Chat Control "brings high risks to society" say privacy experts

• Chat Control proposal still poses a risk, a group of academics warns
• The open letter comes as the EU Council meets
• The bill could be adopted as early as December 8, 2025

Chat control legislation "still brings high risks to society without clear benefits for children," according to an open letter recently published by a group of European academics.

After failing once again to obtain the required majority, Denmark has withdrawn the mandatory scanning clause included in the original Chat Control bill, making it voluntary instead.

The move was initially hailed as a victory by privacy and security experts, but it was short-lived, with people warning that the text could still introduce mandatory scanning "through the backdoor."

A group of 18 top cybersecurity and privacy academics from Europe has reiterated these concerns in an open letter published this week.

The letter addressed the European Council two days ahead of the November 19 meeting with the Committee of Permanent Representatives, with adoption expected as early as December 8, 2025.

Expanding scope concerns privacy advocates

Originally, only URLs, pictures, and videos were going to be the target of CSAM scanning. Now, however, lawmakers have widened the scope of the bill to also include text, in a move that echoes previous versions of the bill.

In their open-letter, academics warn that broadening the scope of the legislation will lead to unintended consequences. Notably, they argue that "expanding the scope of detection only opens the door to surveil and examine a larger part of conversations, without any guarantee of better protection."

They also highlight the potential of false positives, writing: "current AI technology is far from being precise enough to undertake these tasks with guarantees for the necessary level of accuracy."

Concerning mandatory age verification

The new proposal would also lead to age verification being introduced on app stores and encrypted messaging services like WhatsApp. According to the experts, this not only fails to help the main objective of the bill, it also exposes everyone to new privacy and security risks.

"Age assessment cannot be performed in a privacy-preserving way with current technology due to reliance on biometric, behavioral or contextual information," they argue. "In fact, it incentives (children's) data collection and exploitation."

Experts warn that even adopting an alternative approach – such as using official documents for age verification – would cut off a "substantial fraction of the population" from essential online services.

What's more, these provision would be easy to bypass. They "can be easily evaded, by using providers outside the EU or VPNs to avoid geolocation checks," experts note.

Voluntary detection still comes with risks

It appears that shifting CSAM scanning from mandatory to voluntary has been enough to gain bipartisan agreements among lawmakers and end over three years of failed negotiations.

But many cryptography experts and data scientists are still convinced that even voluntary detection will harm security and privacy, particularly due to the belief that the technology is not currently accurate or effective enough.

All in all, "on-device detection technologies cannot be considered a reasonable tool to mitigate risks, as there is no proven benefit, while the potential for harm and abuse is enormous," they conclude.

The open letter seems to have already influenced today's meeting.

As a leaked cable shared by a Former MEP for the German Pirate Party and digital rights jurist, Patrick Breyer, shows, EU governments are removing Chat Control from today's COREPER agenda because a majority has not yet been reached.

This could seriously delay the adoption of the new rules, expected as early as December 8, 2025.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!