Telegram challenges the EU: what does its encryption really protect

Pavel Durov has promised that Telegram will not scan users’ private conversations, even though the European Union keeps the legal door open for platforms to voluntarily detect child sexual abuse material. The application’s founder accuses Brussels of using “tricks typical of banana republics” to recover a regulation that had expired and for which it did not obtain enough majority to reject in the second reading.

The statement reinforces Telegram’s image as a service opposed to mass surveillance, but it requires a technical explanation. Most of its conversations do not use end-to-end encryption. Conventional chats and groups are stored in the company’s cloud to synchronize across devices. Only individual Secret Chats offer an architecture where keys remain on the participants’ devices.

Telegram and Chat Control: the technical keys in 20 seconds

  • Durov states that Telegram will not analyze private messages of its users.
  • Chat Control 1.0 would allow voluntary detection; it currently does not force scanning all communications.
  • The modified position of Parliament excludes content protected with end-to-end encryption.
  • Regular Telegram chats do not have that type of encryption.
  • Groups, channels, and cloud conversations are stored on Telegram’s infrastructure.
  • Only individual Secret Chats use end-to-end encryption.
  • Signal and WhatsApp enable it by default in personal and group chats.
  • Durov’s promise is a business policy in the cloud chats, not a cryptographic barrier.
  • Chat Control 2.0 remains under negotiation; its final scope is not yet decided.

The controversy began after the European Parliament vote to extend the temporary exception to ePrivacy rules. In one of the votes, 314 MEPs supported rejecting the Council’s position, versus 276 voting against and 17 abstaining.

The rejection did not succeed because, on second reading, an absolute majority of all members of the European Parliament was required. The threshold is not calculated solely based on those voting, so absences effectively favored the continuation of the proposal.

Durov questions both the content of the proposal and the process used to revive it after the previous exception expired on 04/03/2026. Telegram thus becomes one of the few major platforms publicly stating it will not take advantage of the voluntary message inspection possibility.

What a platform could scan without breaking encryption

Chat Control 1.0 does not provide authorities with a tool to directly access any account. The exception allows certain providers to analyze their own services to detect images, videos, or conversations related to child sexual abuse.

When content is stored on servers in a form that the provider can process, analysis can occur there. The platform compares files to databases of known material or uses classifiers to locate new content and potential grooming attempts.

A suspicious result may trigger a review, account blocking, and referral to authorities. The user does not need to be previously investigated for their content to go through the automatic system.

The scenario changes with end-to-end encryption. In a proper implementation, servers receive encrypted data but do not have the keys to decrypt the message. Only the devices of the participants can decrypt it.

To inspect such content, encryption would need to be weakened, access gained to one device, or the file analyzed before encryption. This last technique is called client-side scanning: the phone examines the image or message before sending it.

The European Parliament has introduced an exclusion for communications applying, having applied, or that will apply end-to-end encryption. If that protection remains in the final text, Chat Control 1.0 could not be used as a basis to compel WhatsApp, Signal, or Telegram’s Secret Chats to inspect their content.

This doesn’t prevent applications from handling metadata. Even when the conversation text is encrypted, the platform can still know data such as IP address, connection time, device used, or participants, depending on the service design.

Telegram’s cloud chats are not equivalent to Signal

Telegram uses two different communication models. Understanding this separation is more important than any public promise from its founder.

Regular chats are Cloud Chats. They are encrypted during transmission between the client and Telegram servers but not end-to-end. The service keeps the history on its infrastructure so it appears automatically when logging in from another phone, tablet, or computer.

This model offers convenience. Users can retrieve years of conversations without relying on the original device, search old messages from any client, and store large files.

The downside is that there’s no cryptographic guarantee restricting reading to only sender and recipient. Telegram controls the infrastructure that stores, synchronizes, and delivers the content.

Secret Chats operate differently. They use end-to-end encryption, are not synchronized with the cloud, and are tied to the devices where they were created. They can have self-destruct timers but only between two people.

Telegram does not offer Secret Chats for groups. Nor does it automatically activate them for private conversations. The user must open the contact profile, select the option, and keep the used device.

Service or ModeEnd-to-End EncryptionProtected GroupsCloud SynchronizationProvider’s Technical Access to Content
Telegram: Regular ChatNoNoYesPossible by design
Telegram: Private GroupNoNoYesPossible by design
Telegram: Secret ChatYesNot availableNoNo at the server level
SignalYes by defaultYesLimited to encrypted modeNo at the server level
WhatsAppYes by defaultYesDepends on configured backupsNo for encrypted content
Conventional EmailUsually noNot applicableYesUsually possible

Durov’s statement should be understood within this architecture. Telegram claims it will not analyze stored cloud messages, although technically it could process them. In Secret Chats, the situation is different: the service shouldn’t have the keys necessary to perform such analysis from its servers.

A policy can change due to business decisions, legal orders, or internal modifications. A well-designed cryptographic barrier is more difficult to alter without modifying the software and leaving visible technical signals.

What about backups, devices, and metadata?

End-to-end encryption protects the path between participants but doesn’t address all risks.

A message can be properly encrypted but exposed if one device is compromised. Malicious software with accessibility permissions, an open session on an unrelated computer, or a screenshot could bypass the protection without attacking the protocol.

Backups also matter. Some apps allow saving history on external cloud services. If that backup isn’t end-to-end encrypted or the provider controls the key, it can become the weakest link.

Telegram avoids this issue in Secret Chats because they are not stored in its cloud, though the user loses the ability to recover them on another device. In standard chats, synchronization is a central feature of the service.

Metadata provides another information source. Knowing that two people communicate, from which approximate locations, and at what times may reveal professional, personal, or political relationships without reading content.

Signal also tries to reduce this info by employing a design that conserves minimal data. Telegram and WhatsApp use different models and may keep more records linked to accounts, connections, or devices.

Therefore, comparing platforms shouldn’t be limited to placing a padlock icon beside their names. It’s crucial to study which conversations are protected, what happens with copies, what server logs, and who controls the keys.

Telegram’s rejection versus Chat Control 2.0

The temporary exception discussed by European institutions is voluntary. Telegram can commit not to use it and continue providing services as long as it complies with other legislation.

The situation would differ if future permanent regulation imposed mandatory detection orders. Chat Control 2.0 has gone through various proposals and remains under negotiation, especially due to its potential impact on encryption.

If the final text required analyzing cloud communications, Telegram would have several options: adapt the service, appeal the regulation, limit features within the EU, or withdraw from the market. An automatic ban for refusing to scan messages is not currently approved.

Forcing inspection of end-to-end encrypted content without changing the architecture wouldn’t be straightforward. It could be tried through device scanning, but many security experts believe that solution creates a reusable surveillance capability for other purposes.

A classifier installed to detect one category of files might receive a different list tomorrow. The problem isn’t just who governs today, but what use might be made of the infrastructure once deployed.

Telegram uses this concern to strengthen its rhetoric before Brussels. However, its position would be more solid if end-to-end encryption were enabled by default and available also in groups.

What should a Telegram user verify?

The first check is simple: a regular Telegram chat is not a Secret Chat. Seeing a lock icon during the connection doesn’t mean only participants control the keys.

For especially sensitive conversations, the user should create a Secret Chat and verify it’s on the correct device. They should assume that history won’t appear when switching phones or be available on Telegram Desktop in the same way as cloud chats.

When the conversation involves multiple people, Telegram does not offer group mode with end-to-end encryption. Signal or WhatsApp provide this protection by default for groups, though each maintains different policies regarding metadata, backups, and data collection.

It’s also advisable to review open sessions in Telegram settings, close devices no longer used, and enable two-step verification. Encryption doesn’t prevent someone from accessing an account through a hijacked session.

Durov’s declaration offers a clear political stance on Chat Control. However, it does not change Telegram’s architecture. For technical users, the core question remains: who holds the keys, and where is the message decrypted?

Frequently Asked Questions

Can Telegram read regular chats?
Cloud chats are not end-to-end encrypted. Telegram controls the infrastructure used to store and synchronize them, so there is no cryptographic barrier restricting access solely to participants.

Do Telegram groups have end-to-end encryption?
No. Telegram only offers this protection in one-on-one Secret Chats.

Does Chat Control currently force Telegram to scan messages?
No. The temporary exception allows voluntary detection. The permanent regulation is still under negotiation.

Is Signal technically more private than Telegram?
In terms of message content, Signal applies end-to-end encryption by default in individual and group chats and is designed to minimize stored metadata. Telegram prioritizes cloud synchronization in its regular conversations.

Scroll to Top