New EU Chat Control Proposal Moves Forward (techreport.com)

The EU’s revised “Chat Control” (CSAR) proposal has resurfaced in Brussels with mandatory scanning removed on paper, but a new Article 4 “risk mitigation” clause could effectively push providers toward scanning private and end‑to‑end encrypted messages. The text moves from the Law Enforcement Working Party to Coreper and—if approved—will fast‑track to a trilogue. Beyond optional media scanning, the draft explicitly permits detection of chat text and metadata and adds age‑verification rules that would largely eliminate anonymous accounts, raising major privacy and safety concerns for journalists, whistleblowers, and vulnerable users across the EU’s 450M population. For the AI/ML community this is consequential: lawmakers may demand client‑side or otherwise pre‑encryption detection systems that today are technically immature and risky. Reliable CSAM detection in encrypted apps remains unsolved—Apple abandoned client‑side scanning after accuracy, privacy and abuse concerns—and models deployed on devices would face high false‑positive rates, adversarial manipulation, dataset scarcity/labeling challenges, and new metadata‑analysis requirements that enable population‑scale graph inference. The proposal therefore pressures researchers and companies toward privacy‑preserving ML (federated learning, secure enclaves, homomorphic encryption) that aren’t yet practical at scale, while creating legal incentives that could erode encryption guarantees and user anonymity unless technical safeguards and clear limits are mandated.