Any CyberTipline data shared by NCMEC is accurate as of a particular moment, but it may differ from a similar data inquiry conducted on another date.
As noted on this Platform and elsewhere, CyberTipline data is subject to updates resulting from any of several events. Those actions include, for example, the submission of additional information by online platforms; receipt of feedback from law enforcement; the deployment of new or updated technology, CSAM hash lists, etc.; and NCMEC’s analysis of reported content and related information.
Due to NCMEC’s operational practices in fulfillment of its clearinghouse role, this data is never fully fixed—CyberTipline reports may be assigned a new or additional incident type (the original is always retained), reported files may be re-classified (for example, as analysis identifies reported images that appear to have been AI-generated), or referrals may be made available to additional jurisdictions not originally determined to be relevant.
Stakeholders have noted that the CyberTipline data published on the Global Platform for Child Exploitation Policy differs from data published on by NCMEC elsewhere, primarily in its annual CyberTipline data reports available at https://www.ncmec.org/cybertiplinedata.
Here are some descriptions of key differences between NCMEC’s annual CyberTipline Report and the Global Platform for Child Exploitation Policy (GPCEP).
1. Referrals and Informational Reports
Annual CyberTipline Report: NCMEC publishes total numbers of reports, disaggregated (beginning with 2024) between referrals and informational reports. These totals are representative of NCMEC's workload and the true volume of reporting.
GPCEP: Only referrals are listed, because most jurisdictions do not routinely review and investigate informational reports. This is more representative of the likely CyberTipline workload for each jurisdiction and the volume of reports designated as referrals.
2. Specificity and Reporting Interval
Annual CyberTipline Report: Numbers are not rounded, specific to the individual report count for any particular jurisdiction, for only the full calendar year.
Example: Mozambique (2024)
14,837 (referrals) + 3,050 (informational) = 17,887 (total, both referrals and informational)
GPCEP: All numbers are rounded, with numbers below minimum thresholds listed as <50 or <10 (depending on the datapoint), available for January-June, July-December, and the full calendar year. This rounding schema allows figures to be largely unaffected by updates (most of which are relatively small) to absolute numbers. The semiannual reporting interval is part of NCMEC's move toward sharing more detailed data. As noted above, the data on the Platform includes only referrals and does not include informational reports.
Example: Mozambique (2024)
≈3,900 (January-June) | ≈11,000 (July-December) | ≈15,000 (full year)
3. Jurisdictions and Responsible Law Enforcement Authorities
Annual CyberTipline Report: This publication—and the included world map and table—lists the number of reports made available to designated law enforcement agencies, some of which are responsible for multiple jurisdictions. In some circumstances, reports may be made available to an international organization, such as INTERPOL or Europol, to receive on behalf of a member state and may not be included in the member state's figures. When NCMEC's analysis of a report—or subsequent law enforcement feedback—indicates it may be relevant to multiple jurisdictions, the report is included in each jurisdiction's total.
GPCEP: Reports are associated with the jurisdiction (or jurisdictions) with a clear connection to reported conduct or persons—such as a reported CSAM upload IP address that resolves to a certain country—regardless of where the responsible law enforcement authorities are located. This determination is usually made at the point of report submission. Identification of additional relevant jurisdictions resulting from NCMEC's analysis or subsequent law enforcement feedback are not accounted for in GPCEP data.
4. Granularity
Annual CyberTipline Report: Statistics presented are high-level, answering questions such as:
- How many CyberTipline reports did Snap submit in 2024, across all jurisdictions? (1,174,698)
- How many CyberTipline reports of all incident types, from all sources, did NCMEC receive for Brazil in 2024? (517,060 referrals + 76,635 informational = 593,695 total)
- How many video files were uploaded to the CyberTipline by reporting ESPs in 2024? (33,130,449)
GPCEP: Exclusively available on this Platform, NCMEC publishes expanded information about 24 datapoints for each jurisdiction covering incident type, file information, NCMEC priority, electronic service provider (ESP) escalation status, top reporting ESPs, and top reported internet service providers. This provides stakeholders with new insights, answering questions including, for example:
- How many video files were uploaded by reporting ESPs in CyberTipline reports for Mozambique in 2024? (approximately 2,400)
- Did ESP escalations for Australia increase or decrease during the second half of 2024? (decrease)
- How did the volume of GAI CSAM uploaded by reporting ESPs for the U.S. change during 2024? (increased from <50 January-June to ≈900 July-December)
Accurate understanding and use of NCMEC's data can contribute to more effective advocacy and programming. NCMEC encourages stakeholders to carefully consider the data descriptions available on the Global Platform for Child Exploitation Policy and use them whenever the corresponding data is analyzed and published, especially for policy and legislative advocacy.