EU Parliament Faces Critical Decision on ‘Chat Control’ Encryption Proposal
Key Points
- EU draft law would require scanning of encrypted private messages for CSAM.
- Denmark leads the proposal; the European Parliament has expressed opposition to mass scanning.
- The European Court of Human Rights ruled that breaking encryption is illegal.
- Major VPN providers and privacy groups have publicly condemned the legislation.
- Germany’s shifting position makes it a potential deciding factor in the vote.
- Upcoming EU Council meeting in October could determine the proposal’s next steps.
- Public advocacy is seen as essential to influence the final outcome.
The European Union is debating a draft law that would require messaging services to scan private communications for child sexual abuse material, even when encrypted. The proposal, driven by Denmark, has sparked fierce opposition from privacy advocates, technology firms, and several member states. While the European Parliament has signaled resistance to mass scanning, the EU Council and Commission remain divided, leaving the fate of the legislation uncertain as negotiations continue into the coming months.
Background
For more than three years, the European Union has wrestled with a proposal to combat the spread of child sexual abuse material (CSAM) by mandating the scanning of private messages, even those protected by encryption. The draft, often referred to as “Chat Control,” would require service providers operating in the EU to examine content before it is encrypted, targeting URLs, images and videos.
Legislative Progress
On September 12, 2025, EU members were asked to state their positions on the latest version of the Child Sexual Abuse Regulation (CSAR) proposal. The bill failed to the required support, prompting a scheduled meeting of the Justice and Home Affairs Council in October. If the Council reaches an agreement, the proposal would advance to the European Parliament for trialogue negotiations alongside the EU Council and Commission.
Earlier, in November 2023, a large majority of Members of the European Parliament (MEPs) endorsed safeguards designed to prevent mass scanning and general monitoring. In February 2024, the European Court of Human Rights ruled that breaking encryption was illegal, reinforcing the technical foundations used by services such as Signal, WhatsApp, ProtonMail and major VPN providers.
Industry Opposition
Technology and privacy groups have condemned the proposal as a substantial setback for encryption. The Internet Society’s Director of Government Affairs and Advocacy warned that the legislation threatens the core security of private communications. A coalition of VPN providers, including NordVPN and ExpressVPN, issued a joint position paper defending strong encryption. Critics argue that client‑side scanning undermines the confidentiality that users expect from encrypted messaging.
Political Landscape
The proposal enjoys backing from several EU members, while others remain opposed or undecided. Germany, initially opposed, later shifted to an undecided stance, making its position‑holding pivotal. The recent reshuffling of the European Parliament after the elections has introduced a more right‑leaning composition, raising concerns among digital‑rights advocates about the Parliament’s willingness to defend encryption.
Future Outlook
Negotiations are set to continue through the autumn, with the EU Council under pressure to find a compromise that satisfies both child‑protection goals and privacy protections. Observers caution that political bargaining could influence the final outcome, potentially affecting the stance of individual member states. Public pressure and continued advocacy from privacy groups remain crucial as the EU works toward a resolution that balances security with fundamental digital rights.