EU to legislate about Chat Control behind closed doors

Privacy
Regulation
Security
Europe
Policy

The post is a campaign article by MEP Patrick Breyer arguing that the EU’s long-running "Chat Control" effort is being advanced again through closed-door maneuvering, despite previous resistance in the European Parliament. The underlying proposal is to detect child sexual abuse material in private communications, but the mechanism everyone focused on is scanning messages or attachments on users’ devices before or as they are sent. That is why commenters kept calling it a threat to end-to-end encryption in practice even if the law avoids saying "ban encryption" outright. Several people also pointed out that the current fight is not a simple replay of one single bill. Parts of the proposal have been rejected or watered down before, then repackaged and pushed again under slightly different procedural routes.

If you build or rely on encrypted messaging in Europe, plan for pressure to add on-device scanning, age checks, or app-store level restrictions even when providers cannot access message contents. More broadly, treat this as a governance signal: privacy-hostile policy can keep returning through procedural churn, so product, legal, and public-affairs teams need a standing response instead of assuming one defeat ends the fight.

June 28, 2026
patrick-breyer.de
Discuss on HN

Discussion mood

Strongly negative and alarmed. Most commenters saw Chat Control as a recurring attempt to normalize mass surveillance under a child-safety banner, with extra anger directed at opaque EU procedure, repeated reintroduction after rejection, and the belief that ordinary users would lose privacy while serious criminals route around the system.

Key insights

Law enforcement and vendors keep it alive

Pressure behind Chat Control was framed as persistent institutional lobbying, not a spontaneous public demand. Europol is openly calling for lawful access to end-to-end encrypted channels, and commenters tied that to a wider ecosystem of police agencies, scanning vendors, and compliance firms that keep pushing the file forward even after public setbacks. Ashton Kutcher’s advocacy for Thorn was used as a concrete example of how child-safety branding and commercial scanning interests can align.

Watch the budget holders and contractors, not just the headline politicians. If your product could be forced into moderation or scanning infrastructure, assume a standing lobby exists to make that market mandatory.

Attribution:

mike_hearn #1
fwn #1
miohtama #1 #2

The institutional map is the real trap

Confusion over Parliament, Commission, Council, and member-state vetoes is not a side issue. It is part of why this proposal keeps resurfacing. Several commenters argued that national governments can push unpopular surveillance through the Council, let the Commission carry it procedurally, then blame "the EU" once it lands. Others noted that four countries opposing a Council position can matter a lot, which means the real leverage point is often national governments rather than MEP grandstanding alone.

For advocacy or corporate outreach, do not target only the Parliament. Split effort between MEPs, national ministries, and Council-level positions because the bottleneck moves.

Attribution:

bluebarbet #1
mike_hearn #1
throwawayffffas #1
munksbeer #1
Chu4eeno #1

This is about endpoint control, not breaking crypto math

The technical center of gravity has shifted from "can we decrypt Signal" to "can we force scanning before encryption or block distribution of noncompliant apps." That reframes the threat. End-to-end encryption can remain mathematically intact on paper while users still get spyware-like inspection on the device, or while app stores and platform vendors squeeze out privacy-preserving clients. That is why commenters called a narrow defense of encryption insufficient if operating systems and distribution channels are captured.

Threat-model the client and the app-distribution layer, not just the protocol. If you work on secure communications, harden for hostile platform requirements and alternative distribution paths.

Attribution:

afh1 #1
sharperguy #1
wqaatwt #1
subscribed #1
palata #1

Exemptions make the power grab clearer

Commenters highlighted claims that politicians, military, and intelligence personnel would be exempt from parts of the regime. Whether or not every detail survives drafting, that framing sharpened the point. The system is not being sold as universal transparency. It is ordinary people being scanned while the state’s own sensitive communications remain protected. Others connected that to prior spyware scandals in EU countries and argued governments want a legal domestic surveillance path because off-the-books tools like Pegasus created too much scandal.

Pay attention to who gets carved out. Broad surveillance proposals that preserve privileged channels for the state are signaling control over populations, not a neutral safety architecture.

Attribution:

sph #1
freehorse #1
wolvoleo #1

Public support is soft and slogan-driven

The proposal’s resilience was traced partly to how easily "think of the children" polls. A Danish commenter said most people barely know the legislation but respond predictably when privacy is framed against child protection. Another pointed out there is no need for a grand conspiracy when many voters genuinely support more surveillance in the abstract. That makes the political hazard deeper than one bad committee. Technical objections lose unless they are translated into plain harms that nonexperts can picture.

If you oppose this kind of policy, do not lead with cryptography jargon. Explain concrete failure modes like false accusations, platform lock-in, chilling effects, and criminals moving elsewhere while families lose private space.

Attribution:

Gareth321 #1
hhh #1
throwawayffffas #1

Technical workarounds will not save the normies

Email-backed chat like Delta Chat came up as an obvious bypass, but commenters were clear that clever protocol escapes are not a real policy answer. Once the state decides that unscannable private communication is the problem, it can criminalize the workaround, pressure app stores, or make compliance a condition of mainstream distribution. The people who lose first are not sophisticated criminals. They are ordinary users who stay inside default platforms.

Do not mistake niche escape hatches for durable protection. If your business or community depends on private communications, legal and political defense matters as much as protocol design.

Attribution:

throw_await #1
treyd #1
giuscri #1
Argonaut998 #1

Against the grain

Economic decline is not mainly about regulation

One commenter pushed back on the easy story that Europe’s weakness is just self-inflicted bureaucracy. They argued Europe’s slowdown tracks energy constraints, especially after conventional oil peaked, and that copying a lower-regulation US model would not recreate US growth without the same energy abundance. That does not excuse Chat Control, but it rejects the idea that every bad EU privacy proposal proves deregulation is the cure for Europe’s broader problems.

Do not let a justified privacy fight collapse into a generic "all regulation is the problem" worldview. Separate surveillance policy from deeper structural questions like energy, industrial strategy, and market power.

Attribution:

palata #1

Surveillance can look like a geopolitical necessity

A minority view argued that if rival powers already run pervasive surveillance and information control, refusing comparable capabilities creates an asymmetric weakness. In that frame, Chat Control is not just moral panic or bureaucratic mission creep. It is an attempt to avoid strategic blindness in a world where adversaries shape your public sphere while shielding their own. Most commenters rejected this logic, but it captures the security rationale likely to keep reappearing.

Expect future versions of this policy to be sold less as child safety alone and more as resilience against foreign influence. Teams doing policy work should prepare answers to both frames.

Attribution:

augment_me #1

This round may be narrower than the worst version

One commenter argued that not every current compromise equals the maximalist Chat Control 2.0 proposal people fear. Some positions appear aimed at preserving the already bad status quo of earlier measures while blocking the most sweeping expansion. That does not make the package good, but it suggests that procedural detail matters and that opponents can miss where the real line has moved if they treat every draft as identical.

Read the exact text in play, not just the brand name of the proposal. Negotiation can hide real narrowing or dangerous expansion, and strategy depends on knowing which one is happening.

Attribution:

kristjank #1

In plain english

Chat Control ↩

A label used by critics for EU proposals that would require services to detect child sexual abuse material in private communications, potentially through message scanning or device-side inspection.

client-side scanning ↩

Scanning content on a user’s device before it is encrypted or sent, rather than reading it on a server after transmission.

Commission ↩

The European Commission, the EU’s executive body that proposes legislation and oversees implementation.

Council ↩

Here, the Council of the European Union, the body where ministers from member-state governments help pass EU laws.

Delta Chat ↩

A messaging app that uses email protocols as its transport layer, mentioned as a possible workaround to messenger regulation.

EU ↩

European Union, a political and economic bloc of European countries that often creates region-wide technology regulations.

Europol ↩

The European Union Agency for Law Enforcement Cooperation, which supports police work across EU countries.

MEP ↩

Member of the European Parliament, an elected representative in the EU legislature.

Pegasus ↩

A spyware product that can secretly compromise phones and extract data, often cited in surveillance scandals.

Thorn ↩

A company that builds technology aimed at detecting child sexual abuse material, mentioned here as a vendor aligned with scanning proposals.

Reference links

Policy tracking and campaign resources

Fight Chat Control
Used to track country positions and the state of the proposal.
European Pirates on exemptions for ministers
Cited to support the claim that ministers wanted to exempt themselves from the rules.
EFF on the KIDS Act and private messages
Shared as a parallel US policy effort that could also reach private messaging.

Reporting on EU secrecy and process

EUobserver on the EU’s culture of secrecy
Cited to argue that EU lawmaking has become harder for journalists and civil society to monitor.
EUobserver on secret EU law making in Brussels
Used as historical evidence that more deals are settled behind closed doors before public readings.

Institutional and law-enforcement references

Europol statement calling for lawful access by design
Quoted to show law-enforcement advocacy for access to encrypted communications.
EU sanctions tracker entry for Hüseyin Doğru
Posted in a side argument about EU sanctions and political targeting.

Technical tools and workarounds

Delta Chat
Given as an example of a chat system built on top of email protocols.

Background on EU history and public opinion

Schuman Declaration history page
Shared to support the claim that the EU was founded as a peace project.
Pew Research on attitudes toward the EU
Used to rebut the claim that no European country has a pro-EU majority.
Gallup on support for Brussels among member states
Shared as another data point on EU public support.

Contextual media and prior discussion

Related HN discussion on Metsola forcing through Chat Control
Linked as recent context for the same procedural fight.
YouTube video linked as related context
Posted as a related video in a side discussion about EU political tactics.