- The EU Council receives broad support for a new proposal on cat control
- CSAM analysis would now be voluntary, but with some exceptions
- Lawmakers met today (November 12) to continue discussions.
It’s official, a revised version of the CSAM analysis proposal is back on the table for European lawmakers and has privacy experts concerned.
The law enforcement task force we meet again This morning (12 November) we will discuss in the EU Council what critics think of the discussions on law enforcement.
This follows the group’s meeting on 5 November, where the Danish Presidency put forward a new compromise after removing mandatory analysis from the discussions.
IF network policy reportsThe newly proposed Child Sexual Abuse Ordinance (CSAR) received broad support at the November 5 meeting, with “no dissent” or other changes requested.
HE new textRemoving all ID requirement provisions from the bill and making CSAM analysis optional appears to be the effective way to finally reach an agreement after more than three years of trying.
But privacy experts and pundits disagree with veteran Chat Control critic and digital rights advocate Patrick Breyer, who calls the proposal “a political scam of the highest order.”
Cat control: what is changing and what are the risks?
According to latest version of the textEmail providers are not required to scan all URLs, images and videos shared by users, but can instead choose to perform voluntary CSAM scans.
However, there is a problem. Article 4 will define a possible “mitigative measure” that can be applied to high-risk services to require them to take “all appropriate risk mitigation measures”.
According to Breyer, such a loophole could make eliminating testing requirements “futile” because it would negate their voluntary nature. He said: “Even client-side parsing (CSS) on our smartphones may soon become mandatory – the end of strong encryption.”
Removing encryption, the technology used by security software like top VPNs, Signal and WhatsApp to protect our private communications, has been the strongest argument against the proposal so far.
They fix #ChatControl Hummelgaard doesn’t understand that no means no. The discussion is scheduled for tomorrow, so act now: #Privacy #SecuritySource: pic.twitter.com/6icBYHcwbZNovember 11, 2025
Breyer also warns that the new compromise goes beyond the abandoned proposal, moving from AI-based surveillance focused on shared media to text and metadata analysis of private chats.
“The public is being misled,” Breyer warns. “After strong public protests, several member states, including Germany, the Netherlands, Poland and Austria, said no to arbitrary monitoring of the discussions. Now it’s coming back through the back door.”
Breyer is not the only one to express his concern. The German encrypted email provider Tuta is also sounding the alarm.
“Hummelgaard does not understand that no means no,” writes the supplier in X.
To understand the next step, we now have to wait for the outcome of today’s meeting.
