{"id":1019,"date":"2025-11-18T12:41:16","date_gmt":"2025-11-18T11:41:16","guid":{"rendered":"https:\/\/wizecounsel.org\/?p=1019"},"modified":"2025-11-18T12:44:38","modified_gmt":"2025-11-18T11:44:38","slug":"chat-control-2-union-europeenne","status":"publish","type":"post","link":"https:\/\/wizecounsel.org\/en\/chat-control-2-union-europeenne\/","title":{"rendered":"Chat Control 2.0: is the European Union legalizing mass surveillance of private conversations?"},"content":{"rendered":"<p class=\"has-medium-font-size wp-block-paragraph\">For several months now, a text has been quietly returning to the European agenda: the regulation to prevent and combat online child sexual abuse, better known as \u00abChat Control 2.0\u00bb.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Officially, the aim is to better detect child pornography content (CSAM). In practice, the project paves the way for virtually systematic scanning of private communications, including encrypted ones, and for widespread online identity verification.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">A <a href=\"https:\/\/x.com\/AureaLibe\/status\/1989373388603707542?s=20\">thread<\/a> very divided on X alert on three points:<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">1. total surveillance of private conversations via automatic scanning, even on WhatsApp, Signal or Telegram ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">2. end of anonymity: users must be identified; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">3. de facto ban on messaging applications for under-16s.<\/p>\n\n\n\n<blockquote class=\"twitter-tweet\"><p lang=\"fr\" dir=\"ltr\">\ud83d\udd34 \ud83c\uddea\ud83c\uddfa ALERT | The European Union is preparing to reintroduce \u00abEU Chat Control 2.0\u00bb, the mass surveillance scheme that several states had previously rejected.<br><br>The new version of the text provides for :<br><br>\u27a1\ufe0f Total surveillance of private conversations<br><br>All our exchanges... <a href=\"https:\/\/t.co\/AYWvl068LD\">pic.twitter.com\/AYWvl068LD<\/a><\/p>- Aurea (@AureaLibe) <a href=\"https:\/\/twitter.com\/AureaLibe\/status\/1989373388603707542?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">November 14, 2025<\/a><\/blockquote> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Before getting into the debate, we need to answer a simple question: is it all true?<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">Where does Chat Control 2.0 come from?<\/h2>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">The heart of the system is the proposed regulation COM(2022)209, known as CSAR (Child Sexual Abuse Regulation). It imposes a series of obligations on service providers (messaging services, hosts, platforms): assessing the risks of CSAM dissemination, implementing mitigation measures, and, in some cases, automatically detecting suspicious content.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Critics and NGOs were quick to dub this text \u00abChat Control\u00bb, as it makes automated scanning of private messages, photos and files possible and sometimes mandatory, including on end-to-end encrypted services.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">In 2023, the European Parliament had tried to limit drift by rejecting generalized surveillance and protecting encryption.  \ufffcBut in 2025, several Council presidencies (Poland, then Denmark) put the issue of encryption back on the table. <a href=\"https:\/\/data.consilium.europa.eu\/doc\/document\/WK-3471-2025-INIT\/en\/pdf?\" target=\"_blank\" rel=\"noopener\">more aggressive versions<\/a>, with new wording on \u00abrisk mitigation measures\u00bb which, in practice, may reintroduce client-side scanning (scanning directly on the phone before encryption).  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">It's this mechanic of returning through the window after a refusal through the door that explains the militant expression \u00abChat Control 2.0\u00bb.  \ufffc<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-large-font-size\">Thread fact-check: What does the text actually say?<\/h3>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\">Total surveillance of private conversations <\/h4>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">The draft regulation authorizes and may impose automated scanning of all communications to detect content linked to sexual abuse of minors.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Several versions include or have included :<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- the possibility of widespread detection, including for end-to-end encrypted services; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- the use of hashing, AI and client-side scanning, i.e. analysis directly on the device before the message is encrypted.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Technically, this amounts to bypassing encryption by placing inspection software on the user's smartphone. The data protection authorities (EDPB and EDPS) have themselves warned against this mechanism, deeming it disproportionate and incompatible with fundamental rights.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">So, yes:<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- To say that the project paves the way for mass scanning of private conversations is factually correct; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- Talk of \u00abtotal surveillance\u00bb is a militant formulation, but it accurately describes the potential scope of the system if derogations are used to the full.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\">End of online anonymity <\/h4>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Here again, we need to distinguish between the raw text and its concrete effects.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">The working versions of the regulations provide for :<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- age verification requirements, particularly for messaging services that present a risk of grooming; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- the use of methods based on official documents or age estimation systems, documented by <a href=\"https:\/\/edri.org\/wp-content\/uploads\/2023\/10\/Online-age-verification-and-childrens-rights-EDRi-position-paper.pdf?\" target=\"_blank\" rel=\"noopener\">NGO<\/a> for digital rights.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">An MEP's summary of the Council's positions <a href=\"https:\/\/www.patrick-breyer.de\/en\/posts\/chat-control\/\" target=\"_blank\" rel=\"noopener\">Patrick Breyer<\/a> confirms that some of the scenarios envisaged combine :<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- age verification required for access to messaging services and app stores,<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- exclusion of under-16s from many applications,<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- and generalized requirement for identity verification to use communication services.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">It's not yet an applied text, but the direction is clear:<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- more age verification = less anonymity; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- more identity documents or biometrics = greater individual traceability.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">To say that the project endangers online anonymity is therefore <strong>justified<\/strong>. Claiming that anonymity disappears completely is an extrapolation, but consistent with the risks described by authorities and NGOs.  \ufffc<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\">Ban on messaging services for under-16s <\/h4>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Some of the Council's working documents explicitly mention :<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- minimum age requirements for installing certain applications; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- age verification on the app store side that can lead to under-16s being excluded from many communication apps.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">This is not (yet) a simple and clear prohibition in positive law, but rather a combination of :<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">1. risk mitigation obligations for services ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">2. blocking via app stores ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">3. systematic age verification.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">In practice, the result would be very close to what the thread describes:<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- severely restricted access for minors over a certain age; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- everyone has to prove their age, and therefore their identity.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">The wording \u00abban on all WhatsApp, Instagram and TikTok-type applications for under-16s\u00bb is therefore a militant simplification, but it corresponds to the logic of several versions of the text.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-large-font-size\">Who supports and opposes Chat Control within the European Union?<\/h3>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>The European political map is highly fragmented.<\/strong><\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- States such as <strong>France<\/strong> are among the governments considered to be in favor of a generalized scanning device, including for encrypted services.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- Conversely, a coalition of countries (<strong>Germany, Netherlands, Austria, Finland, Estonia, Luxembourg, Czech Republic, Poland...<\/strong>) opposes mass surveillance and the breaking of encryption.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Under pressure from civil society and cryptography experts, some governments have already backed down, and a Danish version that made scanning mandatory was withdrawn, then replaced by a more \u00abvoluntary\u00bb but still problematic version.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">One thing is certain:<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- nothing has yet been definitively decided,<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- but the trend is to reintroduce the feature in small steps, using technical formulations (\u00abrisk mitigation\u00bb, \u00abupload moderation\u00bb, etc.) that are difficult for the general public to understand.  \ufffc<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Legal issues: secrecy of correspondence, encryption and the rule of law<\/h3>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Criticism comes from three fronts:<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">1. data protection authorities (EDPB\/EDPS) who believe that the widespread monitoring of private communications violates the Charter of Fundamental Rights and the principle of proportionality.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">2. security and cryptography experts, who point out that client-side scanning by definition creates a gateway into devices, reusable by other actors (states, hackers, criminals).  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">3. NGOs defending digital freedoms, who denounce a drift towards a model where everyone is permanently monitored, in the name of the fight against a minority of criminals.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>The paradox is cruel:<\/strong><\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- to protect children, the EU is considering measures that weaken the safety of all; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- to better target predators, we're installing a mass surveillance infrastructure, with enormous potential for misuse.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-large-font-size\">What can a citizen (or an entrepreneur) do today?<\/h3>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">The thread you quoted refers to the site <a href=\"https:\/\/t.co\/LZSdbdhR6b\">FightChatControl<\/a>, which centralizes information, analyses and tools for contacting MEPs and national governments.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">In practical terms, there are three levels of action:<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">1. Policy<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- Contact your MEPs and national representatives to ask them clearly to reject any form of generalized, compulsory or disguised scanning.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- Follow your country's position in the Council (the map of opposing and supporting states is public).  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">2. Technical<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- Choose tools that still respect strong encryption and data minimization.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- Prepare for a scenario where certain services refuse to apply Chat Control and are blocked or marginalized in the EU.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">3. strategic (for companies and freelancers)<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- Integrate these regulatory risks into digital strategy: choice of internal messaging systems, cloud solutions, data hosting locations, etc.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- Anticipate the consequences of an identity verification requirement on business models based on anonymity, communities, or the sensitivity of exchanges (health, finance, politics).  \ufffc<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-large-font-size\">Conclusion: what Chat Control 2.0 really reveals<\/h3>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">The text is more than just a technical debate on online paedocriminality.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Chat Control 2.0 is an eye-opener:<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- a paradigm shift in which all citizens must be scanned \u00abjust in case\u00bb; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- an obsession with traceability, via age, identity and devices, to the detriment of anonymity and confidentiality; ;<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">- of political fragility, where devices rejected once are reintroduced under other, more technical, less visible labels.  \ufffc<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">As a citizen, you can choose to look the other way, until the day your account, messages or data are blocked, scanned or reinterpreted.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">As an entrepreneur, consultant or manager, you don't have this luxury: your communication tools, the confidentiality of your customer exchanges, the security of your strategic data depend directly on this type of regulation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-large-font-size\">WizeCounsel in all this?<\/h3>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">At WizeCounsel, we analyze this type of text with a dual perspective:<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">1 Public liberties and the rule of law: what Chat Control 2.0 means for privacy, the secrecy of correspondence and the right to encryption.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">2. corporate strategy: how to adapt your structure, tools and data flows to an environment where mass surveillance is gradually becoming the norm.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>My point is clear:<\/strong><\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">the more you delegate your digital sovereignty without understanding the rules of the game, the more you accept that others decide what you have the right to say, encrypt or exchange.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">If you <a href=\"https:\/\/wizecounsel.org\/en\/contact-consultant-societe-offshore-international\/\" data-type=\"page\" data-id=\"50\">want a diagnosis<\/a> We can help you with exactly the kind of issues you need to address (messaging, hosting, collaborative tools, server localization, regulatory risks).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>","protected":false},"excerpt":{"rendered":"<p>The EU relaunches Chat Control 2.0: scanning of private messages, end of anonymity and generalized identity verification. Legal and strategic analysis by Wize Counsel.<\/p>","protected":false},"author":1,"featured_media":1022,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"\ud83c\uddea\ud83c\uddfa Chat Control 2.0 : vers la surveillance totale des conversations priv\u00e9es ?\n\nL\u2019Union europ\u00e9enne relance un texte explosif :\n\n\ud83d\udd39 Scan des messages priv\u00e9s, m\u00eame chiffr\u00e9s\n\ud83d\udd39 Analyse automatique des photos et fichiers\n\ud83d\udd39 V\u00e9rification obligatoire d\u2019identit\u00e9\n\ud83d\udd39 Fin progressive de l\u2019anonymat en ligne\n\ud83d\udd39 Acc\u00e8s restreint aux messageries pour les moins de 16 ans\n\nUne \u00e9volution majeure, qui pose une question simple :\nSommes-nous pr\u00eats \u00e0 renoncer \u00e0 la confidentialit\u00e9 pour \u201cprot\u00e9ger\u201d le num\u00e9rique ?\n\nChez WizeCounsel, ont analyse ce texte avec deux angles :\n\u2013 Libert\u00e9s publiques et vie priv\u00e9e\n\u2013 Strat\u00e9gie num\u00e9rique pour les entrepreneurs et entreprises\n\nL\u2019article complet est disponible sur le site.\n\n#ChatControl #UnionEurop\u00e9enne #Chiffrement #Surveillance #ViePriv\u00e9e #DigitalRights #Consulting #Strat\u00e9gieNum\u00e9rique #WizeCounsel","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[35],"tags":[40,32],"class_list":["post-1019","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-expertise-structuration-international","tag-chat-control","tag-consulting"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/wizecounsel.org\/wp-content\/uploads\/2025\/11\/chate-controle.avif","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/posts\/1019","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/comments?post=1019"}],"version-history":[{"count":6,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/posts\/1019\/revisions"}],"predecessor-version":[{"id":1032,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/posts\/1019\/revisions\/1032"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/media\/1022"}],"wp:attachment":[{"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/media?parent=1019"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/categories?post=1019"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wizecounsel.org\/en\/wp-json\/wp\/v2\/tags?post=1019"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}