Chat Control: The spy in your pocket
This is the end of the presumption of innocence online. Under the guise of safety, the EU is attempting to install a permanent surveillance camera inside every pocket in Europe. It is a dragnet so vast it treats every citizen as a suspect by default.
But as we scrutinize the fine print, a disturbing hypocrisy emerges: the architects of this surveillance state have no intention of living inside it.
A two-tier internet
The EU wants to stop the spread of child abuse material. No one questions the goal. The problem is the method. Instead of targeted investigations, the plan is mass scanning. Every message. Every photo. Every chat.
But not for everyone. Intelligence agencies, military, and police may be exempt from these scans. This creates a two-tier internet: one where ordinary citizens live under algorithmic surveillance, and one where those in power remain shielded.
Your device is the checkpoint
They call it a regulation. Security experts call it a backdoor. The proposal forces apps to police their users. WhatsApp, Signal, Proton, Qaxa—none would be exempt.
The mechanism is Client-Side Scanning (CSS). This means scanning content on your phone before it gets encrypted. Your phone becomes the spy in your pocket. This applies to mobile apps, desktop clients, and game chats. Any tool where humans communicate is a target.
How it works
Scanning happens locally on your device. Because the scan happens before encryption, "End-to-End Encryption" becomes meaningless.
- The Fingerprint — Algorithms create a hash of your text or image.
- The Match — This is compared to a database of illegal material.
- The AI Judge — Unknown content is scanned by AI to predict if it might be abusive.
The Risk: We all know AI hallucinates. Now imagine a hallucinating bot incorrectly flagging your intimate photos, jokes, or private vents. Once reported, your content and identity are sent to the police. There is no un-ringing that bell.
The consequences
It breaks encryption. If a system can scan your message before sending it, the "lock" is bypassed. You are no longer the only one with the key.
It creates mass surveillance. Instead of investigating suspects based on warrants, the system treats every citizen as a criminal by default.
It kills free expression. When you know an algorithm is watching, you self-censor. Privacy is the oxygen of free speech; Chat Control suffocates it.
What’s next?
EU ministers are moving toward a vote. If approved, enforcement follows. Companies will face a binary choice: Break your encryption or leave the EU market.
Large platforms may bend to the rules to keep their ad revenue. Smaller, privacy-first tools may choose to exit rather than betray their users.
The outcome will decide the future of private communication in Europe. At Qaxa, we are closely monitoring every step. We will not compromise our architecture. Privacy is not a privilege—it is a right.
—
Update (January 2026): Since this article was published, EU member states agreed the Council’s negotiating position on 26 November 2025. The Council text shifts from mandatory message-scanning toward a risk-assessment + mitigation framework, and it would keep the current voluntary scanning derogation in place beyond its current expiry (3 April 2026), alongside creating an EU Centre on Child Sexual Abuse. The European Parliament’s position (adopted in November 2023) explicitly rejects generalised monitoring and calls to exclude end-to-end encrypted communications from detection orders. The main CSAM regulation is now in trilogue (Parliament + Council + Commission negotiating the final text). In parallel, the Commission proposed on 19 December 2025 to extend the Interim Regulation so providers can keep voluntary detection/reporting beyond 3 April 2026 while negotiations continue.
