- EU Council reaches an agreement on child sexual exploitation regulation
- Voluntary chat scanning bill remains in bill despite privacy protests
- The Council is now preparing to start negotiations with the Parliament
After more than three years of failed efforts, the EU Council has finally reached an agreement on the controversial Child Sexual Abuse Regulation (CSAR).
Nicknamed Chat Control by its critics, the agreement has kept cryptographers, technologists, encrypted service providers and privacy experts alike in turmoil since its inception.
After the presidency, the bill has taken several shapes. But its most controversial feature is an obligation for all messaging service providers operating in the EU – including those using end-to-end encryption – to scan their users’ private chats in search of child sexual abuse material (CSAM).
At the beginning of the month, the Danish Presidency decided to change its approach with a new compromise text that makes chat scanning voluntary instead. This proved to be a winning move, with the proposal managing to reach an agreement in the Council on Wednesday, November 26, 2025.
However, privacy experts are unlikely to celebrate. The decision came days after a group of scientists wrote another open letter warning that the latest text still “brings high risks to society.” This came as other privacy experts considered the new proposal a “political bluff” rather than a real solution.
The EU Council is now preparing to start negotiations with the European Parliament in the hope of agreeing the final terms of the regulation.
What we know about the council agreement
According to the EU Council announcement, the new law imposes a number of obligations on digital companies. Under the new rules, online service providers will be required to assess how their platforms could be misused and, depending on the results, may need to “implement mitigating measures to counter that risk”, the council notes.
The council also offers three risk categories of online services. Those deemed high risk may be forced to “contribute to the development of technologies to reduce the risks associated with their services.” Voluntary scanning is also included in the bill.
A new EU agency is then tasked with monitoring the implementation of the new rules.
Denmark’s Justice Minister, Peter Hammelgaard, said, “I am pleased that Member States have finally agreed on a way forward that includes a number of obligations for providers of communications services to combat the dissemination of child sexual abuse material.”
But concerns remain about how the agreement jeopardizes our digital rights, with one person on the forum, Hacker News, saying that the Danish “government has today turned the EU into a tool for total surveillance, I don’t know if there can be any return from this.”
As the trilateral talks approach, the ongoing challenge for legislators remains to strike the right balance between preventing online abuse, without compromising fundamental rights, and strong encryption.
Follow TechRadar on Google News And Add us as a favorite source To get our expert news, reviews and opinions in your feed. Be sure to click the follow button!
<a href