EU states strike deal on chat-scanning law

EU governments have reached a long-awaited agreement on new legislation aimed at tackling online child sexual abuse, resolving years of disagreement over whether authorities should require platforms to scan private communications. Governments agreed to remove the most contentious element of the European Commission’s original proposal: the mandatory detection of content in both encrypted and non-encrypted messages. Member states opted instead to preserve voluntary scanning by companies under existing rules, which are set to expire in 2026.

The compromise, advanced under Denmark’s Council presidency, reaffirms that end-to-end encryption must not be weakened. Supporters argue the deal prevents a regulatory gap by maintaining the option for companies to detect and report suspected child sexual abuse material. Reports of such material continue to rise globally, with nearly 2.5 million suspected images processed by hotlines last year.

Children’s rights organisations argue the approach falls short. They say maintaining the status quo does not match the scale of the problem and risks leaving children without stronger safeguards. Privacy advocates remain concerned as well. They warn that presenting voluntary scanning as a risk-mitigation measure may encourage platforms to expand monitoring of users’ communications to limit legal exposure.

Former MEP Patrick Breyer, who has opposed earlier versions of the proposal, cautioned that the compromise could still lead to broader surveillance measures or introduce age-verification systems that restrict access to online services.

With both the Council and European Parliament now holding formal positions, trilogue negotiations can begin. However, significant political divisions persist. The EU will now need to determine how to strengthen protections against online child abuse while ensuring that privacy and encryption remain intact – a balance that may prove difficult to reach before the temporary framework expires in 2026.