PrivacyToolkit
EU Legislation
Privacy Chat
Updated July 2026

EU Chat Control: Privacy Messaging Apps

Complete guide to EU Chat Control (1.0 & 2.0): what it is, what changes, has it been approved? Discover the best privacy messaging apps (Signal, Session, SimpleX) to protect your communications in Europe and beyond.

1. What Is EU Chat Control

Chat Control is the common name for a series of legislative proposals by the European Union aimed at combating child sexual abuse material (CSAM) online, through the systematic scanning of private digital communications of European citizens.

The term encompasses two main initiatives: Chat Control 1.0 (a temporary derogation for voluntary scanning, in effect since 2021) and Chat Control 2.0 (a proposed permanent regulation with mandatory scanning, proposed in 2022). Both have sparked a heated debate between the need to protect children and the fundamental right to communication privacy.

Why does this matter?

Chat Control represents one of the greatest threats to digital privacy in EU history. If implemented in its most invasive form, it could enable the mass scanning of all private conversations โ€” including chats, emails, photos, and videos โ€” of every European citizen, turning every smartphone into a potential surveillance tool.

2. Chat Control 1.0 โ€” The Current Chat Control Law

Chat Control 1.0 is Regulation (EU) 2021/1232, a temporary derogation from the ePrivacy Directive that normally protects the confidentiality of electronic communications in the European Union.

What It Includes
  • โ€ข Voluntary scanning โ€” allows (but does not require) platforms to scan unencrypted communications
  • โ€ข Technology: hash-matching against databases of known CSAM images
  • โ€ข Applicable to: webmail, cloud storage, non-E2EE messaging
  • โ€ข E2EE communications are excluded (July 2026 amendment)
Current Status
  • โ€ข Adopted in 2021, extended until April 2026
  • โ€ข Expired on April 3, 2026
  • โ€ข On July 9, 2026: extended until April 2028 on a procedural technicality
  • โ€ข 314 against vs. 276 in favor, but threshold of 361 not reached

โš ๏ธ The controversial vote of July 9, 2026: The European Parliament voted on extending Chat Control 1.0 in second reading. 314 MEPs voted AGAINST the extension, vs. 276 in favor (17 abstentions). However, the second reading procedure requires an absolute majority of 361 votes for rejection, a threshold that was not reached. The extension therefore passed despite the majority voting against it, generating enormous controversy.

3. Chat Control 2.0 โ€” The Permanent Regulation (CSAR)

Chat Control 2.0 is the proposed regulation for the prevention and combating of child sexual abuse (CSAR, COM/2022/209), proposed by the European Commission on May 11, 2022. Unlike version 1.0, it introduces mandatory scanning obligations and could impose the controversial client-side scanning.

CSS
Client-Side Scanning โ€” scanning directly on the device
EU Centre
New dedicated EU centre for combating abuse
100%
All communications potentially scanned

Client-Side Scanning: Why It's Dangerous

1.

Undermines E2EE encryption

Scans content before encryption, effectively rendering end-to-end protection useless.

2.

Creates systemic vulnerabilities

Scanning infrastructure built into devices can be exploited by hackers and authoritarian governments.

3.

False positives

Innocent photos (e.g., parents sharing children's photos with doctors) can be flagged as illegal.

4.

Chilling Effect

Knowing you're being monitored leads to self-censorship of legal and legitimate communications.

๐Ÿ“‹ Current status (July 2026): Chat Control 2.0 is still in the trilogue phase (negotiation between Parliament, the Council, and the Commission). The fifth trilogue was held on June 29, 2026, under the Cypriot Presidency of the Council. Organizations opposing it include: EDPS, EDPB, EDRi, EFF, Signal Foundation, Mozilla, Internet Society, and hundreds of academic researchers.

4. Timeline: Chat Control Chronology

All key events from 2021 to date, with the legislative path of EU Chat Control and the expected next steps.

2021

EU adopts Regulation (EU) 2021/1232 โ€” Chat Control 1.0

Temporary derogation from the ePrivacy Directive: voluntary scanning of unencrypted communications for CSAM material.

May 2022

Chat Control 2.0 Proposal (CSAR)

The European Commission proposes permanent regulation COM/2022/209 with mandatory scanning and client-side scanning.

2022โ€“23

Legislative deadlock

Prolonged debate between the Council and Parliament over mandatory scanning vs. encryption protection.

Apr 2024

First Chat Control 1.0 extension

The EU formally extends the derogation until April 3, 2026.

Oct 2025

The Council shifts strategy

Under the Danish Presidency, the Council abandons mandatory detection obligations in favor of a voluntary approach.

Nov 2025

Council position on CSAR

The Council finally reaches a common position on the permanent regulation.

Mar 2026

Parliament votes AGAINST extension

The European Parliament votes to reject a second extension of Chat Control 1.0.

Apr 2026

Chat Control 1.0 EXPIRES

The temporary derogation officially expires on April 3, 2026.

Jun 2026

Fifth Chat Control 2.0 trilogue

Under the Cypriot Presidency, the fifth (expected-final) trilogue on the permanent regulation takes place.

9 Jul 2026

Controversial Parliament vote

314 MEPs vote AGAINST the extension vs. 276 in favor, but the threshold of 361 (absolute majority) is not reached. The extension passes on a procedural technicality. Crucial amendment: E2EE communications are excluded.

~Oct 2026

Council deadline

The Council has approximately 3 months to accept or reject Parliament's amendments.

Apr 2028

New Chat Control 1.0 expiration

Expected expiration date if the Council accepts the parliamentary amendments.

5. The European Parliament and Chat Control

The European Parliament has been the main battleground in the Chat Control debate. The vote on July 9, 2026 was one of the most controversial moments of the legislative term.

Vote of July 9, 2026 โ€” Chat Control 1.0 Extension

314 AGAINST the extension
276 IN FAVOR of the extension
361 Required threshold (not reached)

The majority of MEPs voted against, but the procedural threshold of 361 votes (absolute majority) was not reached. The extension passed on a procedural technicality.

โœ… Crucial amendment approved

Parliament explicitly excluded end-to-end encrypted (E2EE) communications from the scanning scope. This means apps like Signal, WhatsApp, and Telegram (secret chats) cannot be subject to voluntary scanning under Chat Control 1.0.

6. Chat Control: Impact and Opposition Across Europe

Chat Control affects every EU citizen, regardless of country. Several member states, privacy authorities, and constitutional courts have taken strong positions against mass surveillance of communications. Here's where your country stands.

๐Ÿ‡ช๐Ÿ‡บ EU Charter of Fundamental Rights
"Everyone has the right to respect for his or her private and family life, home and communications."

โ€” Art. 7 & 8, Charter of Fundamental Rights of the European Union

EDPS & EDPB Position

Both the European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB) have described Chat Control as "disproportionate and democratically dangerous". They maintain that mass scanning of private communications is incompatible with EU fundamental rights.

Where does your country stand?

Key positions from EU member states in the Council negotiations:

๐Ÿ‡ฉ๐Ÿ‡ช
Germany

Led the blocking minority against mandatory scanning. The Bundesverfassungsgericht has consistently ruled that mass surveillance violates constitutional rights.

๐Ÿ‡ซ๐Ÿ‡ท
France

Initially supportive, then shifted to opposing client-side scanning. The CNIL raised concerns about mass surveillance infrastructure.

๐Ÿ‡ฎ๐Ÿ‡น
Italy

Strong constitutional protections (Art. 15). The Italian Privacy Authority called Chat Control "disproportionate and dangerous". Consistent critic in Council.

๐Ÿ‡ณ๐Ÿ‡ฑ
Netherlands

Firmly opposed. The Dutch Parliament passed a motion explicitly rejecting any weakening of encryption and requiring government opposition in Council.

๐Ÿ‡ฆ๐Ÿ‡น
Austria

Part of the blocking minority. Austria's constitutional court tradition of strong privacy rights made it a natural opponent of mass scanning.

๐Ÿ‡ต๐Ÿ‡ฑ
Poland

Joined the blocking minority against mandatory detection orders, citing concerns about surveillance overreach and civil liberties.

๐Ÿ‡ฎ๐Ÿ‡ช
Ireland

Home to many tech companies. The Irish DPC has been cautious, emphasizing the need to balance child safety with privacy rights.

๐Ÿ‡ง๐Ÿ‡ช
Belgium

Under the Belgian Council Presidency (2024), attempted compromise proposals. The Belgian DPA raised proportionality concerns.

โš ๏ธ Important for all EU citizens: Regardless of your country's position in the Council, Chat Control applies across the entire European Union once adopted. The only reliable protection is to use end-to-end encrypted messaging apps that cannot be forced to implement backdoors โ€” such as the 9 apps listed below.

7. Best Privacy Messaging Apps

In the face of Chat Control threats, using messaging apps with end-to-end encryption is the first and most important step to protect your conversations. Here are the best alternatives, ranked by privacy level, security, and ease of use.

Signal

Gold Standard
Encryption: Signal Protocol (Double Ratchet + X3DH + post-quantum PQXDH)
Open Source: โœ“ Yes
Metadata: Excellent โ€” Sealed Sender, zero metadata retained
Jurisdiction: ๐Ÿ‡บ๐Ÿ‡ธ USA (Signal Foundation)
Registration: Phone number (usernames available)
โœ“ Pros
  • + Best balance of security/usability/adoption
  • + Post-quantum protection
  • + Independent audits
  • + Disappearing messages
  • + Encrypted voice/video calls
  • + Free
โœ— Cons
  • โˆ’ Requires phone number for registration
  • โˆ’ US jurisdiction
  • โˆ’ Centralized infrastructure
#1 in privacy ranking Official Website

Session

Total Anonymity
Encryption: Custom protocol on Session Network (post-quantum in development)
Open Source: โœ“ Yes
Metadata: Excellent โ€” onion routing, no single node sees both sender and recipient
Jurisdiction: ๐Ÿ‡ฆ๐Ÿ‡บ Australia (Session Technology Foundation)
Registration: None โ€” random Session ID (66 digits)
โœ“ Pros
  • + Maximum anonymity, no identifiers
  • + Decentralized infrastructure (thousands of nodes)
  • + No single point of failure
  • + Metadata-resistant
โœ— Cons
  • โˆ’ Slower due to onion routing
  • โˆ’ V2 protocol still in development
  • โˆ’ Less audited than Signal
#2 in privacy ranking Official Website

SimpleX Chat

Zero Identifiers
Encryption: E2EE with post-quantum key exchange (Trail of Bits audit)
Open Source: โœ“ Yes
Metadata: Maximum โ€” no user identifiers, unidirectional queues, multiple relays
Jurisdiction: ๐ŸŒ Open-source project
Registration: None โ€” no account, no ID
โœ“ Pros
  • + Most radical privacy design available
  • + Zero centralized identity
  • + Self-hostable relays
  • + Tor support
  • + Post-quantum encryption
โœ— Cons
  • โˆ’ More complex setup (unique links per contact)
  • โˆ’ Newer project
  • โˆ’ Smaller community
#3 in privacy ranking Official Website

Threema

Swiss Privacy
Encryption: NaCl (Curve25519 + XSalsa20 + Poly1305) with PFS
Open Source: โœ“ Yes
Metadata: Very strong โ€” near-zero metadata, double cryptographic layer
Jurisdiction: ๐Ÿ‡จ๐Ÿ‡ญ Switzerland (Threema GmbH)
Registration: No phone number or email โ€” random Threema ID
โœ“ Pros
  • + Swiss jurisdiction (outside Five/Nine/Fourteen Eyes)
  • + Anonymous registration
  • + Enterprise version (self-hosting)
  • + Polls, groups, calls
โœ— Cons
  • โˆ’ Paid app (one-time purchase)
  • โˆ’ Smaller user base
  • โˆ’ Centralized servers in Switzerland
#4 in privacy ranking Official Website

Briar

Works Offline
Encryption: Full E2EE on all communications
Open Source: โœ“ Yes
Metadata: Strong โ€” P2P architecture, Tor routing
Jurisdiction: ๐ŸŒ Open-source project
Registration: No account required
โœ“ Pros
  • + Works OFFLINE via Bluetooth/Wi-Fi Direct
  • + Ideal during internet blackouts
  • + Peer-to-peer, no central server
  • + Built-in Tor routing
  • + Perfect for journalists and activists
โœ— Cons
  • โˆ’ Primarily Android only
  • โˆ’ No voice/video calls
  • โˆ’ Both users must be online
  • โˆ’ Less polished UI
#5 in privacy ranking Official Website

Element (Matrix)

Federated & Decentralized
Encryption: Matrix Protocol โ€” E2EE (opt-in for rooms, default for DMs)
Open Source: โœ“ Yes
Metadata: Moderate โ€” self-hosting mitigates metadata exposure
Jurisdiction: ๐Ÿ‡ฌ๐Ÿ‡ง UK (Element) โ€” self-hosting removes dependency
Registration: Username on chosen homeserver
โœ“ Pros
  • + Fully decentralized/federated
  • + Self-hosting possible
  • + Used by the French government and German military
  • + Interoperable
  • + Bridges to other platforms
โœ— Cons
  • โˆ’ UK jurisdiction for Element (self-hosting mitigates)
  • โˆ’ Complex key management
  • โˆ’ More complex setup than centralized apps
#6 in privacy ranking Official Website

Wire

Enterprise Swiss
Encryption: E2EE by default + MLS protocol for scalable groups
Open Source: โœ“ Yes
Metadata: Moderate โ€” focus on enterprise compliance
Jurisdiction: ๐Ÿ‡จ๐Ÿ‡ญ Switzerland (Wire Swiss GmbH)
Registration: Email or phone number
โœ“ Pros
  • + Swiss + EU jurisdiction
  • + Enterprise-grade features
  • + Modern MLS protocol for groups
  • + Multi-device
  • + Free personal version
โœ— Cons
  • โˆ’ Primarily enterprise-oriented
  • โˆ’ Less aggressive metadata handling
  • โˆ’ Smaller consumer user base
#7 in privacy ranking Official Website

Nostr

Open Protocol
Encryption: NIP-44 encrypted DMs (XChaCha20-Poly1305 + secp256k1)
Open Source: โœ“ Yes
Metadata: Variable โ€” relays can see public metadata, but DMs are encrypted. Multiple relays mitigate centralization
Jurisdiction: ๐ŸŒ Decentralized protocol โ€” no legal entity
Registration: None โ€” cryptographic key pair (nsec/npub)
โœ“ Pros
  • + Fully decentralized and open protocol
  • + Censorship-resistant โ€” no central point of control
  • + Portable identity across any client
  • + Growing app ecosystem (Damus, Amethyst, Primal)
  • + Native Bitcoin/Lightning Network integration
  • + No phone number or email required
โœ— Cons
  • โˆ’ Encrypted DMs less mature than Signal
  • โˆ’ Public metadata (who you follow, when you post) visible to relays
  • โˆ’ Learning curve for key management
  • โˆ’ Ecosystem still young
#8 in privacy ranking Official Website

Keet

Pure P2P
Encryption: Noise Protocol Framework + Hypercore (E2EE encryption by default)
Open Source: โœ“ Yes
Metadata: Excellent โ€” pure P2P architecture, no central server, no metadata collected
Jurisdiction: ๐ŸŒ Holepunch (decentralized open-source project)
Registration: None โ€” locally generated ID
โœ“ Pros
  • + Pure P2P โ€” no servers, no relays, no intermediaries
  • + E2EE encrypted voice/video calls
  • + Works without cloud infrastructure
  • + Built on Hypercore/DHT โ€” mature technology
  • + Built-in P2P file sharing
  • + No data ever touches a server
โœ— Cons
  • โˆ’ Both users must be online for direct messages
  • โˆ’ Still small user base
  • โˆ’ Fewer social features than traditional apps
  • โˆ’ Limited availability on some platforms
#9 in privacy ranking Official Website

8. How to Protect Your Privacy: Complete Checklist

Beyond choosing the right messaging app, protect your digital privacy on all fronts with these best practices.

Secure Messaging
  • โœ“ Use apps with E2EE by default (Signal, Session, SimpleX)
  • โœ“ Enable disappearing messages
  • โœ“ Verify contacts via safety number/QR code
  • โœ“ Avoid SMS/email for sensitive communications
Network Privacy
  • โœ“ Use a no-log VPN (Mullvad, ProtonVPN, IVPN)
  • โœ“ Tor Browser for maximum anonymity
  • โœ“ Enable DNS-over-HTTPS (DoH)
  • โœ“ Use Brave, Firefox, or Mullvad Browser
Compartmentalized Identity
  • โœ“ Separate your online identities (different profiles)
  • โœ“ Use email aliases (SimpleLogin, AnonAddy)
  • โœ“ Minimize app permissions
  • โœ“ Prefer audited open-source tools
Device Security
  • โœ“ Keep your OS and apps updated
  • โœ“ Enable full-disk encryption
  • โœ“ Use a password manager (Bitwarden, KeePassXC)
  • โœ“ 2FA with hardware key (YubiKey) โ€” never SMS

9. Frequently Asked Questions (FAQ) About Chat Control

Answers to the most searched questions about Chat Control, communication privacy, and secure messaging apps.

Has Chat Control been approved?

Yes and no. Chat Control 1.0 (voluntary scanning) was extended until April 2028 by the European Parliament vote on July 9, 2026, despite 314 MEPs voting against (vs. 276 in favor). The absolute rejection threshold of 361 votes was not reached. Chat Control 2.0 (mandatory scanning) is still being negotiated through trilogues between Parliament, the Council, and the Commission. A crucial amendment excluded end-to-end encrypted communications from the scanning scope.

Are my WhatsApp chats monitored under Chat Control?

Under the current regime (extended Chat Control 1.0), no. The amendment adopted by the European Parliament on July 9, 2026 explicitly excludes services with end-to-end encryption (E2EE) such as WhatsApp, Signal, and Telegram (secret chats). However, the Chat Control 2.0 proposal could introduce client-side scanning in the future, which would scan content directly on your device before encryption, effectively bypassing E2EE protection.

What is the difference between Chat Control 1.0 and 2.0?

Chat Control 1.0 is a temporary derogation from the ePrivacy Directive that allows (but does not require) platforms to scan unencrypted communications for CSAM material. Chat Control 2.0 (CSAR, COM/2022/209) is a proposed permanent regulation that would make scanning mandatory, could impose client-side scanning, and would create a dedicated EU Centre. Version 2.0 is far more invasive and controversial.

How can I protect my privacy from scanning?

Use messaging apps with end-to-end encryption such as Signal (gold standard), Session (anonymous and decentralized), SimpleX Chat (zero identifiers), or Threema (Swiss, no phone number required). Enable disappearing messages, verify contacts via safety numbers, and avoid SMS/email for sensitive communications. For browsing, use a no-log VPN like Mullvad and the Tor Browser.

Is Signal safe against Chat Control?

Yes, Signal is currently protected by the E2EE exclusion approved by the European Parliament. Signal uses the most advanced cryptographic protocol available (with post-quantum protection since 2025) and has a zero-metadata policy. The Signal Foundation has repeatedly stated it would leave the EU rather than implement backdoors. However, the future risk of client-side scanning (Chat Control 2.0) would target the device, not the protocol.

Does Chat Control violate fundamental rights?

According to many legal scholars and privacy experts, yes. The EU Charter of Fundamental Rights (Articles 7 and 8) guarantees the right to private and family life and the protection of personal data. The European Data Protection Supervisor (EDPS) has described Chat Control as a disproportionate and democratically dangerous tool. Multiple EU member states have been among the most vocal critics of mass surveillance of communications.

What is client-side scanning and why is it dangerous?

Client-side scanning (CSS) is a technology that would scan content directly on your device (smartphone, PC) before it is encrypted and sent. Even though end-to-end encryption remains technically intact, CSS renders it de facto useless. The main risks include: creating backdoors exploitable by hackers and authoritarian governments, false positives (innocent photos flagged as illegal), chilling effects on freedom of expression, and potential expansion to any type of content in the future.

Which organizations oppose Chat Control?

A vast coalition of organizations opposes it: the European Data Protection Supervisor (EDPS), the European Data Protection Board (EDPB), European Digital Rights (EDRi), the Electronic Frontier Foundation (EFF), the Signal Foundation, Mozilla, Internet Society, and hundreds of academic researchers in cybersecurity. Privacy authorities across multiple EU member states have also expressed strong criticism.

Protect Your Finances Too

Communication privacy is just the first step. Discover how to also protect your financial privacy in the crypto world with our tools.

Menu Navigazione