HN
Today

Chat Control 1.0 and 2.0 Explained

The European Union is embroiled in a protracted legislative battle over "Chat Control," a contentious initiative to scan private messages for child sexual abuse material, which continues to face staunch opposition from Parliament and privacy advocates. Despite an earlier version expiring and a permanent one deadlocking over end-to-end encryption, the Council is now controversially pushing for an expedited revival of the expired law via an urgency vote. This persistent pursuit of mass surveillance, chronicled in a detailed timeline, has captivated the Hacker News community, sparking intense debate over digital civil liberties and governmental overreach.

297
Score
96
Comments
#3
Highest Rank
25h
on Front Page
First Seen
Jul 7, 5:00 PM
Last Seen
Jul 8, 5:00 PM
Rank Over Time
276554434568998888810111113151819

The Lowdown

The European Union is locked in a protracted and highly contentious battle over "Chat Control," a legislative framework aimed at detecting child sexual abuse material (CSAM) in private online communications. This fight involves two main legislative efforts, Chat Control 1.0 and 2.0, both of which have been met with significant resistance due to their profound implications for digital privacy and end-to-end encryption. The document provides a detailed timeline of events for both:

  • Chat Control 1.0 (Temporary Derogation):
    • Initiated in 2021, allowing voluntary platform scanning for CSAM, and was extended once.
    • Despite a Commission proposal for a second extension, the Parliament's civil liberties committee (LIBE) and then the full Parliament rejected it, insisting on strict conditions (no E2EE scanning, targeted detection).
    • Trilogue negotiations (between Parliament, Council, and Commission) collapsed because the Council rejected Parliament's conditions.
    • Consequently, Chat Control 1.0 officially expired on April 4, 2026.
    • However, major tech companies (Google, Meta, Microsoft, Snap) stated they would continue voluntary scanning regardless, while the Council controversially moved to resurrect the expired law by proposing a formally "new" regulation with identical content via an expedited procedure.
    • An urgent parliamentary vote on this revival is currently underway.
  • Chat Control 2.0 (Permanent CSA Regulation):
    • Proposed in May 2022, this aimed to mandate CSAM detection and reporting, initially including a requirement to bypass E2EE.
    • The Parliament adopted a strong protective mandate in November 2023, rejecting E2EE scanning and mandatory age verification.
    • Council negotiations were deadlocked until Germany opposed mandatory suspicionless scanning, leading to a "softened" Danish compromise that still allowed "voluntary" suspicionless detection.
    • The Council's own legal service raised legal concerns about the proposal's compatibility with the EU Charter of Fundamental Rights.
    • Multiple trilogue rounds have failed to reach agreement, particularly on the issue of suspicionless scanning.

This ongoing legislative saga underscores a deep division within EU institutions regarding the balance between child protection and fundamental privacy rights. The Council's persistent efforts to push through broad scanning powers, even after parliamentary rejection and legal warnings, highlight a concerning trend for the future of private communication in the digital age.

The Gossip

Privacy Predicament and Surveillance Skepticism

Many commenters view Chat Control as a dangerous step towards a surveillance state, arguing that the noble goal of protecting children is being used to justify broad, rights-infringing powers. They express skepticism about the effectiveness of such measures, highlighting the potential for false positives and the likelihood that criminals will simply adapt. The debate often centers on whether the benefits outweigh the significant privacy costs, with some asserting that 'CSA makes ppl lose all logic'.

Encryption's End? Client-Side Scanning Concerns

A primary technical concern revolves around how Chat Control impacts end-to-end encryption (E2EE). Commenters fear it will necessitate either compromised E2EE (e.g., through government-mandated backdoors) or widespread client-side scanning on user devices, as famously proposed by Apple. This would effectively turn personal devices into surveillance tools, sending detected material to authorities without user knowledge, and is seen as a death knell for true private communication.

European Union's Erratic Executive Action

The complex and persistent legislative maneuvering by the EU, particularly the Council's attempt to resurrect an expired law despite parliamentary rejection, draws significant criticism. Commenters lament the perceived disconnect between EU institutions and citizens' interests, citing lobbying influence and questioning the EU's overall competence and political priorities, especially when compared to other pressing geopolitical issues. This leads to broader discussions about the EU's governance structure, with some arguing the system is 'designed to be abused' and that the EU does not represent its citizens.