factually

In case the European Union’s Chat Control proposal passes this year, what will EU-based, privacy-focused e-mail services, like Tuta and Mailbox, do in response?

Checked on September 26, 2025
Disclaimer: Factually can make mistakes. Please verify important information or breaking news. Learn more.
www.computerweekly.com
tuta.com
www.techradar.com
nextcloud.com
Searched for:
"EU Chat Control proposal impact on Tuta and Mailbox email services"
"EU email services response to Chat Control"
"EU privacy-focused email services alternatives"
Found 5 sources

This fact-check may be outdated. Consider refreshing it to get the most current information.

Was this fact-check helpful?

1. Summary of the results

Based on the available analyses, Tuta Mail has taken the most definitive public stance regarding the EU's Chat Control proposal. The German encrypted email provider has clearly stated that if the legislation passes, they will pursue legal action against the EU rather than compromise their users' privacy by introducing backdoors into their encrypted messaging service [1]. Tuta's CEO has been particularly vocal, declaring that the company "will not stand by while the EU destroys encryption" and that they have essentially two options: sue the EU or leave the European Union entirely [2]. The company has emphasized that undermining end-to-end encryption is simply not an option for them [3] [2].

Nextcloud, another EU-based privacy-focused service, has also indicated resistance to the proposed legislation. The company stated that it doesn't plan to make changes to its software and, given that it doesn't host user data directly, it cannot be contacted to release information, effectively implying non-compliance with Chat Control requirements [4].

The analyses reveal that these privacy-focused companies are prepared to take significant legal and business risks to maintain their commitment to user privacy. Tuta's position is particularly noteworthy as it represents a direct challenge to EU regulatory authority, with the company willing to engage in costly litigation rather than compromise their encryption standards.

2. Missing context/alternative viewpoints

The original question specifically mentions Mailbox as another EU-based privacy-focused email service, but none of the analyses provide any information about Mailbox's specific response or planned actions regarding Chat Control. This represents a significant gap in addressing the complete scope of the question.

Additionally, the analyses don't explore potential middle-ground approaches that these services might consider. While Tuta has taken a hardline stance of legal resistance, there's no discussion of whether other privacy-focused services might attempt to find technical workarounds, relocate their operations outside the EU, or negotiate with regulators for exemptions.

The analyses also lack information about the broader ecosystem of EU-based privacy services beyond Tuta and Nextcloud. There's no mention of how other encrypted communication providers, secure messaging apps, or privacy-focused platforms are responding to the proposal.

Furthermore, the timeline and implementation details of Chat Control remain unclear in the analyses. One source mentions that "the proposal is still being debated and the measures are likely to change before anything is enforced" [5], but there's insufficient detail about what specific changes might occur or how this uncertainty affects service providers' planning.

The analyses don't address potential economic implications for these companies, such as the costs of legal challenges, potential loss of EU market access, or the technical and financial burden of relocating operations outside the EU.

3. Potential misinformation/bias in the original statement

The original statement doesn't contain explicit misinformation, but it does make an implicit assumption that Chat Control will definitely pass "this year" without acknowledging the ongoing legislative uncertainty. The analyses indicate that the proposal is still being debated and subject to changes [5], making the timeline assumption potentially premature.

The question also presents a somewhat narrow framing by focusing specifically on email services like Tuta and Mailbox, when Chat Control would affect a much broader range of communication platforms and services. This framing might inadvertently minimize the scope and impact of the proposed legislation.

Additionally, the question assumes these services will need to "respond" to Chat Control, which could imply acceptance of compliance obligations. However, the analyses reveal that some companies are fundamentally rejecting the premise that they should comply at all, instead choosing legal resistance as their primary response strategy.

The phrasing doesn't acknowledge that different privacy-focused services may have varying capabilities and legal strategies for responding to such legislation, potentially oversimplifying what is likely to be a complex and varied landscape of responses across the industry.

Want to dive deeper?
What are the key provisions of the EU's Chat Control proposal 2025?
How do Tuta and Mailbox currently ensure user email privacy and security?
Will EU-based email services like Tuta and Mailbox relocate outside the EU if Chat Control passes in 2025?
What are the potential consequences for EU users if privacy-focused email services like Tuta and Mailbox cease operations?
How do other EU regulations, such as the General Data Protection Regulation (GDPR), intersect with the proposed Chat Control measures?