Digital world under threat The end of private messaging

It is quite possible that the European Union may soon require providers to automatically and comprehensively scan all private chats, emails, and messages for suspicious content. The stated goal of such scrutiny is laudable—combating materials that exploit children. However, the likely outcome of such a policy could be the end of confidential digital correspondence and the onset of pervasive, real-time surveillance through fully automated monitoring of messages and chats.

The proposal also includes blocking suspicious websites, scanning personal cloud storage—including private photo albums—and mandatory age verification for access to most online resources. The consequences of such measures could include censorship in app stores, the exclusion of minors from the digital world, and the end of anonymous communication. Journalists and politicians fear that the EU-level Chat Control law could be used against anonymous whistleblowers who provide information during investigations of crimes committed by those in power.

According to public opinion polls, more than 80% of respondents oppose such measures. Nevertheless, as early as May 11, 2022, the European Commission presented a draft regulation that would have mandated monitoring exclusively through chat control, even in previously protected end-to-end encrypted channels.

Currently, regulations still allow providers to scan messages on a voluntary basis (so-called “Chat Control 1.0”). At the same time, some unencrypted communication services in the U.S., such as Gmail, Facebook/Instagram, Messenger, Skype, Snapchat, iCloud email, and Xbox, permit chat monitoring voluntarily. With the introduction of mandatory “Chat Control 2.0,” the Commission expects the number of scanning reports to increase 3.5 times (by 354%).

It should be noted that several European countries have already adopted legislation allowing the scrutiny of private correspondence. In France, a new law aimed at combating drug trafficking has been in effect since March 2025, granting the police and intelligence agencies both the authority and technical capabilities to carry out such monitoring. In the United Kingdom, the Online Safety Bill was passed in the fall of 2023, but mandatory monitoring of private communications has been postponed until technical measures ensuring citizens’ security are in place. In Austria, a surveillance law adopted in early July 2025 allows intelligence agencies to intercept encrypted messages using “Trojan horse”-type software against individuals suspected of criminal activity or terrorism.

Within the Council of Europe, representatives of EU member states remain divided between supporters and opponents of chat monitoring, and no unified position has been reached. In 2024, the EU extended voluntary chat monitoring under the “Chat Control 1.0” framework for another two years. At the same time, victims of child sexual abuse, together with then-European Parliament member Patrick Breyer of the European Pirate Party, filed lawsuits aimed at halting the indiscriminate voluntary scanning carried out by major U.S. tech companies.

In December 2024, the plan for total chat control was halted thanks to a “narrow blocking minority.” Germany and Austria voted against it, while Spain, France, and, until the very last moment, Hungary voted in favour. Nevertheless, the majority of European governments still support comprehensive censorship.

The current EU presidency, held by Denmark, has proposed a vote on “Chat Control 2.0” on October 14, 2025. Several governments that remain critical are requesting only minor adjustments—such as scanning only for “known content” or exempting end-to-end encryption—but even these measures are likely to result in widespread monitoring and leaks of private messages.

The Scandinavian countries have been the most active advocates for tightening control over private correspondence. As Denmark’s Minister of Justice, Peter Hummelgaard, stated: “Ultimately, we have to ask ourselves: whose privacy concerns us most? The privacy of thousands of children subjected to sexual abuse? Or the privacy of ordinary people, who may or may not be protected from what they share, if they distribute content related to child sexual abuse? We need to reach a compromise regarding these differing perspectives.”