EU ambassadors have failed again to find a consensus on the controversial Child Sexual Abuse Regulation (CSAR) proposal. Critics have dubbed the measure “Chat Control” and claim it is a blatant violation of citizens’ basic privacy. Despite Hungary, which holds the EU Council’s rotating presidency, having submitted a compromise proposal with a slightly toned down language, a blocking minority of countries remain.
As we wrote before, the official purpose of Chat Control is to curb the dissemination of child sexual abuse material (CSAM) by automatically monitoring all digital correspondence of European citizens. The messages and any shared media would be scanned for certain keywords, then flagged and sent to a central database for further inquiry and, if needed, prosecution.
If Chat Control became law, it would mean “the end of privacy of digital correspondence” in the EU, critics said after the EU Commission unveiled its early proposal. What was especially alarming was that the law would even cover end-to-end encrypted messaging apps, such as WhatsApp, Signal, and Telegram.
After a long public debate and heavy pushback from civil society organizations and privacy watchdogs, MEPs in the European Parliament agreed to significantly water down the Commission’s original proposal in their version by excluding text messages, all services and apps that employ end-to-end encryption, and even dropping the mandatory age-verification systems.
However, the EU Council is yet to formulate its own position to take into the inter-institutional negotiations later, and the Belgian draft (submitted just before the country’s EU presidency ended two months ago) is still closer to the Commission’s ‘Orwellian nightmare’ scenario than the Parliament’s much more ‘privacy-friendly’ version.
In late June, Belgium tried to get the majority of member states aboard by focusing only on images, videos, and links—dropping text messages from the scope—similar to the Parliament’s approach. This was not enough to convince the biggest opponents, including Germany, Poland, and Italy, so the vote was postponed indefinitely.
However, Chat Control was put on the agenda again by the Hungarian presidency this Wednesday, September 4th, and Budapest submitted yet another draft that offers further concessions in order to reach at last a “partial negotiation mandate” with the European Parliament.
The main suggestion of the Hungarian presidency’s “compromise proposal” is to further limit the scope of automatic scanning to “known” child abuse material, meaning content that has already been circulating on the internet and has been previously detected.
In contrast, “new CSAM and grooming would be outside the scope of detection orders,” the draft legislation says, “but should remain in the scope of the risk assessment and risk mitigation obligations.”
However, critics still regard this attempt as being similar to Belgium’s, namely to give “minimal concessions” to get countries into stepping onto the slippery slope of full government surveillance.
“Europeans need to understand that they will be cut off from using commonplace secure messengers if chat control is adopted—that means losing touch with your friends and colleagues around the world,” Pirate Party MEP Patrick Breyer warned before the Wednesday meeting.
Do you really want Europe to become the world leader in bugging our smartphones and requiring blanket surveillance of the chats of millions of law-abiding Europeans?”
Germany and Poland remain firmly opposed to Chat Control, with several smaller member states also voicing concerns, including Estonia, Czechia, Austria, and Slovenia, leading many to believe they could form a blocking minority so the vote has been postponed again.
Despite initially supporting it, the Netherlands recently changed its mind after it was revealed that it was among the countries that the EU Commission targeted with illegal social media ads to garner public support for Chat Control while pressuring social media companies to censor and silence opposition voices.
On the other hand, Italy joined the pro camp after signaling that it found the Hungarian proposal acceptable.
The draft also recommends an extension of the current “temporary derogation” from the EU’s e-privacy directive that was introduced two years ago. This already allows social media companies and communication providers to voluntarily spy on European users to detect CSAM, but the EU is scrambling to replace it with a permanent—and mandatory—version as soon as possible since it expires in 2026.
According to the draft, extending this temporary measure would give lawmakers more time for deliberation as well as for the software industries to come up with new technologies that would safely allow anonymous detection of illicit content without jeopardizing one’s privacy or breaking encryption. Critics say that this is simply not possible, and even if it were, there would still remain a high risk of political or ideological abuse.
The mention of tech companies is interesting, given the shady role they played in the early legislative process. The cash-for-lobby scandal, dubbed “Chat Control Gate,” shed light on a giant conspiracy between Commission officials, handpicked and EU-funded advocacy organizations, and a few friendly AI firms in Silicon Valley who all had “billions of reasons” to work for the legislation’s success.
In fact, it was this scandal that finally convinced the majority of MEPs responsible for the file to change their approach to Chat Control, although it seems to have had no effect on member states’ representatives in the Council.
Home Affairs Commissioner Ylva Johansson and some of her staff are still being investigated for their potential role in what seems to be one of the EU’s biggest conflict of interest scandals, but of course, it is unlikely that anyone would get more than a slap on the wrist. Meanwhile, Chat Control persists and will remain on the agenda unless enough countries reject it once and for all.
