The European Union is barreling toward a decision that could reshape how encryption works for half a billion people—and not in a good way. Chat Control, the bloc's contentious proposal to detect child sexual abuse material (CSAM) in encrypted messaging platforms, has cleared another hurdle with Hungary's presidency pushing negotiations forward as of June 2025.
The Technical Contradiction Nobody Wants to Admit
Here's where it gets messy from an engineering standpoint: end-to-end encryption is designed so that not even the platform provider can read your messages. If you build a backdoor or scanning mechanism into that stack—whether they call it client-side scanning, nested detection, or magic warrant tech—you've fundamentally weakened the cryptographic guarantee. Security researchers have been screaming this from the rooftops for years, and the EU keeps finding creative ways to pretend the math works differently. The proposal attempts to thread this needle through what advocates call 'privacy-preserving' detection technology. But cryptographers like Matthew Green and Bruce Schneier haven't bought it—they argue you can't scan for content without weakening the encryption layer itself. It's not FUD; it's basic information theory: if a system can detect harmful content, that same capability becomes a surveillance vector.
What Hungary's Push Means for the Timeline
Hungary took over the rotating Council presidency in June 2025, and sources familiar with EU legislative processes suggest they've accelerated the Chat Control file. The Council has been the trickier negotiating body compared to Parliament—member states have wildly divergent views on privacy rights versus security imperatives. Germany, historically protective of strong encryption, has been at odds with proposals from eastern European delegations pushing for stronger child protection mandates. The political calculus is brutal: vote against CSAM detection and risk looking soft on child exploitation; vote for mandatory scanning and face backlash from digital rights organizations and a significant chunk of the tech-savvy electorate. Several governments are reportedly trying to find middle-ground language around 'voluntary' detection mechanisms, though critics argue voluntary backdoors aren't backdoors until they inevitably become mandatory.
The Industry Response Remains Fractured
Major encrypted messaging providers—Signal, WhatsApp, Telegram—are watching closely but have been relatively quiet publicly. Signal's Moxie Marlinspike has been characteristically blunt when asked: the company would rather exit markets than compromise encryption core to its mission. WhatsApp parent Meta has more skin in the game across EU markets and hasn't made similar declarations, suggesting internal calculations about regulatory compliance versus product integrity are still ongoing. The development community's reaction has been sharper. Open-source advocates argue this sets a global precedent that authoritarian regimes will point to when demanding their own 'lawful access' mechanisms. If the EU legitimizes CSAM scanning in encrypted channels, Beijing and Moscow won't need to manufacture justification—they'll just cite Brussels precedent.
Key Takeaways
- Hungary's Council presidency is accelerating Chat Control negotiations as of mid-2025, with a potential final vote approaching
- Technical experts universally agree that mandated content scanning weakens end-to-end encryption fundamentally
- Major encrypted messaging providers have not publicly committed to compliance if the regulation passes in current form
- The proposal creates precedent risks for governments worldwide seeking to access encrypted communications
The Bottom Line
Chat Control represents everything wrong with how legislators approach security and privacy—as opposing forces that can be balanced through political will alone. They can't. Cryptography doesn't negotiate. Either you have end-to-end encryption or you don't—and if the EU passes this, half a billion people will suddenly discover they don't.