What is the current status of the EU chat control proposal in trilogue as of January 2026?

1. Council position, rules of engagement, and timeline

Member states coalesced around a Council negotiating mandate in late November 2025 that formally opens trilogue talks with the European Parliament and Commission, and public reporting and advocacy groups therefore treat early 2026 as "crunchtime" for the regulation ^{[1] [7]}. Multiple trackers and stakeholders list concrete trilogue sessions on the calendar for February and April 2026, reflecting an intention to use the coming months to reconcile the Council’s text with the Parliament’s protections and the Commission’s original proposal ^{[2] [7]}.

2. What changed in the Council text — the retreat from mandatory scanning and the new sticking points

The Council removed the prior draft’s requirement to force platforms to scan encrypted messages, abandoning the explicit mandatory detection order that sparked the fiercest opposition, but it also seeks to codify voluntary scanning and adds measures that critics say widen scope and risk ^{[8] [4]}. Observers report the revised draft expands what can be monitored (images, links, text, video in some formulations), contemplates mandatory age verification for some high‑risk apps or features, and installs a requirement to revisit mandatory scanning every three years—provisions privacy researchers and NGOs warn could normalize intrusive practices even without a direct encryption ban ^{[5] [6] [9]}.

3. Political divisions and the ticking clock

Political splits among member states remain decisive: Germany’s reluctance earlier in the process blocked votes and made compromise necessary, and the rotating Council presidency changing to Poland on 1 January 2026 places pressure on negotiators to reach a text before the voluntary‑scanning derogation expires on 3 April 2026, a practical cliff‑edge cited widely by campaigners and analysts ^{[10] [3]}. The dynamic is uneven: some member states and law‑enforcement advocates press for stronger detection tools while digital‑rights groups and encryption researchers call for firm safeguards or rejection, leaving trilogue negotiators to broker not only legal text but a political bargain ^{[1] [11]}.

4. Stakes for privacy, encryption and enforcement in trilogue bargaining

Advocates for the Council position argue the revision balances child protection with technical feasibility by preserving voluntary measures and dropping mandatory client‑side scanning, while critics counter that codifying voluntary scanning and introducing age verification still risks systemic surveillance and weakens encryption in practice; these competing narratives frame the Parliament’s negotiating priorities—which, according to civil society, emphasize court oversight, suspicion‑based measures, and stronger fundamental‑rights protections ^{[4] [8] [9]}. Technical experts and institutes warn that some language in the draft could produce harmful side effects for cybersecurity and anonymity, a point likely to animate parliamentary amendments in trilogue ^{[5] [11]}.

5. What trilogue will actually decide and the realistic outcomes

Trilogue negotiators will reconcile three positions: the Commission’s original proposal, the Council’s amended mandate, and the European Parliament’s rights‑protective stance; the talks will determine whether the final regulation enshrines voluntary scanning with stringent safeguards, reopens space for mandatory measures in future reviews, or collapses under political disagreement—there is also a realistic possibility that the urgency created by the April 2026 expiration will push for a narrow compromise that leaves many contentious issues unresolved and subject to future legal and political battles ^{[7] [4] [3]}. Publicly available reporting does not confirm a final text as of January 2026; it confirms only that trilogue has begun as the decisive stage ^{[1] [4]}.