Under the pretext of protecting minors, the European Union is considering a regulation that would allow the analysis of private conversations in apps like WhatsApp, Signal, or Telegram. Experts and organizations warn of an unprecedented threat to privacy across the continent.
October 14, 2025, could mark a turning point in the history of digital privacy in Europe. That day, EU member states are expected to vote on the controversial legislative proposal known as “Chat Control,” or CSAR (Regulation Against Online Child Sexual Abuse). If approved, the new rules would enable messaging providers to automatically scan users’ private messages in Europe, even if they’re end-to-end encrypted.
The initiative has been pushed forward by Denmark, which assumed the EU Council’s rotating presidency on July 1 and reintroduced the project with renewed vigor. While the official goal is to combat the distribution of child exploitation material (CSAM), digital rights groups, cybersecurity experts, and legal professionals warn that it poses a direct threat to freedom of expression, the presumption of innocence, and the right to privacy.
What does “Chat Control” actually entail?
The key lies in the concept of “client-side scanning.” Instead of intercepting communications after they’re sent, the user’s devices—phones, tablets, or computers—would analyze content locally before it’s encrypted. In other words, control begins before the message leaves the phone.
This scanning would apply to all images, videos, links, and messages—regardless of whether the user shares them via apps with strong encryption like WhatsApp, Telegram, Signal, or iMessage. Experts warn this amounts to installing a permanent backdoor in digital communication systems.
“This weakens encryption, opens the door to government abuse, and sets a dangerous global precedent,” warns German MEP Patrick Breyer of the Pirate Party, one of the most active critics of the proposal.
Germany, the key to the vote
Until recently, the proposal lacked enough support to move forward in the European Council. However, the situation has changed. According to leaked documents from Breyer himself, several countries that opposed it in 2024 are now undecided, and Germany—the decisive player—has yet to take a clear stance.
If Berlin leans in favor, the regulation could come into force this fall. Otherwise, it would be blocked again, as it was in 2022 and 2024.
Possible consequences
The implications would be profound:
- Loss of privacy: Messages would no longer be truly private, even if encrypted.
- Risk of false positives: Studies show algorithms can have error rates over 80%, resulting in wrongful accusations against innocent users.
- Deterrent effect: Knowing they’re under constant scanning could suppress free expression, especially on political, social, or controversial topics.
- Global precedent: If approved, Europe might legitimize similar policies in countries with authoritarian regimes.
Civil society’s response
The proposal has sparked strong opposition from NGOs like Access Now, the Electronic Frontier Foundation, and European Digital Rights (EDRi), as well as the European Data Protection Supervisor (EDPS). They agree that protecting minors cannot justify mass and indiscriminate surveillance.
“It’s like requiring every citizen to leave a copy of their keys at the police station in case they commit a crime someday,” summarizes a cryptography expert.
Some tech companies have also voiced concerns. For example, Telegram has warned it would exit the European market if the regulation is approved as drafted.
Are more balanced alternatives possible?
In 2024, Belgium proposed a softened version of the law that limited scanning to multimedia files (photos, videos, links) with user consent. However, it also failed to gain enough support.
Other countries have suggested that detection tools be used only in specific contexts with judicial authorization, similar to wiretaps. But the current Danish version appears to trend in the opposite direction: more automation, less oversight, and broader scope.
A less free internet?
Beyond “Chat Control,” the ProtectEU strategy presented in June by the European Commission aims to enable authorities to decrypt private data by 2030. Combined with increased efforts to limit VPN use and verify online identities, many fear Europe is heading toward a digital surveillance model that dangerously resembles China’s.
An ongoing debate: security or freedom?
At its core, the debate is longstanding: How much are we willing to sacrifice privacy for security? What’s new is the technological scale and the power these tools grant to governments.
Weeks before October 14, the debate is more open than ever. And the decisions made by European governments could determine the future of digital privacy for an entire generation.
Sources: techradar and elchapuzasinformatico