On Friday, September 12, 2025, EU Council members are requested to share their last place on the controversial little one sexual abuse (CSAM) scanning invoice.
It’s been an extended experience, began in May 2022, when the EU Commission first unveiled its Child Sexual Abuse Regulation (CSAR) proposal. The aim is formidable – to make the web setting safer for youths by stopping the sharing of kid sexual abuse materials. Yet, the proposed system for a way to try this, which means the scanning of personal messages, has sparked a robust debate amongst political ranks and the tech business alike.
Three years after failing to reach an agreement, the Danish Presidency unveiled the latest iteration of what’s become known as Chat Control on July 1, 2025. For the primary time, lawmakers look like near getting nearly all of nations on board. At the time of writing, 15 nations already help the proposal, eight are in opposition to, and solely 4 are nonetheless undecided.
The Danish proposal introduces new obligations for all messaging companies working in Europe to scan customers’ chats – even when they’re encrypted – within the seek for each recognized and unknown CSAM materials.
Crucially, the obligatory scanning is predicted to happen instantly on the gadget earlier than messages get encrypted, concentrating on shared URLs, photos, and movies. Only governments and army accounts are excluded from the scope of the invoice.
While acknowledging a few of the enhancements the Danish model has made, on Tuesday (September 9), over 500 cryptography scientists and researchers signed a letter to warn the EU Council of the dangers of agreeing to the proposal in its present type. This is the third time since 2022 that consultants have urged in opposition to obligatory chat scanning. So, how did we get right here? And what’s at stake?
Three years of failed attempts
As mentioned earlier, the EU Council has so far failed to craft a bill that could attract the necessary majority for submission to the Parliament for negotiations. Over a period of more than three years, various proposals have been made, as Presidency after presidency attempted to find a compromise that could work for most countries.
As per its first version, all messaging software providers would be required to perform indiscriminate scanning of private messages to look for CSAM. The backlash was strong, with the European Court of Human Rights proceeding to ban all legal efforts to weaken the encryption of safe communications in Europe.
In June 2024, Belgium proposed a new, more compromising text to focus on solely shared pictures, movies, and URLs, with customers’ permission. In February 2025, Poland tried to discover a higher compromise by making encrypted chat scanning voluntary and labeled as “prevention.”
Fast ahead to July 2025, Denmark reintroduced Chat Control as a high legislative precedence on its first day of Presidency. While protecting the Belgian strategy of limiting scanning to URLs and multimedia recordsdata, many consultants really feel that the textual content goes again to the place it began – it reintroduces the indiscriminate scanning of unknown CSAM materials, too.
That’s most definitely why former MEP for the German Pirate Party and digital rights jurist, Patrick Breyer, deemed the Danish proposal the “more radical version” thus far, warning in opposition to the “intrusive and unreliable scanning” that the legislation will create. Other consultants who talked to TechSwitch additionally agree that, because it stands, the regulation is simply too far-reaching and certain ineffective.
Defining between consensual and non-consensual abuse materials is difficult, in truth, and even AI detection tech will not assist in opposition to false positives. Also, limiting the scanning to a sure a part of the personal messages may enable criminals to simply bypass detection, in the end making a false sense of safety for each mother and father and kids.
All of this, whereas irremediably breaking encryption for all. As Bart Preenel, a Belgian cryptographer, professor at Leuven University, and signatory of the September 9 open letter, explains, whereas the Danish proposal mentions the dedication to protect end-to-end encryption protections, that expertise merely doesn’t exist.
“[Lawmakers] try to deny it, but encryption means that only the sender and receiver can see the message. If anybody has looked at it [even before getting encrypted], then you destroy the value offered by the encryption,” Preenel advised TechSwitch.
Why breaking encryption is a bad idea
Encryption refers back to the technical infrastructure that scrambles our on-line communications to stop unauthorized entry.
Encrypted messaging apps like Signal or WhatsApp, safe e-mail suppliers like Proton Mail and Tuta, and the best VPN companies all depend on end-to-end encryption to make sure our communications stay personal between the sender and the receiver – end-to-end.
Law enforcement our bodies, nonetheless, have lengthy argued that this stage of safety is an impediment throughout investigations and have been pushing to create an encryption backdoor (out and in of the EU) for years.
Digital rights consultants, cryptographers, and technologists maintain preventing again in opposition to this concept, although, warning {that a} backdoor may trigger extra hurt than good.
Do ?
German encrypted mail supplier, Tuta, is ready to drag the EU into Court if the controversial Danish CSAM scanning invoice turns into legislation. “We will not stand by while the EU destroys encryption,” says Matthias Pfau, CEO of Tuta Mail.
Talking to TechSwitch, Director of Government Affairs and Advocacy on the Internet Society, Callum Voge, explains that the proposed “client-side scanning” system wouldn’t solely violate folks’s proper to privateness and confidentiality, but in addition inevitably introduce new vulnerabilities that each legislation enforcement and cybercriminals will be capable of exploit.
“This is a very big threat to national security in the EU. A weakness that the EU should not be creating at all,” mentioned Voge. “Given the current geopolitical situation, we think governments should really be encouraging more encryption, not trying to weaken it, or undermine it.”
He’s actually not alone in feeling this fashion. Both the Swedish Armed Forces and the Netherlands Intelligence Agency have careworn that circumventing encryption creates too nice a nationwide safety danger, arguing that hostile nations would exploit new applied sciences to assault European customers. Yet, whereas the Netherlands is at present opposing the invoice within the Council, Sweden is among the many supporters.
“What’s very telling of the Danish proposal is that government and military accounts are exempt from scanning. So, clearly [lawmakers] understand there’s a security risk, but they think that risk is acceptable for the public but not acceptable for themselves,” Voge added.
Beyond nationwide safety, issues embrace the potential for indiscriminate surveillance in opposition to all EU residents.
As Voge places it, “If breaking encryption is sort of a letter going to the put up workplace and somebody rips it open and reads what’s inside, then client-side scanning is like somebody reads the letter over your shoulder as you write it. Crucially, as soon as the system is created, it is very straightforward to develop it to scan for something you need.”
Germany – the deciding factor
Friday is the day EU members need to share their final positions on the Danish Chat Control proposals. Another meeting with the EU Justice Minister is also set for October 14, but that’s just a formal sign-off, with the country’s positions expected to remain unchanged.
If successful, the CSAR bill will finally land in the European Parliament to be discussed as part of the trilogue negotiations, alongside the EU Council and Commission.
Despite the list of countries opposing the law growing, help for Chat Control stays robust, with 15 nations supporting the proposal (together with essential members like France, Italy, and Spain).
Germany has been regarded as the deciding issue, although, which made Chat Control’s critics apprehensive for a very long time. The earlier authorities was certainly very pro-encryption – looking for to make encryption a legal right at house, whereas strongly opposing obligatory scanning within the block. Yet, the brand new administration “is giving very mixed messages and no one can definitively say what’s going to happen on Friday,” Voge from the Internet Society advised TechSwitch.
It then comes as a welcome growth for Chat Control’s critics the information that each Germany and Luxembourg joined the opposition on the eve of the essential September 12 assembly. This brings the full variety of nations opposing the invoice to eight, including to Austria, Belgium, the Czech Republic, Finland, the Netherlands, and Poland.
Only 4 EU members (Estonia, Greece, Romania, and Slovenia) are nonetheless undecided on the time of writing, according to the latest data.
What’s sure, nonetheless, is that the Chat Control is way from being the one proposal threatening encryption protections within the EU.
Commenting on this level, Preenel advised TechSwitch: “There is gigantic stress to get entry to encrypted knowledge: it isn’t solely the CSAM case, there’s additionally the ProtectEU doc. That’s the true debate, and I feel that CSAM is used as an excuse to open the door.”