EU Council Revises Chat Control Proposal, Making CSAM Scanning Voluntary Amid Privacy Concerns

Background of the Revised Proposal

The EU Council reviewed a new version of the Child Sexual Abuse Regulation (CSAR) that removes mandatory scanning obligations for messaging services. Under the revised text, providers may choose to perform CSAM (child sexual abuse material) scanning voluntarily, though a provision allows a “mitigation measure” that could compel high‑risk services to adopt “all appropriate risk mitigation measures.”

Legislative Reception

Lawmakers supported the revision broadly, with reports indicating no dissenting votes at the most recent meeting. The Denmark Presidency introduced the compromise after earlier attempts at mandatory scanning were withdrawn.

Privacy and Security Concerns

Privacy experts remain skeptical. Patrick Breyer, a long‑standing critic of the original Chat Control plan, described the compromise as a “political deception of the highest order” and warned that the mitigation clause could effectively nullify the voluntary framework. Breyer also cautioned that the proposal could expand from AI‑driven monitoring of shared multimedia to scanning private chat texts and metadata, potentially eroding end‑to‑end encryption.

Encrypted‑email service Tuta echoed these worries, emphasizing that the new approach could still force providers into invasive scanning practices.

Member‑State Opposition

Several EU member states, including Germany, the Netherlands, Poland, and Austria, have publicly rejected indiscriminate Chat Control measures. Their opposition underscores the tension between law‑enforcement objectives and digital‑rights protections.

Next Steps

The Law Enforcement Working Party is set to continue discussions, with further meetings scheduled to determine how the mitigation provisions will be applied and whether additional safeguards will be introduced.