The European Union’s ongoing legislative efforts to combat child sexual abuse material (CSAM) have sparked intense public debate regarding the future of private digital communications. At the center of this controversy is the proposed Regulation to Prevent and Combat Child Sexual Abuse, often colloquially referred to as “Chatkontrolle” or “chat control.” Contrary to widespread concerns that the European Union is currently monitoring private, end-to-end encrypted messages on platforms such as WhatsApp, Signal, or Telegram, no such scanning mechanism is currently in effect, and the proposed legislation remains a subject of ongoing negotiation within European governing bodies.
The core of the apprehension stems from the European Commission’s 2022 proposal, which seeks to require service providers to detect and report CSAM on their platforms. According to the European Commission, the initiative is designed to address the significant rise in the dissemination of illegal content, noting that the vast majority of child sexual abuse material reported to authorities is identified by service providers. However, the proposal has faced significant pushback from digital rights advocates and privacy experts, who argue that the technical requirements to implement such scanning could fundamentally undermine the security of end-to-end encryption (E2EE).
Current Status of Encrypted Messaging
As of late 2024, end-to-end encrypted messaging services remain protected from government-mandated scanning of message content. Under current European law, service providers are generally not required to monitor the content of private communications. The ePrivacy Directive, which governs the confidentiality of communications, remains the primary framework protecting the privacy of users across the EU. Because end-to-end encryption ensures that only the sender and the recipient can read the contents of a message, the service providers themselves do not possess the cryptographic keys necessary to decrypt or inspect the data in transit.
The proposed “chat control” regulation has undergone several revisions following criticism from the European Parliament and various member states. A significant point of contention is the concept of “client-side scanning,” a technique that would theoretically allow platforms to scan messages on a user’s device before they are encrypted and sent. Privacy advocates, including the Electronic Frontier Foundation (EFF), have consistently warned that such measures would create “backdoors” in communication software, potentially exposing all users to surveillance or hacking, regardless of the original intent of the legislation.
Legislative Deadlocks and Ongoing Negotiations
The legislative journey of the proposed regulation has been characterized by repeated delays. In June 2024, the Council of the European Union failed to reach a consensus on the latest compromise text, effectively stalling the proposal before the European Parliament could finalize a position. According to reporting from Reuters, several member states, including Germany and Austria, expressed significant reservations regarding the impact on privacy and the technical feasibility of the proposed scanning mandates.

The debate is not merely about technology; it is a complex balancing act between child protection and the fundamental rights to privacy and freedom of expression. Supporters of the regulation, including various law enforcement agencies and child advocacy groups, argue that the digital space has become a primary venue for criminal activity and that current voluntary reporting systems are insufficient. Conversely, critics argue that the proposed measures are disproportionate, ineffective, and pose a systemic risk to the digital infrastructure that millions of citizens rely on for secure communication.
What Users Need to Know
For the average user, the status quo remains unchanged. Private messages sent via platforms that utilize end-to-end encryption—such as Signal, WhatsApp (for standard messages), and Telegram (for Secret Chats)—are not being scanned by EU authorities. There is no automated, universal surveillance program currently active that allows the European Union or its member states to read the contents of these private, encrypted conversations.
The future of the regulation remains uncertain. As of the most recent updates, the European Council is expected to continue discussions, though there is no definitive timeline for a vote or implementation. Any final version of the law would need to be approved by both the European Parliament and the Council, and it would likely face intense scrutiny from the European Court of Justice (ECJ) regarding its compatibility with the EU Charter of Fundamental Rights. Readers interested in the progress of this legislation can monitor the European Parliament’s Legislative Train Schedule for the most up-to-date information on upcoming committee meetings and parliamentary debates.

As the conversation continues to evolve, it remains critical to distinguish between existing technical capabilities and proposed, yet unadopted, legal mandates. The protection of encrypted communication remains a focal point for both privacy advocates and the legislative bodies shaping the future of the digital single market.
We will continue to track developments regarding this legislative proposal as they occur. If you have questions about how these policies might affect digital privacy or if you have insights from your region, please join the conversation in the comments section below.