- EU Council reaches agreement on Regulation on child sexual abuse
- Voluntary chat scanning remains in bill despite anti-privacy backlash
- The Council now prepares to start negotiations with Parliament
The EU Council has finally reached an agreement on the controversial Child Sexual Abuse Regulation (CSAR) after more than three years of failed attempts.
Dubbed Chat Control by its critics, the agreement has kept cryptographers, technologists, encryption service providers and privacy experts in crisis since its inception.
Presidency after presidency, the bill has taken many forms. But its most controversial feature is the obligation for all messaging service providers operating in the EU (including those using end-to-end encryption) to scan their users’ private chats for child sexual abuse material (CSAM).
At the beginning of the month, the Danish Presidency decided to change its approach with a new commitment text that makes chat scanning voluntary. It turned out to be a winning move, as the proposal managed to reach an agreement in the Council on Wednesday, November 26, 2025.
However, privacy experts are unlikely to celebrate it. The decision came just days after a group of scientists wrote another open letter warning that the latest text still “brings high risks to society.” This was after other privacy experts deemed the new proposal a “political hoax” rather than a real solution.
The EU Council is now preparing to start negotiations with the European Parliament, hoping to reach an agreement on the final terms of the regulation.
What we know about the Council agreement
According to the announcement by the EU Council, the new law imposes a series of obligations on digital companies. Under the new rules, online service providers will need to assess how their platforms could be misused and, depending on the results, they may need to “implement mitigation measures to counter that risk,” the Council says.
The Council also introduces three risk categories for online services. Those considered high risk may be required to “contribute to the development of technologies to mitigate risks related to their services.” Voluntary scanning also remains in the bill.
A new EU agency is then tasked with overseeing the implementation of the new rules.
“I am pleased that Member States have finally agreed on a way forward that includes a series of obligations for communication service providers to combat the spread of child sexual abuse material,” said Danish Justice Minister Peter Hummelgaard.
But concerns remain about how the deal threatens our digital rights, with one person on the forum, Hacker News, saying that “the Danish government has today turned the EU into a total surveillance tool, I don’t know if there can be any return.”
As trilogue negotiations approach, the ongoing challenge for lawmakers remains finding the right balance between stopping online abuse, without compromising fundamental rights, and strong encryption.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
