EU surveillance plans and Germany's veto: How the German government is overturning the controversial EU chat control

What is chat control and why is it a focus?

So-called chat control is a controversial European Union law aimed at combating the spread of child sexual abuse material online. But what exactly does this term mean, and why is it dividing Europe?

Chat monitoring is a proposed EU regulation for the prevention and combating of child sexual abuse, which has been under negotiation since 2022. Its official name is the “Child Sexual Abuse Material/CSAM Regulation,” but the term “chat monitoring” has become common because the regulation would scrutinize private communication in messaging services.

The core of the proposal stipulates that providers of messaging and hosting services such as WhatsApp, Signal, Telegram, or Threema could be required to automatically scan all messages, photos, and videos of their users for potential child abuse content. This would be done through so-called "client-side scanning"—a technology in which content is checked on users' devices before it is encrypted and sent.

How would chat control work technically?

The technical implementation of chat control is primarily based on client-side scanning (CSS), a method that would fundamentally change how we understand private communication. But how exactly would this technology work?

Client-side scanning means that software is installed directly on the user's smartphone or computer to check all content before it is sent. Specifically, this would mean that every photo, video, and file is analyzed by algorithms and artificial intelligence before encryption. The technology would recognize known abusive content using digital fingerprints and also attempt to identify new, previously unknown content.

This is particularly problematic for end-to-end encrypted services like Signal, WhatsApp, or Threema, which have so far guaranteed that only the sender and recipient have access to the messages. To implement chat control, these services would have to implement client-side scanning before encryption, which would fundamentally undermine the security promises of these services.

In addition to recognizing images, the technology is also intended to detect so-called "grooming"—the targeted initiation of sexual contact with minors via the internet. For this purpose, algorithms would analyze text messages and identify suspicious communication patterns, meaning that the content of text messages could also be monitored.

What positions do the various EU institutions take?

Opinions on the planned chat monitoring are deeply divided across the various EU institutions, leading to a complex political struggle. These differing viewpoints highlight the challenge of finding a compromise between child protection and fundamental rights.

The European Commission, under Home Affairs Commissioner Ylva Johansson, originally proposed the measure in 2022 and continues to support the idea of ​​mandatory chat monitoring. The Commission argues that without such measures, the spread of child abuse material online cannot be effectively combated, particularly since more than half of such content is hosted in the EU.

The European Parliament, however, has taken a significantly more critical stance. As early as November 2023, the responsible Committee on Civil Liberties, Justice and Home Affairs (LIBE) adopted a position that largely rejected the Commission's surveillance plans. Instead, Parliament demands that private messages not be monitored without cause and that encrypted services be protected from chat monitoring. Targeted surveillance measures should only be possible in cases of concrete suspicion and with a court order.

In the EU Council, where the governments of the member states are represented, there has been no unified position so far. Countries such as France, Spain, Sweden, Denmark, and Ireland generally support the Commission's original proposal. Other member states, particularly Germany, have expressed reservations. Several attempts at a vote have already failed because a sufficient majority could not be reached.

Why does Germany reject chat monitoring?

Germany's rejection of chat monitoring is based on fundamental principles of the rule of law, which have been clearly articulated by the Federal Minister of Justice. The German position reflects a clear prioritization between child protection and fundamental rights.

Federal Justice Minister Stefanie Hubig (SPD) stated unequivocally on October 8, 2025: “Indiscriminate chat monitoring must be taboo in a state governed by the rule of law. Private communication must never be subject to blanket suspicion.” This statement underscores the core of Germany’s concerns: Indiscriminate surveillance of all citizens without concrete suspicion contradicts the principles of the rule of law.

The minister further emphasized that the state must not force messaging services like WhatsApp or Signal to "mass-scan messages for suspicious content before they are sent." Germany will "not agree to such proposals at the EU level," Hubig stated. At the same time, she made it clear that Germany certainly intends to take action against child pornography, but "even the worst crimes do not justify the surrender of fundamental civil rights.".

The CDU/CSU parliamentary group in the Bundestag also opposed indiscriminate chat monitoring. Group leader Jens Spahn (CDU) compared the planned measure to opening all mail: "That would be like opening all letters as a precaution to see if there's anything illegal inside." This analogy illustrates how the CDU/CSU assesses the disproportionate nature of the planned measure.

The German position is supported by the coalition agreement, in which the government committed itself to ensuring the confidentiality of private communications “in principle”. This position carries particular weight, as Germany, being the most populous EU member state, has an influential voice in the Council.

What impact would a German rejection have on the EU vote?

Germany's position on chat monitoring could have a decisive influence on the fate of the entire EU regulation. As the largest EU member state, Germany plays a key role in the negotiations.

Without Germany's approval, the current proposal from the Danish EU Council Presidency is unlikely to secure a majority in the EU Council of Ministers. This became clear during the vote scheduled for October 14, 2025, where Germany's rejection jeopardized the plans. As Germany is one of the most populous member states, the German government's position is considered particularly influential.

Before the Danish presidency of the Council, several EU countries had already failed to secure a majority for a proposal to monitor chat conversations. These repeated failed attempts at voting demonstrate that even without Germany, achieving the necessary majority is already difficult. Germany's clear rejection now makes it even less likely that the proponents will prevail.

Should an agreement be reached among the member states, the proposal would then have to be discussed in the so-called trilogue negotiations with the European Parliament. The chances for chat monitoring there are slim, as Parliament has already adopted a negative position. A broad majority from various political groups has spoken out against chat monitoring – a rare cross-party consensus in the European Parliament.

How are messaging services reacting to the chat control plans?

The reactions from messaging providers to the planned chat monitoring are unanimously negative, demonstrating the deep-seated concerns within the tech industry regarding the EU's plans. The companies see not only their business models threatened, but also the very technical foundations of secure communication.

Signal, one of the best-known security-focused messaging services, has reacted most strongly. Signal CEO Meredith Whittaker announced that the service would leave Europe if chat control is implemented: “If we were faced with the choice of either undermining the integrity of our encryption and our privacy guarantees or leaving Europe, we would unfortunately make the decision to leave the market.” This drastic announcement underscores how incompatible Signal views the chat control plans with its own security commitments.

WhatsApp, the largest messaging service with billions of users, also voiced strong criticism. A spokesperson for Meta, WhatsApp's parent company, stated: “Despite claims to the contrary, the latest proposal from the EU Council Presidency still undermines end-to-end encryption and jeopardizes the privacy, freedom, and digital security of everyone.” WhatsApp remains committed to stronger security and believes that governments worldwide should do the same.

The Swiss messaging app Threema also took a clear stance against the plans. Spokesperson Philipp Rieger emphasized: “We remain firmly opposed to mass surveillance in any form. Just as confidential conversations are possible in physical spaces, in our view, they should also be possible online.” Threema argues that mass surveillance is not a suitable means of combating crime and is incompatible with democratic principles.

What are the technical and legal concerns regarding chat monitoring?

Criticism of chat monitoring extends far beyond political disagreements and encompasses fundamental technical and legal problems identified by experts worldwide. These concerns highlight why implementing chat monitoring could be both technically problematic and legally questionable.

From a technical perspective, the biggest criticism is that client-side scanning fundamentally undermines end-to-end encryption. Encryption experts warn that there is no such thing as "a little bit of a backdoor"—once scanning systems are installed on devices, there is no longer any technical way to restrict their use. These systems could be modified or expanded through simple configuration changes via remote updates, making them potential entry points for cybercriminals or authoritarian governments.

Another technical problem is the high error rate of the algorithms used. AI-based detection systems are prone to errors and frequently produce false positives. This means that even completely harmless content, such as family photos or vacation pictures, could be incorrectly classified as suspicious. The technical differentiation between legal and illegal content, for example, in the case of family pictures or vacation photos with children, remains unresolved.

Legally, the chat monitoring plans conflict with the fundamental rights enshrined in the EU Charter. The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have already warned that the regulation would violate Articles 7 and 8 of the Charter of Fundamental Rights, which guarantee the right to privacy and the protection of personal data. Indiscriminate mass surveillance places all citizens under general suspicion without any concrete evidence.

Data protection experts also criticize the fact that the planned disclosure orders would allow for the "reading of all private communications of users" without adequate oversight by data protection authorities. This contradicts fundamental data protection principles of proportionality and purpose limitation.

Industry focus areas: B2B, digitalization (from AI to XR), mechanical engineering, logistics, renewable energies and industry

More information here:

• Expert Business Hub

A thematic hub offering insights and expertise:

• Knowledge platform covering global and regional economies, innovation and industry-specific trends
• A collection of analyses, insights, and background information from our key areas of focus
• A place for expertise and information on current developments in business and technology
• A hub for companies seeking information on markets, digitalization, and industry innovations

What alternatives are there to chat control?

In light of the massive criticism of the planned chat monitoring, the question arises as to what alternatives exist to protect children from online sexual abuse without jeopardizing the fundamental rights of all citizens. Various stakeholders have already put forward concrete proposals for less invasive approaches.

The European Parliament has already drafted a counter-proposal that would replace suspicionless mass surveillance with targeted measures. Instead of indiscriminate chat monitoring, only individuals or groups should be permitted to be monitored based on concrete suspicion and a court order. This approach would uphold the rule-of-law principle of proportionality while still enabling effective investigations.

A key component of alternative approaches is maintaining voluntary detection measures by service providers. Many platforms, such as Google, Amazon, and various email services, already conduct voluntary scans to identify child abuse material. These proven mechanisms could be secured through a permanent legal framework without introducing mandatory monitoring.

Prevention measures could form another important focus. These include enhanced awareness and education programs for children, adolescents, and parents about the dangers of cyber grooming. Improving reporting channels and raising awareness of warning signs could help ensure that suspicious contacts are detected and reported earlier.

Technical improvements to existing systems also offer alternatives to mass surveillance. Instead of scrutinizing all communication, enhanced reporting mechanisms, improved age verification systems, and improved moderation in public areas of platforms could be implemented. These measures would target the areas where most contact is initiated without jeopardizing private communication.

How do child protection organizations assess chat monitoring?

The assessment of chat monitoring by child protection organizations is complex and reveals various perspectives, all pursuing the goal of child protection but seeking different paths to achieve it. These organizations face the dilemma of demanding effective protection without jeopardizing other important rights.

Several international child protection organizations generally support stronger measures against online child abuse. Thorn, an organization specializing in technological solutions to combat child abuse, welcomes the European Commission's risk-based approach. It argues that the lack of legal certainty is "a key obstacle to progress in the global fight against the distribution of child sexual abuse material (CSAM) online" and leads to "serious detection gaps.".

Eurochild, a European network of child protection organizations, has spoken out in favor of the CSA regulation, but at the same time criticizes the fact that technical and legal feasibility should not be used as an excuse to “look the other way.” The organization calls on EU politicians to enable technical and legal feasibility instead of abandoning the plans.

However, other child protection organizations have expressed concerns about the proportionality of the measures. The German Association for Child and Youth Welfare (AGJ) and other German organizations have pointed out in statements that effective child protection does not necessarily require mass surveillance. They emphasize that existing measures, such as the Digital Services Act, already contain important child protection provisions that simply need to be fully implemented.

It is also noted critically that few children's rights organizations were consulted during the development of the chat monitoring plans and that the analysis lacks a child rights-based approach. This raises the question of whether the proposed measures are truly in the best interests of children or whether they would disproportionately infringe upon other children's rights, such as the right to privacy.

What economic impact would chat control have?

The planned chat monitoring would have significant economic repercussions for various sectors of the digital economy, with small and medium-sized enterprises being particularly affected. These economic consequences could weaken Europe's position in global tech competition.

Small and medium-sized enterprises (SMEs) would be most affected by compliance costs. Unlike large technology companies such as Meta or Google, SMEs often lack the financial and technical resources to develop and maintain complex monitoring mechanisms. Complying with chat control regulations would incur disproportionate costs or even force SMEs to exit the market.

This is particularly problematic for European messaging providers, who often base their market position on offering the highest levels of data protection and privacy. Services like Threema, which originates from Switzerland, or other European providers, would no longer be able to fulfill their core value proposition if they were required to implement surveillance technologies. This would give a competitive advantage to US-based Big Tech companies that already possess the necessary infrastructure.

Signal's announcement that it is leaving Europe exemplifies the drastic market changes that could be expected. Millions of European users would lose their most secure communication channel. This could lead to a migration to less secure alternatives or force users to resort to services outside the EU's jurisdiction.

Chat control also contradicts other EU initiatives aimed at strengthening Europe's digital sovereignty. The EU has invested significantly in cybersecurity initiatives such as NIS2, the Cyber ​​Resilience Act, and the Cybersecurity Act, all of which recognize encryption as essential for Europe's digital independence. Simultaneously weakening encryption through chat control would undermine these efforts and make Europe more vulnerable to cyberattacks.

What could the future of chat control look like?

The future of the chat control regulation depends on various political and legal developments, with the current majority situation arguing against its adoption in the originally planned form. Nevertheless, several scenarios remain conceivable.

The most likely scenario at present is the failure or significant weakening of the original plans. With Germany's clear rejection and the European Parliament's already negative stance, the necessary majority for the controversial surveillance measures is lacking. Even if the Council were to adopt a watered-down version, this would have to be coordinated in the trilogue negotiations with Parliament and the Commission, where further weakening is likely.

An alternative scenario would be a fundamental realignment of the regulation towards the approaches proposed by Parliament. This would mean that indiscriminate mass surveillance would be completely abolished and replaced by targeted, judicially ordered surveillance measures based on concrete suspicion. Such a solution could find broad support and reconcile effective child protection with the protection of fundamental rights.

It is also possible that the negotiations will be postponed indefinitely, as has already happened several times. In this case, the existing legal framework, which already allows providers to implement voluntary detection measures, would remain in effect. The current exemption from the ePrivacy Directive, which permits providers to voluntarily detect and report child sexual abuse, could be extended.

Should chat monitoring be implemented in a significantly weakened form, legal challenges before the European Court of Justice would be likely. Threema already assumes that chat monitoring in its currently proposed form is incompatible with EU fundamental rights and would ultimately be struck down by the ECJ. Such proceedings could take years and would create additional legal uncertainty.

What does this mean for the digital future of Europe?

The debate surrounding chat monitoring is more than just a dispute over a single regulation – it raises fundamental questions about Europe's digital future and the relationship between security and freedom in the digital age. The decisions made now could have long-term consequences for Europe's position in the digital world.

A key aspect is the question of Europe's digital sovereignty. While the EU is attempting to achieve technological independence through initiatives such as the Digital Services Act, the GDPR, and various cybersecurity laws, chat control would undermine these efforts. Weakening encryption would make Europe more vulnerable to cyberattacks and could damage trust in European technology companies.

The debate also highlights tensions between different value systems within the EU. While some member states are willing to sacrifice fundamental rights for greater security, others, like Germany, insist on the protection of privacy. These differing approaches reflect deeper differences in the assessment of surveillance and state control.

For the tech industry, the chat control debate could lead to companies relocating from Europe. If secure communication can no longer be guaranteed in Europe, both companies and users could switch to services in other jurisdictions. This would significantly damage Europe's ambitions to become a leading location for digital innovation.

At the same time, the failure of chat monitoring could send an important signal for the defense of digital fundamental rights. It would demonstrate that not every surveillance measure is acceptable, even in the name of child protection, and that the rule of law also applies in the digital sphere. This could establish Europe as a model for other regions that have to make similar trade-offs between security and freedom.

The debate surrounding chat monitoring is unlikely to be the last of its kind. As digitalization progresses, situations will inevitably arise where security interests and fundamental rights must be weighed against each other. The way Europe handles chat monitoring could set a precedent for future conflicts of this nature and lay the foundations for Europe's digital value system.

☑️ Our business language is English or German

☑️ NEW: Correspondence in your native language!

 

I and my team are happy to be available to you as your personal advisor.

You can contact me by filling out the contact form here wolfenstein@xpert.digital:or simply call me at +49 7348 4088 965. My email address is

I'm looking forward to our joint project.

 

 

☑️ SME support in strategy, consulting, planning and implementation

☑️ Creation or realignment of the digital strategy and digitization

☑️ Expansion and optimization of international sales processes

☑️ Global & Digital B2B trading platforms

☑️ Pioneer Business Development / Marketing / PR / Trade Fairs

The Security and Defence Hub offers expert advice and up-to-date information to effectively support companies and organizations in strengthening their role in European security and defence policy. Working closely with the SME Connect Defence Working Group, it particularly promotes small and medium-sized enterprises (SMEs) that wish to further develop their innovative capacity and competitiveness in the defence sector. As a central point of contact, the Hub thus creates a crucial bridge between SMEs and European defence strategy.

Related to this:

• The SME Connect Defence Working Group – Strengthening SMEs in European Defence