Chat Control is back and it will stay (www.euractiv.com)

The EU Council has finally agreed a position on the proposed Child Sexual Abuse Regulation, removing mandatory “detection orders” that would have forced tech companies to scan all communications — including end-to-end encrypted (E2EE) messages — and instead requiring platforms to adopt strengthened mitigation measures. That rework ends years of stalled negotiations and triggers formal talks with the Parliament (which in November 2023 similarly removed detection orders for E2EE), but a legislative compromise could still take many months. Privacy advocates remain wary: while mandatory scanning is gone, voluntary CSAM scanning is still listed as a possible mitigation, and regulators could effectively pressure E2EE services to adopt detection tools, creating a de facto erosion of encryption protections despite recital language pledging to safeguard it. For the AI/ML community the decision is consequential: it shifts the policy battleground to which detection technologies platforms choose and how they deploy them. Expect renewed focus on ML-driven CSAM detection (hash-matching, perceptual hashing, and deep-learning image/video/text classifiers), client-side scanning proposals, and server-side models tuned for high recall while managing false positives and adversarial manipulation. Key technical risks and priorities include model transparency, explainability, robustness to evasion, privacy-preserving methods (e.g., homomorphic hashing, differential privacy, secure enclaves), and operational scaling. How vendors balance detection accuracy, user privacy, and encryption will shape both product design and broader debates about surveillance and civil liberties in digital platforms.