EU brings back Chat Control, again (www.techradar.com)

The EU Council has reintroduced a revised Child Sexual Abuse Regulation (CSAR) — the so-called “Chat Control” proposal — which removes blanket detection obligations and makes CSAM scanning by messaging providers voluntary. The Denmark Presidency’s compromise was reported to have been accepted without dissent at a November 5 meeting, and lawmakers met again on November 12 to continue discussions. While the text drops mandatory scanning, Article 4 introduces a catch: high‑risk services could be required to implement “all appropriate risk mitigation measures,” a loophole critics say could force providers into effective scanning obligations. Privacy and security experts warn the compromise risks undermining end‑to‑end encryption and expanding surveillance. Long‑time critic Patrick Breyer and encrypted‑service vendors argue the provision could mandate client‑side scanning (CSS) or AI‑powered analysis of private chat texts and metadata — moving beyond earlier proposals that targeted only shared multimedia — creating backdoors, new attack surfaces, false‑positive harms, and chilling effects on secure communication. The technical debate centers on whether voluntary scanning plus regulatory pressure becomes de facto mandatory, and how AI/ML detection tools would be deployed on-device or server-side without breaking cryptographic guarantees. Lawmakers’ next moves from recent meetings will determine whether the compromise resolves policy deadlock or reintroduces entrenched privacy risks for messaging platforms and users.