Weakened EU 'Chat Control' moves forward with voluntary scanning (cyberinsider.com)

EU member states signaled broad support for a Danish compromise to make voluntary content scanning the permanent norm under the controversial “Chat Control” files, according to a November 5 Coreper briefing. The draft strips the earlier Commission proposal’s mandatory detection duty for platforms while keeping structural elements like an EU Centre, risk-based provider categorization, and an expectation that high‑risk services craft mitigation measures in coordination with authorities. No state formally opposed the compromise, and several that previously resisted mandatory scanning (Germany, the Netherlands, Austria) now favor codifying the interim voluntary regime ahead of an April 2026 expiry; detection obligations could still be revisited under a future review clause. For the AI/ML community this shift matters practically and technically. Making scanning voluntary reduces immediate legal pressure to break end-to-end encryption via client-side or server-side scanning, but risk categorization and reporting rules create strong incentives for providers to deploy ML-powered classifiers anyway — effectively a de facto mandate. That raises technical challenges around model accuracy, false positives, adversarial manipulation, privacy-preserving architectures, and dataset handling. It will shape architecture and product decisions (e.g., adopting client-side scanning, homomorphic/secure inference, or metadata-only approaches), compliance tooling, and investment priorities for startups and open-source projects, while keeping the door open for renewed mandates in later reviews.