The European Union’s long-running debate over Chat Control has become one of the most contentious technology policy battles in recent years, pitting child protection advocates against privacy campaigners, cybersecurity experts and parts of the technology industry.
Although discussions have evolved through several versions of the proposal, the core question has remained the same: should governments require technology companies to scan private digital communications in an effort to detect child sexual abuse material (CSAM)?
The issue has divided lawmakers, experts and member states, with supporters arguing that stronger online detection tools are essential to protect children, while critics warn that the measures risk creating an unprecedented system of mass surveillance.
What is Chat Control?
Chat Control is the name commonly used by critics to describe the European Commission's proposed Child Sexual Abuse Regulation (CSAR), first introduced in 2022.
The proposal aims to combat the spread of child sexual abuse material and online grooming by requiring online platforms and messaging services to detect, report and remove illegal content.
Unlike previous voluntary arrangements, the original proposal would have allowed authorities to require providers to scan users' communications where a detection order had been issued. This immediately sparked concern over encrypted messaging services such as WhatsApp, Signal and other platforms that promise private communications.
Why supporters believe it is necessary
Supporters argue that encrypted communications have increasingly become a safe haven for offenders sharing child sexual abuse material.
Law enforcement agencies have repeatedly warned that stronger encryption makes investigations significantly more difficult, while child protection organisations argue that thousands of victims could remain unidentified without improved detection capabilities.
Advocates maintain that modern detection technologies can help identify known abuse material before it spreads further, allowing authorities to rescue victims more quickly and prosecute offenders.
From their perspective, technology companies already use automated systems to identify harmful content on many platforms, making child protection a logical extension of existing safety measures.
Why critics strongly oppose it
Opposition has come from a broad coalition that includes privacy advocates, cybersecurity researchers, digital rights organisations, encryption experts and parts of the technology industry.
Their concerns centre on several issues like:
Privacy
Critics argue that scanning private messages fundamentally changes the nature of digital communication by allowing private conversations to be inspected before they are delivered.
They say this effectively treats every citizen as a potential suspect rather than targeting individuals already under investigation.
Encryption
Many experts warn that there is currently no technical way to scan encrypted messages without weakening encryption itself.
End-to-end encryption works because only the sender and recipient can read messages. Introducing client-side scanning or similar technologies, critics argue, creates new vulnerabilities that could eventually be exploited by criminals or hostile states.
Accuracy
Another major concern is accuracy. Artificial intelligence systems are not perfect and can incorrectly flag innocent content. Experts warn that this could generate large numbers of false reports, consume law enforcement resources and potentially expose innocent users to investigations.
Wider surveillance concerns
Civil liberties groups also warn about "function creep", the possibility that systems introduced for child protection could later be expanded to monitor other types of content.
Many argue that once large-scale message scanning infrastructure exists, future governments may be tempted to broaden its use beyond its original purpose.
The legislative process has been unusually turbulent. Since being proposed in 2022, several versions have been revised after opposition from member states, the European Parliament and legal experts.
Some proposals attempted to preserve encryption while introducing more targeted detection measures. Others softened mandatory obligations or focused on known abuse images rather than all communications.
Several Council votes were postponed after governments failed to agree on a common position, demonstrating how politically divisive the issue has become.
What happened this week?
The debate returned to the spotlight after the European Parliament voted on temporary legislation allowing technology companies to continue voluntarily scanning certain unencrypted communications for child sexual abuse material.
Although a majority of MEPs voted against the extension, they failed to reach the absolute majority required to block it under parliamentary procedures. As a result, the proposal passed, allowing companies such as Meta, Google and Microsoft to continue voluntary scanning until a longer-term legal framework is agreed.
Importantly, end-to-end encrypted messaging services remain outside these temporary voluntary scanning arrangements.
The procedural outcome reignited criticism from privacy campaigners, who argued that Parliament's voting rules meant a proposal opposed by more lawmakers than those supporting it nevertheless became law.
What happens next?
The broader Chat Control regulation remains under negotiation between the European Parliament, the Council of the European Union and the European Commission.
Negotiators are still attempting to find a compromise that balances stronger child protection with the preservation of privacy and secure encryption.
The digital euro would be a new, electronic form of money issued by the European Central Bank
More than 29,000 people registered and started the ‘AI for Everyone’ programme
Mainland Malta registered 38,777 overnight stays per km² last year