EU Parliament Approves 'Chat Control' Measures, Exempting End-to-End Encrypted Messages Until 2028

The EU Parliament has approved new "chat control" measures, allowing tech companies to scan private messages for child sexual abuse material until 2028, while explicitly exempting end-to-end encrypted communications. This decision marks a significant development in the ongoing debate between digital privacy and online safety.
The New "Chat Control" Mandate
The controversial legislation, formally known as the Regulation on laying down rules to prevent and combat child sexual abuse, grants authorities the power to mandate internet service providers and messaging platforms to scan users' private communications. This includes messages, images, and videos, in an effort to detect and report child sexual abuse material (CSAM). The approval by EU lawmakers reintroduces these powers, which have been a point of contention among privacy advocates and civil liberties groups who argue such scanning could lead to mass surveillance and erode fundamental rights. The current mandate is set to expire in 2028, indicating a temporary measure while a more permanent solution is debated.
Safeguarding End-to-End Encryption
Crucially, the new measures explicitly exempt end-to-end encrypted messages from scanning. This exemption is a win for privacy advocates who have long argued that breaking or weakening end-to-end encryption (E2EE) would compromise the security and privacy of all users, not just those engaged in illicit activities. E2EE ensures that only the sender and intended recipient can read messages, making it impossible for third parties, including service providers or governments, to access the content. The EU Parliament's decision to protect E2EE means platforms utilizing this technology, such as Signal or WhatsApp, will not be required to implement client-side scanning for these specific communications. This aligns with concerns previously raised regarding similar legislation like the KOSA act, which also prompted privacy concerns due to potential broad surveillance implications.
Why it Matters
This parliamentary decision highlights the complex challenge of balancing public safety with individual privacy in the digital age. While the intention to combat child sexual abuse is universally supported, the methods employed raise critical questions about the scope of government surveillance and the integrity of secure communication technologies. The explicit exemption for end-to-end encrypted messages sets an important precedent, affirming the value of strong encryption in protecting fundamental rights. However, the temporary nature of this legislation until 2028 suggests that the debate over "chat control" and its implications for digital privacy is far from over. Future discussions will likely continue to explore technological solutions that can effectively combat crime without undermining the security architecture of the internet.
Key Takeaways
- The EU Parliament has approved new "chat control" legislation.
- This allows tech firms to scan private messages for child sexual abuse material.
- The mandate is effective until 2028.
- End-to-end encrypted messages are explicitly exempt from scanning requirements.
- The move aims to combat CSAM while attempting to protect user privacy.
◆ Related

New Hampshire Executive Council Rejects State Bitcoin Bond Effort by 3-2 Vote
New Hampshire's Executive Council rejected a pioneering state-government bitcoin bond effort by a 3-2 vote, halting the project at its final stage.

Coinbase Chief Legal Officer Paul Grewal to Transition to Advisory Role
Coinbase's chief legal officer, Paul Grewal, will transition to an advisory role on July 31, maintaining his position on the Coinbase National Trust Company board.

Coinbase Chief Legal Officer Paul Grewal Steps Down, Transitions to Advisory Role
Coinbase's Chief Legal Officer Paul Grewal is departing his executive position but will continue as an adviser, he announced Thursday.