The EU Could Be Scanning Your Chats by October 2025 – Here's Everything We Know

My Privacy Blog

My Privacy Blog

9 min read
The EU Could Be Scanning Your Chats by October 2025 – Here's Everything We Know
Photo by JESHOOTS.COM / Unsplash

Denmark has reintroduced the controversial "Chat Control" proposal as one of its first acts during its EU Presidency, setting the stage for a potential vote as early as October 14, 2025. The legislation could fundamentally change how encrypted messaging works across Europe.

What is Chat Control?

The so-called Chat Control proposal aims to introduce new obligations for all messaging services operating in Europe to scan users' chats, even if they're encrypted. Formally known as the Regulation on Child Sexual Abuse Material (CSAM) detection, this legislation would require platforms like WhatsApp, Signal, Telegram, and others to automatically scan private communications for indicators of child abuse material.

The proposal has been failing to attract the needed majority since May 2022, with various EU member states attempting different compromise versions that have all failed to gain sufficient support.

The Pegasus Scandal Exposed: High-Tech Espionage Against Journalists and Activists in Jordan
Introduction: Scrutiny and tensions have skyrocketed following recent revelations regarding the extensive use of the notorious Pegasus spyware. Allegedly, this powerful tool was utilized to infiltrate the iPhones of numerous journalists and activists situated in Jordan. This disturbing discovery raises daunting questions concerning the increasingly invasive tendencies of government surveillance
My Privacy BlogMy Privacy Blog

The Danish Push: October 2025 Deadline

Denmark kicked off its EU Presidency on July 1, 2025, and, among its first actions, lawmakers swiftly reintroduced the controversial child sexual abuse (CSAM) scanning bill to the top of the agenda. Lawmakers are scheduled to debate the latest iteration of the bill on October 14, 2025.

The Danish Presidency has made this legislation a top priority, though the Danish Parliament has not yet disclosed the contents of the new compromises. Copenhagen has signalled its intention to find a compromise that balances law enforcement goals with legal and technical concerns raised by member states, civil society, and industry stakeholders.

How Would Chat Control Work?

The current proposal envisions several mechanisms for scanning private communications:

Client-Side Scanning

As per its first version, all messaging software providers would be required to perform indiscriminate scanning of private messages to look for CSAM – so-called 'client-side scanning'. This would involve scanning messages on users' devices before they are encrypted, effectively creating what critics call "government spyware" on every smartphone and computer.

Detection Orders

The controversial EU law will enable governments to serve "detection orders" on technology companies, requiring them to scan private messages and emails for "indicators of child abuse". Chat control detection orders would be limited to "high risk" services. Governments would have broad discretion concerning risk classification, and anonymity, encryption or real-time communications is per se considered "high risk".

Snapchat’s Privacy Concerns and CSAM Issues Since 2010
Introduction Snapchat, a popular social media app known for its ephemeral messaging feature, has faced significant scrutiny over privacy concerns and child sexual abuse material (CSAM) issues dating back to 2010. Central to the controversy is the claim that Snapchat never actually deleted videos, contrary to its user privacy promises,
My Privacy BlogMy Privacy Blog

Scope of Scanning

The legislation would affect multiple types of communication:

  • Texts, images, videos and speech (e.g. video meetings, voice messages, phone calls) would have to be scanned
  • Cloud storage services, including personal storage not being shared
  • Even personal storage that is not being shared, such as Apple's iCloud, will be subject to chat control

Previous Failed Attempts

Belgium proposed a version in June 2024 that restricted scanning to shared media and URLs, contingent on user consent. This approach required users to give permission for their content to be scanned before encryption, but this version didn't satisfy either the industry or voting EU members due to its coercive nature.

Poland's Voluntary Approach (February 2025)

Poland's February 2025 proposal classified scanning as a voluntary "preventive" action. While experts found this version a "major progress," they still lamented the risk of mass surveillance, and, ultimately, lawmakers failed to attract the needed majority.

The Intricate Web of Digital Surveillance: NSO Group, Cellebrite, and the Pegasus Spyware
Introduction In the complex arena of digital surveillance, companies like NSO Group and Cellebrite have gained notoriety for their powerful spyware tools, such as Pegasus. These tools have raised global concerns over privacy invasions and human rights violations. This article delves into the implications of these technologies, focusing on both
My Privacy BlogMy Privacy Blog

Current Opposition and Support

Countries Against Chat Control

Germany, Luxembourg, the Netherlands, Austria, and Poland have firmly said no. They're worried about privacy and the risk of mass surveillance. The fight over chat control continues among the EU member states were a small group of countries - namely Germany, Austria, Netherlands, Poland, Sweden, Estonia, and Slovenia - are in opposition to the current draft of the EU CSA Regulation.

Changing Positions

However, the political landscape is shifting. Several formerly opposed governments such as France have already given up their opposition. According to the latest data leaked by the former MEP for the German Pirate Party, Patrick Breyer, many countries that said no to Chat Control in 2024 are now undecided, "even though the 2025 plan is even more extreme," he added.

Germany's Crucial Role

According to Patrick Breyer, Denmark crucially needs to manage to convince Germany of its proposed text. The new government has not yet taken a position at the time of writing. Germany's position could be decisive, as Germany's historical experiences with state surveillance, particularly under the Nazi regime and the Stasi in East Germany, have instilled a deep aversion against government overreach into private lives.

Apple’s Evolving Approach to Combatting Child Sexual Abuse Material (CSAM)
June 2021: Initial Announcement to Scan iCloud Photos for CSAM In June 2021, Apple took a significant step in its fight against child sexual abuse material (CSAM) by announcing plans to scan iCloud Photos. The tech giant intended to implement technology that would detect known CSAM images stored in iCloud
My Privacy BlogMy Privacy Blog

Technical and Privacy Concerns

Encryption Undermining

Experts worry that these new obligations will undermine encryption protections. Encryption is a technology that the likes of WhatsApp, Signal, ProtonMail, and even the best VPN apps use to scramble users' messages into an unreadable form, preventing unauthorized access and guaranteeing that chats remain private.

False Positives Problem

According to the Swiss Federal Police, 80% of the reports they receive (usually based on the method of hashing) are criminally irrelevant. Similarly in Ireland only 20% of NCMEC reports received in 2020 were confirmed as actual "child abuse material".

Piracy Shield is Now Fully Functional in Italy: Controversial Anti-Piracy System Expands Beyond Sports
Italy’s aggressive anti-piracy platform has evolved from a sports-focused tool into a comprehensive content protection system that now blocks movies, music, and TV series within 30 minutes—despite mounting EU concerns over fundamental rights violations. The Expansion of Digital Enforcement In August 2025, Italy’s Communications Regulatory Authority (AGCOM) has broadened
Compliance Hub WikiCompliance Hub

Expert Warnings

Patrick Breyer said, "With Chat Control [2.0], the EU is planning a mass surveillance system that is so extreme that it exists nowhere else in the free world. The only country that practices such indiscriminate searches is authoritarian China."

A cryptography professor stated: "The EU's 'chat control' legislation is the most alarming proposal I've ever read. Taken in context, it is essentially a design for the most powerful text and image-based mass surveillance system the free world has ever seen."

European Court of Human Rights Ruling

The European Court of Human Rights ended up banning all legal efforts to weaken encryption of secure communications in Europe. This creates a significant legal obstacle for any proposal that would undermine end-to-end encryption.

Constitutional Concerns

The requirement for companies such as WhatsApp, Signal and others to scan every message - even when encrypted - for child abuse material infringes people's right to privacy, which is in conflict with the EU Charter of Fundamental Rights.

Industry Response

Messaging App Reactions

Several major platforms have strongly opposed the legislation:

  • Telegram pledges to exit the market rather than "undermine encryption with backdoors"
  • Signal has indicated it would leave the European market rather than comply with scanning requirements
  • Signal have already announced they would "pull out of Europe" in this case
Digital Compliance Alert: UK Online Safety Act and EU Digital Services Act Cross-Border Impact Analysis
Executive Summary: Two major digital regulatory frameworks have reached critical implementation phases that demand immediate compliance attention from global platforms. The UK’s Online Safety Act entered its age verification enforcement phase on July 25, 2025, while escalating tensions between US officials and EU regulators over the Digital Services Act highlight
Compliance Hub WikiCompliance Hub

Exemptions for Authorities

Notably, intelligence agencies, militaries, police, and some EU ministries would be exempt from the measures, according to leaked documents. Non-public communication services are to be exempted, for example if they are "used for national security purposes." This is to protect "confidential information, including classified information."

Broader EU Surveillance Strategy

Chat Control is not an isolated proposal. On June 24, 2025, the EU Commission published the first step in its ProtectEU strategy, which looked to enable law enforcement bodies to decrypt your private data by 2030. This indicates a broader push toward giving law enforcement greater access to encrypted communications.

What This Means for Users

If implemented, Chat Control could fundamentally change digital privacy in Europe:

Immediate Impacts

  • Loss of Privacy: All private communications would be subject to automated scanning
  • No Court Orders Required: Scanning would occur automatically without judicial oversight
  • False Accusations: High rates of false positives could lead to innocent users being investigated
  • Chilling Effects: Knowledge of surveillance could inhibit free expression
Russia’s WhatsApp and VPN Restrictions: Separating Fact from Fiction
Bottom Line: The claim about Russia banning WhatsApp and VPNs starting August 1st, 2025, is false. However, Russia is indeed moving toward restricting both platforms through recent legislation and political pressure — just not on the specific date claimed. WhatsApp Disrupts Spyware Campaign Targeting Journalists and Civil Society MembersWhatsApp, the popular
My Privacy BlogMy Privacy Blog

Long-term Consequences

  • Precedent Setting: Could inspire similar legislation globally
  • Security Vulnerabilities: Client-side scanning could create backdoors exploitable by malicious actors
  • Reduced Innovation: Tech companies might avoid the EU market

Current Status and Next Steps

On 12 December 2024 we managed once again to stop the unprecedented chat control plan by a narrow "blocking minority" of EU governments. However, the proposal remains active under Denmark's presidency.

Even if the CSAM proposal were adopted in October, it would still need to proceed through trilogue negotiations with the European Parliament and Commission, where further amendments are likely.

The Road Ahead

The October 14, 2025 vote represents a critical moment for digital privacy in Europe. While Denmark appears determined to push the proposal forward, significant opposition remains. The outcome will likely depend on whether Denmark can craft a compromise that satisfies enough member states, particularly Germany.

For European citizens concerned about digital privacy, the coming months will be crucial in determining whether the EU takes a path toward mass surveillance or maintains its commitment to fundamental rights and encryption protections.

The debate over Chat Control highlights the ongoing tension between legitimate child protection efforts and fundamental privacy rights. As the October deadline approaches, the stakes couldn't be higher for the future of digital privacy in Europe.

Read more

Ireland's Digital Surveillance Revolution: Government Moves to Monitor All Private Communications

Ireland's Digital Surveillance Revolution: Government Moves to Monitor All Private Communications

Executive Summary The Irish government is preparing to grant unprecedented surveillance powers to the Gardaí (Irish police), Defence Forces, and Garda Ombudsman through the proposed Communications (Interception and Lawful Access) Bill. This legislation would fundamentally transform Ireland's approach to digital privacy by enabling real-time monitoring of encrypted communications

By My Privacy Blog