EU member state governments have agreed on their position regarding the controversial Chat Control legislation. The proposal, which officially aims to combat child sexual abuse, opens the door to extensive surveillance of all citizens' digital communication, according to critics.
Sweden has approved it through the government and the Social Democrats, while the Sweden Democrats reject the proposal.
EU ambassadors approved a compromise proposal on Wednesday for the so-called CSAM regulation (Child Sexual Abuse Material), originally developed by Swedish EU Commissioner Ylva Johansson. The decision paves the way for final negotiations with the European Parliament on a permanent framework for digital surveillance, reports Samnytt.
The new negotiating mandate means that the most controversial parts of the Commission's original proposal are removed. Mandatory "detection orders" that would give authorities the right to require tech companies to scan citizens' chats, emails and messages – even in encrypted services – are struck from the text.
Instead, platforms' obligations to conduct risk assessments and implement "risk-reducing measures" are strengthened. Voluntary scanning of messages is highlighted as a possible tool. At the same time, a new EU agency is proposed, a special CSAM center, to coordinate the law's implementation.
From mandatory to "voluntary" surveillance
The removal of mandatory detection orders is presented by EU representatives as a balanced compromise. Critics argue, however, that the change is more cosmetic than real.
The new Council proposal emphasizes that encryption should be protected, but simultaneously lists message scanning as a possible risk-reducing measure. If a company is deemed to have excessively high risks, pressure from supervisory authorities can in practice turn voluntary scanning into a requirement.
The proposal also opens the door to extensive age verification. To determine which users are children, systems can be introduced where everyone must identify themselves with ID documents or biometric methods to use email, chat apps and other communication services.
Warnings of totalitarian surveillance model
Criticism has been massive from privacy experts, researchers and rights organizations. In its original form, the proposal would, according to critics, mean that all EU citizens would have their communication monitored – every phone call, video call, text message, app message, email and file in cloud services could be filtered in real time.
Chat Control has been compared to surveillance systems in totalitarian states. Critics warn of mission creep: once the infrastructure is in place, the filters can quickly be reconfigured for other content, such as political opinions or journalistic sources.
AI filters with massive false positives
AI is intended to detect suspected sexual content or grooming. But the technology already functions poorly on social media, where algorithms flag ironic comments, historical images or harmless material.
When the technology has been tested on known abuse images, up to 80-90 percent of hits have been false positives. The result is that thousands of people risk being identified as suspects for one of the most abhorrent crimes, only to be forced to prove their innocence while their most private images and conversations are examined.
Sweden says yes – SD dissents
The Swedish government – the Moderate Party, Christian Democrats and Liberals – along with the Social Democrats have approved the proposal. When Sweden's position was to be determined in autumn 2024, these parties voted together for approval, despite the fact that cooperation party the Sweden Democrats rejected the proposal.
Sweden Democrat politician Adam Marttinen warned that the proposal goes too far, that encryption is broken in practice and that it opens the door to mass surveillance on a slippery slope.
IT expert: "Politicians have been deceived"
IT security expert Karl Emil Nikka has sharply criticized both the EU Commission and supporting politicians. He argues that the technology described – where systems only search for child pornography without "seeing" anything else – does not exist.
— That technology obviously does not exist. It has never existed and by definition cannot exist, Nikka explained.
He warned that Chat Control means "insecurity by design," where all communication apps are forced to build in vulnerabilities that can be exploited by hostile states or criminal actors.
Nikka also pointed out that UNICEF's principles regarding children's right to private communication are violated by the proposal. He believes politicians have been deceived by the EU Commission's campaigns that have downplayed the privacy consequences.
The UN Human Rights Commissioner has warned that surveillance of digital communication is a primary tool for authoritarian regimes to persecute opposition groups and religious minorities. That the EU is now taking the lead with a model that, according to critics, normalizes mass surveillance is described as a historic step in the wrong direction.
