I quickly skimmed [0] and my reading is that scanning is predicated on pictures being uploaded to iCloud. It says things like:

> CSAM Detection enables Apple to accurately identify and report iCloud users who store known Child Sexual Abuse Material (CSAM) in their iCloud Photos accounts.

[0] https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...