Summary

Breaking Silence: 40 European Companies Stand United Against the EU’s Controversial Chat Control Proposal is a coalition formed in response to the European Union’s proposed Regulation to Prevent and Combat Child Sexual Abuse, commonly known as the Child Sexual Abuse Regulation (CSAR) or “Chat Control.” Introduced in May 2022, the legislation seeks to mandate the scanning of all private digital communications—including encrypted messages—to detect and remove child sexual abuse material (CSAM) and suspected grooming activities. The proposal represents a major shift towards compulsory, automated content analysis for digital service providers operating within the EU, aiming to enhance child protection but sparking intense debate over privacy and data protection concerns.
The alliance unites over 40 leading European technology companies alongside the European DIGITAL SME Alliance, representing more than 45,000 small and medium-sized enterprises. These stakeholders argue that the mandatory scanning framework infringes upon fundamental rights guaranteed by Articles 7 and 8 of the EU Charter of Fundamental Rights, particularly the rights to privacy and data protection. They warn that the proposed measures would undermine end-to-end encryption, normalize mass surveillance, expose sensitive personal data to security risks, and ultimately stifle European innovation by advantaging large foreign technology firms over domestic providers.
Critics also highlight significant legal and technical challenges, emphasizing the incompatibility of the proposal with EU case law, the potential for high false positive rates in automated detection tools, and the threat to digital security posed by weakening encryption protocols. Despite widespread opposition from civil society, privacy advocates, and several EU member states, the proposal continues to face political pressure, notably under the Danish Presidency of the Council of the European Union, which has prioritized advancing the legislation amid ongoing trilogue negotiations.
The controversy surrounding Chat Control has galvanized extensive advocacy and public discourse, with the Breaking Silence alliance actively engaging policymakers, urging citizens to oppose the regulation, and calling for alternative child protection strategies that do not compromise fundamental digital rights. The debate reflects broader tensions within the EU between enhancing security measures and preserving privacy and digital sovereignty in an increasingly interconnected and encrypted digital landscape.

Background

The European Union’s proposed Regulation to Prevent and Combat Child Sexual Abuse, commonly referred to as the Child Sexual Abuse Regulation (CSAR) or “Chat Control,” aims to mandate the scanning of digital communications to detect and report child sexual abuse material (CSAM). Introduced by European Commissioner for Home Affairs Ylva Johansson on 11 May 2022, the legislation seeks to create a legal framework obliging digital service providers to identify and remove both known and newly identified CSAM, as well as suspected grooming activities, although the latter remains a complex and somewhat excluded aspect in initial scanning phases.
The proposal marks a significant shift from voluntary detection to mandatory obligations for platforms, requiring extensive automated content analysis of private messages, images, and internet links across billions of users within the EU. It is supported by the establishment of the EU Centre, designed to facilitate secure communication between service providers and member states, promote best practices, and enhance cooperation to strengthen prevention and victim support. However, the legislation has been met with substantial controversy and opposition.
Critics argue that Chat Control infringes on fundamental rights to privacy and data protection as enshrined in Articles 7 and 8 of the EU Charter, emphasizing that the mandatory scanning of all private communications—without suspicion or exception, including encrypted messages—poses significant risks to individual freedoms and digital security. The Council of the European Union’s Legal Service highlighted concerns about the proposal’s impact on privacy rights, referencing the EU Court of Justice’s rulings against generalized data retention. Moreover, technical analyses have pointed out the impracticality of implementing such measures for European service providers, potentially giving an advantage to large US tech companies while undermining Europe’s goals for digital sovereignty.
Further criticisms focus on the high rates of false positives produced by automated scanning tools, which may wrongfully incriminate innocent users, and the unproven effectiveness of these approaches in truly protecting children. Despite widespread opposition in the European Parliament and among civil society groups, the proposal continues to be debated within the EU Council, with recent developments including a two-year extension of voluntary Chat Control 1.0 while negotiations remain unresolved. The legislative process has been marked by political contention, with various Council presidencies pushing to advance the proposal despite significant public and institutional resistance.

Formation of the Alliance

The alliance opposing the EU’s Chat Control proposal was formed as a collective response from over 40 leading European tech companies, alongside the European Digital SME Alliance, which represents more than 45,000 digital small and medium-sized enterprises across Europe. These organizations united to address growing concerns about the draft Regulation on Child Sexual Abuse (CSA) and its implications for digital privacy, encryption, and the broader European tech industry.
The initiative began with a formal call directed at ministers and ambassadors of EU member states, urging them to reject the draft law. The alliance argued that the proposal would effectively normalize mass surveillance by mandating client-side scanning and other invasive measures, which would weaken end-to-end encryption and undermine fundamental rights to privacy and data protection as enshrined in Articles 7 and 8 of the EU Charter. They warned that such measures risked stifling European innovation, favoring foreign tech providers, and legislating European companies out of the market.
This coalition emerged amid widespread opposition from various stakeholders, including tech firms, digital rights organizations, and privacy experts, who collectively highlighted the dangers posed by mandatory scanning of all private digital communications without suspicion or exceptions. The alliance stressed that weakening encryption would expose sensitive personal data to malicious actors and create a dangerous global precedent for intrusive surveillance practices beyond Europe.
The formation of the alliance was also a strategic move to influence ongoing legislative processes. It coincided with increasing political engagement, as Members of the European Parliament, notably Pirate Party MEP Patrick Breyer, became vocal opponents of the proposal during parliamentary negotiations. The alliance’s efforts aimed to rally public and political opposition to the regulation, encouraging citizens to contact their representatives and raise awareness about the potential infringement on digital rights.

Key Legal and Technical Arguments Against the Proposal

The EU’s Chat Control proposal has sparked significant legal and technical concerns from various stakeholders, including privacy advocates, tech companies, data protection authorities, and child protection experts. Central to the opposition are arguments regarding its compatibility with fundamental rights, technical feasibility, and potential consequences for privacy, security, and the digital economy.

Legal Concerns

Critics emphasize that the proposal contravenes fundamental rights enshrined in the EU Charter of Fundamental Rights, particularly Articles 7 and 8, which guarantee the right to privacy and data protection. Legal advisors have concluded that mandatory scanning of private and encrypted communications for child sexual abuse material (CSAM) breaches these rights by authorizing indiscriminate, real-time surveillance of all digital communications without suspicion or consent. The European Data Protection Supervisor (EDPS) and European Data Protection Board (EDPB) have jointly warned that the proposal risks establishing a framework for generalized and indiscriminate content scanning, potentially chilling legal communication and violating privacy principles.
Additionally, the proposal’s exemption of politicians from surveillance raises questions about equitable application and further undermines legal credibility. Lawsuits have been initiated by victims of child sexual abuse and Members of the European Parliament to halt the voluntary scanning by major tech companies, reflecting strong legal opposition from civil society and digital rights defenders.

Technical Challenges and Security Risks

From a technical perspective, the proposal demands continuous automated scanning of all private communications, including encrypted chats, images, and files. This requirement conflicts with the design of end-to-end encryption, which is critical to securing digital communications against unauthorized access. Weakening or bypassing encryption to enable scanning would expose sensitive data—including financial, medical, and private information—to hackers, criminals, and hostile actors, thereby undermining digital security and trust in European businesses.
Automated content analysis tools, upon which the proposal heavily relies, are prone to producing high rates of false positives, risking wrongful accusations of innocent users and potential legal and social harm. The technical demands also disproportionately disadvantage European open and federated platforms compared to large US-based tech companies, which could entrench existing market imbalances rather than promote European digital sovereignty.

Impact on Innovation and Child Protection

Opponents argue that the proposal may drive tech companies out of the EU market, damaging innovation and the digital economy. For example, Signal’s CEO publicly warned that the measure could force the company to exit the European market entirely, threatening the availability of private communication services within the EU. Furthermore, child protection experts and organizations, including the United Nations, caution that mass surveillance does not effectively prevent abuse. Instead, it may reduce safety by diverting resources from proven protective measures and weakening overall security frameworks.

Opposition Communication and Advocacy

The opposition to the EU’s Chat Control proposal has been marked by coordinated communication and advocacy efforts from a diverse range of stakeholders, including digital rights activists, European SMEs, technology companies, and political representatives. Advocates against the legislation emphasize the potential infringement on fundamental rights to privacy and data protection guaranteed by the EU Charter of Fundamental Rights.
European SMEs and leading tech companies have united to issue open letters and public statements urging EU member states to reject the Chat Control law. These communications stress the risks the proposal poses not only to privacy but also to the European technology sector, which could be undermined by mandatory surveillance measures. Signatories highlight their commitment to protecting user privacy and developing secure cloud services that resist mass surveillance. This coalition includes prominent privacy-focused enterprises and the European DIGITAL SME Alliance, representing over 45,000 digital SMEs across Europe.
Political advocacy has also played a significant role. Members of the European Parliament (MEPs), such as Pirate Party MEP Patrick Breyer, have been vocal opponents at the negotiating table, working to defend citizens’ rights against the proposal. Campaigners encourage engagement with national parliamentarians, especially those involved in EU affairs committees, to influence votes and raise awareness about the implications of Chat Control.
Digital rights organizations and cybersecurity experts have issued warnings that the mandatory scanning of all private communications—including encrypted messages—could lead to mass surveillance, weaken or break end-to-end encryption, and thereby expose users to security risks from malicious actors. These groups emphasize that the proposed measures threaten core European democratic values by undermining privacy and freedom of expression.
In addition, social media users across Member States have expressed serious concerns about the invasive nature of the proposal and its consequences for encrypted communication channels. This public sentiment has been echoed by the European Data Protection Supervisor (EDPS) and various tech companies, who caution that the law’s implementation may open the door to pervasive state surveillance under the guise of child sexual abuse material (CSAM) prevention.

Actions Taken by the Alliance

In response to the proposed EU Regulation on Child Sexual Abuse (CSA), a coalition of over 40 leading European tech companies, alongside the European DIGITAL SME Alliance representing more than 45,000 digital small and medium-sized enterprises, has taken a strong stance against the legislation commonly referred to as “Chat Control.” The alliance has issued a unified call urging EU Member States to reject the regulation, emphasizing the potential risks it poses to encryption, privacy, and the European tech industry’s future.
The coalition highlights that the regulation, currently advanced under the Danish Presidency, threatens to undermine fundamental rights by enabling widespread scanning of private communications, which many experts and organizations argue could amount to mass surveillance. The alliance stresses that such measures would erode data protection standards and severely impact user privacy and freedom of expression across the EU.
To further the cause, members of the alliance have actively engaged with policymakers at both national and EU levels. They encourage citizens to contact their Members of the European Parliament (MEPs) and national parliamentarians, particularly those involved in EU affairs committees, to raise awareness about the risks associated with Chat Control and to advocate for the protection of fundamental rights. This political engagement is crucial as the legislative process progresses into trilogue negotiations between the European Parliament, the Council, and the European Commission.
Legal assessments by experts, including former European Court of Justice judge Prof. Dr. Ninon Colneric, have supported the alliance’s position by concluding that the proposal conflicts with established EU case law on privacy and data protection. The Council of the European Union’s Legal Service has similarly criticized the regulation for infringing on the right to privacy and the protection of personal data, referencing the Court of Justice’s rulings against generalized data retention.
Through public statements, legal challenges, and coordinated advocacy, the alliance has positioned itself as a leading voice in defending encryption and privacy rights while urging the EU to pursue solutions that protect children without compromising the digital freedoms and security of all citizens.

Responses from the European Union

The EU’s controversial Chat Control Law has been a focal point of debate within the European Union, particularly under the current Danish presidency of the Council of the European Union. Upon assuming duties in July, Denmark made the resubmission of the legislation its first formal action, investing considerable political capital to advance the proposal despite widespread opposition.
Several member states, including Germany, Luxembourg, Austria, the Netherlands, Finland, and Poland, have voiced strong criticism of the proposal, especially concerning its mandatory detection mechanisms and provisions for scanning encrypted communications. This opposition led to the bill failing to secure the necessary support during the September 12 meeting. Nevertheless, the Danish presidency has persisted in pushing the proposal forward, aiming to leverage the time before the October 14 Justice and Home Affairs Council meeting to persuade dissenting member states to reconsider their positions.
The proposal, sometimes referred to as “Chat Control 2.0,” was revised in March 2023 but still faced significant resistance. Germany’s Digital Affairs Committee and various civil society groups expressed concerns over privacy and data protection breaches stemming from the proposed scanning of encrypted communications. Public feedback received by the European Parliament in April 2023 also highlighted fears that the legislation would infringe upon fundamental rights.
The European Data Protection Supervisor has been critical of the proposal, emphasizing the risks to privacy and data protection. Calls have been made for governments within the EU Council to exert more influence to negotiate essential amendments or, failing that, to request the European Commission to withdraw the proposal in its current form.
Despite the mounting opposition and appeals from citizens, privacy advocates, and some member states, the Danish presidency remains committed to advancing the Chat Control legislation, prompting continued debate about balancing security objectives with the protection of fundamental rights within the EU.

Public and Media Reception

The EU’s proposed Chat Control legislation has faced significant public and media scrutiny since its introduction. Critics argue that the proposal, which mandates the scanning of private digital communications—including encrypted messages—poses a severe threat to fundamental rights such as privacy, data protection, and freedom of expression. Legal experts, including former European Court of Justice judge Prof. Dr. Ninon Colneric, have stated that the legislation conflicts with established EU case law that prohibits generalized data retention and comprehensive automated analysis of private communications without suspicion.
Privacy advocates and numerous digital rights organizations have voiced concerns that the measure would effectively enable mass surveillance, undermining core European democratic values enshrined in Articles 7 and 8 of the EU Charter of Fundamental Rights. The weakening or breaking of end-to-end encryption, a key component of secure digital communication, is widely seen as exposing citizens’ sensitive data—including financial and medical information—to potential malicious actors. The European Data Protection Supervisor (EDPS) and several cybersecurity experts have also warned that the proposed scanning mechanisms could open the door to widespread privacy violations.
The controversy has garnered considerable media attention, with the Danish presidency of the Council of the European Union notably pushing the proposal back into the political spotlight. This move has been met with resistance from multiple quarters, including more than 40 European privacy-first companies and the European Digital SME Alliance, which represents over 45,000 digital small and medium-sized enterprises. These groups have collectively urged EU ministers to defend digital sovereignty and reject the draft law, arguing that it normalizes mass surveillance and weakens encryption, thereby compromising internet safety and user trust.
Public opposition has also been fueled by fears that the law would impose mandatory

Impact and Legacy

The Chat Control proposal has sparked significant controversy across Europe, with its potential enactment seen as a pivotal moment in digital privacy and cybersecurity legislation. If passed, it would mandate client-side scanning of private communications to detect child sexual abuse material, effectively weakening end-to-end encryption and introducing mass surveillance measures without suspicion or exceptions. This has raised deep concerns about the erosion of fundamental rights to privacy and data protection as enshrined in Articles 7 and 8 of the EU Charter, which are core to European democratic values.
The proposed regulation threatens to undermine trust in European digital services, potentially driving tech companies to either litigate to protect user privacy or exit the EU market altogether. Such an outcome risks suffocating European innovation and ceding digital sovereignty to foreign providers, particularly US tech giants, thus weakening Europe’s competitive position in the global tech industry. European tech companies warn that weakening encryption will not enhance safety but instead expose sensitive communications—including financial and medical data—to hackers and hostile actors, thereby increasing cybersecurity risks.
Furthermore, the law is viewed as conflicting with other EU digital policy goals, including those related to cybersecurity, digital identity, and innovation frameworks such as NIS2, eIDAS 2.0, and the European Digital Identity Wallet. The prolonged and politically charged legislative process, ongoing since 2020, underscores the legal complexity and potential far-reaching consequences of the proposal.
The resistance to Chat Control has also galvanized civil society and political actors, with near-unanimous opposition in the European Parliament’s 2023 negotiating mandate and vocal critiques from figures such as Pirate Party MEP Patrick Breyer. Critics emphasize the need for governments to demand fundamental revisions to the proposal or call for its withdrawal, advocating for the preservation of client autonomy over data disclosure and the protection of privacy and encryption standards in EU law.