To clarify for fellow readers, since this is a messy situation:

This is about a new temporary measure to legally allow instant-messaging providers to scan their users' messages. Providers lost that legal right when the previous interim act (the Interim Derogation of the ePrivacy Directive, sometimes called "Chat Control 1.0") expired on 4 April 2026. Several large providers have said they'll keep scanning regardless.

This is only one piece of a bigger effort. For years the Commission has been trying to put a more permanent regime in place (the CSA Regulation, or "Chat Control 2.0") without success.

As both a lawyer and a software engineer, I don't understand why big tech and EC want to scan messages, if they actually want to combat online abuse. The research points the other way:

- Most messages on these services are end-to-end encrypted, so they can't be scanned at all (assuming the E2EE is implemented correctly). The Commission itself says 70% of messages on popular chat platforms are E2EE [1].

- Instant messaging isn't the main distribution channel for CSAM in the first place, per data from the US National Center for Missing and Exploited Children [2].

So the evidence points to low overall efficacy for message scanning against its stated goal of combating online child sexual abuse.

I don't think it'll pass this time. What worries me more is the spread of mandatory age-verification laws worldwide. That train is already going full steam ahead..

[1] https://home-affairs.ec.europa.eu/policies/internal-security...

[2] Page 18, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELE...

Given the insistance to pass this and the will of EU enforcement agencies to be able to monitor all communications in a Stasi-like manner, there is a large chance that the EC is applying the "salami technique" here.

First, install a monitoring system "for the kids", then you can expand for surveillance, and repression of incorrect political thought. Just like what China and Russia are doing, which has started the same.

> I don't understand why big tech and EC want to scan messages

I believe that's a form of corporate greenwashing. If you can prove your claims that you do everything in your power to prevent abusive materials, you're going to get less attention from annoying authorities next time a pedo network/terrorist cell hits the news.

Aside from that, there are a lot of well-meaning people who want to try every little thing to help stop horrific abuse. Police investigations are happening too slowly (if at all); if the police won't help solve the problem, going the civil route may help, even if just a little. I think it's an act of desperation rather than malice. Plus, just like there are plenty of people who say "they've got nothing to hide, I don't need encryption", there are plenty of people who feel like a tech panopticon is worth it if it catches some abuse cases. Besides, in cases like these, scientific evidence often doesn't matter as much as the emotion behind proposals, and most messaging providers couldn't appear more devoid of emotion if they tried.

I don't agree with the idea to scan every message for various reasons. If the police won't investigate criminals with the massive amount of power they already possess, overwhelming them with "abusive" material from an algorithm is only going to make it harder to filter out the real criminals. Plus, if a few large providers do it, that will put pressure on all the other providers that don't do it (see, for instance, that time they arrested the CEO of Telegram for not volunteering information without a warrant, like other messaging providers seem to do).

But, as much as I disagree, I do understand where those people are coming from. And then there are also the blatant comic-book villains that just want totalitarian government control over all information exchange, of course.

As both a lawyer and a software engineer, I don't understand why big tech and EC want to scan messages, if they actually want to combat online abuse.

They don’t want to combat child abuse, they want to improve their advertising fingerprints.

You could additionally point out that most EU states are DEfunding helping actual victims of CSAM. Because they are. So is the UK, for what it's worth.

This supposed goal of the legislation never even gets mentioned in the discussions about these laws.

Which seems to go further into that direction you're pointing to as well: this is about scanning all instant messages across the entire EU, for reasons other than protecting children. They don't even discuss actually protecting children.