A vote on the EU's controversial Child Sexual Abuse (CSA) regulation – also called "chat control" – has been called off after strong criticism over privacy concerns.
As part of the fight against the dissemination of child sexual abuse materials, the "chat control" regulation would require messaging services like WhatsApp, and even privacy-focused apps like Signal, to monitor the photos uploaded and shared by their users.
The issue has stoked fierce debate across Europe, with critics of the proposal arguing it coudl lead to mass surveillance.
When Belgium held the Presidency of the Council of the EU in June 2024, the vote was also taken off the agenda at the last minute, as a majority was not found.
In September, the proposal was put back on the table by the Hungarian Presidency without result. Now, the latest compromise proposal by the Danish Presidency – which was supposed to be voted on Tuesday, 14 October – has been withdrawn again.
Whatsapp. Credit: Belga/Bruno Fahy
The ambassadors of the 27 EU Member States met last week to discuss the issue, as the upcoming vote had been causing controversy over the summer. Germany's position in particular was eagerly awaited, especially by Belgium, a European source told Belga News Agency.
After significant pressure from privacy groups and messaging app companies such as Signal, Germany said last Wednesday that it would not back the proposal.
The Council can only start negotiating the text with the parliament after a majority in favour of the proposal (55% of countries representing 65% of the EU population) is reached. Now, Germany's opposition to the regulation has blocked the required majority in the Council.
As a result, the vote has been postponed indefinitely.
The debate in Belgium
The decision to postpone the vote spares Belgium's Federal Government – which has not taken a position on the topic yet – a very difficult internal debate.
In the chamber, Interior Minister Bernard Quintin (MR) stated last week that the country had yet to take a position. Strikingly, every party that intervened in the debate – from the far-left to the far-right – was opposed to the proposal.
While they all emphasised that they were in favour of fighting child abuse, the details of this latest proposal reportedly went too far for them.
In response to misinformation surrounding the draft, Quintin was keen to clarify the measures on the table.
The latest compromise text that was proposed by the Danish Presidency would require platforms such as Signal, Telegram and Whatsapp to carry out a risk analysis, he said. In the event of high risk, they would have to take preventive measures against the dissemination of images of sexual abuse of minors.
Interior Minister Bernard Quintin (MR). Credit: Belga/Nicolas Maeterlinck
Denmark insists that sufficient safeguards have been built in: only after a decision by a judicial authority can messaging services be required to screen users' messages at the time of uploading, meaning before they are sent and encrypted.
The system then searches for images of child sexual abuse that are already in police databases. Text messages are not viewed. If a suspicious image is found, the messaging service must notify the authorities.
"This moderation at the time of sending should be seen as a kind of metal detector, which compares the electronic fingerprint of the images to be transmitted with a database. It is not an analysis of the content of the image itself," Quintin stressed, adding that conversations were not affected by this moderation.
Responding to fears among MPs from all sides of parliament that this would lead to mass surveillance of private conversations, he emphasised the importance of "striking the right balance" between protecting privacy and combating sexual violence against children.
Credit: Pexels
'You cannot create a backdoor'
Still, critics call the regulation a "horrifying idea." In a statement published online, Meredith Whittaker, the president of the Signal Foundation, explained that "scanning every message – whether you do it before, or after these messages are encrypted – negates the very premise of end-to-end encryption".
Instead of having to break the encryption protocol to access someone's messages, hackers and hostile governments would only need to piggyback on the access granted to the scanning system. "This threat is so severe that even intelligence agencies agree it would be catastrophic for national security," said Whittaker.
She argued that the proposal ignores "the strategic importance of private communications" and "the longstanding technical consensus that you cannot create a backdoor that only lets the 'good guys' in".
The proposal on the table, she claimed, is in effect a mass surveillance free-for-all, opening up everyone's "intimate and confidential communications", including government officials, military, investigative journalists, or activists. "For all of Europe's talk of sovereignty, this is a bizarre cybersecurity decision on multiple fronts," she added.
Now what?
While the future of the proposal is uncertain, it will reportedly remain one of the priorities of the Danish Presidency.
Even if a compromise is reached in the coming months, negotiations with the European Parliament will still have to follow.
However, time is running out: the current exemption from EU privacy rules, which facilitates the online detection of CSAM content (by allowing internet platforms to voluntarily screen for the distribution of child sexual abuse material), expires in April next year.
