Chat Control Returns: Why Europe Must Reject Client-Side Scanning Before It Rewrites Our Democracy

For more than three years, the European Union has wrestled with the Commission’s plan to fight child sexual abuse online. Introduced in May 2022, the draft regulation set out to mandate sweeping detection, reporting, and removal obligations across messaging and hosting services. At every turn, however, lawmakers confronted the same hard limit: mass scanning of private communications is incompatible with the Charter’s guarantees of privacy, data protection, and freedom of expression. After a cycle of rebranding and procedural detours, the file has returned to the Council. Under Denmark’s rotating presidency, justice ministers are slated to discuss it on 13–14 October 2025. The decision taken in Luxembourg will set a baseline for Europe’s digital rights for years to come, either reaffirming the presumption of privacy or normalising pre‑emptive inspection of everyone’s conversations.

To understand the danger, it helps to strip away euphemisms. The enforcement spine of the proposal is client‑side scanning. Instead of breaking encryption directly, client‑side scanning moves the checkpoint in front of the lock. Software on a user’s device reviews messages, photos, voice notes and links in the clear before end‑to‑end encryption can even begin, and potentially again on receipt of a message. If the system flags something, a report is generated. Applied across hundreds of millions of devices, that is not targeted surveillance but continuous screening of the whole population’s private communications. EU data protection authorities have warned that such detection orders would intrude deeply into privacy and raise serious proportionality and necessity concerns. Renaming categories or narrowing scope does not cure the constitutional defect; the inspection still happens on the citizen’s device.

And the technical objections are not just academic issues. Client‑side scanners must run with elevated privileges, creating always‑on inspection hooks inside operating systems and messaging apps. Even when designed with care, they expand the attack surface and become valuable targets for criminals and hostile states. Machine‑learning classifiers remain fallible, particularly for the proposed detection of unknown material or patterns of grooming. At continental scale, tiny false‑positive rates translate into torrents of erroneous alerts, each one an investigation into innocent speech or imagery. And where a universal scanning pipeline exists, scope creep is inevitable. Once governments possess a mechanism to pre‑search all messages for one category of harm, the political pressure to add more categories follows. That is why hundreds of cryptographers and security engineers conclude that client‑side scanning is a structural risk: it undermines cybersecurity by design, weakens device integrity, and creates a single point of failure that cannot be meaningfully audited on billions of endpoints.

This is also a democracy problem. Liberal constitutional orders investigate suspects, not entire societies by default. In the past, Europe’s courts have rejected general and indiscriminate data retention because it treats all citizens as potential perpetrators. Re‑creating that logic within our phones would chill confidential relationships that make democratic accountability possible. Journalists cannot protect sources if every message must pass through a government‑mandated scanner before encryption. Lawyers, doctors, therapists and human‑rights defenders cannot assure their clients that sensitive exchanges remain private if software on the handset decides in advance whether a conversation is permissible. Privacy is not a perk for the blameless; it is the precondition for free thought, free association and the dignity of unobserved communication.

These risks explain why opposition has broadened far beyond the usual digital‑rights circles. Security researchers, journalists’ associations, privacy‑focused providers and civil‑society coalitions have urged governments to reject client‑side scanning. The encrypted messaging company Signal has warned it will not ship a backdoored product and has called on Berlin to defend strong encryption. The German Chaos Computer Club (CCC) has argued that universal scanning is unlawful and disproportionate, and campaign groups across the EU have mobilised citizens to contact their governments.

Supporters of the regulation increasingly propose “narrowed” variants. Yet limiting scanning to specific file types, making it nominally opt‑in, or outsourcing detection to device makers does not solve the core problems. Such schemes still require privileged access to everyone’s devices, still produce significant false positives, and still normalise generalised inspection of private spaces. By contrast, a rights‑respecting strategy exists: pursue targeted, warrant‑based investigations; invest in victim services and proactive takedown of known material; harden reporting pipelines already used by providers; fund specialised police units to go after producers and traffickers; and strengthen international cooperation against abuse networks. None of these measures requires pre‑scanning every message.

There has never been a more urgent time to advocate for our digital civil rights.