Chat Control: EU lawmakers finally agree on the voluntary scanning of your private chats (www.techradar.com)

The EU Council has finally agreed on a compromise text for the long‑running Child Sexual Abuse Regulation (CSAR) — the contentious “Chat Control” proposal — after three years of failed attempts. The new deal moves away from an outright mandate to scan private messages and instead keeps chat‑scanning as a voluntary option while imposing broader obligations on digital service providers: they must assess how their platforms can be misused, implement mitigating measures based on those assessments, and face oversight from a newly created EU agency. The Council also categorizes services into three risk tiers; those deemed high‑risk can be compelled to help develop mitigation technologies. Negotiations with the European Parliament (trilogues) now begin to finalise the text. For the AI/ML community the stakes are notable. The regulation still targets providers of end‑to‑end encrypted (E2EE) services by incentivizing or pressuring voluntary on‑device or server‑side scanning solutions and requiring contributions to technical mitigations, which raises concerns about backdoors, false positives, model robustness, and surveillance creep. Privacy experts and cryptographers warn the compromise retains “high risks to society,” citing threats to strong encryption and civil liberties. Technically, the debate will center on the reliability and transparency of detection models, data minimisation, auditability, and how opt‑in scanning could be engineered without undermining core security guarantees.