Facebook failed to catch hundreds of cases of child exploitation on its platform over the past six years, a study published on Wednesday found.

The site was used as a medium to sexually exploit children in at least 366 cases between January 2013 and December 2019, a report from the not-for-profit investigative group Tech Transparency Project (TPP) analyzing Department of Justice news releases found.

Only 9% of the 366 cases were investigated because Facebook alerted authorities, while the rest of the investigations were initiated by authorities without prompting from the social media giant.

This suggests Facebook is not doing all it can to enforce its community standards, which bans “content that sexually exploits or endangers children,” said TPP executive director Daniel Stevens.

“The data shows Facebook is not doing as much as it should to address this very serious problem affecting many lives in this country,” Stevens said.

The reports analyzed by the TPP include a Rhode Island man who allegedly posed as a teenage girl to lure boys into live streaming sexual activity on Facebook Messenger, a Kentucky man accused of sending thousands of messages to more than one child target over Facebook, and a convicted Missouri sex offender who authorities said used Facebook Messenger to communicate with a 13-year-old girl.

As users on Facebook have increased, so has the number of child exploitation cases. There were as many as 23 cases per quarter in 2019 compared to just 10 per quarter in 2013.

Facebook CEO Mark Zuckerberg has repeatedly noted the company’s efforts to address child exploitation on the platform. Facebook did not respond to a request for comment.

“Child exploitation is one of the most serious threats that we focus on,” CEO Mark Zuckerberg told lawmakers in October 2019. “We build sophisticated systems to find this behavior.”

The company also appears to have taken on more enforcement responsibility since the passage of FOSTA-SESTA, which allows law enforcement to hold companies liable for what occurs on their platforms. Though the legislation has been criticized for its adverse affects on sex workers and other professions, it has forced Facebook to address online sexual exploitation of children, the report showed.

One month after FOSTA-SESTA was passed, Facebook was sued by an alleged victim of sexual abuse who said that at age 15 she was targeted and groomed by sex traffickers using Facebook.

In the five years before the controversial bill’s passage, Facebook averaged less than one cyber tip per quarter, according to TTP analysis. Since the bill was passed in March 2018, it has averaged more than three reports per quarter. Facebook and the National Center for Missing and Exploited Children have made more reports in the last two years since the passage of FOSTA-SESTA than in the prior five years combined.

Facebook has been criticized in the past for inaction in the face of reports regarding the exploitation of children on the platform. In February 2016 the BBC discovered Facebook groups where pedophiles swapped stolen images of children and reported 20 inappropriate images to Facebook as part of the investigation. The company took down only four. Following its report, the TPP alerted Facebook to a public page hosting an inappropriate picture of a young girl aimed at pedophiles, but the company did not remove it.

Facebook has said it has “zero tolerance” for such images and uses a technology called PhotoDNA to scan each image and flagged known child exploitative material to stop uploads of such imagery on the platform.

The TPP report comes as US regulators are set to introduce legislation to force tech giants to crack down on child exploitation on their platforms. A bipartisan bill from senators Lindsey Graham and Richard Blumenthal, called the Earn It Act, is expected to be introduced as early as Wednesday. Under the new act, platforms would be required to more aggressively address child sexual exploitation or risk losing protections under Section 230, a measure that prevents platforms from being held responsible for content posted on them.

While bipartisan support grows for holding tech giants accountable for exploitative content, the digital rights not-for-profit the Electronic Frontier Foundation has called Section 230 “the most important law protecting internet speech”. Facebook has expressed concerns the Earn It Act would weaken those free speech protections and roll back privacy efforts like encryption.

“We share the Earn It Act sponsors’ commitment to child safety and have made keeping children safe online a top priority by developing and deploying technology to thwart the sharing of child abuse material,” Facebook spokesman Thomas Richards said in a statement. “We’re concerned the Earn It Act may be used to roll back encryption, which protects everyone’s safety from hackers and criminals, and may limit the ability of American companies to provide the private and secure services that people expect.”

The justice department will unveil its own action against child exploitation on Thursday, with a proposal of 11 “voluntary principles” for tech platforms to target the issue. It was co-authored with members of the tech industry and is already backed by leaders of five countries, the Washington Post reported.