European Union lawmakers have endorsed a revised version of the Regulation to Prevent and Combat Child Sexual Abuse that permits voluntary scanning of user content by messaging platforms under defined conditions. The earlier proposal contained requirements for mandatory scanning of all private communications, which drew criticism from privacy advocates, security researchers and civil society groups. The updated text removes mandatory scanning but allows providers that fall into a high-risk category to adopt detection tools voluntarily. The change reflects an effort to address concerns about privacy while maintaining a regulatory framework aimed at identifying child sexual abuse material.
The revised proposal states that platforms will not be required to scan all messages. Instead, they must carry out risk assessments to determine whether specific circumstances justify the use of scanning tools. If a provider chooses to adopt detection systems, it must demonstrate that the measures are proportionate, limited in scope and respectful of data protection rules. The tools may be used to detect abusive material contained in images, videos or other attachments. The regulation does not call for the monitoring of all text messages by default, and it requires platforms to limit the scope of detection to the types of content specified in the legislation.
Supporters of the new approach argue that voluntary scanning offers a compromise that protects end-to-end encrypted services from blanket surveillance. They say the revised rules allow law enforcement agencies to request targeted scanning while preserving privacy for users of services that choose not to adopt detection technology. Some policymakers argue that the changes provide a clearer balance between safeguarding children and respecting fundamental rights. They view the revised text as an improvement on the earlier proposal because it avoids default monitoring of all private messages.
Privacy advocates and digital rights organisations remain concerned. They argue that voluntary scanning could lead to pressure on service providers to opt in, especially if governments or regulators treat it as a de facto requirement. Critics warn that the introduction of any scanning system may undermine encryption by requiring access to unencrypted data or by performing client-side analysis before messages are secured. They say that once such systems exist, they may be vulnerable to misuse by malicious actors, including criminal groups or state-backed entities. This risk could erode public trust in secure messaging tools and weaken overall digital security.
Opponents also warn that voluntary scanning could evolve into mandatory scanning in future negotiations, particularly if lawmakers decide that voluntary uptake is insufficient. They note that the proposal allows for further revisions in subsequent legislative stages. Some also question whether the definitions of high-risk platforms are clear enough and argue that providers may implement scanning out of caution to avoid regulatory scrutiny. Civil society groups express concern that younger users, activists and journalists could be affected if platforms weaken security features in response to political pressure.
The proposal will now enter trilogue negotiations involving the European Parliament, the Council and the European Commission. These negotiations will determine the final text and may lead to further amendments. Observers expect the talks to focus on how to reconcile child protection objectives with privacy obligations under EU law. Some parliamentarians have signalled opposition to any scanning system that interferes with encryption, while others emphasise the need for stronger tools to detect child sexual abuse material. The outcome will shape how messaging services in the EU handle safety and privacy in the years ahead.
Analysts say the debate reflects a broader global struggle over encryption, law enforcement access and online safety. While governments seek stronger mechanisms to detect harmful material, security researchers warn that weakening encryption can expose all users to significant risks. Technology companies are watching the EU process closely, as the final decision may influence how similar regulations develop in other jurisdictions. Many providers argue that secure messaging protects dissidents, journalists and vulnerable groups, and they caution that any scanning system must avoid creating vulnerabilities.
The revised text is considered a major shift from the earlier proposal, but discussions remain polarised. Supporters view the law as a necessary tool to combat the spread of abusive material, while critics argue that the measures still pose risks to privacy and secure communication. The final legislative outcome will depend on the negotiations among EU institutions, and the debate over how to protect children online without undermining encryption continues to be one of the most contentious issues in digital policy.