European law enforcement experts and policymakers are meeting on September 12, 2025, to discuss proposals that would require technology companies to scan encrypted messages for child abuse imagery.
The Danish presidency of the EU Council is pushing for a vote on these “Chat Control” proposals by October 14, 2025, which would affect communications on platforms like Signal and WhatsApp.
How the scanning proposal would work
A compromise draft from the Danish presidency in July 2025 outlines a system for scanning content on user devices. While the text states that the regulation should not be “interpreted as prohibiting, weakening or circumventing” encryption, it mandates that companies integrate “vetted technologies” to scan messages before they are encrypted and sent.
The core components of the proposal include:
- Users of encrypted services would be asked to consent to having their images, videos, and URLs monitored.
- Those who do not consent may be restricted to sending text-only messages.
- The system would scan for known child abuse material and use artificial intelligence (AI) to detect new, unknown content.
- Detection technologies must be certified by an EU center and have human oversight to minimize errors.
Widespread opposition from security experts and tech companies
The proposal has prompted significant opposition. On September 9, 2025, over 500 cryptographers and security researchers signed an open letter claiming the measures are technically unfeasible and would “completely undermine” the privacy and security of all European citizens by creating vulnerabilities that hackers or hostile nations could exploit.
Technology companies have also voiced strong objections.
“The latest proposal from the presidency of the Council of the EU breaks end‑to‑end encryption and puts everyone’s privacy, freedom and digital security at risk.”
German encrypted email provider Tuta Mail has stated it will take legal action against the EU if the proposals are adopted. Signal previously warned it would pull its service from the EU rather than compromise its privacy guarantees.
“Undermining encryption by introducing a backdoor for lawful intercept is nothing other than deliberately introducing a vulnerability, and they always get exploited in the end.”
The technical flaws of client-side scanning
Opponents argue that the on-device, or client-side scanning, technology is unreliable and dangerous. They claim it is impossible to implement without creating new security risks that cannot be mitigated.
“None of the technologies available achieve this standard – all client‑side scanning technologies introduce new unmitigable risks.”
The researchers’ letter highlights that even advanced detectors produce unacceptably high error rates, putting innocent people at risk of investigation. Callum Voge, from the Internet Society, noted that even a 99.5% accuracy rate would lead to billions of incorrect identifications daily, overwhelming investigators and wrongly flagging innocent users.
Political division and proposed alternatives
As of September 10, 2025, EU member states are divided. Fifteen states support the proposal, while six are opposed and six remain undecided. Dissenting countries, including Belgium and Poland, cite concerns over mass surveillance, while supporters include France, Italy, and Spain.
Critics argue that instead of a flawed “technical fix,” governments should focus on proven methods for tackling abuse.
“That means more resources spent on targeted approaches – things like court‑authorised investigations, metadata analysis, cross‑border cooperation, support for victims, prevention and media literacy training.”
This approach is supported by historical precedent. Apple previously dropped its own plans to introduce client-side scanning on the iPhone after security experts demonstrated that the technology would be ineffective against crime while creating serious surveillance risks.
