For several months now, a text has been quietly returning to the European agenda: the regulation to prevent and combat online child sexual abuse, better known as «Chat Control 2.0».

Officially, the aim is to better detect child pornography content (CSAM). In practice, the project paves the way for virtually systematic scanning of private communications, including encrypted ones, and for widespread online identity verification. 

A thread very divided on X alert on three points:

1. total surveillance of private conversations via automatic scanning, even on WhatsApp, Signal or Telegram ;

2. end of anonymity: users must be identified; ;

3. de facto ban on messaging applications for under-16s.

🔴 🇪🇺 ALERT | The European Union is preparing to reintroduce «EU Chat Control 2.0», the mass surveillance scheme that several states had previously rejected.

The new version of the text provides for :

➡️ Total surveillance of private conversations

All our exchanges... pic.twitter.com/AYWvl068LD

- Aurea (@AureaLibe) November 14, 2025

Before getting into the debate, we need to answer a simple question: is it all true?

Where does Chat Control 2.0 come from?

The heart of the system is the proposed regulation COM(2022)209, known as CSAR (Child Sexual Abuse Regulation). It imposes a series of obligations on service providers (messaging services, hosts, platforms): assessing the risks of CSAM dissemination, implementing mitigation measures, and, in some cases, automatically detecting suspicious content. 

Critics and NGOs were quick to dub this text «Chat Control», as it makes automated scanning of private messages, photos and files possible and sometimes mandatory, including on end-to-end encrypted services. 

In 2023, the European Parliament had tried to limit drift by rejecting generalized surveillance and protecting encryption. But in 2025, several Council presidencies (Poland, then Denmark) put the issue of encryption back on the table. more aggressive versions, with new wording on «risk mitigation measures» which, in practice, may reintroduce client-side scanning (scanning directly on the phone before encryption). 

It's this mechanic of returning through the window after a refusal through the door that explains the militant expression «Chat Control 2.0». 

Thread fact-check: What does the text actually say?

Total surveillance of private conversations

The draft regulation authorizes and may impose automated scanning of all communications to detect content linked to sexual abuse of minors.

Several versions include or have included :

- the possibility of widespread detection, including for end-to-end encrypted services; ;

- the use of hashing, AI and client-side scanning, i.e. analysis directly on the device before the message is encrypted. 

Technically, this amounts to bypassing encryption by placing inspection software on the user's smartphone. The data protection authorities (EDPB and EDPS) have themselves warned against this mechanism, deeming it disproportionate and incompatible with fundamental rights. 

So, yes:

- To say that the project paves the way for mass scanning of private conversations is factually correct; ;

- Talk of «total surveillance» is a militant formulation, but it accurately describes the potential scope of the system if derogations are used to the full.

End of online anonymity

Here again, we need to distinguish between the raw text and its concrete effects.

The working versions of the regulations provide for :

- age verification requirements, particularly for messaging services that present a risk of grooming; ;

- the use of methods based on official documents or age estimation systems, documented by NGO for digital rights. 

An MEP's summary of the Council's positions Patrick Breyer confirms that some of the scenarios envisaged combine :

- age verification required for access to messaging services and app stores,

- exclusion of under-16s from many applications,

- and generalized requirement for identity verification to use communication services. 

It's not yet an applied text, but the direction is clear:

- more age verification = less anonymity; ;

- more identity documents or biometrics = greater individual traceability.

To say that the project endangers online anonymity is therefore justified. Claiming that anonymity disappears completely is an extrapolation, but consistent with the risks described by authorities and NGOs. 

Ban on messaging services for under-16s

Some of the Council's working documents explicitly mention :

- minimum age requirements for installing certain applications; ;

- age verification on the app store side that can lead to under-16s being excluded from many communication apps. 

This is not (yet) a simple and clear prohibition in positive law, but rather a combination of :

1. risk mitigation obligations for services ;

2. blocking via app stores ;

3. systematic age verification.

In practice, the result would be very close to what the thread describes:

- severely restricted access for minors over a certain age; ;

- everyone has to prove their age, and therefore their identity.

The wording «ban on all WhatsApp, Instagram and TikTok-type applications for under-16s» is therefore a militant simplification, but it corresponds to the logic of several versions of the text.

Who supports and opposes Chat Control within the European Union?

The European political map is highly fragmented.

- States such as France are among the governments considered to be in favor of a generalized scanning device, including for encrypted services. 

- Conversely, a coalition of countries (Germany, Netherlands, Austria, Finland, Estonia, Luxembourg, Czech Republic, Poland...) opposes mass surveillance and the breaking of encryption. 

Under pressure from civil society and cryptography experts, some governments have already backed down, and a Danish version that made scanning mandatory was withdrawn, then replaced by a more «voluntary» but still problematic version. 

One thing is certain:

- nothing has yet been definitively decided,

- but the trend is to reintroduce the feature in small steps, using technical formulations («risk mitigation», «upload moderation», etc.) that are difficult for the general public to understand. 

Legal issues: secrecy of correspondence, encryption and the rule of law

Criticism comes from three fronts:

1. data protection authorities (EDPB/EDPS) who believe that the widespread monitoring of private communications violates the Charter of Fundamental Rights and the principle of proportionality. 

2. security and cryptography experts, who point out that client-side scanning by definition creates a gateway into devices, reusable by other actors (states, hackers, criminals). 

3. NGOs defending digital freedoms, who denounce a drift towards a model where everyone is permanently monitored, in the name of the fight against a minority of criminals. 

The paradox is cruel:

- to protect children, the EU is considering measures that weaken the safety of all; ;

- to better target predators, we're installing a mass surveillance infrastructure, with enormous potential for misuse.

What can a citizen (or an entrepreneur) do today?

The thread you quoted refers to the site FightChatControl, which centralizes information, analyses and tools for contacting MEPs and national governments. 

In practical terms, there are three levels of action:

1. Policy

- Contact your MEPs and national representatives to ask them clearly to reject any form of generalized, compulsory or disguised scanning.

- Follow your country's position in the Council (the map of opposing and supporting states is public). 

2. Technical

- Choose tools that still respect strong encryption and data minimization.

- Prepare for a scenario where certain services refuse to apply Chat Control and are blocked or marginalized in the EU.

3. strategic (for companies and freelancers)

- Integrate these regulatory risks into digital strategy: choice of internal messaging systems, cloud solutions, data hosting locations, etc.

- Anticipate the consequences of an identity verification requirement on business models based on anonymity, communities, or the sensitivity of exchanges (health, finance, politics). 

Conclusion: what Chat Control 2.0 really reveals

The text is more than just a technical debate on online paedocriminality.

Chat Control 2.0 is an eye-opener:

- a paradigm shift in which all citizens must be scanned «just in case»; ;

- an obsession with traceability, via age, identity and devices, to the detriment of anonymity and confidentiality; ;

- of political fragility, where devices rejected once are reintroduced under other, more technical, less visible labels. 

As a citizen, you can choose to look the other way, until the day your account, messages or data are blocked, scanned or reinterpreted.

As an entrepreneur, consultant or manager, you don't have this luxury: your communication tools, the confidentiality of your customer exchanges, the security of your strategic data depend directly on this type of regulation.

WizeCounsel in all this?

At WizeCounsel, we analyze this type of text with a dual perspective:

1 Public liberties and the rule of law: what Chat Control 2.0 means for privacy, the secrecy of correspondence and the right to encryption.

2. corporate strategy: how to adapt your structure, tools and data flows to an environment where mass surveillance is gradually becoming the norm.

My point is clear:

the more you delegate your digital sovereignty without understanding the rules of the game, the more you accept that others decide what you have the right to say, encrypt or exchange.

If you want a diagnosis We can help you with exactly the kind of issues you need to address (messaging, hosting, collaborative tools, server localization, regulatory risks).