A planned vote on the EU’s controversial chat control law by home affairs ministers has been scrapped.
With the cancellation of the ballot set for October 14, the Danish Presidency of the Council of the EU is now pinning its hopes on a final push during a ministerial meeting in December.
The EU’s long-debated proposal to mandate scanning of private online communications, known as the Child Sexual Abuse Regulation (CSAR) or “Chat Control”, has been under relentless attack from civil society and a string of activists, who warned it would introduce mass surveillance on European citizens.
The postponement stems from a lack of consensus among the 27 member states.
Diplomats failed to secure the qualified majority required for approval during preparatory talks after Germany came out against the legislation, leaving the divisive measure in limbo.
Germany, a pivotal swing vote with its 83 million citizens, cited constitutional concerns over disproportionate privacy intrusions, drawing on prior court rulings against data retention. Luxembourg and Estonia joined holdouts including Poland, Austria, the Netherlands and others, shifting from undecided to firm opposition.
At present, the tally stands at 12 states in favour, eight against and seven undecided – far short of the 15 needed for a qualified majority.
Germany’s ruling Christian Democratic Union has come out against the European Union’s attempt to break end-to-end encryption via its proposed “chat control” law. https://t.co/hRwjNi56wN
— Brussels Signal (@brusselssignal) October 8, 2025
Denmark, assuming the rotating EU Council Presidency on 1 July 2025, made CSAR a flagship priority from day one.
Danish justice minister Peter Hummelgaard tabled a compromise text on July 11, reportedly garnering initial support from 19 member states by late August.
The draft exempted official state accounts from scanning but retained mandatory measures for private users, framing them as a “last resort” to balance child safety with rights.
Speaking in the context of efforts to combat organised crime, Hummelgaard argued for challenging what he described as the “completely misguided perception” that everyone has an inherent right to communicate securely through encrypted services.
This caused a firestorm and ignited renewed resistance against the Danish efforts. Ensuing debates in Europe led to a blocking minority representing over 35 per cent of the EU population.
With the October vote withdrawn from the agenda, the Danish Presidency has vowed to refine its compromise ahead of a December ministerial conclave, its final opportunity before handing over to Poland on January 1 2026.
This marks the third major delay for the regulation since its introduction in 2022, highlighting persistent tensions between child protection imperatives and fundamental rights to privacy and data security.
The CSAR, formally titled the Regulation to Prevent and Combat Child Sexual Abuse, was first proposed by then European Commission vice-president for Democracy and Demography, Ylva Johansson, on May 11, 2022.
Its core aim is to compel digital service providers, including popular messaging apps including WhatsApp, Telegram and Signal, to detect, report and remove child sexual abuse material (CSAM) from their platforms.
To achieve this, the proposal introduces “detection orders”, requiring providers to scan user content, even in end-to-end encrypted communications, using technologies such as client-side scanning.
Proponents argue that voluntary efforts by tech firms are insufficient to combat the rising tide of online child exploitation.
The EC has emphasised the need for a centralised EU Centre on Child Sexual Abuse to co-ordinate reports, maintain databases of CSAM indicators and support law enforcement.
Without mandatory measures, it warns, investigations often rely on non-EU actors, such as US authorities, leading to inefficiencies and delays.
Yet the proposal has ignited fierce opposition from privacy advocates, tech experts and several member states.
Critics, including the Electronic Frontier Foundation (EFF), contend that client-side scanning would effectively end private digital communications for billions, creating “backdoors” that undermine encryption and expose users to mass surveillance.
More than 300 security researchers have warned of a “chilling effect” on free speech and democracy, while child protection groups such as the National Society for the Prevention of Cruelty to Children (NSPCC) have proposed alternatives. They include enhanced victim support and stricter penalties for offenders, without resorting to blanket monitoring.
The regulation’s path has been fraught. An interim measure, allowing voluntary scanning under a temporary derogation from the ePrivacy Directive, was extended until August 2027 to bridge the gap. Negotiations under previous presidencies stalled amid concerns over encryption integrity.
The European Parliament, in a 2023 position, rejected widespread scanning outright, advocating for targeted orders limited to suspected users and excluding encrypted texts.
🇩🇪IHR SEID DER WAHNSINN: ❤️ Euer Protest hat die #Chatkontrolle gestoppt! Ich höre: Deutschland knickt nicht ein, es gibt also keine Mehrheit im EU-Rat. Das digitale Briefgeheimnis ist vorerst gerettet. Lasst uns diesen Erfolg GEMEINSAM feiern! 🎉
ℹ️https://t.co/xgbSzC6wK0 pic.twitter.com/F1MKXCrUJ7— Patrick Breyer #JoinMastodon (@echo_pbreyer) October 7, 2025
