The EU's controversial Chat Control proposal – requiring tech platforms to scan private messages for illegal content – heads toward final negotiation on June 29, in what digital rights groups warn could become the biggest threat to encryption in European history.
Brussels decides more than you think. This single vote will determine whether WhatsApp, Signal, and every messaging app must scan your private conversations – or whether end-to-end encryption survives in Europe.
The regulation, officially titled the Child Sexual Abuse Material (CSAM) Regulation, would create a framework requiring messaging platforms to detect illegal content. But the devil, as always with EU legislation, is in the technical details.
What does "client-side scanning" actually mean? It means your messages would be analyzed before encryption – essentially breaking the promise of end-to-end encryption by scanning content on your device before it's sent. Think of it as having a government inspector read your letter before you seal the envelope.
The European Parliament, Council, and Commission are now locked in trilogues – those notorious three-way negotiations where EU laws get made behind closed doors. Their positions diverge significantly.
The Parliament supports mandatory scanning, but only in cases of "reasonable suspicion of a crime" with strong privacy safeguards – the least invasive option on the table.
The Council, representing member states, shifted dramatically in late 2025 when Denmark proposed eliminating mandatory scanning entirely. The Council now opposes forced detection of private messages, favoring instead a voluntary framework similar to current interim measures.
The Commission, which originated this proposal, continues advocating for mass scanning capability across encrypted services – the position that alarms privacy advocates most.
But the scanning debate masks an equally troubling provision: mandatory age verification. The proposal could require users to submit just to access messaging apps.
