BNB $576.59 +0.73%
XRP $1.11 +0.89%
ETH $1,773.50 +1.50%
BTC $63,920.04 +2.27%
BNB $576.59 +0.73%
XRP $1.11 +0.89%
ETH $1,773.50 +1.50%
BTC $63,920.04 +2.27%
BREAKING
Altcoins News

EU Parliament Backs Chat Scanning Law but Leaves Encrypted Apps Alone Until 2028

EU Parliament Backs Chat Scanning Law but Leaves Encrypted Apps Alone Until 2028
EU Parliament Backs Chat Scanning Law but Leaves Encrypted Apps Alone Until 2028

Community Trust ScoreVerified

96%
Real
Verified46 votes
Updated 2 hours ago

The European Parliament just voted to let tech companies scan private messages for abusive content. Big move. But there’s a carve-out that privacy advocates pushed hard for — end-to-end encrypted messages stay off-limits, at least for now.

The law is temporary. It runs until 2028, at which point EU lawmakers say they’ll look at what worked, what didn’t, and whether the rules need rewriting. No one’s committing to anything beyond that window, and there’s been no public signal that encrypted services will get pulled into the scanning net when the clock runs out. That’s probably deliberate. Encrypted messaging is a political minefield, and Brussels knows it.

What the Law Actually Does

So what does the legislation cover? Tech companies operating across the EU can now deploy scanning tools on private communications to detect harmful material — the primary target being child sexual exploitation content. The scanning applies to non-encrypted chats, the kind that pass through servers without the full end-to-end protection that services like WhatsApp and Signal offer.

Advertisement

WhatsApp and Signal won’t be forced to scan anything. That’s the explicit exemption baked into the law. Both platforms use end-to-end encryption by default, meaning messages can’t be read by anyone except the sender and recipient — not the platform, not a government, not a scanner. The law doesn’t touch that architecture.

For platforms that don’t offer end-to-end encryption — or offer it only partially — the rules are different. Those companies now have a legal basis to run detection tools on message content. Whether they were already doing some version of this voluntarily is a separate question. Several major platforms had been scanning for child exploitation material under voluntary frameworks before this legislation passed.

Not really a surprise that the EU went this route. The bloc has been wrestling with the so-called “chat control” debate for years. Earlier drafts of related proposals were far more aggressive, calling for mandatory scanning even of encrypted communications. That version collapsed under pressure from privacy groups, security researchers, and a chunk of the Parliament itself who argued that breaking encryption — even for good reasons — creates vulnerabilities that bad actors will eventually exploit.

The Encryption Debate Isn’t Going Away

The exemption for encrypted messages is the part that’ll keep getting argued about. Privacy advocates see it as a win, but a fragile one. The 2028 expiration date means this fight comes back around in two years. At that point, lawmakers will have data on how effective the scanning has been on non-encrypted platforms, and some will almost certainly use that evidence to push for broader coverage.

On the other side, security experts have long argued that any mandatory backdoor into encrypted communications — even a narrow one framed as child protection — fundamentally weakens the encryption itself. You can’t build a door that only the good guys can open. That argument didn’t disappear just because this law passed with the exemption intact.

The broader digital privacy picture in Europe is complicated. The EU has been simultaneously pushing some of the world’s toughest data protection rules under GDPR while also exploring surveillance tools that privacy advocates say cut against those same principles. Chat scanning sits right in that tension.

Tech companies now have roughly a two-year window to figure out compliance. For platforms that carry non-encrypted communications, that means building or expanding detection pipelines. Unclear yet what the enforcement mechanism looks like in practice — the legislation’s approval is one thing, implementation timelines and penalties are another. No details on that have surfaced publicly.

What Happens in 2028

The two-year clock matters. It’s short enough that the current political composition of the Parliament will largely still be in place when the reassessment happens. The same lawmakers who approved this version will probably be the ones deciding whether to extend it, tighten it, or let it lapse.

And the encrypted messaging question won’t stay quiet. Privacy groups will be watching every enforcement action, every reported case, every technical report that comes out of the implementation period. They’ll use that data to argue the exemption should be made permanent. Governments focused on law enforcement will argue the opposite.

For now, the law is what it is. Scanning permitted on non-encrypted chats. End-to-end encryption protected. Expiration set for 2028. Tech companies have two years to adapt their practices to the new requirements across EU member states.

Frequently Asked Questions

Does the EU chat scanning law apply to WhatsApp and Signal?

No. The law explicitly exempts end-to-end encrypted messages, so platforms like WhatsApp and Signal are not required to scan private communications under this legislation.

When does the EU chat scanning law expire?

The legislation runs until 2028, at which point EU lawmakers will reassess its effectiveness and decide whether to extend, adjust, or end the scanning requirements.

Community Trust IndexHigh Confidence
96%
Real
Real96%4%Fake
46 community signals

Sydney TheCMO

Sydney has 20+ years commercial experience and has spent the last 10 years working in the online marketing arena and was the CMO for a large FX brokerage.

Advertisement

Related Stories