What is the current status of the EU chat control proposal in trilogue as of December 2025?

1. Council mandate wins a narrow passage and triggers trilogue

EU ambassadors in COREPER approved the Council’s revised Chat Control mandate on 26 November 2025 by a close split vote, a procedural step that passes the file into trilogue talks with Parliament and Commission and underlines deep Member State divisions rather than consensus ^{[1] [6]}. Multiple outlets and observers reported that the Council’s endorsement at the end of November effectively enabled trilogue to start in early December 2025, with the first negotiation sessions recorded as taking place in that window ^{[7] [2]}.

2. Encryption-breaking mandate removed, but contentious tools remain

The most headline-grabbing concession in the Council text was the removal of a mandatory requirement to scan content that would directly break end-to-end encryption—an outcome privacy groups hailed as a partial victory ^{[3] [4]}. Yet the new draft preserves a framework where providers can voluntarily deploy automated monitoring tools and where liability and “risk mitigation” systems could effectively pressure privacy-respecting services, a point critics argue converts voluntary measures into de facto surveillance ^{[4] [1]}.

3. Age verification and risk frameworks are the new flashpoints

Alongside voluntary monitoring, the Council draft introduces mandatory age-verification requirements for access to certain apps or chat-enabled features and outlines complex risk‑benchmark systems that critics say will incentivize intrusive technical solutions to avoid regulatory penalties ^{[4] [3]}. Privacy and security researchers warn these provisions can produce widespread collateral impacts—false positives, chilling effects on private speech, and technical burdens—because current detection technologies are imperfect ^{[8] [4]}.

4. Parliament and Commission retain decisive leverage in trilogue

Trilogue is the reconciliation process where the Parliament, Council and Commission seek a final text; Parliament negotiators and civil liberties forces still have formal opportunities to reshape or reject the Council’s mandate during those talks ^{[9] [7]}. Observers note that the Parliament’s stance, expert assessments on detection feasibility, and vocal civil society opposition are pivotal variables that could either blunt Council proposals or leave a compromise that many privacy advocates still find unacceptable ^{[8] [3]}.

5. Politics, timing and agendas: why December 2025 matters but is not final

The Danish EU Presidency pushed hard to advance the dossier before its term ended in December 2025, creating institutional pressure to move from stalemate to trilogue—even while Member States remained split and the vote was narrow ^{[6] [2]}. Supporters, including child-protection NGOs and law enforcement, frame the text as necessary progress against CSAM, while critics charge a strategy of iterative “salami-tactics” to normalize intrusive rules; both political aims shape negotiation postures in trilogue ^{[2] [6]}.

6. Bottom line: trilogue just beginning, outcome uncertain

By December 2025 the process had advanced to trilogue after COREPER’s narrow approval and initial negotiations were underway, but the substance—no mandatory encryption-breaking, plus voluntary monitoring, age checks and risk regimes—remains fiercely contested and technically controversial; the final legal text depends on what concessions Parliament and Commission extract or accept in trilogue ^{[1] [3] [4]}. Public reporting and expert analysis warn that although one dangerous element was removed, significant privacy and technical risks persist in the Council’s mandate, leaving the ultimate balance between child-protection aims and encryption/privacy guarantees undecided as trilogue begins ^{[8] [3]}.