Corporations from the United States are unlikely to want to follow these rules.
Currently, the EU Council has not yet reached a unified position — the next attempt for discussion/voting is scheduled for October 14. The European Union will once again consider Chat Control — a controversial bill that proposes to require messengers to transmit users' confidential data to the governments of EU countries. The correspondence of users is proposed to be scanned using artificial intelligence algorithms, however, this perspective has divided the expert community into two camps.
Course Towards Stricter Measures
The draft Regulation on combating sexual violence against children (CSAR, publicly discussed as Chat Control) has become the subject of heated discussions in the European Union. The document proposes to use artificial intelligence (AI) to combat violence against children. If adopted, it will require messengers operating in EU countries, including WhatsApp, Telegram, and Signal, to scan users' private correspondence using AI algorithms.
Earlier, last summer, the main provisions of one of the most controversial and resonant legislative acts in recent years — the Online Safety Act — came into force in the United Kingdom. One of its key provisions was the mandatory implementation of strict age verification systems for users by all internet platforms. All content labeled 18+ became accessible to British users only after identification through a passport, driver's license, bank details, or biometric facial recognition.
Control Mechanisms
Data protection regulators (EDPB/EDPS) warned back in 2022 that mass scanning of private correspondence and undermining end-to-end encryption is incompatible with the EU Charter of Fundamental Rights. Nevertheless, the European Union is confidently moving towards total control over the internet space, and there are several reasons for this.
Firstly, there is a political and legal demand to reduce harm to children online — hence the attempts to require platforms to actively seek violations, including scanning personal messages. Secondly, there is a desire to shift the burden of demonstrable reliability of services onto providers.
Cybersecurity expert Gaika Mitic points out that today the whole world is in the second phase of increasing control: “The first began with the active spread of social networks and the subsequent development of information influence technologies, information wars, and manipulations.” Alongside these technologies, there has been a shift in cyber threats regarding the theft of personal data.
All this has triggered a defensive reaction from many states and led to the establishment of the first elements of control, explains Mr. Mitic. However, these measures were insufficient. Now, with the development of AI and LLM, there is an opportunity to process a much larger volume of data in a shorter time. This is precisely what allows for the introduction of new restrictions.
Unpopular Measures
Today, a broad coalition of vendors, human rights advocates, and scholars (more than 500 cryptographers) warns that mandatory "scanning before encryption" undermines the security of everyone, creates new vulnerabilities, and can easily be repurposed for future censorship.
Corporations from the United States are unlikely to want to follow these rules, but even if they do, they will lose all the advantages associated with declared P2P encryption, which supposedly prevents reading correspondence. As a result, European companies are primarily concerned about the costs associated with the bill, such as the forced abandonment of American, that is, practically all, messengers.
The Other Side
The desire of European countries to strengthen control over the internet space has two sides — among the advantages are an increase in cybersecurity and a reduction in illegal activities in the digital space.
Firstly, there are concerns about possible conclusions that may be drawn based on algorithmic analysis of correspondence. Secondly, it is unclear how such analysis may affect targeted advertising mechanisms and how these changes align with user expectations. Thirdly, increased access raises the risks of unauthorized use of information by malicious actors, which could lead to harm to citizens.
<iframe width="560" height="315" src="https://www.youtube.com/embed/_CjsH_abOfw?si=gt4hAyJ1sNXgvi8i" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
