Do you think chat control will be watered down by April?
This fact-check may be outdated. Consider refreshing it to get the most current information.
Executive summary
The most politically contentious elements of the original “Chat Control” proposal — explicit requirements to break end-to-end encryption and mandatory client-side scanning — have largely been removed from the Council’s negotiating text, meaning the proposal is already materially watered down compared with the Commission’s 2022 draft (the Council’s text drops forced scanning of encrypted messages and opts for “voluntary” detection) [1] [2]. That said, the law is not dead: voluntary scanning, new enforcement structures and risk of age-verification measures remain on the table, a trilogue is imminent, and an April 2026 deadline tied to an expiring derogation concentrates pressure, so the final text by April will probably be a compromise that is weaker on encryption concerns but still extends intrusive powers in other forms [2] [3] [4].
1. Council’s retreat on encryption is the headline “watering down” — but only part of the story
After years of pushback from privacy groups, tech firms and some member states, the Council’s compromise removes an explicit mandate to force providers to break end-to-end encryption, shifting instead to a regime that preserves voluntary detection for non-E2EE traffic while leaving open aggressive obligations in other areas [1] [5]. Privacy advocates and technologists hail this as a major victory because the most technically destabilising demand — mandating client-side scanning of encrypted chats — is off the formal table, but critics immediately warned that “voluntary” scanning can be privatised surveillance and still create widespread harms even without a formal encryption-break requirement [1] [2].
2. The April deadline and the expiring derogation keep political pressure high
A temporary derogation that has allowed voluntary scanning to operate in practice expires in April 2026, creating a hard political timeline that negotiators repeatedly cite as the reason to hurry a compromise through trilogue talks [4] [3] [2]. That ticking clock makes it unlikely the law will be abandoned outright by April — instead negotiators are incentivised to produce a text that keeps detection mechanisms legal and continuous, even if those mechanisms are reframed and constrained compared with earlier proposals [3] [4].
3. Parliament vs Council: different incentives could pull the law in opposite directions
The European Parliament has shown strong cross-party scepticism of mass-surveillance elements and has pushed for protections for encryption, yet some MEPs and national governments emphasize child-protection imperatives and want robust obligations on platforms [6] [7]. The Commission has signalled both willingness to side with Parliament’s concern for rights and to extend the derogation to reduce time pressure — a tactical move that could either blunt a rushed law or insulate a tougher compromise depending on negotiations [6]. These competing mandates make the final text unpredictable, but they increase the chance of a moderated outcome rather than an abrupt reversal.
4. What “watered down” would mean in practice — and where risks remain
If “watered down” is defined as removing any state-backed ability to compel scanning of end-to-end encrypted messages, that has largely happened in the Council text; however, watering down could still leave in permanent legalisation of voluntary scanning, creation of enforcement agencies, new reporting and age-verification duties, and rules that incentivise platforms to scan or apply intrusive mitigations anyway [1] [8] [9]. Experts warn these secondary measures could hollow encryption protections and create chilling effects even without explicit encryption-breaking orders [7] [10].
5. Bottom line — probable outcome by April
A fully watered-down outcome (complete abandonment of broad detection regimes and structural enforcement powers) is unlikely by April because of the expiring derogation and political momentum to replace temporary rules with a permanent framework; a fully preserved original proposal is also unlikely given sustained resistance from privacy defenders, some member states and Parliament. The most plausible result by April is a negotiated compromise: encryption-safe in letter but expansive in practice through voluntary scanning, age checks and enforcement structures — in other words, watered down on the single most explosive technical demand but not fundamentally neutralised [1] [2] [3].