Just like the hiding of mass social media monitoring under the UK Online Safety Bill, the EU is for a second time pushing the controversial proposal to combat Child Sexual Abuse Material (CSAM) with complete access to all our private messaging and chats. Whilst the new version appears voluntary, we all know this is another political deception that threatens the future of encrypted all our communications.

The Changes

The legislation, often dubbed the “Chat Control” bill by critics like us, has been under discussion for over three years. Following a meeting of the Law Enforcement Working Party on November 12 2025, the Danish Presidency put forward a new compromise text that seems to have secured broad support.

The key difference is that the new Child Sexual Abuse Regulation (CSAR) proposal removes mandatory detection obligations. Messaging providers would now voluntarily choose to scan user content (URLs, pictures, and videos) for CSAM.

This latest version was reportedly received with broad support and moved swiftly to the next legislative step: the Coreper (Committee of Permanent Representatives), with a meeting expected as early as November 19.

Despite the apparent shift to a voluntary system, critics are warning the fight is far from over as we all know things that are introduced as optional initially and only to get them in the door and on the statute books. From there, it’s made compulsory.

Digital rights jurist Patrick Breyer calls the new compromise “a political deception of the highest order.” He points to a critical loophole in Article 4, which could mandate “risk mitigation measures” for services deemed “high-risk.”

According to Breyer, this loophole could render the removal of detection obligations “worthless” by negating their voluntary nature.

“Even client-side scanning (CSS) on our smartphones could soon become mandatory – the end of secure encryption.”

Why This Threatens Your Privacy

The core of the issue remains the threat to end-to-end encryption. The technology used by secure platforms like WhatsApp and Signal, and services like VPNs, to keep communications private.

Breyer warns that if these mandatory mitigation measures are enforced, they could require technologies like client-side scanning (CSS), which checks private messages for illegal content before they are encrypted and sent. For privacy advocates, this is functionally equivalent to breaking encryption, making private chats vulnerable to surveillance, and they WILL be by both the EU and UK Governments.

Furthermore, Breyer suggests the compromise text is an even greater overreach than previous versions, potentially expanding monitoring from multimedia to private chat texts and metadata.

As Breyer warns, “The public is being played for fools... Following loud public protests, several member states... said ‘No’ to indiscriminate Chat Control. Now it’s coming back through the back door.”

Even encrypted email provider Tuta is raising the alarm, stating simply: “Hummelgaard doesn’t understand that no means no.”

The future of secure, encrypted chats across the EU now hangs on the outcome of the upcoming Coreper meeting.