{"id":1019,"date":"2025-11-18T12:41:16","date_gmt":"2025-11-18T11:41:16","guid":{"rendered":"https:\/\/wizecounsel.org\/?p=1019"},"modified":"2025-11-18T12:44:38","modified_gmt":"2025-11-18T11:44:38","slug":"chat-control-2-union-europeenne","status":"publish","type":"post","link":"https:\/\/wizecounsel.org\/en\/chat-control-2-union-europeenne\/","title":{"rendered":"Chat Control 2.0: is the European Union legalizing mass surveillance of private conversations?"},"content":{"rendered":"<p class=\"has-medium-font-size\">For several months now, a text has been quietly returning to the European agenda: the regulation to prevent and combat online child sexual abuse, better known as \u00abChat Control 2.0\u00bb.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">Officially, the aim is to better detect child pornography content (CSAM). In practice, the project paves the way for virtually systematic scanning of private communications, including encrypted ones, and for widespread online identity verification.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">A <a href=\"https:\/\/x.com\/AureaLibe\/status\/1989373388603707542?s=20\">thread<\/a> very divided on X alert on three points:<\/p>\n\n\n\n<p class=\"has-medium-font-size\">1. total surveillance of private conversations via automatic scanning, even on WhatsApp, Signal or Telegram ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">2. end of anonymity: users must be identified; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">3. de facto ban on messaging applications for under-16s.<\/p>\n\n\n\n<blockquote class=\"twitter-tweet\"><p lang=\"fr\" dir=\"ltr\">\ud83d\udd34 \ud83c\uddea\ud83c\uddfa ALERT | The European Union is preparing to reintroduce \u00abEU Chat Control 2.0\u00bb, the mass surveillance scheme that several states had previously rejected.<br><br>The new version of the text provides for :<br><br>\u27a1\ufe0f Total surveillance of private conversations<br><br>All our exchanges... <a href=\"https:\/\/t.co\/AYWvl068LD\">pic.twitter.com\/AYWvl068LD<\/a><\/p>- Aurea (@AureaLibe) <a href=\"https:\/\/twitter.com\/AureaLibe\/status\/1989373388603707542?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">November 14, 2025<\/a><\/blockquote> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n\n\n\n<p class=\"has-medium-font-size\">Before getting into the debate, we need to answer a simple question: is it all true?<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">Where does Chat Control 2.0 come from?<\/h2>\n\n\n\n<p class=\"has-medium-font-size\">The heart of the system is the proposed regulation COM(2022)209, known as CSAR (Child Sexual Abuse Regulation). It imposes a series of obligations on service providers (messaging services, hosts, platforms): assessing the risks of CSAM dissemination, implementing mitigation measures, and, in some cases, automatically detecting suspicious content.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">Critics and NGOs were quick to dub this text \u00abChat Control\u00bb, as it makes automated scanning of private messages, photos and files possible and sometimes mandatory, including on end-to-end encrypted services.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">In 2023, the European Parliament had tried to limit drift by rejecting generalized surveillance and protecting encryption.  \ufffcBut in 2025, several Council presidencies (Poland, then Denmark) put the issue of encryption back on the table. <a href=\"https:\/\/data.consilium.europa.eu\/doc\/document\/WK-3471-2025-INIT\/en\/pdf?\" target=\"_blank\" rel=\"noopener\">more aggressive versions<\/a>, with new wording on \u00abrisk mitigation measures\u00bb which, in practice, may reintroduce client-side scanning (scanning directly on the phone before encryption).  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">It's this mechanic of returning through the window after a refusal through the door that explains the militant expression \u00abChat Control 2.0\u00bb.  \ufffc<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-large-font-size\">Thread fact-check: What does the text actually say?<\/h3>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\">Total surveillance of private conversations <\/h4>\n\n\n\n<p class=\"has-medium-font-size\">The draft regulation authorizes and may impose automated scanning of all communications to detect content linked to sexual abuse of minors.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">Several versions include or have included :<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- the possibility of widespread detection, including for end-to-end encrypted services; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- the use of hashing, AI and client-side scanning, i.e. analysis directly on the device before the message is encrypted.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">Technically, this amounts to bypassing encryption by placing inspection software on the user's smartphone. The data protection authorities (EDPB and EDPS) have themselves warned against this mechanism, deeming it disproportionate and incompatible with fundamental rights.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">So, yes:<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- To say that the project paves the way for mass scanning of private conversations is factually correct; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- Talk of \u00abtotal surveillance\u00bb is a militant formulation, but it accurately describes the potential scope of the system if derogations are used to the full.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\">End of online anonymity <\/h4>\n\n\n\n<p class=\"has-medium-font-size\">Here again, we need to distinguish between the raw text and its concrete effects.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">The working versions of the regulations provide for :<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- age verification requirements, particularly for messaging services that present a risk of grooming; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- the use of methods based on official documents or age estimation systems, documented by <a href=\"https:\/\/edri.org\/wp-content\/uploads\/2023\/10\/Online-age-verification-and-childrens-rights-EDRi-position-paper.pdf?\" target=\"_blank\" rel=\"noopener\">NGO<\/a> for digital rights.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">An MEP's summary of the Council's positions <a href=\"https:\/\/www.patrick-breyer.de\/en\/posts\/chat-control\/\" target=\"_blank\" rel=\"noopener\">Patrick Breyer<\/a> confirms that some of the scenarios envisaged combine :<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- age verification required for access to messaging services and app stores,<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- exclusion of under-16s from many applications,<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- and generalized requirement for identity verification to use communication services.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">It's not yet an applied text, but the direction is clear:<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- more age verification = less anonymity; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- more identity documents or biometrics = greater individual traceability.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">To say that the project endangers online anonymity is therefore <strong>justified<\/strong>. Claiming that anonymity disappears completely is an extrapolation, but consistent with the risks described by authorities and NGOs.  \ufffc<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\">Ban on messaging services for under-16s <\/h4>\n\n\n\n<p class=\"has-medium-font-size\">Some of the Council's working documents explicitly mention :<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- minimum age requirements for installing certain applications; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- age verification on the app store side that can lead to under-16s being excluded from many communication apps.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">This is not (yet) a simple and clear prohibition in positive law, but rather a combination of :<\/p>\n\n\n\n<p class=\"has-medium-font-size\">1. risk mitigation obligations for services ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">2. blocking via app stores ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">3. systematic age verification.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">In practice, the result would be very close to what the thread describes:<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- severely restricted access for minors over a certain age; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- everyone has to prove their age, and therefore their identity.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">The wording \u00abban on all WhatsApp, Instagram and TikTok-type applications for under-16s\u00bb is therefore a militant simplification, but it corresponds to the logic of several versions of the text.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-large-font-size\">Who supports and opposes Chat Control within the European Union?<\/h3>\n\n\n\n<p class=\"has-medium-font-size\"><strong>The European political map is highly fragmented.<\/strong><\/p>\n\n\n\n<p class=\"has-medium-font-size\">- States such as <strong>France<\/strong> are among the governments considered to be in favor of a generalized scanning device, including for encrypted services.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- Conversely, a coalition of countries (<strong>Germany, Netherlands, Austria, Finland, Estonia, Luxembourg, Czech Republic, Poland...<\/strong>) opposes mass surveillance and the breaking of encryption.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">Under pressure from civil society and cryptography experts, some governments have already backed down, and a Danish version that made scanning mandatory was withdrawn, then replaced by a more \u00abvoluntary\u00bb but still problematic version.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">One thing is certain:<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- nothing has yet been definitively decided,<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- but the trend is to reintroduce the feature in small steps, using technical formulations (\u00abrisk mitigation\u00bb, \u00abupload moderation\u00bb, etc.) that are difficult for the general public to understand.  \ufffc<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Legal issues: secrecy of correspondence, encryption and the rule of law<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">Criticism comes from three fronts:<\/p>\n\n\n\n<p class=\"has-medium-font-size\">1. data protection authorities (EDPB\/EDPS) who believe that the widespread monitoring of private communications violates the Charter of Fundamental Rights and the principle of proportionality.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">2. security and cryptography experts, who point out that client-side scanning by definition creates a gateway into devices, reusable by other actors (states, hackers, criminals).  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">3. NGOs defending digital freedoms, who denounce a drift towards a model where everyone is permanently monitored, in the name of the fight against a minority of criminals.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>The paradox is cruel:<\/strong><\/p>\n\n\n\n<p class=\"has-medium-font-size\">- to protect children, the EU is considering measures that weaken the safety of all; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- to better target predators, we're installing a mass surveillance infrastructure, with enormous potential for misuse.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-large-font-size\">What can a citizen (or an entrepreneur) do today?<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">The thread you quoted refers to the site <a href=\"https:\/\/t.co\/LZSdbdhR6b\">FightChatControl<\/a>, which centralizes information, analyses and tools for contacting MEPs and national governments.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">In practical terms, there are three levels of action:<\/p>\n\n\n\n<p class=\"has-medium-font-size\">1. Policy<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- Contact your MEPs and national representatives to ask them clearly to reject any form of generalized, compulsory or disguised scanning.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- Follow your country's position in the Council (the map of opposing and supporting states is public).  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">2. Technical<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- Choose tools that still respect strong encryption and data minimization.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- Prepare for a scenario where certain services refuse to apply Chat Control and are blocked or marginalized in the EU.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">3. strategic (for companies and freelancers)<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- Integrate these regulatory risks into digital strategy: choice of internal messaging systems, cloud solutions, data hosting locations, etc.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- Anticipate the consequences of an identity verification requirement on business models based on anonymity, communities, or the sensitivity of exchanges (health, finance, politics).  \ufffc<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-large-font-size\">Conclusion: what Chat Control 2.0 really reveals<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">The text is more than just a technical debate on online paedocriminality.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">Chat Control 2.0 is an eye-opener:<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- a paradigm shift in which all citizens must be scanned \u00abjust in case\u00bb; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- an obsession with traceability, via age, identity and devices, to the detriment of anonymity and confidentiality; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size\">- of political fragility, where devices rejected once are reintroduced under other, more technical, less visible labels.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size\">As a citizen, you can choose to look the other way, until the day your account, messages or data are blocked, scanned or reinterpreted.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">As an entrepreneur, consultant or manager, you don't have this luxury: your communication tools, the confidentiality of your customer exchanges, the security of your strategic data depend directly on this type of regulation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-large-font-size\">WizeCounsel in all this?<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">At WizeCounsel, we analyze this type of text with a dual perspective:<\/p>\n\n\n\n<p class=\"has-medium-font-size\">1 Public liberties and the rule of law: what Chat Control 2.0 means for privacy, the secrecy of correspondence and the right to encryption.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">2. corporate strategy: how to adapt your structure, tools and data flows to an environment where mass surveillance is gradually becoming the norm.<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>My point is clear:<\/strong><\/p>\n\n\n\n<p class=\"has-medium-font-size\">the more you delegate your digital sovereignty without understanding the rules of the game, the more you accept that others decide what you have the right to say, encrypt or exchange.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">If you <a href=\"https:\/\/wizecounsel.org\/en\/contact-consultant-societe-offshore-international\/\" data-type=\"page\" data-id=\"50\">want a diagnosis<\/a> We can help you with exactly the kind of issues you need to address (messaging, hosting, collaborative tools, server localization, regulatory risks).<\/p>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>The EU relaunches Chat Control 2.0: scanning of private messages, end of anonymity and generalized identity verification. Legal and strategic analysis by Wize Counsel.<\/p>","protected":false},"author":1,"featured_media":1022,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"\ud83c\uddea\ud83c\uddfa Chat Control 2.0 : vers la surveillance totale des conversations priv\u00e9es ?\n\nL\u2019Union europ\u00e9enne relance un texte explosif :\n\n\ud83d\udd39 Scan des messages priv\u00e9s, m\u00eame chiffr\u00e9s\n\ud83d\udd39 Analyse automatique des photos et fichiers\n\ud83d\udd39 V\u00e9rification obligatoire d\u2019identit\u00e9\n\ud83d\udd39 Fin progressive de l\u2019anonymat en ligne\n\ud83d\udd39 Acc\u00e8s restreint aux messageries pour les moins de 16 ans\n\nUne \u00e9volution majeure, qui pose une question simple :\nSommes-nous pr\u00eats \u00e0 renoncer \u00e0 la confidentialit\u00e9 pour \u201cprot\u00e9ger\u201d le num\u00e9rique ?\n\nChez WizeCounsel, ont analyse ce texte avec deux angles :\n\u2013 Libert\u00e9s publiques et vie priv\u00e9e\n\u2013 Strat\u00e9gie num\u00e9rique pour les entrepreneurs et entreprises\n\nL\u2019article complet est disponible sur le site.\n\n#ChatControl #UnionEurop\u00e9enne #Chiffrement #Surveillance #ViePriv\u00e9e #DigitalRights #Consulting #Strat\u00e9gieNum\u00e9rique #WizeCounsel","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[35],"tags":[40,32],"class_list":["post-1019","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-expertise-structuration-international","tag-chat-control","tag-consulting"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/wizecounsel.org\/wp-content\/uploads\/2025\/11\/chate-controle.avif","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/posts\/1019","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/comments?post=1019"}],"version-history":[{"count":6,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/posts\/1019\/revisions"}],"predecessor-version":[{"id":1032,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/posts\/1019\/revisions\/1032"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/media\/1022"}],"wp:attachment":[{"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/media?parent=1019"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/categories?post=1019"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/tags?post=1019"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}