Introduction
The European Union’s contentious “Chat Control” proposal—that would create a mechanism to scan every private message shared over encrypted messaging services—has picked up steam. Reports indicate that the proposal apparently has support from 19 of the 27 member states in the EU, clearly bringing Europe one step closer to enabling client-side scanning on applications like WhatsApp, Signal and Telegram. Nevertheless, the plan faces fierce resistance from privacy advocates, civil rights organizations, and several EU governments.
Member States Rally Behind the Proposal
Support for the measure has accelerated following Denmark’s reintroduction of the regulation on July 1, the start of its EU Council presidency. France, formerly opposed, has now switched support in its favor, according to statements by Patrick Breyer, a former German MEP for the Pirate Party. Alongside Denmark and France, Belgium, Hungary, Sweden, Italy, and Spain are noted supporters. Germany remains undecided, but if Berlin joins the majority, the proposal could pass by mid October via a qualified majority vote—meaning at least 15 countries with 65% of the EU population must agree.
How Chat Control Would Function
Rather than weakening encryption directly, the legislation would rely on client side scanning—software on individual devices that inspects content before it is encrypted and sent. Critics liken this to having the post office read every letter in your living room before sealing the envelope.
Under current negotiations, scanning would focus on visual content—photos, videos, and URLs—with text and audio excluded in a compromise effort. Users would technically need to “consent,” but refusal would block sharing of media—essentially forcing compliance.
Justifications vs. Privacy Concerns
Proponents argue the measure is essential for detecting and combating child sexual abuse material (CSAM), citing data that much of this illegal content circulates via encrypted messaging. According to law enforcement figures, about two-thirds of reported CSAM originates from chats or emails in the EU. The European Commission asserts voluntary scanning by tech platforms has proven inadequate.
But opposition is resounding. Privacy groups, digital rights organizations, and legal experts warn the proposal amounts to mass surveillance and undermines fundamental rights. The European Council’s legal service and data protection authorities (EDPS and EDPB) have flagged the risk of indiscriminate scanning of electronic communications across the EU.
Former MEP Breyer calls it an “end of privacy of digital correspondence,” stressing that ordinary users will be swept into algorithmic scrutiny not limited to criminals.
Technical and Practical Critiques
Experts warn client-side scanning is experimental and risky. There are technical problems with automated tools to identify new or unknown CSAM—that is, when they can lead to “alerts” by breathing new life into otherwise inert flashbacks of people lost in a message or image—which has been found to lead sometimes to falsely identifying every legal and artistically-knotted family images, or simply casual conversations between young people. A study commissioned by the European Parliament criticized the proposal’s feasibility, noting that no current technology can reliably distinguish illegal from harmless content without errors.
Leading platforms like Signal and Threema have warned they may cease operations in the EU if forced to implement the scanning, and whistle-blower Edward Snowden has condemned the move as “terrifying mass surveillance”.
Current Political Landscape and Outlook
Earlier votes were postponed or blocked by a minority of states in mid-2024—Germany, Belgium, Luxembourg, Poland, the Netherlands and others formed a blocking coalition that prevented the measure from passing in Council. However, as Hungary assumes the Council presidency in July 2025, momentum has returned, and Poland has floated a revised version making scanning “voluntary,” yet critics say this still fails to resolve structural privacy concerns.
Meanwhile, leading data watchdog reports and expert commentary emphasize that protecting children online can be more effectively approached through education, proactive removal of CSAM from public sites, and focusing on private-sector security-by-design—without exposing user encryption to systemic vulnerabilities.
Looking Ahead
Should Germany move as members of the supporting coalition of countries changed they could undertake a Council vote by mid October 2025, which would then lead to the EU being able to require client-side scanning from encrypted platforms by the end of 2025 or in early 2026. However, opposition is widespread, including from civil society, technology platforms, digital rights defenders, and many member states.
The debate appears to be crystallising in terms of its polarity: safeguarding children versus protecting digital privacy. As stakeholders engage in negotiations, European citizens are being asked to contact their MEPs, sign petitions and raise their concerns before the legislative process, which critics argue could undermine all users’ encryption, is irreversible.
