Rights

"Chat Control" is the nickname privacy advocates gave to a proposed European Union regulation whose official aim is to fight the spread of child sexual abuse material (CSAM) online. The nickname stuck because of how the proposal would work in practice: by having messaging services scan the content people send — including in private chats. It has been debated, redrafted and fought over for years, and as of 2026 it is still not settled.

The reason it matters to anyone who messages, emails or shares files is simple. The most controversial version of the plan would push detection down onto your own device, checking what you send before it is protected by encryption. That is a fundamentally different thing from a company moderating public posts, and it is why the debate has been so heated.

What Chat Control actually proposes

At its core, the proposal would require certain online services to detect and report illegal material. Where it gets contentious is the method: so-called "client-side scanning," where software on your phone or computer inspects your messages, photos and files against a list of known illegal content before they are sent.

Supporters argue this is a proportionate way to catch serious crime that increasingly hides inside private, encrypted channels. Critics argue that scanning everyone's private messages to find a few is mass surveillance by default, and that once the scanning machinery exists on every device, it can be widened later to other targets.

Why client-side scanning is the controversial part

End-to-end encryption is designed so that only you and the person you are talking to can read a message — not the provider, not the network, not anyone who orders them to hand it over. Client-side scanning sits awkwardly with that promise: if your message is inspected on the device before it is encrypted, the guarantee that "only the participants can read it" no longer fully holds, even if the law never literally bans encryption.

• Chat Control = nickname for an EU proposal to detect illegal content (CSAM) by scanning messages.
• The contested mechanism is 'client-side scanning' — checking content on your device before it is encrypted.
• Critics say it undermines end-to-end encryption and amounts to mass surveillance by default.
• Supporters frame it as a proportionate tool against serious crime in private channels.
• Status changes often — verify the current state of the proposal against an up-to-date source.
• Your move regardless: use end-to-end-encrypted apps, update software, and stay informed.

There is also the question of accuracy. Automated detection systems produce false positives, and at the scale of every message in Europe, even a tiny error rate means large numbers of innocent people could have private content flagged and reviewed. Critics worry about who reviews it, where it is stored, and how mistakes are corrected.

For an ordinary person, the practical concern is not that you have something to hide — it is that private communication is a normal, healthy part of life: medical questions, legal problems, family matters, journalism, activism, ordinary intimacy. A right that only protects you when no one is looking is not much of a right.

What it would mean for you

It is worth being precise about status, because the proposal keeps changing. Different versions have been tabled, amended and contested by various EU institutions and member states, and what is 'on the table' shifts from one negotiation to the next. Treat any specific claim that it has passed, failed or been abandoned as something to verify against a current source rather than assume.

Where it stands — and what you can do

Whatever happens with the law, the personal response is the same and entirely legal: understand how your tools work and choose ones that minimise what is exposed. Use end-to-end-encrypted apps, keep your software updated, and pay attention to which services hold your data and where.

You can also make your voice part of the democratic process. Proposals like this are shaped by public attention, consultations and elected representatives — privacy organisations across Europe track the file and explain how to follow or contact decision-makers. Staying informed is the single most useful thing most people can do.

The bottom line: "Chat Control" is a real, recurring debate about a genuine problem and a contested solution. The aim — protecting children — is not in question; the method — scanning private messages on personal devices — is. Knowing what the proposal actually says lets you follow the story without the hype, and protect your own privacy in the meantime.