The European Union is once again weighing legislation that could mandate the scanning of private digital communications, including encrypted messages, for material linked to child sexual abuse.
Known informally as ‘Chat Control’, the proposal has re-emerged under Denmark’s EU Council Presidency, which began on July 1. Lawmakers are scheduled to debate the latest iteration of the bill on October 14, 2025.
Originally introduced in 2022 but repeatedly stalled due to political opposition, the legislation seeks to impose obligations on messaging platforms—such as WhatsApp, Signal, and Telegram—to scan user content for child sexual abuse material (CSAM). If adopted, the law could lead to widespread client-side scanning of messages before encryption, a measure that critics argue poses a serious threat to digital privacy and data protection.
The Danish Presidency has placed the proposal among its top legislative priorities. While no new text has been publicly released, Copenhagen has signalled its intention to find a compromise that balances law enforcement goals with legal and technical concerns raised by member states, civil society, and industry stakeholders.
Legislative History
The European Commission originally tabled the regulation in May 2022, aiming to bolster the detection and reporting of CSAM online. Despite its stated purpose, the proposal was criticised for its scope and method—particularly the inclusion of end-to-end encrypted services in the scanning regime.
Attempts to pass the measure under previous presidencies, including Belgium and Poland, failed to secure a qualified majority in the Council. Belgium proposed a version in June 2024 that restricted scanning to shared media and URLs, contingent on user consent. Poland’s February 2025 proposal classified scanning as a voluntary “preventive” action. Though regarded by some experts as an improvement, it too failed to gain traction.
Denmark now assumes the role of broker, hoping to navigate between longstanding opposition from digital rights advocates and calls from several member states for stronger tools against online exploitation. The Danish Presidency’s official programme states its intention to “strengthen the abilities to make use of the digital development for law enforcement when fighting serious crime, while also addressing the misuse of new technologies.”
Opposition and Legal Constraints
Criticism of the CSAM bill centres on concerns about weakening encryption. Encryption technology is used to secure private communication, rendering it unreadable to third parties. Services including ProtonMail, Signal, and WhatsApp rely on this technology to ensure privacy and data security.
Client-side scanning—central to earlier drafts of the proposal—involves monitoring communications on a user’s device before encryption takes place. This method is seen by experts as equivalent to surveillance and is considered by many to be incompatible with the principle of confidentiality of communications enshrined in EU law.
In 2023, the European Court of Human Rights issued a ruling that effectively prohibited states from requiring the weakening of secure encryption standards. This legal precedent, while not explicitly blocking the Chat Control proposal, adds a layer of complexity to its adoption and enforcement.
Digital rights organisations and privacy advocates have described the initiative as a disproportionate response to a serious problem. They argue that mandatory scanning mechanisms risk creating vulnerabilities that could be exploited by malicious actors and set a precedent for broader surveillance.
Current Outlook
At present, the contents of Denmark’s revised proposal remain undisclosed. However, a Council meeting scheduled for July 11 may provide more clarity on the direction of the negotiations. Analysts suggest that the fate of the bill may hinge on Germany’s position. The new federal government has not yet indicated whether it would support the measure, and without its backing, a qualified majority may remain out of reach.
According to Patrick Breyer, former MEP for the German Pirate Party and a vocal opponent of the proposal, the Danish Presidency’s success will depend heavily on its ability to secure German approval.
Even if the CSAM proposal were adopted in October, it would still need to proceed through trilogue negotiations with the European Parliament and Commission, where further amendments are likely.
Broader Context
The Chat Control bill is part of a wider series of initiatives by the EU aimed at giving law enforcement greater access to encrypted data. On June 24, 2025, the European Commission unveiled the first phase of its ProtectEU strategy, which proposes the development of decryption capabilities by 2030. The strategy is still at a conceptual stage but indicates the long-term policy direction of the European institutions.
While efforts to curb the spread of CSAM enjoy broad political support, the methods employed remain contentious. The question facing EU lawmakers is whether security objectives can be met without eroding the privacy rights of European citizens. As the debate resumes under the Danish Presidency, it is clear that any legislative outcome will need to reconcile fundamental rights with the imperatives of public safety—a task that has so far eluded consensus.
Read also:
Denmark’s EU Presidency: Charting a Stronger Europe in a Shifting Global Landscape
