Hmm, so this will probably make the life for those who don't scan quite hard and if they experience a high profile scandal getting out of it will not be easy I assume.
I'm not sure what to think of it, not being mandatory and requiring risk assessment sounds like "Fine, whatever don't do it if you don't want to do it but if something bad happens it's on you". May be fair to some extent, i.e. Reddit and Telegram can decide how much they trust their users not to run pedo business and be on the hook for it.
On the other hand, it is a backdoor and if the governments go crazy like they did in some other countries where high level politicians are implicated with actual pedophiles and have a tendency for authoritarianism Europe may end up having checking user chats for "enemies of the state" instead of CSAM materials. Being not mandatory here may mean that you get constant bullying because you must be hiding something.
One has to take rights away slowly, otherwise the frog jumps before you can boil it.
Of course you can decide to not go, it's voluntary, right? Yes, you can. Your choice. And when you reject their kind offer they'll come and arrest you so you can attend the interview.
Yes, it's always like that. Eat piece by piece until nothing is left to eat.
As far as the mass surveillance scanning goes, it has completely been removed, and what remains is still the mandatory age checks, which might be problematic.
From reading the specification, it appears to be reasonably well designed, where identification is handled by authorities, and the requesting party cannot get your identification details, only send an "is the user of this session older than 18". The verifier cannot see which site the request comes from, and you identify yourself in the session, and a reply goes back to the requester with a "yes/no" answer.
So, it at least appears to be simply an age check, and not some sort of surveillance program to stalk your online browsing habits.
We must do it in Europe, lest the children be harmed. You know, instead of improving daycares and schools, the general economy, give them access to safe outdoor spaces, help families so they don't take it out on the kids…
I don't know. I've a son now, and I expected that to make me connect with this type of policy. It didn't.
Germany get you s*t together and issue arrest warrants for this lot. They seem to be breaking German laws.
There's been so much drama over the years about this proposal from the commission I doubt von der Leyen will want to fight to get the scanning back in.
Good old democracy at work.
What europe needs to be careful of is that the EUCJ keep its power. I _know_ people on both side of the political spectrum dislike judges (because they defend the status quo for the left, and the rule of law for the right) but multiple time this past 3 years i've seen mediatic assaults on EUCJ and ECHR that expend their political power again and again and again. We have to keep executive power from limiting judiciary power. Already executive branches are powering through legislative in a lot of country (France, UK, US, and EU which isn't a country but have similar institution), we absolutely have to keep the third branch as a check against government overreach.
Our government has today turned the EU into a tool for total surveillance I don't know if there can be any return from. Our democratic processes have been abused, and our politicians shown to be nothing but craven, self-interested agents of control.
You risk nothing, do you?
Unorganized, individual acts cannot change anything in the EU.
> You risk nothing, do you?
Given the legislative maze the EU has become, you can't be sure of that, but you surely gain nothing.
The conditions in Europe are quite specific, and in that environment, pan-EU legislation (except the customs union) should be optional for individual members, anything else can and will be used against the people.
Here is the actual text: https://data.consilium.europa.eu/doc/document/ST-15318-2025-...
High risk classification is at the end of the text.
Some highlights of what is defined as high risk, and thus can be forced to go through mandatory scanning or forbidden:
- Encrypted messaging follows closely due to privacy concerns and the potential for misuse. Posting and sharing of multimedia content are also high-risk activities, as they can easily disseminate harmful material.
- The platform lacks functionalities to prevent users from saving harmful content (by making recordings, screenshots etc.) for the purpose of the dissemination thereof (such as for example not allowing recording and screenshotting content shared by minors)
- Possibility to use peer-to-peer downloading (allows direct sharing of content without using centralised servers)
- The platforms’ storage functionalities and/or the legal framework of the country of storage do not allow sharing information with law enforcement authorities.
- The platform lacks functionalities to limit the number of downloads per user to reduce the dissemination of harmful content.
- Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE
Also, a lot of these points do not sound like they are about the safety of children
- Platforms lack a premoderation system, allowing potentially harmful content to be posted without oversight or moderation
- Frequent use of anonymous accounts
- Frequent Pseudonymous behavior
- Frequent creation of temporary accounts:
- Lack of identity verification tools
Based on the light of the proposal, Hacker News is very dangerous place and need to have its identity verification and CSAM policies fixed, or face the upcoming fines in the EU.
So you make it so that when the user starts the application you ask them "Your current configuration allows government, and probably some hackers as well, to see your messages. Do you want to enable encryption? Your government's suggestion is that you should say 'No' here. That's also what the foreign intelligence agencies suggest" "Yes, enable encryption" "No". That's clearly opt-in, you even provide the government's recommendation. And of course you then ask that whenever they open the application if they selected "No", we have learned that it's completely fine to keep asking same question from the user.
Oh, and make sure that the other party is clearly aware that the other side has not enabled encryption.
> In the light of the more limited risk of their use for the purpose of child sexual abuse and the need to preserve confidential information, including classified information, information covered by professional secrecy and trade secrets, electronic communications services that are not publicly available, such as those used for national security purposes, should be excluded from the scope of this Regulation. Accordingly, this Regulation should not apply to interpersonal communications services that are not available to the general public and the use of which is instead restricted to persons involved in the activities of a particular company, organisation, body or authority.
The root question: how did an organization that ushered in things like the Euro become a body that decides whether Europeans are allowed to have personal privacy?
The European Commission has fewer employees than the Luxembourg government (and keep in mind, they're "running" a continent).
This decision was the Council, i.e. simply the national member governments. Don't let anyone blame "the EU" for this, the national governments are the ones that proposed this, pushed it through EU institutions, and might now try to override the EU parliament about it. Just because national (elected) governments are pushing it through EU institutions doesn't mean you should blame "the EU". It wasn't the "Eurocrats".
It doesn't seem to have any limits or restrictions on what it can do as an institution. It forced idiotic bottlecaps on all of us for shit's sake... and it has little consideration for privacy laws or constitutions of individuals, otherwise this proposal would've been thrown out automatically each time, if there was anything resembling constitutional values governing the EU's mandates.
It's like being governed by a neurotic unhinged monarch.
I'd say that it has 100% fulfilled its primary goal that there is no military conflict between major European states for like 80 years and counting, which is longest period ever recorded and a historical anomaly. The means of how it was executed is obviously a matter of debate, mistakes were made etc., but we over here generally make love, not war.
You simply need to look at the precipitous decline in privacy in the UK after it left the EU to see some of the most stark examples of this.
The commissioners that propose laws are appointed by each national government. The national governments of each member state is all in on this.
NATO is not a political institution. It is a defense treaty (this one completely outside the realm of democracy).
the entire point is to build a country called Europe
and the EU is built on the "Monnet method", where it slowly ratchets forward taking more power from national parliaments and giving it to the EU council/commission
(with a useless parliament there to make it appear democratic)
the UK leaving is the only example of the ratchet being reversed
That is not the case.
The 1957 Treaty Establishing the European Community contained the objective of “ever closer union” in the following words in the Preamble. In English this is: “Determined to lay the foundations of an ever closer union among the peoples of Europe …..”.
> The root question: how did an organization that ushered in things like the Euro become a body that decides whether Europeans are allowed to have personal privacy?
Sensationalist framing aside, how does any government become a body that decides anything?
Powerful people get together and decide that they know what's best for people. Then they claim that there is "consent" because people are given the right to vote and that there is a "social contract" that no one actually has signed, which everyone should still abide by.
I don't think my framing was sensationalist at all. Chat Control is using the threat of child porn to make people forget the reasons why the ECHR cares so deeply about privacy. I'm not sure why Denmark is pushing it so hard, but governments have long feared and hated encryption.
Such words in any Preamble are usually meant as a lofty declaration of some ideal, not a concrete political goal.
After all, "ever closer" does not even mean federation, it means a unitary state, which is "closer" than a federation or a confederation.
If you believe that a single sentence in a 1957 treaty can be used as a ramrod to push European federalization from above, you will be surprised by the backlash. European nations aren't mostly interested in becoming provinces of a future superstate, potential referenda in this direction will almost certainly fail, and given the growth of the far right all over the continent, I don't expect the governments to agree to any further voluntary transfer of powers to Brussels.
Also, the European Commission is not a government and is not meant to act as a government that can decide "everything".
The countries that formed the EU have only agreed to transfer some powers to Brussels. Not give it an unlimited hand over everything. And Chat Control is a major infringement of constitutional rights in many countries, where inviolability of communication except for concrete warrants has been written into law for decades.
Imagine a situation if the German Constitutional Court says "this is illegal by the German Grundgesetz, and German law enforcement may not execute such laws". Do you believe that German authorities will defer to Brussels instead of its own Constitutional Court? Nope. Same with Poland etc. Local constitutional institutions have more legitimacy among the people than the bunch of bureaucrats in Brussels.
NATO is a military alliance, not a government.
Von der Leyen, an autocratic fascist that is ruining this continent. She failed to push her agenda in Germany so she "failed upwards". Even how she got this position was highly controversial and went against the top candidate principle. The EU commission is exceeding their competencies. The EU is not democratic, there is no parliamentary oversight, the parliament can't even introduce legislative proposals. No one can vote for the EU commission, only the parliament can vote for or against all the proposed candidates (not one by one). Parliament is essentially a rubber stamp for the commission.
I could be jailed for this comment btw.
There is parliamentary oversight, it's literally the next step in the process.
We all voted for the EU commission through our respective elections for national governments, who appoint the comission.
You could not be jailed for this comment, though sometimes I wish you could. Information warfare is real.
Chat apps should be opensource, E2E encrypted, and decentralised. In 2025 we still don't have that in any meaningly manner - Signal perhaps comes the closest, but it's centralised and controlled by a US organisation. The moats are deep within the chat app space, and getting the "network effect" is going to be really tough.
And no one cares. No one. There is no outcry, no protest, no shitstorm. Nothing.
I don't understand.
Do people not care if everyone is able to read and analyze, store their private communication?
Governmental interests benefit if we blame ourselves and other citizens for this shit passing. It is clear that modern democracies are people in power (which includes the media) vs the masses.
More correct would be to state the in power EU governments have decided to use the EU council power to override the will of both the EU parliament and the member states' own parliaments - for now, by threatening parliament with the override.
The EU commission is the executive and represents the currently in power government, NOT parliament.
Of course the situation is that the EU parliament HAS come up with a version of the Chat Control law. It can be summarized very succinctly:
"NO" (obviously I mean that nothing passed parliament, I do get that they did work on a couple dozen versions of the actual law too. However the final outcome really is "NO")
Now, can you tell me how the role of parliament "changes" if they actually follow through on their threat *, which is of course to turn this from a regulation into a directive?
* the threat is that this is the EU council, not the EU Commission, which could do the same (and has in fact done the same for this law, but as pointed out they failed with parliament refusing to pass any kind of compromise at all). The only party that has the power to stop the Commission acting unilaterally to make this law is the EU council, so by getting the EU council to "propose" to parliament, the Commission is signaling that the EU council will choose their side against parliament, and there will be no way to stop them forcing this into law. After this the commission can then claim more legitimacy (because of what happened in the many local parliaments' "fuck the EU and your legitimacy" disasters of the past 2 decades, like the very dramatic fuck-you's to the division rules for illegal immigrants, you can see why they want maximum legitimacy on controversial laws).
Or to put it very very bluntly, this is the commission calling in daddy, because parliament doesn't want to cooperate and daddy EU Council saying "ok, we'll go to parliament together, PARLIAMENT! BEHAVE! You're going to listen and you're going to cooperate!".
And the problem is that in a democracy one might point out that if parliament doesn't want to cooperate, that's the end of the line. That is in fact a pretty good definition of the idea of democracy.
P.S. I must say, the EU Commission has never cared (at least not successfully) about social policy in the EU. Frankly, the Commission is normally opposed to social progress when it interferes with business. So I find it very hard to understand why the EU Commission is risking yet another legitimacy disaster over ... protecting kids? I've worked for them for a long time and despite the past, they really care about their legitimacy, they don't care about kids (or rather they see themselves as "the voice of reason" in a hopelessly divided Europe, and it's country parliaments that care about social issues, and sometimes even smaller parliaments (like ironically the Brussels parliament currently forcing a government shutdown over social spending). Now, the EU as a whole and the Commission specifically may be right about them often being the voice of reason but it's been made crystal-clear time and time again: the EU population does not want any voice overriding their countries' parliaments, reasonable or otherwise. This was made clear from the very beginning with the Charles De Gaulle - Robert Shuman incident "Un Boche, un bon Boche, mais un Boche tout de même", calling into question the wisdom of letting "Un bon Boche" (he means: a reluctant Nazi collaborator) unify Europe with the creation of the EU.
The path from position to actual implementation (details) is long
And you can bet there's still a lot of opposition of people (with actual involvement in the legislative process)
And legal hurdles for implementation as well
(this all reminds me of the discussion around the copyright directive where people here were decrying it was going to be the end of memes. So, how did that go again?)
Source: Swedish national public service radio (Sveriges Radio) interviewing Jon Karlung, CEO of Bahnhof AB - a major privacy-centric and politically outspoken ISP in Sweden. Think XS4ALL (RIP) but in Sweden. Here's the interview: https://www.sverigesradio.se/artikel/efter-flera-ar-eu-overe... (Swedish speech).
Here's their blog post (in Swedish, use browser translation tools):
In this context putting the entirety of the population under the suspicion of facilitating child rape is completely and utterly deranged.
I have the feeling this will not happen.
"Oh, so the politicians' communications are being scanned too, then?"
"Oh, heavens no. That might risk the privacy of our communications."
But unfortunately I feel like the big tech interests probably somewhat want this happen, are happy to hand the citizenry over to the state. That we won't hear much from them over this all. With some notable Signal sized / Medium Tech exceptions.
It sure does seem like there's a huge legitimacy crisis the EU council is creating around itself by going so far against the will of the people, by intruding so forcibly into literally everyone's life.
If any admin is around, they should probably be merged. This is the other one: https://news.ycombinator.com/item?id=46055863
The EU ostensibly wants to improve innovation, i wonder how these new assessment regulations help with that, especially for SME and startups.
Year 1 a minimum viable effort manual process will be fine. But they'll say "not good enough" to someone every now and then and the minimum can do in order to get a) permission b) enforcers not crawling up your ass (IDK if it will be permission based or enforcement after the fact based) will ratchet up.
By year 10 or 20 "everyone" will have an API or a portal or whatever.
And worse, by creating a compliance industry they create a whole suite of business and people who will ask for more, more, more more.
It will happen only if the council manage to defang the EUCJ (it does try, regularly, to reduce the judiciary power by forcing it to make unpopular statements on obviously illegal laws, so it might be a long term goal).
> This Regulation shall not prohibit, make impossible, weaken, circumvent or otherwise undermine cybersecurity measures, in particular encryption, including end-to-end encryption, implemented by the relevant information society services or by the users. This Regulation shall not create any obligation that would require a provider of hosting services or a provider of interpersonal communications services to decrypt data or create access to end-to-end encrypted data, or that would prevent providers from offering end-to-end encrypted services.
