The EU Council has received new Chat Control proposal with broad support (www.notebookcheck.net)

EU member states’ law‑enforcement officials on November 12 signaled broad support for a Denmark‑led compromise on the EU’s Child Sexual Abuse Regulation (CSAR, aka “Chat Control”), dropping explicit, mandatory scanning orders but adding an Article 4 duty that forces “high‑risk” services to adopt “all appropriate risk‑mitigation measures.” The change reframes detection as “voluntary” while creating review and enforcement levers that critics say could functionally compel platforms to deploy detection tools — including client‑side/on‑device scanning — and potentially weaken end‑to‑end encryption (E2EE). The text now goes to COREPER; if endorsed, the Council could enter trilogue talks with Parliament, with tight timing as Denmark’s presidency ends in December. The technical and rights stakes are high: E2EE only allows sender and recipient to read messages, so effective scanning typically requires checking content before encryption on devices, which security experts warn undermines privacy and system integrity. Article 4’s broad “risk‑mitigation” language could be interpreted to include on‑device scanning for known and novel material, plus identity/age‑verification hooks that jeopardize anonymity for journalists, activists and whistleblowers. Parliament favors narrow, court‑approved, time‑limited orders and stronger encryption protections, setting up a likely clash. Negotiations will hinge on the scope of any scanning, safeguards for encryption, the EU Centre’s role, and compliance incentives that could turn “voluntary” measures into de facto mandates under EU Charter rights (Articles 7 and 8).