The EU wants to decrypt your private data by 2030

News
By published

The EU Commission unveiled the first step in its security strategy to ensure "lawful and effective" law enforcement access to data

Eu
Image credit: Pixabay (Image credit: Unsplash)
  • The EU Commission presented a Roadmap on how it intends to ensure that law enforcement has effective and lawful access to citizens' data
  • Politicians seek to establish a precedent for the decryption of private data
  • The Roadmap is part of the ProtectEU strategy, first unveiled in April 2025

EU law enforcement bodies could be capable of decrypting your private data by 2030.

This is one of the ambitious goals the EU Commission presented in its Roadmap on June 24, 2025. A plan on how the bloc intends to ensure police officers' "lawful and effective" access to citizens' data.

The Roadmap is the first step forward in the ProtectEU strategy, first unveiled in April 2025 – but privacy experts have already begun raising the alarm.

How the EU plans to achieve lawful access to data

ProtectEU represents the EU Commission's internal strategy to bolster the security of the European bloc in the years to come.

It stems from the work of the High-Level Group (HLG) carried on under the so-called Going Dark initiative. The group was tasked, by the EU Council in June 2023, to develop a strategic plan "on access to data for effective law enforcement."

Specifically, the group's final report, published in March 2025, referred to end-to-end encryption as "the biggest technical challenge" to the investigative work of law enforcement agencies, explicitly targeting the use of the best VPN services, encrypted messaging apps, and similar tools.

The Roadmap marks a key part of the strategy, providing more detail on how lawmakers plan to address what they refer to as "the growing challenges of accessing critical digital evidence" during criminal investigations.

The eyes of Big Brother is watching secretly from behind the digital curtain of the EU flag

(Image credit: Bjorn Bakstad, via Getty Images)

The plan focuses on six key areas:

  • Data retention. The EU Commission is expected to carry out an impact assessment with the aim of extending the EU's data retention obligations and reinforcing cooperation between service providers and authorities.
  • Lawful interception. Lawmakers seek to explore measures aimed at improving cross-border cooperation for lawful interception of data by 2027.
  • Digital forensics. The goal here is to develop technical solutions that allow authorities to analyze and preserve digital evidence stored on electronic devices.
  • Decryption. Next year, the EU Commission is set to present a Technology Roadmap on encryption to identify and evaluate decrypting solutions. These technologies are expected to equip Europol officers from 2030.
  • Standardisation. The Commission is said to be committed to working alongside Europol, industry stakeholders, experts, and law enforcement practitioners to standardize the new approach to internal security.
  • AI solutions for law enforcement. Lawmakers also seek to promote the development and deployment of AI tools by 2028. These solutions will enable authorities to lawfully and effectively process large volumes of seized data.

What the experts are saying

Experts have long warned against proposed plans to break encryption, meaning the technology responsible for scrambling data into an unreadable form to prevent unauthorized access.

Now, according to Internet Society's Senior Director, Robin Wilton, another move towards the decryption of private data is concerning.

"Efforts to develop decryption techniques almost inevitably introduce new vulnerabilities that could be exploited by anyone with the motivation and know-how; they may also encourage the 'hoarding' of vulnerabilities, which is contrary to good cybersecurity practice," Wilton told TechRadar.

These comments echoed previous warnings from technologists, cryptographers, and privacy advocates who were "deeply concerned" by the EU plan to weaken encryption.

A surge in cyberattacks worldwide has pushed government bodies, including the FBI and CISA in the US, to encourage citizens to switch to end-to-end encrypted services to fight back against these threats.

The European Commission itself even previously acknowledged encryption as a necessary measure to protect the integrity of cyberspace.

This is probably the reason why a similar proposal to create a backdoor into encryption, the so-called Chat Control bill, has been failing to attract the needed majority since 2022.

Now, lawmakers promise to be committed to finding the right balance between "allowing for efficient and future-proof solutions to facilitate law enforcement’s lawful access to digital information, while respecting the right to privacy and maintaining high levels of cybersecurity," said EU Commissioner for Internal Affairs and Migration, Magnus Brunner.

For Wilton, policymakers must never forget one simple fact: "Strong encryption isn’t the enemy of security – it’s the starting point for it."

You might also like

Chiara Castro
Chiara Castro
News Editor (Tech Software)

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She believes an open, uncensored, and private internet is a basic human need and wants to use her knowledge of VPNs to help readers take back control. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, tech policies, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.