Instead of retroactive scanning of old messages. Can chat control 2.0 offer a look back period?
This fact-check may be outdated. Consider refreshing it to get the most current information.
Executive summary
A Council compromise on "Chat Control 2.0" was reported approved by COREPER on 26 November 2025, shifting from earlier mandatory client‑side scanning toward softer, “voluntary” or mitigation‑oriented measures, while leaving many technical details — including any fixed "look‑back" or retrospective scanning window — unresolved in public reporting [1] [2]. Civil‑liberties groups and technologists say the political moves could still enable retroactive access in practice, but available sources do not specify an explicit look‑back period in the revised texts now circulating [3] [4] [5].
1. What the November compromise actually changed — and what it left open
EU Council actors reportedly reached a political agreement on a "softer compromise" on 26 November 2025, which Council documents and commentators frame as moving away from an explicit mandatory requirement to break encryption, and instead toward measures described as voluntary scanning, age verification and "risk mitigation" obligations for providers; however, the precise operational rules — including whether providers must keep or retrospectively scan stored messages for a defined period — are not laid out in the available summaries [1] [2] [5].
2. Why campaigners still fear retroactive scanning
Privacy advocates and security experts argue the new drafting techniques — for example, phrases that obligate providers to take “all appropriate risk mitigation measures” — can be interpreted to impose scanning duties in practice or to require data retention that enables retro‑scanning later. Patrick Breyer and signatories of open letters have characterised such wording as a potential back‑door to reintroduce scanning obligations, even if the text no longer names mandatory client‑side scanning outright [4] [6].
3. No publicised numerical “look‑back” window in reporting
Across the reporting and commentaries assembled here, journalists and advocacy groups summarise political positions, voting timetables and broad drafting shifts but do not publish a defined time window — for example, "scan messages from the last X days/months/years" — attached to the November COREPER text. Available sources do not mention an explicit statutory look‑back period in the revised proposal [1] [2] [6].
4. Two plausible pathways to retrospective access — and why they matter
Even without a named look‑back, two mechanisms could enable retrospective examination: mandatory data retention policies that preserve unencrypted backups or metadata enabling targeted access, and legal or contractual obligations to implement on‑device prevention tools that could be reapplied to stored content. Observers warn these mechanisms undermine end‑to‑end privacy without needing a single "look‑back clause," but specific technical mandates or retention durations are not specified in the cited reporting [7] [8] [3].
5. Political dynamics driving ambiguity
The Danish EU presidency and shifting national positions are repeatedly cited as pushing the file forward in 2025, producing compromise language designed to placate both law‑enforcement priorities and Parliament’s privacy concerns. That political pressure has produced texts described as intentionally ambiguous — which benefits negotiators who want flexibility in implementation but leaves civil‑liberties observers worried about downstream interpretation and enforcement [9] [10] [11].
6. Competing framings: safety vs. surveillance
Proponents frame the regulation as necessary to combat child sexual abuse online; critics call it a surveillance architecture with high societal risks and little technical feasibility. Groups like the EFF emphasise that the most contentious encryption‑breaking measures were removed from the Council’s position, while Breyer and cybersecurity experts see semantic tweaks as tactical and dangerous [5] [6] [4].
7. What to watch next if you want a concrete answer
The immediate next steps in the legislative calendar are trilogue negotiations between Council, Parliament and Commission and final votes; those processes, and any published compromise text from trilogues, are where concrete operational rules — including any look‑back or retention periods — would appear. Advocacy groups and journalists are urging transparency at that stage because COREPER summaries and press pieces so far leave implementation details unspecified [10] [2] [6].
Limitations and final note: public reporting in these sources documents political agreements, high‑level drafting shifts and strong advocacy reactions, but it does not publish a definitive legal text that specifies a look‑back period. Available sources do not mention a statutory retrospective scanning window; until trilogue texts or the final legislative language are published, the presence or absence of a concrete look‑back period cannot be confirmed from the materials cited here [1] [2].