Bottom Line: Despite growing opposition from Belgium and the Czech Republic, the EUâs controversial Chat Control proposal maintains majority support with 19 member states reportedly backing the Danish compromise ahead of the crucial September 12 Council position finalization and potential October 14 vote.
The European Unionâs most contentious digital legislation is racing toward a decisive moment. Member States are expected to finalise their positions in Council working groups by 12 September 2025, with an earliest possible Council vote set for 14 October 2025. The stakes couldnât be higher for the future of encrypted communications across Europe.
A Growing Coalition of Opposition
The resistance to Chat Control is gaining momentum. Both the Czech Republic and Belgium have now reportedly passed from being undecided to opposing the proposed law, according to the latest data, with the latter deeming the bill as âa monster that invades your privacy and cannot be tamed.â
Czech Prime Minister Petr Fiala has taken a clear stance. âOn behalf of the entire SPOLU coalition, I want to say it clearly: we will not allow surveillance of citizensâ private correspondence,â he declared in a statement. The prime minister emphasized that while protecting children is important, âwe must achieve it in another way. Not by breaking the privacy of millions of people. That is dangerous and could be abused.â
They add to Austria, the Netherlands, and Poland in criticising the proposalâs mandatory detection and encryption provisions. Five countries (Austria, the Netherlands, Poland, Belgium, and Czechia) have declared their opposition.
Denmarkâs Determined Push
Taking up the lead this time is the country of Denmark, which holds the rotating presidency of the European Council from July 1 until the end of 2025. The Danish EU presidency has chosen to throw considerable political capital at it; so much, in fact, that the resubmission of the legislation was its very first formal step upon its assumption of duties in July this year.
The Danish presidency, which began in July 2025, has reignited momentum, reportedly securing the support of 19 of the 27 Member States. This represents a significant shift from previous attempts under Belgian and Polish presidencies, which repeatedly stalled over fundamental privacy concerns.
The Danish approach has been notably aggressive. During a press conference in Copenhagen on July 23 on the fringes of an informal meeting of European Justice and Home Ministers, Danish Justice Minister Peter Hummelgaard stumbled through his answers but claimed the debate was âunjustly portrayed by business interests,â adding that the rights of victims arenât being considered appropriately.
The Technical Reality: How Chat Control Would Work
The proposal, formally known as the Regulation on Child Sexual Abuse Material (CSAM) detection, would fundamentally alter how digital privacy works in Europe. The system envisions multiple mechanisms:
Client-Side Scanning: One of the most controversial aspects is the potential use of client-side scanning, where messages are analysed on a userâs device before they are encrypted, effectively bypassing the core protections of end-to-end encryption.
Detection Orders: Governments could serve âdetection ordersâ on technology companies, requiring them to scan private messages and emails for âindicators of child abuse.â The scope would be vast, covering texts, images, videos, and even cloud storage services not being shared publicly.
A Pattern of Surveillance: The Broader EU Context
Chat Control doesnât exist in isolation. Itâs part of a broader European surveillance strategy that mirrors concerning trends across digital regulation. This pattern becomes clear when examining similar initiatives:
Italyâs Automated Blocking System: Italyâs Piracy Shield system demonstrates how automated content control can lead to overblocking legitimate content. The system has mistakenly blocked Google Drive and other essential services, showing the risks of automated content scanning without adequate human oversight.
UKâs Age Verification Requirements: The UKâs Online Safety Act enforcement shows how privacy-invasive technologies are being normalized under the guise of child protection. The requirement for ID verification to access adult content creates comprehensive databases of citizensâ online activities.
These precedents illustrate how digital surveillance mechanisms are expanding across Europe, often justified by child protection concerns but with implications far beyond their stated purposes.
The False Positive Crisis
German police data on existing Chat Control 1.0 shows a record 99,375 private chats and photos of innocent people were wrongly reported to police in 2024 (+9%). Critics warn that under the mandatory Chat Control 2.0, this privacy disaster would âEXPLODE.â
Data from Ireland shows a similar pattern. Only 852 of 4,192 automated CSAM reports in 2022 involved illegal content, highlighting the high rate of false positives. This represents an accuracy rate of just 20%, meaning four out of five reports involve innocent citizens.
Industry Rebellion
Major messaging platforms have made their positions clear:
- Telegram has pledged to exit the market rather than âundermine encryption with backdoorsâ- Signal has indicated it would leave the European market rather than comply with scanning requirements- Multiple platforms have already withdrawn from the UK market rather than implement similar surveillance requirements
Effectively, that would mean email services, messaging apps, VPNs, company databases, file uploads on secure servers, and much more will be required to detect and report any image, link, or material related to sexual exploitation or general crime.
Legal and Constitutional Challenges
Independent analyses, including the European Parliamentâs own Complementary Impact Assessment, have raised concerns about the technical reliability of detection technologies for new CSAM and grooming, noting high false-positive rates and the risk of misidentification.
The legal challenges are mounting. The legal experts of the EU Parliamentâs Scientific Service concluded in a study on the legality of Chat Control: âWhen weighing the fundamental rights affected by the measures of the CSA proposal, it can be established that the CSA proposal would violate Articles 7 and 8 of the Charter of Fundamental Rights with regard to users.â
Moreover, the European Court of Human Rights has already ruled against measures that weaken encryption, creating a significant legal obstacle for any proposal that would undermine end-to-end encryption.
A Tale of Exemptions
Perhaps most tellingly, non-public communication services, for example military services, are to be exempted from Chat Control requirements. This selective application raises fundamental questions about the legislationâs true purpose and proportionality.
Germany: The Deciding Vote
Germany remains uncommitted for the moment, but will likely be pivotal. Indeed, if Berlin joins the âyesâ camp, a qualified majority voteârequiring 15 states representing 65 per cent of the EU populationâcould see the law passed by mid-October.
Germanyâs position is particularly significant given its historical experiences with state surveillance under both Nazi and Stasi regimes. According to Patrick Breyer, former MEP for the German Pirate Party and a vocal opponent of the proposal, the Danish Presidencyâs success will depend heavily on its ability to secure German approval.
What Happens After September 12?
The timeline is now crystallizing:
- September 12, 2025: Final Council working group positions- October 14, 2025: Earliest possible Council vote- Late 2025/Early 2026: If adopted, trilogue negotiations with Parliament and Commission- 2026: Final European Parliament and Council votes
The next two months are the most decisive period in the entire legislative process.
The Broader Digital Rights Battle
Chat Control represents more than just one piece of legislationâitâs a test case for the future of digital privacy in democratic societies. The proposal sits alongside other concerning developments in digital regulation, from Italyâs overreaching anti-piracy system to the UKâs comprehensive age verification requirements.
On June 24, 2025, the EU Commission published the first step in its ProtectEU strategy, which looked to enable law enforcement bodies to decrypt your private data by 2030. This indicates that Chat Control is merely the opening gambit in a broader push toward comprehensive digital surveillance capabilities.
A Critical Moment for Digital Freedom
As the September 12 deadline approaches, the stakes extend far beyond Europeâs borders. If passed, enforcement by October 2025 would require swift compliance, testing the balance between safety and civil liberties. Beyond Europe, the billâs fate could influence similar laws worldwide, including existing frameworks in the UK and potential future legislation in other democracies.
The opposition from Belgium and the Czech Republic, joining Austria, the Netherlands, and Poland, represents a significant moral victory for digital rights advocates. However, with 19 countries reportedly still supporting the Danish compromise, the battle is far from over.
The EU Council has now passed a 4th term without passing its controversial message-scanning proposal, but Denmarkâs determined presidency may finally break this deadlock. Whether European lawmakers choose mass surveillance or digital privacy may well be decided in the coming weeks.
For advocates of digital rights and encryption, the message is clear: the next month represents the last opportunity to prevent what critics describe as the most comprehensive surveillance system ever proposed in the democratic world. The September 12 deadline isnât just another bureaucratic milestoneâitâs potentially the moment when Europe chooses between protecting children and protecting everyoneâs fundamental right to private communication.
This article connects to our ongoing coverage of digital surveillance expansion across Europe, including Italyâs problematic anti-piracy enforcement, cross-border regulatory pressures, and our comprehensive analysis of what Chat Control could mean for encrypted communications.