- The EU Parliament is pushing for an agreement on the child sexual abuse (CSAM) scanning bill, according to a leaked memo
- According to the Council Legal Service, the proposal still violates fundamental human rights in its current form
- The Danish version of the so-called Chat Control could be adopted as early as October 14, 2025
According to a leaked memo, the EU Parliament is pushing to reach an agreement on the disputed child sexual abuse (CSAM) scanning proposal.
As reported by digital rights group Netzpolitik, during the meeting held on July 11, the Parliament threatened to block an extension of the current voluntary scanning interim regulation – a temporary law that enables messaging providers to scan their users’ chats if they wish so – unless the Council agrees to mandatory scanning.
“This political blackmail forces a bad choice and contradicts the Parliament’s own stated position against mass scanning,” former MEP for the German Pirate Party, Patrick Breyer, told TechRadar.
Denmark has reintroduced the controversial bill on the first day of its EU Presidency. Now, new obligations for all messaging services in Europe to scan users’ chats could be adopted as early as October.
“A more radical version”
First proposed in May 2022, what critics deemed Chat Control aims to halt the spread of CSAM content online by scanning all communications, especially encrypted ones.
Over the years, however, the proposal has seen some twists and turns as privacy advocates, technologists, and even politicians raised concerns.
Experts are especially worried that these new scanning obligations will end up undermining encryption protections. A crucial security feature that the likes of WhatsApp, Signal, and Proton Mail use to scramble users’ online communications into an unreadable form and prevent unauthorized access.
As per its first version, all messaging software providers would be required to perform indiscriminate scanning of private messages to look for CSAM. The backlash was strong, with the European Court of Human Rights proceeding to ban all legal efforts to weaken the encryption of secure communications in Europe.
In June 2024, Belgium proposed a new, more compromising text to target only shared photos, videos, and URLs, with users’ permission. In February 2025, Poland tried to find a better compromise by making encrypted chat scanning voluntary and classified as “prevention.”
Yet, according to Breyer, the Danish proposal is the “more radical version” so far. “This proposal includes the mandatory mass scanning of private communications and aims to break secure encryption by forcing client-side scanning into your messaging apps. Tellingly, government and military accounts will be exempt from this intrusive and unreliable scanning,” he explains.
🇬🇧🚨Leak: Many countries that said NO to #ChatControl in 2024 are now undecided—even though the 2025 plan is even more extreme!🗳️ The vote is THIS October.👉 Tell your government to #StopChatControl!Act now: https://t.co/vmOjnucT9i pic.twitter.com/DmfUqn5amkJuly 31, 2025
The leaked memo also confirms that the EU Council Legal Service still believes the current proposal violates Europeans’ fundamental rights as “the core problems of access to communication for potentially all users remained unchanged.”
Moreover, many countries that opposed Chat Control in 2024 seem to be leaning towards an agreement. The nations welcoming and supporting the Danish proposal include Italy, Spain, and Hungary. France also said that “it could essentially support the proposal.”
Belgium, Estonia, Finland, Germany, Greece, Slovenia, Luxembourg, and Romania currently remain undecided or in need of a review with their local parliament.
All the governments need to finalize their evaluations by September 12, when the next meeting is set to take place. The goal, however, is to finally deliberate on the bill on October 14 (see page 31 of the agenda).
What’s certain is that the push for having legal access to citizens’ encrypted data is a major priority for EU lawmakers. At the end of last June, the EU Commission also published the first step within its ProtectEU strategy, which looked to enable law enforcement bodies to decrypt your private data by 2030.