Guide Index
EU Chat Control: Privacy Messaging Apps
Complete guide to EU Chat Control (1.0 & 2.0): what it is, what changes, has it been approved? Discover the best privacy messaging apps (Signal, Session, SimpleX) to protect your communications in Europe and beyond.
1. What Is EU Chat Control
Chat Control is the common name for a series of legislative proposals by the European Union aimed at combating child sexual abuse material (CSAM) online, through the systematic scanning of private digital communications of European citizens.
The term encompasses two main initiatives: Chat Control 1.0 (a temporary derogation for voluntary scanning, in effect since 2021) and Chat Control 2.0 (a proposed permanent regulation with mandatory scanning, proposed in 2022). Both have sparked a heated debate between the need to protect children and the fundamental right to communication privacy.
Why does this matter?
Chat Control represents one of the greatest threats to digital privacy in EU history. If implemented in its most invasive form, it could enable the mass scanning of all private conversations โ including chats, emails, photos, and videos โ of every European citizen, turning every smartphone into a potential surveillance tool.
2. Chat Control 1.0 โ The Current Chat Control Law
Chat Control 1.0 is Regulation (EU) 2021/1232, a temporary derogation from the ePrivacy Directive that normally protects the confidentiality of electronic communications in the European Union.
- โข Voluntary scanning โ allows (but does not require) platforms to scan unencrypted communications
- โข Technology: hash-matching against databases of known CSAM images
- โข Applicable to: webmail, cloud storage, non-E2EE messaging
- โข E2EE communications are excluded (July 2026 amendment)
- โข Adopted in 2021, extended until April 2026
- โข Expired on April 3, 2026
- โข On July 9, 2026: extended until April 2028 on a procedural technicality
- โข 314 against vs. 276 in favor, but threshold of 361 not reached
โ ๏ธ The controversial vote of July 9, 2026: The European Parliament voted on extending Chat Control 1.0 in second reading. 314 MEPs voted AGAINST the extension, vs. 276 in favor (17 abstentions). However, the second reading procedure requires an absolute majority of 361 votes for rejection, a threshold that was not reached. The extension therefore passed despite the majority voting against it, generating enormous controversy.
3. Chat Control 2.0 โ The Permanent Regulation (CSAR)
Chat Control 2.0 is the proposed regulation for the prevention and combating of child sexual abuse (CSAR, COM/2022/209), proposed by the European Commission on May 11, 2022. Unlike version 1.0, it introduces mandatory scanning obligations and could impose the controversial client-side scanning.
Client-Side Scanning: Why It's Dangerous
Undermines E2EE encryption
Scans content before encryption, effectively rendering end-to-end protection useless.
Creates systemic vulnerabilities
Scanning infrastructure built into devices can be exploited by hackers and authoritarian governments.
False positives
Innocent photos (e.g., parents sharing children's photos with doctors) can be flagged as illegal.
Chilling Effect
Knowing you're being monitored leads to self-censorship of legal and legitimate communications.
๐ Current status (July 2026): Chat Control 2.0 is still in the trilogue phase (negotiation between Parliament, the Council, and the Commission). The fifth trilogue was held on June 29, 2026, under the Cypriot Presidency of the Council. Organizations opposing it include: EDPS, EDPB, EDRi, EFF, Signal Foundation, Mozilla, Internet Society, and hundreds of academic researchers.
4. Timeline: Chat Control Chronology
All key events from 2021 to date, with the legislative path of EU Chat Control and the expected next steps.
EU adopts Regulation (EU) 2021/1232 โ Chat Control 1.0
Temporary derogation from the ePrivacy Directive: voluntary scanning of unencrypted communications for CSAM material.
Chat Control 2.0 Proposal (CSAR)
The European Commission proposes permanent regulation COM/2022/209 with mandatory scanning and client-side scanning.
Legislative deadlock
Prolonged debate between the Council and Parliament over mandatory scanning vs. encryption protection.
First Chat Control 1.0 extension
The EU formally extends the derogation until April 3, 2026.
The Council shifts strategy
Under the Danish Presidency, the Council abandons mandatory detection obligations in favor of a voluntary approach.
Council position on CSAR
The Council finally reaches a common position on the permanent regulation.
Parliament votes AGAINST extension
The European Parliament votes to reject a second extension of Chat Control 1.0.
Chat Control 1.0 EXPIRES
The temporary derogation officially expires on April 3, 2026.
Fifth Chat Control 2.0 trilogue
Under the Cypriot Presidency, the fifth (expected-final) trilogue on the permanent regulation takes place.
Controversial Parliament vote
314 MEPs vote AGAINST the extension vs. 276 in favor, but the threshold of 361 (absolute majority) is not reached. The extension passes on a procedural technicality. Crucial amendment: E2EE communications are excluded.
Council deadline
The Council has approximately 3 months to accept or reject Parliament's amendments.
New Chat Control 1.0 expiration
Expected expiration date if the Council accepts the parliamentary amendments.
5. The European Parliament and Chat Control
The European Parliament has been the main battleground in the Chat Control debate. The vote on July 9, 2026 was one of the most controversial moments of the legislative term.
Vote of July 9, 2026 โ Chat Control 1.0 Extension
The majority of MEPs voted against, but the procedural threshold of 361 votes (absolute majority) was not reached. The extension passed on a procedural technicality.
โ Crucial amendment approved
Parliament explicitly excluded end-to-end encrypted (E2EE) communications from the scanning scope. This means apps like Signal, WhatsApp, and Telegram (secret chats) cannot be subject to voluntary scanning under Chat Control 1.0.
6. Chat Control: Impact and Opposition Across Europe
Chat Control affects every EU citizen, regardless of country. Several member states, privacy authorities, and constitutional courts have taken strong positions against mass surveillance of communications. Here's where your country stands.
"Everyone has the right to respect for his or her private and family life, home and communications."
โ Art. 7 & 8, Charter of Fundamental Rights of the European Union
Both the European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB) have described Chat Control as "disproportionate and democratically dangerous". They maintain that mass scanning of private communications is incompatible with EU fundamental rights.
Where does your country stand?
Key positions from EU member states in the Council negotiations:
Led the blocking minority against mandatory scanning. The Bundesverfassungsgericht has consistently ruled that mass surveillance violates constitutional rights.
Initially supportive, then shifted to opposing client-side scanning. The CNIL raised concerns about mass surveillance infrastructure.
Strong constitutional protections (Art. 15). The Italian Privacy Authority called Chat Control "disproportionate and dangerous". Consistent critic in Council.
Firmly opposed. The Dutch Parliament passed a motion explicitly rejecting any weakening of encryption and requiring government opposition in Council.
Part of the blocking minority. Austria's constitutional court tradition of strong privacy rights made it a natural opponent of mass scanning.
Joined the blocking minority against mandatory detection orders, citing concerns about surveillance overreach and civil liberties.
Home to many tech companies. The Irish DPC has been cautious, emphasizing the need to balance child safety with privacy rights.
Under the Belgian Council Presidency (2024), attempted compromise proposals. The Belgian DPA raised proportionality concerns.
โ ๏ธ Important for all EU citizens: Regardless of your country's position in the Council, Chat Control applies across the entire European Union once adopted. The only reliable protection is to use end-to-end encrypted messaging apps that cannot be forced to implement backdoors โ such as the 9 apps listed below.
7. Best Privacy Messaging Apps
In the face of Chat Control threats, using messaging apps with end-to-end encryption is the first and most important step to protect your conversations. Here are the best alternatives, ranked by privacy level, security, and ease of use.
Signal
Gold Standard- + Best balance of security/usability/adoption
- + Post-quantum protection
- + Independent audits
- + Disappearing messages
- + Encrypted voice/video calls
- + Free
- โ Requires phone number for registration
- โ US jurisdiction
- โ Centralized infrastructure
Session
Total Anonymity- + Maximum anonymity, no identifiers
- + Decentralized infrastructure (thousands of nodes)
- + No single point of failure
- + Metadata-resistant
- โ Slower due to onion routing
- โ V2 protocol still in development
- โ Less audited than Signal
SimpleX Chat
Zero Identifiers- + Most radical privacy design available
- + Zero centralized identity
- + Self-hostable relays
- + Tor support
- + Post-quantum encryption
- โ More complex setup (unique links per contact)
- โ Newer project
- โ Smaller community
Threema
Swiss Privacy- + Swiss jurisdiction (outside Five/Nine/Fourteen Eyes)
- + Anonymous registration
- + Enterprise version (self-hosting)
- + Polls, groups, calls
- โ Paid app (one-time purchase)
- โ Smaller user base
- โ Centralized servers in Switzerland
Briar
Works Offline- + Works OFFLINE via Bluetooth/Wi-Fi Direct
- + Ideal during internet blackouts
- + Peer-to-peer, no central server
- + Built-in Tor routing
- + Perfect for journalists and activists
- โ Primarily Android only
- โ No voice/video calls
- โ Both users must be online
- โ Less polished UI
Element (Matrix)
Federated & Decentralized- + Fully decentralized/federated
- + Self-hosting possible
- + Used by the French government and German military
- + Interoperable
- + Bridges to other platforms
- โ UK jurisdiction for Element (self-hosting mitigates)
- โ Complex key management
- โ More complex setup than centralized apps
Wire
Enterprise Swiss- + Swiss + EU jurisdiction
- + Enterprise-grade features
- + Modern MLS protocol for groups
- + Multi-device
- + Free personal version
- โ Primarily enterprise-oriented
- โ Less aggressive metadata handling
- โ Smaller consumer user base
Nostr
Open Protocol- + Fully decentralized and open protocol
- + Censorship-resistant โ no central point of control
- + Portable identity across any client
- + Growing app ecosystem (Damus, Amethyst, Primal)
- + Native Bitcoin/Lightning Network integration
- + No phone number or email required
- โ Encrypted DMs less mature than Signal
- โ Public metadata (who you follow, when you post) visible to relays
- โ Learning curve for key management
- โ Ecosystem still young
Keet
Pure P2P- + Pure P2P โ no servers, no relays, no intermediaries
- + E2EE encrypted voice/video calls
- + Works without cloud infrastructure
- + Built on Hypercore/DHT โ mature technology
- + Built-in P2P file sharing
- + No data ever touches a server
- โ Both users must be online for direct messages
- โ Still small user base
- โ Fewer social features than traditional apps
- โ Limited availability on some platforms
8. How to Protect Your Privacy: Complete Checklist
Beyond choosing the right messaging app, protect your digital privacy on all fronts with these best practices.
- โ Use apps with E2EE by default (Signal, Session, SimpleX)
- โ Enable disappearing messages
- โ Verify contacts via safety number/QR code
- โ Avoid SMS/email for sensitive communications
- โ Use a no-log VPN (Mullvad, ProtonVPN, IVPN)
- โ Tor Browser for maximum anonymity
- โ Enable DNS-over-HTTPS (DoH)
- โ Use Brave, Firefox, or Mullvad Browser
- โ Separate your online identities (different profiles)
- โ Use email aliases (SimpleLogin, AnonAddy)
- โ Minimize app permissions
- โ Prefer audited open-source tools
- โ Keep your OS and apps updated
- โ Enable full-disk encryption
- โ Use a password manager (Bitwarden, KeePassXC)
- โ 2FA with hardware key (YubiKey) โ never SMS
9. Frequently Asked Questions (FAQ) About Chat Control
Answers to the most searched questions about Chat Control, communication privacy, and secure messaging apps.
Has Chat Control been approved?
Yes and no. Chat Control 1.0 (voluntary scanning) was extended until April 2028 by the European Parliament vote on July 9, 2026, despite 314 MEPs voting against (vs. 276 in favor). The absolute rejection threshold of 361 votes was not reached. Chat Control 2.0 (mandatory scanning) is still being negotiated through trilogues between Parliament, the Council, and the Commission. A crucial amendment excluded end-to-end encrypted communications from the scanning scope.
Are my WhatsApp chats monitored under Chat Control?
Under the current regime (extended Chat Control 1.0), no. The amendment adopted by the European Parliament on July 9, 2026 explicitly excludes services with end-to-end encryption (E2EE) such as WhatsApp, Signal, and Telegram (secret chats). However, the Chat Control 2.0 proposal could introduce client-side scanning in the future, which would scan content directly on your device before encryption, effectively bypassing E2EE protection.
What is the difference between Chat Control 1.0 and 2.0?
Chat Control 1.0 is a temporary derogation from the ePrivacy Directive that allows (but does not require) platforms to scan unencrypted communications for CSAM material. Chat Control 2.0 (CSAR, COM/2022/209) is a proposed permanent regulation that would make scanning mandatory, could impose client-side scanning, and would create a dedicated EU Centre. Version 2.0 is far more invasive and controversial.
How can I protect my privacy from scanning?
Use messaging apps with end-to-end encryption such as Signal (gold standard), Session (anonymous and decentralized), SimpleX Chat (zero identifiers), or Threema (Swiss, no phone number required). Enable disappearing messages, verify contacts via safety numbers, and avoid SMS/email for sensitive communications. For browsing, use a no-log VPN like Mullvad and the Tor Browser.
Is Signal safe against Chat Control?
Yes, Signal is currently protected by the E2EE exclusion approved by the European Parliament. Signal uses the most advanced cryptographic protocol available (with post-quantum protection since 2025) and has a zero-metadata policy. The Signal Foundation has repeatedly stated it would leave the EU rather than implement backdoors. However, the future risk of client-side scanning (Chat Control 2.0) would target the device, not the protocol.
Does Chat Control violate fundamental rights?
According to many legal scholars and privacy experts, yes. The EU Charter of Fundamental Rights (Articles 7 and 8) guarantees the right to private and family life and the protection of personal data. The European Data Protection Supervisor (EDPS) has described Chat Control as a disproportionate and democratically dangerous tool. Multiple EU member states have been among the most vocal critics of mass surveillance of communications.
What is client-side scanning and why is it dangerous?
Client-side scanning (CSS) is a technology that would scan content directly on your device (smartphone, PC) before it is encrypted and sent. Even though end-to-end encryption remains technically intact, CSS renders it de facto useless. The main risks include: creating backdoors exploitable by hackers and authoritarian governments, false positives (innocent photos flagged as illegal), chilling effects on freedom of expression, and potential expansion to any type of content in the future.
Which organizations oppose Chat Control?
A vast coalition of organizations opposes it: the European Data Protection Supervisor (EDPS), the European Data Protection Board (EDPB), European Digital Rights (EDRi), the Electronic Frontier Foundation (EFF), the Signal Foundation, Mozilla, Internet Society, and hundreds of academic researchers in cybersecurity. Privacy authorities across multiple EU member states have also expressed strong criticism.
Protect Your Finances Too
Communication privacy is just the first step. Discover how to also protect your financial privacy in the crypto world with our tools.