Work on the regulations is ongoing as part of negotiations between the EU institutions, so the exact date of the decision remains unknown.
When a controversial exception in the European Union that allowed tech companies to mass scan users' private messages expired in early April, many breathed a sigh of relief. The so-called Chat Control 1.0 was – according to its critics – a tool enabling not only legally questionable, but above all ineffective tracking of ordinary people.
However, his supporters are sounding the alarm. Without such mass scanning, they believe, an ideal environment for sex offenders is created.
Europe thus found itself in the middle of a conflict – both political and technological. At stake is not only the shape of future regulations known as Chat Control 2.0, but above all the balance between children's safety and the right to privacy.
To understand why the topic arouses such emotions – not only among ordinary users, but also at the highest political levels – it is worth taking a look at how the current system worked, why it expired and what can replace it.
It's easy to get lost in the thicket of European regulations and technical concepts. However, the key difference between what has been in force so far and what is proposed for the future is fundamental.
Until recently, the EU had a temporary exception to the ePrivacy Directive on privacy and electronic communications, known as Chat Control 1.0. It allowed American companies such as Meta, Google, Microsoft and Snapchat to voluntarily scan users' private messages to detect child sexual abuse material (CSAM).
Scanning was performed automatically using algorithms that compared digital “fingerprints” (so-called hashes) of images with a database of known illegal content. Importantly, this did not include end-to-end encrypted communication (e.g. WhatsApp or Signal) because companies do not have the technical ability to read it.
However, it concerned unencrypted messages, e.g. on Instagram, Discord, Skype, Gmail or in game chats. This exception expired in early April, a The European Parliament refused to extend it.
Will they also monitor private messages?
Chat Control 2.0 (CSAR) is a proposal for permanent regulations presented by the European Commission in 2022. It is much more radical than the previous version.
The original design called for mandatory and universal content scanning of all users. What is particularly disturbing – in order to also control encrypted messages (e.g. on WhatsApp or Signal), it would be necessary to introduce the so-called client-side scanning.
This would mean that the app would scan photos and content directly on the user's phone — even before they were encrypted and sent. It's no wonder that this idea has met with huge opposition from experts, because in practice it undermines the very idea of encryption and privacy.
The expiration of the exception has now created something of a legal vacuum. Scanning private messages without a court order is again illegal in the EU, but companies such as Meta, Google and Snapchat have announced that they will continue to do so voluntarily.
They justify this with other regulations – e.g. the Digital Services Act (DSA), which obliges them to remove illegal content.
This open defiance of European privacy rules has been met with backlash. Czech MEP Marketa Gregorova announced legal action and filed complaints with the relevant offices. She also called on citizens to do the same in their countries.
Companies face financial penalties and, in extreme cases, even a ban on operating in the EU.
Czech MEP Marketa Gregorova at the Kyiv Security Forum, May 9, 2025.Pavlo Bahmut/UKRINFORM / PAP
Child protection or a false sense of security?
Proponents of mass scanning warn that its lack will lead to a decline in crime detection. Child protection organizations indicate that a similar legal loophole in 2021 led to a 58% drop in reports.
They believe that the problem is not going away – it just stops being visible.
In turn, privacy advocates and data from practice show a completely different picture. Former MEP Patrick Breyer compares mass scanning to “wiping the floor while the tap is still running.”
The law must be proportionate
One of the main criticisms of Chat Control 1.0 is the huge number of false positives. According to the German criminal police, as many as 48 percent reports were irrelevant.
Instead of chasing criminals, the police had to analyze hundreds of thousands of worthless signals.
Moreover, there were situations in which children themselves were prosecuted – e.g. for voluntarily sending each other sexual content (so-called sexting). In Germany this concerned as much as 40 percent. cases.
It is also estimated that as many as 99 percent the materials reported by Meta were previously known to law enforcement authorities.
Data from the European Commission show the scale of the problem: Microsoft analyzed 11.7 billion images and messages, but reported only 32,000 to the police. cases.
The article continues below the video
Who's on which side?
Negotiations are currently underway between three EU institutions – the European Parliament, the European Commission and the Member States (the so-called trilogue).
However, their positions are completely different:
The European Commission supports broad scanning and is the author of the original project
The EU Council (member states) is also pushing for mass monitoring, including detection of new threats such as grooming
The European Parliament opposes universal scanning and wants inspections to be possible only on the basis of a court order and specific suspicions
Marketa Gregorova warns that under pressure from the “child protection” argument, Parliament may give in on privacy issues.
He points out that the political situation may change quickly. Who has access to such tools in the future could have huge implications for democracy.
Are there alternatives?
Experts emphasize that there are more effective methods of fighting crime without violating privacy.
An example is the Europol operation “Alice”, under which over 373,000 people were liquidated. pedophile sites on the dark web and identified hundreds of perpetrators – without mass scanning of communications.
This shows that well-targeted investigative work and international cooperation can be effective.
What's next?
The pressure to adopt new regulations is enormous. The current Cypriot presidency wants to reach an agreement before the end of the summer.
However, the differences between institutions are so large that it seems more realistic to postpone the decision to the following months.
Whether the right to privacy or the need to protect the most vulnerable will prevail in Europe will become clear in the near future. One thing is certain – the final shape of Chat Control 2.0 may forever change the way we communicate on the Internet.
I’m Ashley Davis as an editor, I’m committed to upholding the highest standards of integrity and accuracy in every piece we publish. My work is driven by curiosity, a passion for truth, and a belief that journalism plays a crucial role in shaping public discourse. I strive to tell stories that not only inform but also inspire action and conversation.
