach helps improve the accuracy of our models over time, as models continuouslylearn and adapt based on content moderator feedback. And, by maintaining coverage of all EEA languagesdeployed by YouTube, YouTube ensures language expertise informs its enforcement. Maintaining a Priority Flagger Program While we facilitate and encourage flags by users, generic user flags typically have low actionability rates. Our Priority Flagger program (formerly called Trusted Flaggers) complements our automated systems and helps spot potentially problematic content. YouTube developed the Priority Flagger program to streamlinethe reporting processes for government agencies and non-governmental organisations (NGOs) that areparticularly effective at notifying YouTube of content that likely violates our Community Guidelines–thougheach flag is reviewed by a human to assess whether it is a violation or not. The program provides thesepartners with dedicated reporting processes and a channel for ongoing discussion and feedback aboutYouTube’s approach in various content areas. The program is part of a network of more than 300government partners and NGOs that bring valuable expertise to our enforcement systems. Participants inthe Priority Flagger program receive training in enforcing YouTube’s Community Guidelines, and becausetheir flags have a significantly higher action rate than the average user, we prioritise them for review.However, given the scale of YouTube and the effectiveness of automated systems, Priority Flaggersaccounted for only 0.62% of videos removed from the service in Q1 2025. Enforcing a Three-Strike System for Repeat Violators YouTube recognises creators’ significant investments in their video content. For that reason, we alreadyprovide creators with proportionate due process when we think it is necessary to take enforcement actionagainst a creator or their content. We have consistent penalties for violating our policies, exemplified by our three-strike system. Generally, after one Community Guidelines violation, the user gets a warning, but with subsequent violations the user begins to accrue strikes. Strikes carry increasing penalties when a channelreceives them within a 90-day period: ● 1st strike - 1 week suspension; ● 2nd strike - 2 week suspension; and ● 3rd strike - channel termination. YouTube also reserves the right to terminate a channel without warning in response to a severe abuse. Confidential and commercially sensitive; prepared for the European Commission | 122 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ Consistent with our commitment to championing users’ fundamental rights, including freedom ofexpression and transparency, our three-strikes policy also includes optional trainings, which are short,in-product educational experiences based on the specific Community Guidelines policy that has beenviolated. If a user receives a Community Guidelines warning, the user can access the optional training fromtheir Studio account. If the user completes the training, their warning will expire after 90 days. If a userviolates a different policy after completing the training, the user will receive a separate warning. Repeatedviolations of our policies–or a single case of severe abuse–may still result in the termination of a user’saccount. This improvement is directed at avoiding the need to restrict user content by empowering users toensure they comply with YouTube’s Community Guidelines in the future. We developed our three-strikes policy to balance terminating bad actors who repeatedly violate ourCommunity Guidelines with the need to make sure people have an opportunity to learn our policies andappeal decisions. At the same time, we work hard to make these policies as understandable andtransparent as possible, and we enforce them consistently across YouTube. We do not hesitate to issuestrikes and terminate channels whose content repeatedly violate our policies, irrespective of whether thechannel has a large audience. While legitimate users get three strikes, we directly terminate egregious offenders such as uploaders ofCSAM or channels dedicated to posting spam. In Q1 2025, we terminated more than 2.3M channels forspam. Strikes, terminations, and content removals are only a few pieces of a larger puzzle. These complexproblems necessitate multifaceted solutions, and dealing with material such as misleading information orpotentially sensitive content on YouTube is no exception. While our Violative View Rate (described below)shows that YouTube has made strides in removing clearly violative material, more nuanced harms are notsolely addressed by removals under our Community Guidelines. These areas of harmful content, whichoften brush up against our policy lines, require a comprehensive approach that includes elevatinghigh-quality content and holding creators who participate in our partner program to a higher bar. Evolving with Generative AI content As we looked toward the future, we launched an extensive global survey to explore how the creator economy, from entertainment to news to music to learning, is harnessing the power of AI to build on humancreativity. That survey revealed that 92% of creators who responded are already using AI tools, with 74%reporting that they have a solid understanding of the technology.71 The recent increase in the accessibility of generative AI tools has reduced the barriers to creating syntheticcontent, which may be shared on YouTube. Accordingly, we have listened to our stakeholders and members of our community for feedback to get ahead of these emerging issues. Generative AI is unlocking even more creativity on YouTube, but this must be balanced with our responsibility to protect the YouTube community. All content uploaded to YouTube is subject to our Community Guidelines—regardless of howit’s generated—but we also understand that AI will likely introduce new risks and will require newapproaches. 71 AI \& Creators: The future of Tech and Creativity Confidential and commercially sensitive; prepared for the European Commission | 123 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ We believe it’s in everyone’s interest to maintain a healthy information ecosystem on YouTube. We requirecreators to disclose synthetic content when it’s realistic, meaning that a viewer could easily mistake what’sbeing shown with a real person, place or event and the alteration is not inconsequential. For example, anycontent published on YouTube that was created on Veo, Google DeepMind’s video generation model, will be embedded with a watermark using SynthID. Users will also be able to identify these creations through a content label that clearly communicates if a piece of content was generated using AI. These updates expand creative tools while seeking to address AI safety and transparency considerations.72 We provide creators with a tool in Creator Studio to label their videos as synthetic prior to sharing them.When creators fail to apply the label and YouTube is able to confirm that the content is synthetic ormanipulated and seems realistic, YouTube may apply a label. Last year we introduced Dream Screen and Dream Track, two powerful tools for creators to generate image and video backgrounds as well as instrumental soundtracks. At the same time, we have developed identification technology that will allow our partners, creators, actors, musicians, and athletes to automatically detect AI-generated content that includes their face and constitutes misuse based on our Community Guidelines. We also offer a Privacy Complaint Process in relation to AI-generated or other synthetic content that looksor sounds like an individual. If someone has used AI to alter or create content that looks or sounds like anindividual, the individual can ask for it to be removed. In order to qualify for removal, the content mustdepict a realistic altered or synthetic version of the person’s likeness. Measuring Success: Violative View Rate As described above, automated detection tools allow for the quick detection of problematic content.YouTube strives to remove content that violates our Community Guidelines before users are exposed to it.In Q1 2025, we removed 54.67% of violative videos before they had a single view, and 27.28% of violativevideos when they had one to ten views. To measure our progress in removing violative videos before they are viewed, we developed a metric calledViolative View Rate (VVR), which has been publicly reported since 2021. This metric, updated and madepublicly available quarterly, estimates the percentage of total views on YouTube that are of violative videos(i.e., videos that are inconsistent with our Community Guidelines). VVR data gives critical insight into how well we are protecting our community. Although metrics like theturnaround time to remove a violative video or the number of takedowns are important, those statistics donot fully capture the actual impact of violative content on viewers. The VVR is a better measure because ittells us how widely violative videos have been viewed before they are taken down. Two videos could beremoved from YouTube within 24 hours, but one may have 100 views while the other has 1 million views. Thisis a 100% takedown rate within 24 hours, but that metric obscures the most important information. Becausewe care most about the potential for harm to users, and potential harm can arise by actual exposure toviolative content, we have chosen to focus attention on a metric that specifically measures user exposure.We believe the VVR is the best way for us to understand the extent to which harmful content may reach 72 A future full of opportunities, Made On YouTube Confidential and commercially sensitive; prepared for the European Commission | 124 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ viewers, and to identify where we need to make improvements. We are committed to being transparentabout this metric and working to continue to reduce it over time, as we have since 2017. Graphical depiction of the YouTube Violative View Rate (VVR) Calculating VVR serves a second purpose: it helps us gain insight into the type of content we should removebut sometimes miss. Our methodology for calculating the metric allows us to do this. We calculate VVR bytaking a sample of videos on YouTube and having content reviewers gauge which videos violate our policiesand which do not. By sampling, we gain a more comprehensive view of the violative content that evades ourdetection and enforcement systems. With that understanding we can improve those systems and, overtime, further decrease the VVR. Over the years, we have seen the VVR fluctuate—both up and down. For example, immediately after weupdate a policy, this number may temporarily rise as our systems ramp up to catch content that is newly classified as violative. Our methodology for this reporting mechanism has been validated by MIT Sloan professor of statistics Dr. Arnold Barnett as “thoroughly sensible and statistically sound.”73 Our VVR reports indicate that violative views today are around 0.1% of all videos viewed (i.e., out of every1,000 views on YouTube, just one is of violative content). We recognise that even if the prevalence ofviolative content is low, it might still represent a large volume of content in absolute terms, and significantinvestments are required to maintain these low levels. This report describes the efforts we undertake toprevent users from seeing violative content, and identifies potential areas for improvement. 73 Arnold Barnett (2021) YouTube’s Violative View Rate Methodology, Massachusetts Institute of Technology. Confidential and commercially sensitive; prepared for the European Commission | 125 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ Elevating High-Quality Sources Removal of violative content is not the only way that YouTube makes adjustments to balance the freedom ofexpression with other rights such as safety and security. Over the past several years we have investedsignificantly in the recommendations systems where accuracy and quality are key, including news, politics,and medical information. Our systems are trained to elevate high-quality sources in search results,particularly in sensitive contexts, and we provide high-quality information in information panels, in turnhelping people find accurate and useful information. These efforts are particularly important when it comesto connecting people with information from high-quality sources at the moments that matter most—forexample when learning about a breaking news event, or searching for health information. So when a user inFrance searches for, “arreter de fumer,” the top listed videos are from top hospitals, cancer centres, andSante Publique France, the national public health authority. Providing Information Panels with Topical Context For YouTube search queries or videos related to topics prone to misleading information, we surfaceinformation panels which provide content sourced from independent third parties. These panels giveviewers additional context and help them make more informed decisions about what they are watching.Depending on the topic, the panels will point to information from sources like health authorities, Wikipedia,Encyclopedia Britannica, and the United Nations. These information panels will show regardless of whatopinions or perspectives are expressed in a video. YouTube also uses information panels to inform userswhen content has been uploaded by a news outlet funded in whole or in part by a government. Addressing Specific Content Risks Addressing Content That Violates Our Policies Risks related to intentional manipulation of our services are complex, constantly evolving, and societal-wideissues. They necessitate a multifaceted approach, combining policy enforcement and content evaluationwith real-time context and information for users. YouTube has many measures in place (described below)but must still contend with determined and highly-motivated bad actors constantly evolving theirtechniques, resulting in some elevated levels of residual risk. YouTube has developed measures to respond to situations where the risk of misleading information is at itsgreatest. Where misleading information violates our policies we are quick to remove such content, and wewill terminate a channel for egregious or repeated offences. But we employ other techniques to combatmisleading information in addition to simply taking down content or channels. We have a higher bar formonetised content, so that creators are not incentivised to create untrustworthy clickbait or otherlow-quality, misleading videos. YouTube’s measures directed to mitigating the risk of polarisation and segmentation of perspectives innews media similarly help combat these risks. For example, YouTube provides a News Watch Page, whichhelps viewers explore different sides of a news story, including mechanisms to help ensure diversity of newssources. In the News Watch Page, users can see: updates, with the most recent video coverage of the newsstory; explanations and commentary, with additional context on the news topic; live News, with live streamsshowing what’s happening in the moment; and shorts, to quickly catch up on the news stories’ latest Confidential and commercially sensitive; prepared for the European Commission | 126 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ updates. Users can open the watch page for a specific news story by clicking on a video with thenewspaper icon on the YouTube homepage, news destination page, or in search results. Addressing Public Health Related Violative Content In our assessment, we identified critical inherent risks in relation to content promoting practices harmful tohealth (e.g., self-harm and eating disorders) and assessed our preparedness at “effective” rather than“optimal,” in part due to the viral nature of this content. Our methods for addressing public health-related misleading information exemplify the multifacetedapproach described above. We elevate high-quality information, as determined by external experts and externally published principles, and provide context on the sources of health information for users via information panels below each of those videos. Crisis resource panels are an important part of the suite of health products on YouTube. These areinformation panels that help easily connect users with high-quality and helpful information in times of crises.YouTube’s crisis resource panels allow users to connect with live support from recognised crisis servicepartners. The panels may surface on the Watch page, or in YouTube search results. Currently, topics covered include suicide, self-harm, eating disorders, and topics related to certain health crises or emotional distress. Another recent policy change with inherent challenges and trade-offs concerns misleading medicalinformation, with scientific understanding evolving all the time and important topics (such as vaccines)being a source of public debate, notwithstanding consistent guidance from health authorities. Our Community Guidelines already prohibited certain types of misleading medical information, but we worked with experts to refine them. We’ve also taken what we’ve learned so far about the most effective ways totackle misleading medical information to simplify our approach for creators, viewers, and partners. In particular, we have streamlined dozens of our existing misleading medical information guidelines to fall under two categories – Prevention and Treatment. These policies apply to specific health conditions,treatments, and substances where content contradicts local health authorities. To determine if a condition,treatment, or substance is in scope of our misleading medical information policies, we evaluate whether it’sassociated with a high public health risk, publicly available guidance from health authorities around theworld, and whether it’s generally prone to misleading information. Addressing Civic-Discourse-Related Violative Content Article 34(1) of the DSA directs YouTube to conduct an assessment of systemic risks to civic discourse andelectoral processes. Applying our risk assessment methodology, YouTube evaluated the inherent risk ofmisleading civics information to be higher, leaving elevated levels of residual risk despite our preparedness,largely due to external factors including the dynamic and viral nature of misleading information in politics,during elections, and at times of crisis and civic unrest. As users around the world come to YouTube to learn about politics and develop informed opinions aboutcurrent events, we are committed to connecting people to high-quality content and ensuring major livemoments remain easily accessible to a wide audience on our platform. We provide a range of resources for Confidential and commercially sensitive; prepared for the European Commission | 127 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ civics partners such as government officials, candidates, civics organisations, and political creators toensure a broad range of voices are heard. Among other items, our Community Guidelines prohibit content that has been technically manipulated ordoctored in a way that misleads users and may pose a serious risk of egregious harm, content that aims tomislead people about voting processes, and content encouraging others to interfere with democraticprocesses, such as obstructing or interrupting voting procedures. Other policies that are relevant duringelections include: ● Voter suppression: Content aiming to mislead voters about the time, place, means, or eligibilityrequirements for voting, or false claims that could materially discourage voting. ● Candidate eligibility: Content that advances false claims related to the technical eligibilityrequirements for current political candidates and sitting elected government officials to serve inoffice. Eligibility requirements considered are based on applicable national law, and include age,citizenship, or vital status. ● Incitement to interfere with democratic processes: Content encouraging others to interfere withdemocratic processes. This includes obstructing or interrupting voting procedures. ● Hate speech: Content that promotes violence or hatred against individuals or groups based oncertain attributes. This includes, for example, content that shows a political rally attendeedehumanising a group based on a protected attribute, such as race, religion, or sexual orientation. ● Impersonation: Content intended to impersonate a person or channel, such as a political candidateor their political party. ● Misleading Information: Certain kinds of misleading or deceptive content with serious risk ofegregious harm, including content that may pose a serious risk of egregious harm by falsely claimingthat old footage from a past event is from a current event. ● Harassment \& cyberbullying: Content that threatens individuals, including content that threatensindividuals such as election workers, candidates, or voters. In addition to our robust policies about what is not allowed on YouTube, we also devote significantresources to systems that raise the visibility of high-quality content, as described above.74 These techniquesare designed to ensure that users find the trustworthy content they are looking for on topics that can betargets for manipulation by bad actors. Detecting and Removing Harassment and Bullying in YouTube Comments Experience also shows that comments on YouTube are sometimes misused to directly and indirectlythreaten the wellbeing of creators and other users particularly at risk of being the targets of harassment andabuse. YouTube’s automated moderation systems are specifically and proportionately designed to mitigatethese risks to user and creator safety. With these protections, in Q1 2025 we removed more than 90 million 74 See supra at Elevating High-Quality Sources. Confidential and commercially sensitive; prepared for the European Commission | 128 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ comments for violating our Community Guidelines prohibiting harassment and cyberbullying. YouTube’sautomated detection systems are removing this content at scale, but the overall number of bullying andharassing comments produced one of the higher inherent risk ratings in our assessment. For a minor and ancillary feature like YouTube comments, which accounts for a very small percentage of thetime users spend on the YouTube service (less than 1% of time as of our Year 1 Report), much of the violativecontent is directed at creators (i.e., users that upload videos), who are the heart of YouTube. Viewed anotherway and as referenced in our Year 1 Report, users both globally and in the EU spent over 120x more timewatching videos than they did engaging with comments in Q4 2022. Consistent with Recital 40, YouTubehas developed appropriate and proportionate strategies for detecting and removing offensive content incomments aimed at creators, including those creators particularly at risk of being subject to hate speech,sexual harassment, or other discriminatory actions. YouTube deliberately casts a wide net, using automatedtechnologies optimised to identify and remove any comments appearing under videos directed at creatorsat particular risk of being subject to harassment, discriminatory actions, or bullying. In Q1 2025, over 80% of actioned comments were removed because they were spam (i.e., deceptive,high-volume commercial content that harms the user experience). Of the remaining 19%, comments wereremoved for other important user safety reasons, such as harassment and cyberbullying (7%), child safety(6%), promotion of violence and extremism (3%), and violent or graphic content (1%). While our size influences our risk profile, so does the format of the content with which users engage acrossour service. Users come to YouTube to create, share, and view audiovisual content, i.e., videos. Commentsare a secondary feature, which creators can opt to enable and permit users to contribute additional textualfeedback under creator videos. Our Community Guidelines apply to all content on the service, regardless ofits format. But when it comes to how those policies are enforced and the corresponding consequences forusers who post secondary text content in comments, there are critical differences as compared to videocontent. In other words, comments occupy a fundamentally different place in YouTube’s video-firstecosystem. Moreover, a user’s investment in commenting on a video does not compare to a creator’s investment interms of time, effort, and resources in creating the video content available on YouTube. Creators often takemany steps to create a YouTube video: research, scripting, filming, editing, audio-mixing, thumbnail creation,and search engine optimisation. They use multiple devices and software applications and can spend manyhours of production work creating a single video, costing time and money. By contrast, commentingrequires very little effort: a few keystrokes amounting to much less time and effort than video creation. There are other aspects of YouTube comments that make them unlike videos: ● Creators have control over whether comments on their videos are enabled or not, can remove anycomments under their videos for any reason, can edit comments under their videos, can create blocklists for words or phrases permissible in comments under their videos, and can block specific usersfrom commenting on their videos. ● Comments are not searchable, recommended,75 nor accessible via the YouTube Homepage. 75 Comments are not recommended by an algorithm, but they can be sorted chronologically or by most engagement, depending onsettings. Confidential and commercially sensitive; prepared for the European Commission | 129 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ ● Comments are not a factor in a creator’s ability to monetise their video content. ● Comments are intrinsically tied to the video to which they relate, and not independent pieces ofhosted content. If a video is removed or taken down, the comments associated with it areautomatically taken down. The same is not true when a comment is moderated, which has no impacton the availability of the video on the service. ● Comments are not enabled on all versions or interfaces of YouTube. Additionally, comments are notavailable on certain types of videos featuring minors, on YouTube Kids, or for embedded videos. Given the above considerations, the moderation of comments on YouTube does not pose the same risks tofreedom of expression or information present in video moderation. Prohibiting and Removing Hate Speech Our assessment found lower levels of residual risk of hate speech. YouTube’s hate speech policy outlinesclear guidelines prohibiting content that promotes violence or hatred against individuals or groups based oncertain attributes. We enforce this policy rigorously and regularly report on the removal of hateful contentfrom our service. For example, in Q1 2025, we removed over 192,000 videos and 7 million comments forviolating our hate speech policies. A 2020 report by the Institute of Strategic Dialogue showcased the efficacy of our hate speech policy update: “Following YouTube’s change of hate speech policies we found a significant reduction of suchcontent on the platform... an analysis of the volume of these mentions over time reveals a dramatic drop incontent around spring 2019, demonstrating the effectiveness of YouTube’s ban on Holocaust denialcontent.”76 Additionally, all our policies, including our hate and harassment policies, include penalties for creators who repeatedly brush up against the line, including removal from the YouTube Partner Program. As outlined on our Help Center page, under YouTube’s hate speech policy, we may remove content or issueother penalties–such as terminating an account–when a creator repeatedly targets, insults and abuses agroup based on attributes such as race, ethnicity, sexual orientation, or gender, across multiple uploads. Additionally, YouTube is a founding signatory to the EU Code of Conduct on Countering Illegal Hate Speech.Each year, YouTube takes part in the annual monitoring exercise, responding to flags from NGOsspecialising in hate speech. Service Design Respecting Privacy YouTube’s main source of revenue is advertising—a portion of which is shared with creators participating inthe YouTube Partner Program—and we use the information we collect for the purposes described in ourPrivacy Policy, including to provide the service, customise services, provide recommendations, personalise 76 Jakob Guhl, Jacob Davey (2020), Hosting the ‘Holohoax’, Institute for Strategic Dialogue. Confidential and commercially sensitive; prepared for the European Commission | 130 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ search results, and serve relevant ads. We also take our responsibility to protect user information seriously,and while advertising makes YouTube free of charge for everyone, we do not sell personal information toanyone. YouTube’s data practices turn a significant inherent risk into a much lower residual risk. Our Privacy Policy and YouTube’s Help Center page on privacy provide transparency over what information we collect, why we collect it, how we process it, and how users can manage their information. Your data in YouTube is a powerful, easy-to-use tool designed to give users control over the privacy settings that are right for them, and provides further information on the data we collect and use across our services. If a user turns YouTube watch history off and has no significant prior watch history, features that requirewatch history to provide video recommendations will be disabled. A user can also view, control, and delete their YouTube activity by accessing the My Activity Feed. We are likewise taking steps to mitigate the risk that personal information is used or disclosedinappropriately. Recently we have implemented two specific mitigations under Art. 35. First, we enhancedour access controls relating to personal information. Second, we updated the automated systems we use toflag phishing ads and accounts at their source, learning from the latest methods adversarial actors use tocircumvent systems. While systems are constantly improving, attackers swiftly shift tactics in an attempt togame the systems. Protecting Minors’ Rights In this assessment and consistent with our obligations under DSA Article 28 regarding “Online Protection ofMinors”, YouTube considered numerous risks particular to minors. As described below, these include the riskthat minors access or are exposed to content they should not see, or conversely that their access tocontent is overly restricted; the risk that YouTube stimulates behavioural addictions in minors; and the riskthat minors’ data are used to target ads. YouTube is heavily invested in the safety of its younger users. As described above, we have well-developedand advanced tools to quickly detect and remove illegal content. We collaborate with industry partners, andmake available first-in-class tools to allow other services to remove illegal content at scale as we do. Ourpolicies provide additional protection, under which we remove harmful but legal content. Below wedescribe the policies and protections that go beyond content removal, and ensure that our service isdesigned in a way that is aimed at keeping minors safe. YouTube pursues many policies and programs to protect minors on the service, and we seek the input of experts to shape those efforts. Our Youth and Families Advisory Committee is made up of experts in minors’ media, child development, digital learning, and citizenship from a range of academic, non-profit and clinicalbackgrounds, and provides advice when we update our family product experiences and policies. Othercomponents include rules and guidelines for when minors appear in content, restricting access to mature content, and protecting minors at risk. You can read more in Fostering Child Safety. Maintaining Guardrails for Minors’ Access to Content We assessed the risk that minors under a defined minimum age access YouTube services that they shouldnot be able to or are exposed to harmful, hateful, or age-inappropriate content. We implement a wide range Confidential and commercially sensitive; prepared for the European Commission | 131 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ of measures (such as minimum age requirements, signals for estimating the age of users, “made for kids”content, parental controls, and granular age categories in YouTube Kids) to address the risk of minorsaccessing age-inappropriate content. Although this risk will never be eliminated, our measures result in asignificantly lower residual risk profile. The mitigations described below also resulted in a much lowerresidual risk of minors’ access to content being over or under restricted. We are always looking at ways to create an appropriate environment for family content on YouTube, so weinvest heavily in the policies, technology, and teams that help provide families with the best protectionpossible. Our holistic child rights approach has several important components. We age-restrict content that does not violate our policies, but is nonetheless inappropriate for viewersunder 18. This includes videos containing adults participating in dangerous activities that minors may imitateor videos related to regulated substances, sexually suggestive content, or violent and vulgar content. Videosthat are age-restricted are not viewable by signed-out users either. YouTube Kids is a separate app built from the ground up to be a safer and simpler experience for kids to explore, with tools for parents and caregivers to guide their journey. The app is a filtered version of YouTubeand has a much smaller set of content available than YouTube’s main app and website. This is because wework to identify content that is age-appropriate, adheres to our quality principles, and is diverse enough to meet the varied interests of kids globally. YouTube has developed a set of quality principles, alongside child development specialists and based on extensive research, to help guide creators who upload kids andfamily content. These principles supplement our Community Guidelines, which help create a safe viewingexperience for everyone, and apply to both long-form content and YouTube Shorts. The quality principlesfor kids and family content may affect a channel’s performance, as YouTube aims to connect kids and theirfamilies with enriching, engaging, and inspiring videos. The principles also guide decisions both for inclusionin YouTube Kids and channel and video monetisation. YouTube also implements safeguards to reduce repeated recommendations of certain content tospecifically support the well-being and mental health of young people. For example, while some types ofcontent may seem innocuous in a single view, experts have found that repeatedly viewing some types ofcontent can be problematic for young people, such as content that displays social aggression, comparesphysical features or idealises some body types, fitness levels, or weight over others. In March 2025,YouTube expanded these safeguards to encompass a wider set of topics, including unrealistic or badfinancial advice that takes advantage of teens that may have low financial literacy, content that portraysdelinquency or negative behaviours, and content that portrays teens as cruel and malicious or encouragesthem to ridicule others. Supervised experience on YouTube is for parents who decide their tween or teen is ready to access YouTube through a supervised Google Account. Videos a child can watch depend on the content settingtheir parent selects when setting up a supervised experience for tweens. A number of standard featuresnormally available in YouTube, like comments, uploads, purchases, and live chat, are disabled in supervisedexperiences for tweens, and reminders for breaks and bedtime are set to “on” by default to reinforcehealthy screen time habits. Within YouTube Kids and Supervised experiences for tweens, parents can select the content settings theywant their minors to have access to. Parents or guardians can also customise young users’ access to Confidential and commercially sensitive; prepared for the European Commission | 132 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ content by blocking content for their child’s YouTube Kids profile or for their tween’s supervised account on the main YouTube platform. In September 2024, we launched a new supervised experience for teens to help parents receive insights into their teens’ channel activity on YouTube, including the number of uploads,subscriptions, and comments. Parents (and teens) also receive email notifications at key events, like whenteens upload a video or, if eligible, start a live stream. We also provide advice on responsible creation for parents of teens on YouTube, including resources created by Common Sense Networks, an affiliate of Common Sense Media. When we find that a channel is owned by a user under 13 and that user is unsupervised, we terminate thataccount. YouTube employs automated detection systems to find signals on YouTube channels that indicatethat the channel may be owned by a user under the age of 13. These systems rely on content signals to findsuch channels, which are then flagged for a team to review more closely when they appear owned by anunderage user. Channels identified as potentially owned by underage users are sent through the accountrecovery process and are given two weeks to provide evidence that the owners are 13 years or older or toobtain parental consent and establish parental supervision. Channels flagged in this way are disabled andthereafter deleted if the owner does not prove they are 13 years of age or older or establish parentalsupervision within two weeks of the initial notice. In July, we raised the minimum age required to livestream from 13 to 16 years old. YouTube also published a set of live streaming best practices for minors, including keeping personal information private, using privacysettings, keeping an adult nearby or aware, moderating live chat, and keeping the live stream positive andfun. Our proprietary CSAI Match technology allows us to detect known CSAM images and videos. In cases where a video contains CSAM or a user solicits CSAM through comments or other communications, ourteam reports it to the National Center for Missing and Exploited Children (NCMEC), who then liaise withglobal law enforcement agencies such as Interpol and Europol. Once we have identified a video as illegal and reported it to NCMEC, the content is hashed (given a “digitalfingerprint”) and used to detect matching content. This hashing and scanning technology is highly precise atdetecting known CSAM and enables us to detect illegal content more quickly. We maintain a database ofknown CSAM hashes and any content that is matched against this list is removed and reported to NCMEC. Addressing Potentially Addictive Behaviour in Minors We also assessed the risk that the interface, design, or features of YouTube stimulate behavioural addictionsin minors using the service. Google has many measures in place to address this risk (such as parentalcontrols, the unique experiences designed for kids described above, and surfacing high-quality content),but the general lack and limitations of existing research into the existence or nature of a link betweenservice use (e.g., screen time), the types of content being viewed, and addiction results in some elevatedlevels of residual risk. Avoiding excessive screen time is important, but the research to-date does not suggest specific age-cutoffs or time limits. As research in this space continues, we want to help teens navigate media consumption. For users who are under 18, Take A Break and Bedtime reminders are turned “on” by default. These are aimed at reinforcing healthy screen time habits. In YouTube Kids, our built-in timer also lets Confidential and commercially sensitive; prepared for the European Commission | 133 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ parents limit screen time by telling kids when it’s time to stop watching. These steps are aimed atencouraging more active choices by recipients of YouTube’s service about how they want to spend theirtime online. We remain committed to working with third-party child development and mental health experts, like the American Psychological Association, World Health Organization, and Poynter Institute’s MediaWise, to launch educational content, improve media literacy, and inform our products and policies.77 Additional protections apply for YouTube Kids and YouTube Supervised Experience. YouTube Kids allowsparents to set the amount of time their child can spend on the service. Additionally, Family Link accountsallow parents to control the time minors spend with their device or with specific apps, including YouTubeKids and YouTube Supervised Experience. Protecting Minors’ Data Personalised ads are prohibited on YouTube Kids, as well as for users in a supervised experience for tweens on YouTube, consistent with our obligations under Article 28(2) of the DSA. For videos “made for kids,”meaning children are the primary audience or the video is still directed to children based on factors such asthe subject matter of the video, whether the video has an emphasis on kids characters, themes, toys orgames, we limit data collection and use, and as a result, we restrict or disable some service features. Forexample, we do not serve personalised ads on content “made for kids”, and some features are not availableon these videos, like comments and notifications. All creators are required to indicate whether or not theircontent is “made for kids.” Accordingly, our assessment resulted in lower residual risk of minors’ data beingused to target ads. Protecting Minors’ Safety in YouTube Comments For years, YouTube has been attuned to the pernicious threat of predatory conduct towards minors incomments. To combat this threat, we have continually refined our automated detection systems to removepotentially predatory comments. It is critical that automated detection measures related to child safety bedesigned to cast a wide net because they must detect comments that are often facially innocuous. Inegregious cases, we terminate the account and report the content to NCMEC, an organisation that workswith global law enforcement agencies to protect minors. We have developed and launched increasinglyeffective automated detection measures in order to ensure that YouTube remains a safe space. For a minorand ancillary feature like comments specifically, these automated systems are deliberately designed to casta wide net so as to identify and remove as much material in comments as possible that may potentially beharmful to minors (e.g., sexualisation of minors, information regarding minors, CSAM). We also use machinelearning in developing our systems to identify hundreds of millions of non-violative videos depicting minorsand automatically turn off comments to avoid any chance of the child being the subject of harassing orpredatory comments. We choose to err on the side of safety to protect this vulnerable population fromexploitation, and continuously work to refine our automated approaches for identifying and removing anycontent in comments that potentially threaten the safety of minors. YouTube commits resources and has developed reasonable and proportionate enforcement strategiesoptimised to detect and remove as many comments threatening the safety of minors as possible, consistentwith the express obligations under DSA Article 28. As noted above, this content is the most challenging for 77 Investing to protect teen wellbeing on YouTube across Europe and globally Confidential and commercially sensitive; prepared for the European Commission | 134 YouTube | Description of Service and Associated Risk Profile \________________________________________________________________________________________________________________________________________________________________ any service hosting user-generated content. Much of this content appears innocuous to many viewers butmay still be used in ways that YouTube wants to prevent (for example, by individuals seeking sexualgratification). Because the content may be posted innocently and omit objectively problematic content, thechallenges of addressing potential misuse are significant. YouTube has developed machine-learning toolsand content policies to identify this and similar types of content that may appear innocuous or humorous,but may put minors in potentially risky situations. As an example, in early 2019, YouTube learned that some innocuous videos (such as a home video of ayoung girl jumping into a pool in a swimsuit) could potentially appeal to bad actors. These videos do notsexualise or endanger minors, and thus do not violate YouTube’s content policies. However, bad actors couldpresent some risk of engagement by viewing or commenting on the video. Accordingly, YouTube developeda comprehensive approach to address these issues: combining machine-learning tools and content policiesto remove violative comments and apply restrictive measures to the discoverability of this type of content. Where an egregious violation occurs, we terminate the commenter’s account. The poster of an egregiouscomment removed for child safety reasons receives a notice of the termination and is given the right toappeal. In the unlikely event termination was the result of a false positive, the account is reinstated and theposter’s fundamental rights are protected. The vast majority of removed comments, however, do not resultin the suspension or termination of a user’s account, and the uploader of an actioned comment remainsfree to use the service, similarly protecting the users’ fundamental expression rights. We believe our tailored approaches to moderating comments and videos strike the appropriate andproportionate balance. Data, comparatively minor user engagement, and the structure of our service placecomments in an ancillary position to videos. But comments pose an outsized risk of harm to creators andyoung users. We choose to err on the side of safety above other considerations in this narrow contextbecause the weight of the competing interests demands it. Equality of Access YouTube and Google more broadly prioritise equality of access to information, including for those withdisabilities. Google and YouTube have a well established process for measuring accessibility. GoogleAccessibility Rating (GAR) is a scale measuring a software product’s level of technical accessibility. It’s usedto evaluate products and features during the product development lifecycle. GAR is a rating system thatranges from zero (least accessibility support) to four (high accessibility support), allowing teams to monitor the level of technical accessibility over time. To that end, Google also provides resources for partners such as creators and developers to use Google products and leverage research to increase accessibility. Confidential and commercially sensitive; prepared for the European Commission | 135 Conclusions \________________________________________________________________________________________________________________________________________________________________ 5\. Conclusions Our mission is to organise the world’s information and make it universally accessible and useful. But forinformation to be helpful, it must also be reliable. That’s why we take our responsibility seriously to protectusers from harm, deliver reliable information, and partner to create a safer internet. We have long developed and implemented methodologies to assess our services prior to launch andthroughout their use. These methodologies are based upon well-established global approaches to theidentification, prioritisation, and mitigation of risk, and have been tailored to the specific challenges of thetechnology industry. Our risk assessment and mitigation priorities for the coming year are those we set out in this report. Theseinclude continuing to address the evolving risks and opportunities associated with the wide availability ofgenerative AI tools, maintaining our participation in collaborative approaches that pursue “whole of society”strategies for addressing systemic risk, and implementing strategies that are responsive to the changingcontext and the evolving tactics of bad actors. We will continue to take an approach that is informed byengagement with external stakeholders and responsive to insights arising from the latest research. We are committed to continuous improvement in our approach and submit our third EU DSA systemic riskassessment report in this spirit. We welcome the opportunity to receive input and feedback on ourassessments from the European Commission and other stakeholders, and build upon our work to date insubsequent reports. Confidential and commercially sensitive; prepared for the European Commission | 136 Annex A: Full List of Risk Statements \________________________________________________________________________________________________________________________________________________________________ Annex A: Full List of Risk Statements Our 2025 risk statements are substantially the same as 2024, with minor changes. Illegal Content, Behaviour, and Products and Services ● Risk that content or behaviour that constitutes or facilitates Child Sexual Exploitation and Abuse isavailable or takes place on a service ● Risk that illegal content or behaviour representing, praising, glorifying, assisting, facilitating, orsupporting (including through fundraising) terrorist organisations or acts of terrorism or violentextremism is available or takes place on a service ● Risk that illegal hate speech is available on a service ● Risk that content or behaviour constituting illegal harassment or bullying (including doxxing, stalking,and threats of violence) is available or takes place on a service ● Risk that intellectual property is available on a service in ways that violate or facilitate the violation oflegal protections ● Risk that a service is used for or facilitates illegal online behaviour ● Risk that the promotion or sale of illegal products and services takes place or is facilitated on a service Freedom of Expression and Media Pluralism ● Risk that a service removes content that does not constitute a necessary or proportionate removal ofcontent with a legitimate purpose ● Risk that users are not able to report potentially violating content on a service ● Risk that users are not able to appeal content removals on a service ● Risk that the users’ ability to make autonomous and informed decisions about what they view on aservice is impaired by limited transparency or options ● Risk that the visibility of content on a service adversely impacts media pluralism Privacy and Data Protection ● Risk that a service collects, processes, aggregates, and / or shares more user information than isnecessary for the stated purpose or without the informed consent of users ● Risk that private or highly personal information of users is unintentionally made available on a service Confidential and commercially sensitive; prepared for the European Commission | 137 Annex A: Full List of Risk Statements \________________________________________________________________________________________________________________________________________________________________ ● Risk that private or highly personal information about users or others is maliciously made available ona service ● Risk that sensitive personal data is used to target paid speech at users of a service without theinformed consent of the user ● Risk that content or applications enabling or facilitating phishing, malware, data breaches or otherdigital threats is available on a service Human Dignity ● Risk that content praising, supporting, promoting, inciting, or that constitutes vulgarity or profanity isavailable on a service ● Risk that content praising, supporting, promoting, inciting, or that constitutes violence or gore isavailable on a service ● Risk that content praising, supporting, promoting, inciting, or that constitutes gender-based violence,including sexual, physical, mental and economic harm, or threats of violence, coercion, andmanipulation, is available on a service ● Risk that non-illegal content or behaviour representing, praising, glorifying, assisting, facilitating, orsupporting (including through fundraising) terrorist organisations or acts of terrorism or violentextremism is available or takes place on a service ● Risk that non-illegal hate speech is available on a service ● Risk that non-illegal content or behaviour constituting harassment or bullying is available or takesplace on a service Consumer and Business ● Risk that unfair commercial practices take place on a service ● Risk that misrepresentation or misleading information about a business is available on a service Child Rights ● Risk that children under a defined minimum age access services that they should not be able to forreasons of age-based restrictions ● Risk that children under a defined minimum age are exposed to harmful, hateful, or age-inappropriatecontent or conduct on a service ● Risk that children’s access to and / or use of a service is limited more than is necessary orproportionate for a legitimate purpose Confidential and commercially sensitive; prepared for the European Commission | 138 Annex A: Full List of Risk Statements \________________________________________________________________________________________________________________________________________________________________ ● Risk that children’s data are used by a service for ads targeting in ways that have adverse impacts onchildren’s rights, including their right to be protected from economic exploitation ● Risk that applications on an online platform or search engine do not perform equitably for childrenwith varied learning styles, learning challenges, or disabilities ● Risk that applications primarily directed at or predominantly used by children on an online platform orsearch engine are not of adequate quality across languages, markets, and age groups and hasadverse impacts on children Equality and Non-Discrimination ● Risk that a service selects organic content or paid speech based on factors that result indiscrimination ● Risk that applications on an online platform or search engine are not of adequate quality acrosslanguages, markets, and age groups ● Risk that some populations are under-represented as content contributors on a service, with adverseimpacts on minority businesses ● Risk that algorithms on a service are less well trained in some languages, dialects, and vernacularsthan others ● Risk that an application or service does not function equitably for users with disabilities Civic Discourse ● Risk that deceptive information (e.g., from foreign state actors) relating to elections, civic discourse,democratic participation, or civil unrest are available on a service ● Risk that digital threats are targeted at users of a service during election times and other importantcivic discourse milestones ● Risk that content with value as evidence in legal process and access to remedy is removed and/ordeleted by a service Public Health ● Risk that content or behaviour which enables, assists, or promotes practices harmful to health isavailable on a service ● Risk that content or behaviour targeting individuals based on intrinsic attributes (such as protectedgroup status or physical traits) is available or takes place on a service Confidential and commercially sensitive; prepared for the European Commission | 139 Annex A: Full List of Risk Statements \________________________________________________________________________________________________________________________________________________________________ ● Risk that the interface, design, or features of a service stimulate compulsive use of the service forusers, including children Confidential and commercially sensitive; prepared for the European Commission | 140 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ Annex B: List of Mitigations Background This annex contains mitigation measures in place consistent with Article 35(1) of the DSA. As part of thesystemic risk assessment for each VLOP and VLOSE, we evaluated our existing mitigation measures foreach risk statement. As explained in this report, we have long invested in efforts to address user trust andsafety and have thus already put in place an extensive array of mitigations. A non-exhaustive list of existingmitigations, some of which are discussed previously in this report, are aligned to the Article 35(1) categoriesbelow. Our commitment to continuous improvement and prudent risk management means that over timeour current mitigations may change, and new mitigations may be developed to manage emerging ordeveloping risks. Article 35 Mitigation Types Mitigation Type Full Article 35 Mitigation Description Adapting the design, features or functioning of services Adapting the design, features or functioning of their services, including their online interfaces Adapting terms and conditions and its enforcement Adapting their terms and conditions and their enforcement Adapting content moderation processes Adapting content moderation processes, including the speed and quality of processing notices related to specific types of illegal content and, where appropriate, the expeditious removal of, or the disabling of access to, the content notified, in particular in respect of illegal hate speech or cyber violence, as well as adapting any relevant decision making processes and dedicated resources for content moderation Testing and adapting algorithmic systems Testing and adapting their algorithmic systems, including their recommender systems Adapting advertising systems and adopting targeted measures Adapting their advertising systems and adopting targeted measures aimed at limiting or adjusting the presentation of advertisements in association with the service they provide Confidential and commercially sensitive; prepared for the European Commission | 141 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ Mitigation Type Full Article 35 Mitigation Description Adapting the design, features or functioning of services Adapting the design, features or functioning of their services, including their online interfaces Reinforcing internal processes, resources, testing, documentation and supervision Reinforcing the internal processes, resources, testing, documentation, or supervision of any of their activities in particular as regards detection of systemic risk Initiating or adjusting cooperation with trusted flaggers Initiating or adjusting cooperation with trusted flaggers in accordance with Article 22 and the implementation of the decisions of out-of-court dispute settlement bodies pursuant to Article 21 Initiating or adjusting cooperation with other online platform providers Initiating or adjusting cooperation with other providers of online platforms or of online search engines through the codes of conduct and the crisis protocols referred to in Articles 45 and 48 respectively Taking awareness-raising measures Taking awareness-raising measures and adapting their online interface in order to give recipients of the service more information Taking targeted measures to protect the rights of the child Taking targeted measures to protect the rights of the child, including age verification and parental control tools, tools aimed at helping minors signal abuse or obtain support, as appropriate Ensuring that information is distinguishable through prominent markings Ensuring that an item of information, whether it constitutes a generated or manipulated image, audio or video that appreciably resembles existing persons, objects, places or other entities or events and falsely appears to a person to be authentic or truthful is distinguishable through prominent markings when presented on their online interfaces, and, in addition, providing an easy to use functionality which enables recipients of the service to indicate such information Mitigations Aligned to Article 35(1) Categories DSA Article 35 Category Methods of Addressing Risk Confidential and commercially sensitive; prepared for the European Commission | 142 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ (a) adapting the design, features or functioning of their services, including their online interfaces All Google VLOPs / VLOSE rely upon the following mitigations\*: ● Safety by design: Our first line of defence is the set of safety features we build into our products to protect user data and prevent abuse. Clear account settings options, robust account verification, and a secure sign-in process are fundamental to user safety and data security. Strong protections around these processes help guard user data from bad actors, empowering users and their family members to interact with our services the way that they wish. ● User reporting: In addition to our own review processes, we offer dedicated channels to report potentially violative content for policy-violating and legal reasons. VLOP/VLOSE-specific mitigations\*: Play Protect: Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the source of download, to combat code-level, hidden, and emerging threats. This built-in protection scans more than 200 billion apps every day, automatically revokes app permissions for potentially dangerous apps, and displays reminder notifications to remind users that an app installed from an Internet-source may not be safe. (b) adapting their terms and conditions and their enforcement All Google VLOPs / VLOSE rely upon the following mitigations\*: ● Terms of Service: Our robust Terms of Services outline what users can expect from Google and what Google expects from users. ● Privacy Policy: Our Privacy Policy helps to ensure Google’s products are private by design. ● Privacy and Security Principles: Our Privacy and Security Principles guide our products and processes to keep sensitive data private, safe, and secure. ● Content Policies: We design content policies across our services to protect users from harm and observe a high standard of quality and reliability for advertisers, publishers, and content creators. Our content policies, which are publicly available, articulate the purpose and intended use of each service to which they apply. They explain what types of content are allowed to be created, uploaded, sent, shared, and monetised, and the process by which a piece of content, or the user responsible for it, may be removed from a given service. We regularly update our content policies as our services evolve and new threats arise. You can find them here for Google Search, Google Maps, Google Play, Google Shopping, and YouTube. Additionally, these services may Confidential and commercially sensitive; prepared for the European Commission | 143 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ present ads, for which there are distinct Google Ads content policies. ● Enforcement actions: The enforcement of content policy involves both human review and an array of technologies, including automated systems that use machine learning technology, working together to achieve high levels of accuracy when reviewing content. We design models and train classifiers78 to identify potentially violative content, use machine learning to constantly improve those classifiers, take automated actions when that content violates our policies, and enqueue content for review by specialist teams when we have lower confidence in fully automated techniques. These human content moderators help confirm whether machine-identified content should be removed, and we use the results of the human review to further train our classifiers and improve their ability to detect evolving violative content. VLOP/VLOSE-specific mitigations\*: Repeat Violator Policies: YouTube has consistent penalties for violating policies, exemplified by our three-strike system. Generally, after one Community Guidelines violation, the user gets a warning, but with subsequent violations the user begins to accrue strikes. Strikes carry increasing penalties when a channel receives them within a 90-day period: 1st strike - 1 week suspension; 2nd strike - 2 week suspension; and 3rd strike - channel termination. YouTube also reserves the right to terminate a channel without warning in response to a severe abuse. (c) adapting content moderation processes All Google VLOPs / VLOSE rely upon the following mitigations\*: ● Legal Reporting Channel: When users report content they believe violates local law, Google reviews whether to block, limit, or remove access to it. ● Appeals: Our appeals process for removals aims to ensure due process, efficiency, and transparency for users appealing our enforcement decisions, without facilitating abuse by bad actors. Different services provide different methods to appeal, and while users often can access appeals forms via their violation notification, we present a non-exhaustive list of appeals forms on our website. ● Ads sensitive events: Google Ads’ sensitive events framework is designed to prevent ads that potentially profit from or exploit a sensitive event, such as a natural disaster, public health emergency, act of terrorism, conflict, or act of 78 A classifier is an algorithm that identifies and sorts content into different categories. For example, a classifier may identify contentlikely to violate a specific Google policy. Confidential and commercially sensitive; prepared for the European Commission | 144 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ mass violence. We disallow ads that seek to profit from a tragic event with no discernible benefit to users, engage in price gouging that restricts access to vital supplies, or use keywords related to a sensitive event to drive traffic. VLOP/VLOSE-specific mitigations\*: Reporting: We offer a variety of mechanisms for users to report and request removal of policy violating content. ● For example, Maps users can flag content that may violate our policies or profiles of users who are contributing false information, uploading offensive content, or taking other abusive actions. ● On YouTube, users can flag videos that may violate our policies. Trained content moderators then review credible flags and take appropriate action, which may result in content being removed, age-restricted, geo-restricted, or left up. Machine Learning Content Moderation: For example, Maps uses automated detection as a first line of defence because automated systems are good at identifying patterns that help determine if the content is legitimate. For example whether a review contains offensive or off-topic content, or whether the Google account posting it has a history of suspicious behaviour, such as posting violative content, and whether there has been uncharacteristic activity on a business profile, such as many reviews over a short period of time. The vast majority of fake and fraudulent reviews are removed before anyone sees them because all reviews are run against classifiers before being posted. (d) testing and adapting algorithmic systems All Google VLOPs / VLOSE rely upon the following mitigations\*: ● Surfacing high-quality information: Algorithms power Google’s services by prioritising relevant information in search results, making app recommendations on Play, and providing relevant product listings in Shopping. Algorithms enable Google to advance quality and relevance while reducing systemic risk to users and society. Google's systems use these, hundreds of other signals to prioritise the results that seem most helpful, in particular content that seems to demonstrate expertise, experience, quality, and trustworthiness. ● Red Teaming for AI models: We rigorously test the AI models we develop. Red teaming exercises, conducted both internally and externally, proactively assess AI systems for weaknesses and areas of improvement. Our AI Red Team combines security and AI expertise to simulate attackers who might target AI systems. Based on intelligence from teams like the Google Threat Intelligence Group, the AI Red Team identifies vulnerabilities and surfaces insights to mitigate Confidential and commercially sensitive; prepared for the European Commission | 145 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ risks. As AI technology develops, so do our methods for testing it. VLOP/VLOSE-specific mitigations\*: Search Quality Rating Program: To help us test and improve our Search algorithms we continue to put all possible changes to Search through a rigorous evaluation process to analyse metrics and decide whether to implement a proposed change. Our Search Quality Rating Program, which includes external Search Quality Raters, helps us evaluate if our Search systems are generating helpful results that demonstrate experience, expertise, quality, and trustworthiness. (e) adapting advertising systems and adopting targeted measures All Google VLOPs / VLOSE rely upon the following mitigations\*: ● Ads Policies: Our advertising policies are designed to ensure a safe and positive experience for our users. This may include prohibiting content that is harmful to users and the overall advertising ecosystem. Our advertising policies and review processes help address risks across our VLOSE and our VLOPs and cover four broad areas: Prohibited content, Prohibited practices, Restricted content and features, Editorial and technical. ○ Political Ads Policy: Our Ads Political Content Policy requires all verified election advertisers to prominently disclose when their ads contain synthetic or digitally altered content that inauthentically depicts real or realistic-looking people or events. Their disclosure must be clear and conspicuous, and placed in a location where it is likely to be noticed by users.79 ● Strikes: For repeat violations of an Ads policy, we issue strikes to the Google Ads account and penalties progressively increase with each subsequent strike leading up to account suspension. To address the risk of over-enforcement, advertisers can appeal potentially erroneous ad reviews, strikes, and suspensions. 79 As of the date of this report, Google allows political advertisements. Google plans to stop serving political advertising beforeOctober 2025. Read more here. Confidential and commercially sensitive; prepared for the European Commission | 146 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ (f) reinforcing internal processes, resources, testing, documentation, and supervision All Google VLOPs / VLOSE rely upon the following mitigations\*: ● Generative AI feature testing: Generative AI features are rigorously tested ahead of launch to ensure safety. ● Specialist teams: Google has a number of specialist teams who work across Google products to mitigate risks (see “Investing in Systemic Risk Prevention”). VLOP/VLOSE-specific mitigations\*: Content Reporting and Removal on Search: For people who wish to remove non-consensual explicit imagery (NCEI) and involuntary synthetic pornographic images (ISPI) depicting them from Search, we provide a process to request removal of links to the content from search results pursuant to our policies against this type of content. Personal Information Monitoring and Reporting: We continue to promote privacy and security by enhancing user control over their online presence. We redesigned the “Results about you” tool to provide users more monitoring solutions and options for requesting removal of pages with highly personal information. We have also employed advanced AI technologies to enhance our ability to identify and remove scam pages from our search results. These improvements help ensure users find the results that are high quality and trustworthy, while also protecting them from harmful sites. (g) initiating or adjusting cooperation with trusted flaggers All Google VLOPs / VLOSE rely upon the following mitigations\*: ● Priority (Trusted) Flaggers: Our Priority Flagger Program (formerly called Trusted Flaggers) provides channels for participating organisations to notify us of potentially harmful issues on certain of our products and services that violate our policies. We use a dedicated intake channel to expedite review of potential policy violations. ● Out-of-court dispute settlement bodies: Google may take certain restrictive actions on content or accounts if we believe they have violated the law or our policies, or may decide not to act on a report submitted by a user regarding potential illegal or policy-violating content. When users disagree with Google’s decisions, they may be able to refer their matter to an out-of-court dispute settlement body. Google will work with the out-of-court settlement body where required by law. Google is not bound by any decisions made by these out-of-court settlement bodies. Confidential and commercially sensitive; prepared for the European Commission | 147 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ VLOP/VLOSE-specific mitigations\*: YouTube’s Priority Flagger Program: YouTube developed the Priority Flagger program (formerly called Trusted Flaggers) to streamline the reporting processes for government agencies and non-governmental organisations (NGOs) that are particularly effective at notifying YouTube of content that likely violates our Community Guidelines–though each flag is reviewed by a human to assess whether it is a violation or not. The program provides these partners with dedicated reporting processes and a channel for ongoing discussion and feedback about YouTube’s approach in various content areas. (h) initiating or adjusting cooperation with other online platform providers All Google VLOPs / VLOSE rely upon the following mitigations\*: ● Crisis protocols: Internal crisis response protocol processes have been established in the event of extraordinary circumstances that could lead to a serious threat to public security or public health in the EU. ● Industry Partnerships: ○ The Partnership on AI’s (PAI) Responsible Practices for Synthetic Media: A Framework for Collective Action, an initiative to foster best practices in the development, creation, and sharing of media created with generative AI, and PAI’s Guidance for Safe Foundation Model Deployment. ○ Google became a founding member of the Global Signal Exchange (GSE) in partnership with the Global Anti-Scam Alliance (GASA) and the DNS Research Federation (DNS). GSE is designed to be a global clearinghouse for online scam and fraud signals from bad actors. This collaboration leverages the strengths of each partner: GASA’s extensive network of stakeholders, the DNS Research Federation’s robust data platform with already over 40 million signals, and Google's experience in combating scams and fraud. ○ Global Internet Forum to Counter Terrorism (GIFCT): In 2017, YouTube co-founded GIFCT with a group of companies dedicated to disrupting terrorist abuse of members’ digital platforms. GIFCT provides a formal structure to accelerate and strengthen our work and present a united front against the online dissemination of terrorist content, such as by identifying and sharing signals of terrorist and violent Confidential and commercially sensitive; prepared for the European Commission | 148 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ extremist activity via the GIFCT hash sharing database. ○ Tech Coalition (TC): In 2006, we joined the Tech Coalition, teaming up with other tech industry companies to develop technical solutions that disrupt the ability to use the Internet to exploit children or distribute CSAM. For example, we have been one of two members to test a system to increase the chances of detecting CSAM videos through hash matching, while our child safety experts also chair or actively participate in half a dozen key working groups of the Tech Coalition. ○ Coalition for Content Provenance and Authenticity (C2PA): During 2024 we joined the Coalition for Content Provenance and Authenticity as a steering committee member. The C2PA is a cross-industry effort to address the prevalence of misleading information online through the development of technical standards for certifying the source and history (or provenance) of media content. ○ Robust Open Online Safety Tools (ROOST): We have partnered with other leading companies to form a new non-profit organisation dedicated to improving child safety online. The initiative aims to make core safety technologies more accessible for companies and provide free, open-source AI tools for identifying, reviewing, and reporting child sexual abuse material. VLOP/VLOSE-specific mitigations\*: Codes of Practice: Google is a signatory to the Code of Practice on Disinformation and a Strengthened Code in June 2022. As part of the Strengthened Code, we have committed to providing the European Commission with reports detailing how we have implemented our commitments. Our commitment to the Strengthened Code applies to Search, YouTube, and Google Ads. Partnerships for Safer Apps: Google Play is part of the App Defense Alliance, a partnership with fellow steering committee members Microsoft and Meta, which launched new standards to help developers build more secure apps. (i) taking awareness-raising measures All Google VLOPs / VLOSE rely upon the following mitigations\*: ● Media Literacy: Google is committed to strengthening media literacy through a range of Confidential and commercially sensitive; prepared for the European Commission | 149 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ initiatives and partnerships including but not limited to Be Internet Awesome, and our support of the Global Fact Check Fund. See more in the body of this report. VLOP/VLOSE-specific mitigations\*: Elevating Educator-Approved Apps: On Google Play, the Teacher Approved program identifies apps approved by teachers and minors’ education specialists, and then offers a description of the apps’ quality attributes. This information helps families easily review the apps and make informed choices about whether they want their minors using an app or game. Information Literacy Training: Search has invested in an off-platform training program on information literacy called “Super Searchers.” Super Searchers is a train-the-trainer program that focuses on educating users how to examine and analyse the content they find online. This training program has been rolled out across the U.S., EMEA and APAC. (j) taking targeted measures to protect the rights of the child All Google VLOPs / VLOSE rely upon the following mitigations\*: ● Child Safety Toolkit: Our Child Safety Toolkit consists of two APIs: the Content Safety API (which classifies previously unseen images of potential child sexual abuse and exploitation) and CSAI Match (which matches known abusive video segments). We offer these APIs to qualifying partners free of charge. Our partners use these technologies to process billions of files each year, allowing them to evaluate millions of images and videos for abusive behaviour and prioritise the most concerning content for review. ● Parental Controls: Family Link parental controls are available in the Family Link app and also via web browsers. Parents/guardians of minors under the applicable minimum age can create Google Accounts for their children and must manage those accounts using Family Link parental controls. Family Link parental controls are also available for parents/guardians to supervise minors over the applicable minimum age, but consent from these minors is required before supervision may be enabled. ● Proactive engagement with child safety experts: We proactively engage with child safety experts from industry, academia, government, and civil society, such as at our recent “Growing Up in the Digital Age” summit hosted at the Google Safety Engineering Center (GSEC) in Dublin. See more in Annex C of this report. Confidential and commercially sensitive; prepared for the European Commission | 150 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ VLOP/VLOSE-specific mitigations\*: Content Settings: Within YouTube Kids and Supervised experiences for tweens, parents can select the content settings they want their minors to have access to. Parents or guardians can also customise young users’ access to content by blocking content for their child’s YouTube Kids profile or for their tween’s supervised account on the main YouTube platform. Youth and Families Advisory Committee: YouTube’s Youth and Families Advisory Committee is made up of experts in minors’ media, child development, digital learning, and citizenship from a range of academic, non-profit and clinical backgrounds, and provides advice when we update our family product experiences and policies. Other components include rules and guidelines for when minors appear in content, restricting access to mature content, and protecting minors at risk. Prohibited Personalised Ads for Kids: We do not permit advertisers to run personalised ads on content designated as “made for kids,” and we maintain a separate Ads \& made for kids content policy. Advertisers may not run personalised ads, make use of any third-party trackers, or otherwise attempt to collect personal information from minors or on content designated as made for kids. Advertising that is intended for minors or is on content designated as made for kids must not be deceptive, unfair, or inappropriate for its intended audience. Age-Appropriate App Experiences: We launched the “Restrict Declared Minors” feature to help Play developers ensure that their apps reach age-appropriate audiences. Developers can toggle a block that prevents minors from downloading or purchasing an app, continuing a subscription, or making new purchases on an app that is already installed. (k) ensuring information is distinguishable through prominent markings All Google VLOPs / VLOSE rely upon the following mitigations\*: ● Cross industry collaboration: Google joined the Coalition for Content Provenance and Authenticity (C2PA) coalition and standard, a cross-industry effort to help provide more transparency and context for people on AI-generated content. ● Ads restrictions on synthetic content: We expanded our political content policies to require all election advertisers to prominently disclose when their election ads include synthetic content that inauthentically depicts real or realistic-looking people or events, including image, video, and audio content, becoming the first company to do so. This disclosure must be clear and conspicuous and must be in a Confidential and commercially sensitive; prepared for the European Commission | 151 Annex B: List of Mitigations \________________________________________________________________________________________________________________________________________________________________ location where it is likely to be noticed by users.80 Our ads policies already prohibit the use of manipulated media, like deepfakes or doctored content, to mislead people. ● SynthID: SynthID a tool for watermarking and identifying AI-generated content. This technology embeds a digital watermark directly into the images, text, audio, and video generated with Google’s AI tools in a way that is imperceptible to the human eye but detectable for identification. We are not exposing SynthID labels to users, but the ability to identify computer-generated content is one method for helping promote high-quality information. VLOP/VLOSE-specific mitigations\*: Content Labels: Any content published on YouTube that was created on Veo, Google DeepMind’s video generation model, will be embedded with a watermark using SynthID. Users will also be able to identify these creations through a content label that clearly communicates if a piece of content was generated using AI. Play’s VPN Badge: VPN badge system to help Google Play users find “verified” VPN apps. These badges were designed to highlight apps that prioritise user privacy and safety. To earn a VPN badge, we assess an app’s adherence to Play safety and security guidelines, and the app must successfully pass an independent Mobile Application Security Assessment (MASA) Level 2 validation. \*Non-exhaustive 80 As of the date of this report, Google allows political advertisements. Google plans to stop serving political advertising beforeOctober 2025. Read more here. Confidential and commercially sensitive; prepared for the European Commission | 152 Annex C: List of Consultations \________________________________________________________________________________________________________________________________________________________________ Annex C: Key Engagements As discussed within the Consulting with Experts section of the report, we regularly engage with academics, independent researchers, and civil society groups. During the assessment period (July 1st, 2024 - June30th, 2025) we engaged with safety experts on systemic risk topics, including academics, independentresearchers, and civil society groups. Below is a non-exhaustive selection of key engagements undertaken by Google Trust and Safety teamsduring the assessment period that included discussion of the risks in scope of the systemic riskassessments. These engagements demonstrate the breadth of our coverage and commitment to dialoguewith external partners on these critical matters. R\&R 2025 - Risk \& Rights European Summit 2025 3 Jun 2025 The 2025 Risk \& Rights European Summit, organised by the Global Network Initiative (GNI) and the Digital Trust andSafety Partnership (DTSP), took place in Brussels, bringing together more than 75 attendees from VLOPs andVLOSEs, along with EU policymakers, NGOs, and academics. The primary focus of the summit was the DigitalServices Act (DSA), with discussions centered on industry best practices for systemic risk assessments and theprotection of fundamental rights online. Key topics included freedom of expression, consumer protection, genderequality, and the operationalisation of other mandatory risk assessments, such as those required by the UK OnlineSafety Act. A key theme emerging from the summit was the significant challenges still facing early DSA implementation.Participants acknowledged a “trust deficit” between companies and civil society and highlighted the difficulty ofintegrating fundamental rights into risk-based frameworks. Other concerns shared by both platforms andstakeholders included DSA audit implementation, the potential for fragmentation in global regulations, and theneed for greater international coordination to avoid misapplication of these frameworks. The organisers publishedan official summary document in the weeks following the event - “The European Rights \& Risks: Stakeholder Engagement Forum summary report.” EMEA Anti-Scams and Fraud Summit 2025 28 May 2025 The inaugural EMEA Anti-Scams and Fraud Summit in Dublin, featured 200 global experts convened by Googlefrom tech companies, law enforcement, and government to address the escalating $1 trillion crisis of online fraud.The summit focused on a multi-pronged approach to scams, emphasising prevention, data sharing, and acollective defense strategy that requires deep collaboration across industries. In addition to Google’s announcement of a $5 million Google.org commitment to anti-scams research and awareness in Europe, Google showcased its AI-powered interventions across products and highlighted programs such as the Global SignalExchange (GSE) and ShieldUp!, a prototype game utilising an inoculation theory-based learning approach andsignificantly improving users’ ability to recognise scams. Confidential and commercially sensitive; prepared for the European Commission | 153 Annex C: List of Consultations \________________________________________________________________________________________________________________________________________________________________ The event yielded an obvious urgent need for a networked, cross-industry approach to combat global scams,which often exploit regulatory and jurisdictional gaps. The dual role of AI—both as a tool for scammers and as apowerful defense mechanism—was a central discussion point. Growing Up in the Digital Age Summit 2025 3 Mar 2025 Google’s third annual “Growing Up in the Digital Age” Summit gathered over 250 key online safety figures andDublin to address the critical mission of protecting and empowering young people online. The summit focused ona range of crucial topics, including age assurance, the impact of AI on child safety, and combating Child SexualAbuse and Exploitation (CSAE) materials. Google showcased its safety-by-design approach, highlighting newproduct features such as Search’s CSAM one-box intervention to reduce follow-on queries seeking CSAM viaconnecting users to multiple types of support services, including specialist prevention resources for CSAM seekersand victims as well as hotline information for reporting CSAM. Highlights of the event included the announcement of a €10 million Google.org commitment for 2025 aimed atsupporting programs in Europe that create safer online environments for kids and foster teens' digital well-beingand the launch of a new teen research initiative that will gather views and perspectives from 8,000 teens acrossEurope, kicking off with a teen research co-creation workshop at the Summit and a panel discussion on safety,learning, belonging and privacy. Google Responsible AI Summit 2024 3 Oct 2024 Google’s first-ever Responsible AI Summit was a multi-day event held in Paris, bringing together over 240government ministers as well as experts from academia and industry. The summit served as a platform to discuss awide range of topics, from AI governance and economic opportunity to the critical issues of AI responsibility andsafety. The event also included dedicated modules for AI Research \& Ecosystems and a Students AI Workshop,specifically designed to encourage students from underrepresented groups in AI safety. Key topics addressed during the summit included AI governance, with discussions on regulations and internationalcooperation for responsible AI development, and AI economic opportunity, exploring AI’s role in Europeancompetitiveness. A significant focus was also placed on AI responsibility and safety, covering how to ensure AIsystems are reliable and how AI can contribute to cybersecurity. Interactive demos showcasing Google's AI work were a notable feature, including Alphafold, SynthID (for detecting AI-generated content), and presentations on AI’s role in sustainability, and cybersecurity. Confidential and commercially sensitive; prepared for the European Commission | 154 Annex C: List of Consultations \________________________________________________________________________________________________________________________________________________________________ Confidential and commercially sensitive; prepared for the European Commission | 155