EU Council has withdrawn the vote on Chat Control
The EU Council and its participants have decided to withdraw the vote on the contentious Chat Control plan proposed by Belgium, the current EU President.
According to Netzpolitik (German), “The EU Council did not make a decision on chat control today, as the agenda item was removed due to the lack of a majority, confirmed by Council and member state spokespersons”.
Belgium’s draft law, which was supposed to be adopted as the Council’s negotiating position, was instead postponed indefinitely. Although the Committee of Permanent Representatives meets weekly, Belgium cannot currently present a proposal that would gain a majority. In July, the Council Presidency will transfer from Belgium to Hungary, which has stated its intention to advance negotiations on chat control as part of its work program.
At the start of 2022, the European Commission proposed monitoring all chat messages and other forms of digital communication among citizens. This initiative includes client-side scanning for end-to-end encrypted services, meaning all messages would be checked irrespective of suspicion.
The plan targets the detection of both known and unknown abusive material and grooming activities. Experts have cautioned that such measures are prone to generating numerous false positives, particularly when identifying unknown content, leading to innocent citizens being misidentified as senders of abusive material.
European legislation is formed through a trialogue process involving negotiations between the European Commission, the European Parliament, and the Council of Ministers. Initially, the European Parliament rejected the European Commission’s proposal and introduced its own, which, while still critical, excluded end-to-end encrypted services. However, Belgium’s new proposal reintroduced client-side scanning for these services, stipulating that users must consent to chat controls; otherwise, they would lose the ability to send photos, videos, and URLs.
This method, termed “upload moderation” by Belgium, has been criticized by opponents as merely a rebranding of the original concept.
Signal and other apps threaten to leave the EU if the proposal is enacted as law
Meredith Whittaker, president of the chat app Signal, has been vocal against these plans. She argues that implementing such measures within end-to-end encrypted communications fundamentally undermines encryption and introduces significant vulnerabilities in the digital infrastructure.
Whittaker emphasizes that these vulnerabilities have far-reaching global implications, not just within Europe. She has repeatedly highlighted the issue, stating, “There is no way to implement such proposals without fundamentally undermining encryption and introducing dangerous vulnerabilities.”
On June 17, Whittaker published an official position condemning the EU’s proposed “upload moderation” as a rebranding of client-side scanning that fundamentally undermines end-to-end encryption.
She emphasized that despite attempts to mask the dangers through marketing, these measures expose encrypted communications to mass surveillance, creating vulnerabilities exploitable by hackers and hostile nations. Whittaker urged a cessation of such rhetorical games, reiterating that any form of mandated mass scanning compromises encryption, thereby threatening global security and privacy at a critically unstable geopolitical moment.
The privacy messenger Threema published a blog post saying the EU’s proposed Chat Control bill represents a dangerous mass surveillance initiative that would undermine data security, violate privacy rights, and negatively impact professionals and minors.
Patrick Breyer, the outgoing MEP from the Pirate Party, raised concerns, noting that proponents of chat control have leveraged the period following the European elections, when attention is lower and the European Parliament is in transition, to advance their agenda. Breyer has called on European citizens to take action and urge their politicians to oppose the measures.
Edward Snowden, the NSA whistleblower, criticized the proposal, stating, “EU apparatchiks are trying to legislate a terrible mass surveillance measure, despite universal public opposition (no sane person wants this), by inventing a new word for it – upload moderation – and hoping no one finds out what it is until it’s too late.”
What happens next?
With the EU Council withdrawing the vote on the Chat Control proposal today, the legislative process faces new uncertainty. The proposal will return to the drawing board, as the European Commission[1] and the European Parliament continue to deliberate on the best way forward.
The discussions will resume after the summer, once the new Parliament is seated and Hungary assumes the Council presidency from Belgium in July. Hungary has already committed to developing a comprehensive legislative framework to prevent and combat online child sexual abuse and revising the directive against the sexual exploitation of children.
The forthcoming negotiations are anticipated to be highly contentious, especially since the European Parliament has firmly opposed any measures that would circumvent end-to-end encryption. The Member States and the Parliament have until April 2026 to agree. This deadline is crucial, as an existing exemption allowing social networks to self-moderate content will expire, potentially eliminating current safeguards against sharing sensitive images.
In the meantime, privacy advocates and digital rights organizations will likely continue to voice their concerns, urging EU citizens to remain vigilant and engaged in the debate over digital privacy and surveillance. The next steps will involve intense negotiations and potential revisions to address the complex issues at stake.
[footnote #1]: On June 20, at the European Data Protection Supervisor (EDPS) 20th anniversary summit, EU Commissioner for Justice Vera Jourová stated that the European Commission’s proposal for the Child Sexual Abuse Regulation (CSAR) would break encryption. This marks the first time the European Commission has publicly acknowledged that the CSAR proposal would compromise encryption, a significant departure from the stance maintained over the past three years by Home Affairs Commissioner Ylva Johansson, who consistently claimed that the proposal would not affect encryption.