EU Abandons Mandatory Message Scanning After German Opposition

Denmark Withdraws Controversial Chat Control Proposal

In a significant victory for digital privacy advocates, the European Union has abandoned its controversial 'Chat Control' legislation that would have mandated scanning of all private digital messages for child sexual abuse material. The decision came during Denmark's EU Council presidency after Germany and other member states refused to support the proposal, effectively killing the legislation that had been debated for three years.

Privacy vs Protection: The EU's Digital Dilemma

The proposed CSA (Child Sexual Abuse) Regulation, first introduced by the European Commission in 2022, would have required technology companies to scan all user communications - including encrypted services like WhatsApp and Signal - for illegal content. Justice Minister Peter Hummelgaard, who led Denmark's efforts during its presidency, acknowledged the withdrawal in a written statement: 'The detection order will not be part of the EU presidency's new compromise proposal, and it will continue to be voluntary for tech giants to detect child sexual abuse material.'

The legislation faced intense opposition from privacy advocates, cybersecurity experts, and digital rights organizations who argued it would create unprecedented mass surveillance and fundamentally break end-to-end encryption. Germany's Justice Minister Stefanie Hubig had been particularly vocal, stating: 'Mass surveillance of private messages must be taboo in a state governed by the rule of law.'

Child Protection Groups Express Frustration

While privacy advocates celebrated the decision, child protection organizations expressed deep concern about the implications for online safety. Red Barnet (Save the Children Denmark) had called the existing voluntary scanning system a 'huge success' and expressed frustration at the lack of European support for a compromise. Tashi Andersen, senior advisor for digital child protection at Red Barnet, commented: 'We are deeply concerned and frustrated that there has not been European support for a compromise where tech companies can be required to detect and remove photos and videos of sexual abuse of children.'

The current framework for voluntary scanning is set to expire in April 2026, creating urgency for alternative solutions. Hummelgaard warned: 'Right now we are in a situation where we risk completely losing a central tool in the fight against sexual abuse of children, because the current arrangement that allows for voluntary scanning expires in April 2026. Therefore we must act regardless. We owe it to all the children who are subjected to horrific abuse.'

Technical and Legal Challenges

The proposed legislation faced significant technical challenges, particularly regarding encrypted communications. Security experts warned that requiring scanning of end-to-end encrypted messages would fundamentally undermine the security model that protects billions of users worldwide. Over 470 researchers had expressed concerns about false positives and potential function creep that could transform child protection tools into authoritarian surveillance systems.

The debate highlighted the fundamental tension between protecting children online and preserving digital privacy rights. As Hummelgaard noted, Denmark's proposal was actually less intrusive than the European Commission's original plan, but even this compromise failed to gain sufficient support among member states.

The withdrawal represents a major setback for the European Commission's digital agenda but a significant victory for privacy advocates who had mobilized across the continent. The decision ensures that end-to-end encryption remains intact for now, though the broader debate about balancing child protection with digital rights is far from over.