Proponents point to combating the spread of child pornography, while opponents warn of a slippery slope towards Big Brother, mass surveillance, and violation of fundamental rights.
The core of the proposal is that providers and platforms (such as Twitter, Facebook, Telegram) check their usersâ messaging and email services for content before sending. Violations of EU behavioral rules should be reported by providers to Europol, who would then pass this information on to the police and justice authorities.
Because services like WhatsApp and Signal use end-to-end encryption, technically the investigation shifts to the user's phone or computer: the so-called 'client-side scanning' (csa). This principle is now the focus of the heated European debate: the EU does not itself break the confidentiality/encryption but lets providers do this before transmission.
Promotion
The current EU presidency, Denmark, presented a compromise in July stating that encryption must not be âweakened or circumventedâ and that only 'certified' (i.e., authorized) detection technology may be used. Critics call this semantics: if scanning takes place before encryption, it is effectively a backdoor. This tension partly determines the upcoming vote.
Several EU countries support the Danish proposal, but there is still a bloc of opponents and doubters. The Netherlands explicitly raised objections last week against the âdetection ordersâ and warns against preventive monitoring of innocent citizens. Countries like Poland, Austria, and Belgium are also mentioned as critical or rejecting in the ongoing diplomatic tug-of-war.
Germany is considered decisive: if Berlin were to agree, a blocking minority would likely disappear and the plan could proceedânot only because of Germanyâs political weight but also due to its share of the EU population. However, Germany has not yet consented.
Reportedly, electronic evidence is already used in about half of all convictions for serious crime in the EU. More than 500 cryptographers and security experts warn that large-scale client-side scanning is technically unsafe and leads to unrealistic expectations.
Encryption services have expressed similar concerns; some providers say they would rather leave the EU markets than accept stricter security requirements. That is one of the reasons Germany has cited so far.
Meanwhile, the proposal also clashes with a broader power struggle between Brussels and Big Tech. American tech companies have long criticized the strict European line (DMA/DSA) that limits market power and data use, warning of damage to innovation and services. European regulators, however, remain firm and stress the necessity of effective enforcement.