In recent days, the Council of the European Union (representatives of the Member States) has backed a controversial draft regulation known as Chat Control 2.0. Its aim is to combat the spread of child sexual abuse material (CSAM), but the way it seeks to achieve this has stirred strong reactions among cybersecurity experts and privacy advocates. What exactly does this proposal mean for ordinary users, and how does it relate to the recent call by Members of the European Parliament to ban social networks for children under 16?
What is Chat Control 2.0?
Under the official title Regulation laying down rules to prevent and combat child sexual abuse hides legislation that would require providers of online services (such as Messenger, WhatsApp, Instagram and others) to actively search for, report, and remove illegal content depicting the sexual abuse of children.
Although the goal of protecting children is unquestionable and noble, the problem lies in the technical implementation. In order to detect such content, algorithms must be able to “see” into users’ messages. However, this is in direct conflict with end-to-end encryption, which is meant to ensure that only the sender and the recipient can read the message – no one else, not even the service provider or the state.
How it is supposed to work: Scanning directly on your phone
The compromise text currently approved introduces a mechanism called “upload moderation”. Because an encrypted message cannot be read during transmission, the check would take place directly on your device (so-called client-side scanning) right before the message is encrypted and sent.
If artificial intelligence concluded that a photo or video you want to send is suspicious, the system would block the sending and could notify the competent authorities. Critics, including Czech representatives, warn that this system effectively places a “bug” in every citizen’s pocket and opens the door to mass surveillance.
Voluntary or mandatory?
The approved version of the proposal tries to soften the edges by introducing the notion of “voluntariness”. Services are supposed to implement scanning voluntarily. In the very next breath, however, the legislation adds that if such measures are not sufficient, authorities may issue a so-called detection order that would make scanning mandatory.
The end of anonymity and age verification
Chat Control 2.0 is not the only topic currently stirring Brussels. MEPs have simultaneously called for stricter regulation of social networks, which could lead to banning their use for children under 16 (or requiring parental consent).
In order to enforce such a ban and to make Chat Control work, it will be necessary to reliably verify the age and identity of the user. In practice, this may mean the end of anonymous accounts. When creating an account on WhatsApp or Instagram, users could be forced to:
A. Upload their ID card.
B. Provide a face scan.
C. Use a state-issued digital identity.
This would link online activities to a person’s real-world identity, which carries enormous risks in the event of a data breach.
The Czech stance: We voted against
It is important to mention that the Czech Republic voted against this proposal, as did Poland, Slovakia and the Netherlands. Czech representatives were particularly troubled by the weakening of encryption, which is considered a fundamental pillar of digital security (for example for banking, communication with public authorities, and everyday privacy). The decisive vote, however, came from Germany, which after lengthy hesitation backed the proposal, thus securing the necessary majority in the Council of the EU.
What happens next?
Approval by the Council of the EU does not mean that Chat Control 2.0 will take effect tomorrow. What follows now is the so-called trilogue – negotiations between the Council of the EU, the European Commission and the European Parliament. The European Parliament has in the past been highly critical of weakening encryption and has preferred targeted investigations of suspect individuals over blanket scanning of all users. We can therefore expect a tough political battle over the final wording of the text.
Protecting children vs. the risks
From a prevention perspective, the situation is complex. On the one hand, it is essential to stop the spread of child sexual abuse material and protect children from online predators – and current tools are often insufficient. However, the reality is that mass distribution of pornography typically occurs through entirely different channels, outside social networks and common communication tools.
On the other hand, by creating “backdoors” into encrypted communication, we may end up weakening the online security of all children. If a tool exists that can scan messages, it can be abused by hackers, extortionists or authoritarian regimes.
At the same time, we can see that anonymity on social networks leads to violence, the spread of disinformation, and large-scale manipulation of public opinion (for example, the platform X recently started displaying where accounts are registered and from where they log in, and many profiles that appear to be, say, American or European actually originate from India, Africa or Asia and are often so-called troll farms).
Real online safety should not be a choice between protecting children and protecting privacy. Effective solutions must include both, without turning every smartphone user into a suspect.
Kamil Kopecký
E-Bezpečí, Palacký University Olomouc
