- The EU Council has received new Chat Control proposal with broad support
- CSAM scanning would now be voluntary, but with some exceptions
- Lawmakers met today (November 12) for further discussion
UPDATE: On November 14, we made some edits to reflect the news that the proposal has moved to the Coreper (Committee of Permanent Representatives) for approval.
It's official, a revised version of the CSAM scanning proposal is back on the EU lawmakers' table − and is keeping privacy experts worried.
The Law Enforcement Working Party met again on November 12, 2025, in the EU Council to discuss what's been deemed by critics the Chat Control bill.
This follows a meeting the group held on November 5, and comes as the Denmark Presidency put forward a new compromise after withdrawing mandatory chat scanning.
As reported by Netzpolitik, the latest Child Sexual Abuse Regulation (CSAR) proposal was received with broad support during the November 5 meeting, "without any dissenting votes" nor further changes needed.
The new text, which removes all provisions on detection obligations included in the bill and makes CSAM scanning voluntary, seems to be the winning path to finally find an agreement after over three years of trying.
Privacy experts and technologists aren't quite on board, though, with long-standing Chat Control critic and digital rights jurist, Patrick Breyer, deeming the proposal "a political deception of the highest order."
Yet, the bill reportedly made it to the next legislative step and moved to the Coreper (Committee of Permanent Representatives) for approval − Breyer also confirmed to TechRadar. The next meeting is expected as early as November 19.
Chat Control − what's changing and what are the risk
As per the latest version of the text, messaging service providers won't be forced to scan all URLs, pictures, and videos shared by users, but rather choose to perform voluntary CSAM scanning.
There's a catch, though. Article 4 will include a possible "mitigation measure" that could be applied to high-risk services to require them to take "all appropriate risk mitigation measures."
According to Breyer, such a loophole could make the removal of detection obligations "worthless" by negating their voluntary nature. He said: "Even client-side scanning (CSS) on our smartphones could soon become mandatory – the end of secure encryption."
Breaking encryption, the tech that security software like the best VPNs, Signal, and WhatsApp use to secure our private communications, has been the strongest argument against the proposal so far.
🚨 They are bringing back #ChatControl 🚨Hummelgaard doesn't understand that no means no.Discussion is scheduled for tomorrow, so act now: https://t.co/cosrXcqy2p#No2Backdoors #Privacy #SecuritySource: https://t.co/UT5xXDkLvPhttps://t.co/oCK7e97pvT pic.twitter.com/6icBYHcwbZNovember 11, 2025
Breyer also warns that the new compromise goes further than the discarded proposal, passing from AI-powered monitoring targeting shared multimedia to the scanning of private chat texts and metadata, too.
"The public is being played for fools," warns Breyer. "Following loud public protests, several member states, including Germany, the Netherlands, Poland, and Austria, said ‘No’ to indiscriminate Chat Control. Now it’s coming back through the back door."
Breyer is far from being the only one expressing concerns. German-based encrypted email provider, Tuta, is also raising the alarm.
"Hummelgaard doesn't understand that no means no," the provider writes on X.
To understand what's next for our encrypted chats, we now need to wait and see what the outcomes from the Coreper's meeting will look like.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
