The European Union is abandoning its controversial plan to require the scanning of private digital messages for child abuse material, officials confirmed Thursday.
Facing a legislative deadlock and fierce opposition over privacy concerns, the Danish EU Presidency has pivoted, proposing a new compromise that would keep the detection of such content on a voluntary basis.
This move aims to prevent a legal void, as the current framework for voluntary scanning expires in April 2026. The original proposal, widely known as “Chat Control,” was effectively blocked by countries like Germany, who argued it would create an unprecedented mass surveillance system and undermine encryption.
The Rise and Fall of ‘Chat Control’
At the heart of the years-long controversy was the proposal’s threat to digital privacy. The CSA Regulation, first introduced by the European Commission in 2022, sought to mandate that all technology companies scan users’ private communications, including photos, videos, and messages, for Child Sexual Abuse Material (CSAM).
This indiscriminate scanning obligation would have applied to every citizen without any prior suspicion.
Its reach would have extended even to services offering end-to-end encryption, such as WhatsApp and Signal. To comply, these services would have needed to implement a technique known as client-side scanning.
Technologists warned this would require deploying code to a user’s device to analyze content before it is encrypted, a method critics described as “personalized spyware” that would fundamentally break the security and privacy guarantees of encryption.
Privacy advocates, cybersecurity experts, and EU data protection authorities immediately raised alarms. They warned that such a system was tantamount to mass surveillance and would create a dangerous precedent, opening the door for broader government monitoring of private communications.
A Wall of Opposition Led by Germany
Germany’s firm opposition proved to be the critical roadblock for the legislation. Facing immense public pressure, the German government refused to support the proposal, preventing the qualified majority required for the bill to pass in the EU Council earlier this month.
German Federal Minister of Justice Stefanie Hubig summarized the principle at stake, stating, “Chat control without cause must be taboo in a state governed by the rule of law.”
This stance was part of a broad and diverse coalition of resistance. Digital rights groups like European Digital Rights (EDRi) launched the “Stop Scanning Me” campaign, highlighting the disproportionate harm the law could inflict on journalists, activists, and ordinary families.
The opposition was also mirrored within the EU’s own institutions, with the European Parliament adopting a critical position in 2023 that explicitly ruled out mass surveillance.
Adding to the pressure, a powerful group of European tech firms, including privacy-focused companies like Proton and Tuta, published an open letter warning the law would destroy user trust and harm Europe’s digital sovereignty.
They argued that forcing them to weaken security would kill their competitive advantage.
Patrick Breyer, a prominent activist and former EU lawmaker, called the halt a direct result of this widespread citizen action. “This is a tremendous victory for freedom and proves that protest works!,” he declared, crediting tireless activism for stopping what he termed a “totalitarian mass surveillance law.”
A Pragmatic Pivot to Avert a Legal Void
Facing a legislative stalemate and a looming 2026 deadline, the Danish Presidency, which currently steers EU Council negotiations, opted for a strategic retreat.
The existing legal framework that allows platforms to voluntarily scan for CSAM is set to expire, and failure to pass a new regulation would leave the bloc without any legal tools to combat the material’s spread online.
The scale of the problem is significant; a report from the UK-based Internet Watch Foundation found that 62% of CSAM identified internationally last year was hosted on EU servers.
Danish Justice Minister Peter Hummelgaard explained the decision as a pragmatic choice to prevent a worse outcome. “If we continue negotiations based on the previous compromise proposal, there is a serious risk that we will find ourselves for a long period without the tool we have today,” he told Agence France-Presse.
He acknowledged the amended proposal was not ideal but stressed that it was “better than a step back.”
The new, softened proposal will now be circulated among the 27 EU member states for approval. While it removes the most contentious element, it aims to preserve and formalize voluntary efforts.
If the Council can agree, the draft law would enter final “trilogue” negotiations with the European Parliament. However, it would still face a skeptical Parliament, which has championed an alternative approach focused on targeted measures like mandating “Security by Design” and enforcing swift takedowns of known illegal content, rather than breaking encryption.