- Signal has claimed EU ‘Chat Control’ legislation is comparable to malware
- It is also considering leaving Europe if the bill were passed
- Chat Control is back on the lawmakers’ table on October 14
Secure encrypted messaging app Signal said that the EU proposal to scan all citizens’ private messages would work as targeted spyware.
What’s been nicknamed by its critics, Chat Control,[1] is the European Commission’s response to online child safety. As per the latest iteration of the text, all messaging platforms operating in the EU would be obliged to scan all URLs, pictures, and videos shared by their users in the lookout for child sexual abuse material (CSAM).
This mandatory scanning is expected to occur directly on the device and, in the case of encrypted apps, before messages are encrypted. A requirement that, according to Signal[2], cannot be compatible with how encryption works.
“Apart from the legal bit, that’s exactly how malware works. It compromises your device in order to gain access to information,” said Signal’s vice-president for global affairs, Udbhav Tiwari.
“Very simply put, the idea that a device will scan content before it is encrypted for us negates the very purpose of encryption.”
First unveiled in 2022, the EU has never been closer to agreeing[3] to the Child Sexual Abuse Regulation (CSAR) proposal, with a crucial meeting set for October 14.
Signal could leave Europe
Signal has repeatedly said that if a requirement to create an encryption backdoor were to become law, the company would rather leave that market[4] than weaken encryption. A position that Meredith Whittaker, President of the non-profit Signal Foundation, behind the encrypted service, recently reiterated to a German news outlet[5].
Speaking during an online event[6] organized by the European Greens Party, Tiwari also confirmed that there are no plans “to make two versions of Signal.” One that does client-side scanning and one that doesn’t.
“For Signal, this is an existential catastrophic risk for providing our services in the European Union. It would negate the primary promises to our users, and I think that’s a risk that many people are going to face,” he said.
Signal and other experts have long argued that client-side scanning would break encryption[7] protection, which is used by the best VPN[8] and other encrypted apps to protect your data from unauthorized access. Ultimately, this will also create a vulnerable endpoint that malicious actors can exploit, too.
Germany: the deciding factor
Ahead of a crucial Chat Control meeting set for October 14[9], Germany remains a decisive vote. Yet, the government continues to send mixed messages.
Germany is among the countries that have been shifting their positions[10] ahead of the important day, in fact. After joining the countries opposing mandatory chat scanning[11] in September, the nation is now among the undecided countries again, according to the latest data[12].
This is why Whittaker urges German citizens to “let German politicians know how harmful, counterproductive, and self-sabotaging their reversal would be.”
📣 Germany is close to reversing its principled opposition to mass surveillance & private message scanning, & backing the Chat Control bill. This could end private —& Signal—in the EU.Time is short and they’re counting on obscurity: please let German politicians know how… https://t.co/JKONHCugiSOctober 6, 2025[13]
Signal is certainly not alone in feeling this way. Cryptographers, technologists, digital rights experts, and even some politicians have long warned against the implications such a scanning of all citizens’ confidential chats will have for their privacy and security.
Some European government bodies, including those of Sweden[14] and the Netherlands[15], have also deemed the deployment of so-called client-side scanning on all devices an unacceptable cybersecurity risk to national security. The outcry pushed Chat Control lawmakers to add a provision excluding all governments and military accounts. Evidently, though, the risk is worth it for all of us.
According to Tiwari, continuing to push for mandatory scanning regardless of the risks is ultimately a “slippery slope with global consequences.” What will start with CSAM scanning could extend to terrorism, intellectual properties, and, who knows, what else. A capability that could also give a new and more disruptive way for authoritarian governments to restrict their citizens’ rights.
“There are global consequences to building these technological capabilities. We should very strongly push back against it because if that ends up being implemented, we would have crossed a threshold from which I don’t think we will be able to come back as a society.”
You might also like
References
- ^ Chat Control, (www.techradar.com)
- ^ Signal (www.techradar.com)
- ^ EU has never been closer to agreeing (www.techradar.com)
- ^ would rather leave that market (www.techradar.com)
- ^ reiterated to a German news outlet (www.heise.de)
- ^ Speaking during an online event (www.youtube.com)
- ^ encryption (www.techradar.com)
- ^ best VPN (www.techradar.com)
- ^ Chat Control meeting set for October 14 (www.techradar.com)
- ^ shifting their positions (www.techradar.com)
- ^ opposing mandatory chat scanning (www.techradar.com)
- ^ according to the latest data (fightchatcontrol.eu)
- ^ October 6, 2025 (twitter.com)
- ^ Sweden (uk01.l.antigena.com)
- ^ Netherlands (uk01.l.antigena.com)