EU Council has passed Chat Control
EU Council has passed Chat Control
EU Chat Control Passes Committee on November 26, 2025: "Voluntary" Surveillance, Mandatory Age Verification, and the Political Deception That Got It Through
The Official Story vs. The Reality
What Headlines Are Saying:
"EU backs away from mandatory Chat Control"
"Denmark proposes voluntary scanning compromise"
"Privacy concerns addressed in revised proposal"
What Actually Happened: On November 26, 2025, COREPER approved a negotiating mandate that creates three interlocking threats to digital privacy:
- Privatized Mass Surveillance: Making the temporary "Chat Control 1.0" framework permanent
- Death of Anonymous Communication: Mandatory age verification requiring ID for all digital services
- Digital Exclusion of Teenagers: Effective ban on users under 17 accessing communication platforms
Why "Voluntary" Is a Lie
The revised text removes explicit mandatory detection orders but introduces Article 4's requirement for providers to take "all appropriate risk mitigation measures" to ensure safety. This isn't a softening—it's linguistic camouflage for the same outcome.
Here's why "voluntary" scanning becomes effectively mandatory:
The Coercive Framework:
- Providers must conduct risk assessments of their services Risk categorization determines whether services are "high risk"
- "High risk" services face mandatory mitigation obligations
- Voluntary scanning is explicitly listed as a mitigation measure in determining risk category
- Translation: If you don't "voluntarily" scan, authorities classify you as high risk, which triggers mandatory mitigation measures that include...scanning
As one privacy expert put it: "You are not required to volunteer to scan—but your required mitigation measures may include scanning voluntarily. This is logically impossible. Voluntary ≠ a component of required obligations."