Chat Control encryption plans delayed after EU states fail to agree

Europe-wide plans to require technology companies to monitor the contents of encrypted messages and emails have been delayed after diplomats were unable to agree on the proposals last night.

A planned vote on the controversial proposals, known as Chat Control, on 14 October, is now unlikely to go ahead, but Denmark or another European Union (EU) presidency may introduce revised plans at a later date.

Chat Control has attracted opposition from technology companies and experts, who warn that it would undermine cyber security and leave companies more exposed to hostile attackers and nation-states.

Germany’s decision on 7 October not to back Danish proposals, which aim to detect child abuse material by requiring encrypted email and messaging services, like WhatsApp and Signal, to scan messages, meant that EU member states were unable to reach agreement at a meeting yesterday.

Jens Spahn, Bundestag majority leader, said in a public statement: “We, as the CDU/CSU parliamentary group, are against indiscriminate monitoring of chats. That would be like pre-emptively opening all letters to check whether there’s something illegal in them. That’s not acceptable, that won’t happen under our watch.”

More than 40 European companies published an open letter this week warning that Chat Control would destroy privacy, weaken encryption and severely harm the competitiveness of European businesses.

It urged ministers of EU member states to reject any form of client-side scanning or mass surveillance, protect encryption as a cornerstone of European cyber security, and pursue child protection measures that are effective and proportionate.

Matthew Hodgson, the CEO behind Element, an end-to-end encrypted communications platform used by Nato, the United Nations and the Ukrainian army, said Germany’s opposition to Chat Control showed there was a line over state surveillance.

Attempts to weaken encryption through backdoors or mass scanning mechanisms aren’t just misguided – they risk undermining the very fabric of digital trust and security

“Encryption underpins the security of global digital infrastructure, protecting governments, businesses, journalists and citizens alike. Attempts to weaken it through backdoors or mass scanning mechanisms aren’t just misguided – they risk undermining the very fabric of digital trust and security,” he said.

Campaigner and former Member of the European Parliament Patrick Breyer said Chat Control had been stopped for now.

“The commission must withdraw this irreparable bill for good, as it has failed to find a majority in the council for years,” he said.

He said the European Commission should adopt alternative proposals by the European Parliament to combat child abuse that do not require mass surveillance of communications.

The European Parliament instead proposes security by design for apps, proactive clearing of illegal content online, and swift takedown obligations.

Alexander Linton, president of the Session Foundation, which provides an encrypted messaging service, said requiring tech companies to mandatorily scan messages would leave EU citizens without access to encrypted communications.

“It is likely that many would try to deliberately circumvent the restrictions, such as has been seen in the United Kingdom during its age verification roll-out. This type of event provides an unfortunate opportunity for untrustworthy platforms to swoop in and scam, attack, or otherwise harm people seeking legitimate encrypted tools,” he added.

Tech companies are separately objecting to proposals by Ireland to enact legislation to give law enforcement access to encrypted communications.