Chat Control: where the EU's message-scanning proposal stands
"Chat Control" is the informal name for a set of European Union proposals aimed at detecting child sexual abuse material (CSAM) by scanning private messages. The topic has long divided child-safety advocates from privacy and encryption experts, because the scanning techniques under discussion โ particularly client-side scanning โ require analyzing message content before it is encrypted, effectively bypassing end-to-end protection.
Two separate legislative tracks
It's important to distinguish two distinct tracks:
The temporary regime ("Chat Control 1.0") allows communication providers to voluntarily continue scanning content for CSAM, as a derogation from the ePrivacy Directive. This regime had lapsed on 4 April 2026 after the European Parliament rejected an earlier extension in March. However, on 9 July 2026, Parliament approved a fresh extension in a closely fought vote (314 against, 276 in favor โ not enough to block it under that procedure's rules), this time with amendments explicitly excluding services that use end-to-end encryption. The extension is set to run until 3 April 2028.
The permanent regulation ("Chat Control 2.0", or the CSA Regulation) is a much broader and more contested proposal that would introduce structural detection obligations for providers, including the possibility of targeted "detection orders." This text remains under negotiation (trilogue) between Parliament, Council and Commission and, at the time of writing, has not been finally adopted.
Why it matters for apps like Cryptwire
Cryptwire is a peer-to-peer, end-to-end encrypted messenger: messages never pass through, or are readable by, a central server. The more controversial versions of the "Chat Control" proposals would raise technical and legal questions for any encrypted messaging service operating in the EU, since client-side scanning would require analyzing content before encryption. Digital rights groups, cryptographers and several data protection authorities have repeatedly warned that this would effectively weaken end-to-end encryption for all users, not just suspects.
On the other side, supporters of these measures point to the real and growing scale of online child abuse material and argue that a common EU legal framework is needed rather than fragmented national regimes.
Where things stand, in short
As of July 2026, the voluntary temporary regime has been extended until 2028 with an explicit carve-out for E2EE services, while the permanent regulation remains under negotiation with no confirmed adoption date. The situation is still evolving โ anyone following it closely should check official European Parliament sources and the digital rights analyses referenced below.