The EU is preparing to reintroduce a controversial regulation that could require tech platforms to scan private messages for child sexual abuse material. This would even include encrypted apps like WhatsApp. Named “Chat Control 2.0,” the proposal is being pushed forward under the new Danish presidency of the Council of the EU.
If passed, the law could take effect as early as October 2025, although that remains uncertain. Critics, including privacy groups and security experts, argue it would undermine encryption, set a global precedent, and risk mass surveillance. However, the proposals supporters say it’s a necessary tool to fight serious crime.
The law would force messaging platforms to use client-side scanning which is scanning content on the user's device before it is encrypted. This has previously been rejected by companies such as Apple due to privacy and security risks.
No final decision has been made, and negotiations are ongoing. The stakes are high; this is not just a child safety issue, but a defining moment for digital privacy in Europe.
GDPR Principles at Stake
● Confidentiality and integrity of communications
● Purpose limitation - using data only for specific, declared aims
● Data minimisation - limiting collection to what is necessary
● Lawfulness, fairness and transparency - especially regarding automated scanning
● Privacy by design and by default
