New Chat Control Proposal [pdf] (cdn.netzpolitik.org)

The Council Presidency circulated a compromise to advance the EU’s proposed Regulation to prevent and combat child sexual abuse by seeking a partial mandate for negotiations with the European Parliament while removing mandatory detection obligations. Specifically, Articles 7–11 (which would have required providers to detect CSAM) are proposed to be dropped amid member states’ concerns about fundamental rights, cybersecurity and the reliability of detection technologies. Instead the text would make permanent the derogation to certain ePrivacy rules (Regulation (EU) 2021/1232) that allows providers to undertake voluntary anti‑CSAM measures, fold those voluntary measures into risk‑mitigation options for high‑risk services, and retain the EU Centre with core functions (report handling, advising national authorities, maintaining indicator databases, and supporting blocking/delisting orders). A review clause invites the Commission to assess whether detection obligations should be added later, potentially via a new legislative proposal. Significance: this is a pragmatic step to avoid a legal gap while addressing rights and security objections — it shifts the balance from immediate, mandatory scanning toward a framework of voluntary measures, risk categorisation, and agency‑supported technology development for high‑risk providers. Technically, platforms will not be forced to deploy mandated detection systems for now, but high‑risk services may still be required to collaborate with the EU Centre to develop mitigation technologies; a future Commission assessment could reopen the question as detection tech and safeguards evolve.