Who is Behind the Plan for Mass Surveillance of Digital Communication in Europe

In recent days, domestic media have reported extensively on ‘chat control’, i.e., the European Union’s proposal to enable surveillance of all encrypted online communications, under the guise of protecting children on the internet (child sexual exploitation material – CSAM). This means that all messenger service providers like WhatsApp, Viber, and others would be required to automatically scan all private messages and conversations without exception.

The consequence would be mass real-time surveillance using a fully automated system and the end of privacy in our digital conversations. This is not a new proposal; three years ago, our government also gave a positive opinion on this regulation, agreeing that surveillance of all citizens in Europe is necessary.

The proposal dates back to 2022, specifically on May 11 of that year, when the European Commission presented a proposal that would obligate all email and messenger service providers to search and scan all communications, even those currently securely encrypted with end-to-end encryption.

Majority Against

Before the proposal itself, a public consultation was conducted which showed that the majority of citizens and experts do not support this obligation. More than 80 percent of participants were against the application of surveillance on end-to-end encrypted communication.

Currently, there is a rule that allows service providers to voluntarily scan communications (so-called Chat Control 1.0). So far, this has only been applied by some unencrypted American services like Gmail, Facebook/Instagram Messenger, Skype, Snapchat, iCloud, and Xbox. However, if the new proposal (Chat Control 2.0) is accepted, we move from voluntary to mandatory.

How the New Message Surveillance Would Affect You

If the European Union were to introduce mandatory scanning of messages and emails, every piece of your digital communication would be automatically scanned for ‘suspicious content’. Nothing would remain confidential or secret, and no court order or initial suspicion would be required for surveillance, as checks would be conducted always and without exception. In the event that the algorithm assesses that a message is suspicious, your private or intimate content could end up in the hands of employees and external collaborators of international corporations or law enforcement agencies. This means that even your private photographs, including the most sensitive ones, could be viewed by complete strangers, with no guarantee that they would remain protected.

An AI filter for message recognition could label ordinary intimate conversations, such as flirting or messaging between partners, as potentially risky. There have been recorded cases where completely legal family photographs, such as children at the beach during summer vacation, were incorrectly flagged as prohibited content.

According to estimates from technical research, even very precise algorithms with a minimal error rate of 0.1 percent could generate millions of false positive reports daily, considering that billions of messages are sent daily in the EU. Additionally, the Irish experience confirms the problem; according to the National Center for Missing and Exploited Children (NCMEC), only about 20 percent of reports coming from automated systems contain illegal material. In practice, this means that a vast number of citizens could find themselves under false suspicion and serious problems. Furthermore, by opening the encryption system that currently protects privacy, space is created for spying by intelligence agencies or hackers. Once the message surveillance technology is established, it can easily be expanded for other purposes, and no one can guarantee that such tools will not be used tomorrow to track our smartphones and computers.

The proposal also includes mandatory age verification for users. This means that it would no longer be possible to open anonymous email or messenger accounts without personal identification or biometric identity verification. Such a practice would not only destroy anonymity but also increase the risk of personal data leaks. Sensitive communications, from private discussions about sexuality to anonymous contacts between journalists and sources, as well as political activism, would become endangered. Minors would also have restricted access to a whole range of digital services.

Ultimately, the proposal raises questions not only about the protection of privacy and citizens’ freedoms but also about the functioning of digital society itself. Instead of protection, many warn that a system of mass surveillance with far-reaching consequences would be created. Additionally, educating children and parents as prevention should be the direction taken, rather than repression and surveillance of the entire society by a system that is not even close to being accurate and precise.

Who is Behind the Proposal?

BIRN, (Balkan Investigative Reporting Network) investigated in 2023 who is lobbying and who is the main driver of this controversial proposal. As they wrote at the time, behind European Commission Commissioner Ylva Johansson and her proposal to combat online sexual abuse of children (CSAM) stands a powerful and well-funded network of lobbyists and organizations that, according to internal documents and testimonies of participants, had inappropriate influence on policies that could change the internet as we know it.

BIRN states that in May 2022, Johansson sent a letter to the American organization Thorn, founded in 2012 by Ashton Kutcher and Demi Moore. Thorn develops AI tools for recognizing CSAM, and the proposed regulation is designed to combat the spread of that content. In the letter, Johansson invited Thorn’s executive director to ‘help launch the proposal’. The path of the proposal was marked by strong lobbying. Thorn organized meetings with key members of the Commission, including Johansson, Margrethe Vestager, Margaritis Schinas, and Thierry Breton. Although registered as a non-governmental organization, Thorn sells AI tools on the market, and the U.S. Department of Homeland Security purchased licenses for $4.3 million.

Additionally, messages obtained by BIRN reveal a continuous and close working relationship between the two parties in the months following the introduction of the CSAM proposal, during which the Commission repeatedly facilitated Thorn’s access to key decision-making venues attended by ministers and representatives of EU member states.

Criticism from the Netherlands

The Dutch organization Offlimits, the oldest European hotline for child sexual abuse, openly warned that the EU proposal could turn child protection into a profitable business for tech companies.

– Brussels listens too much to American organizations that have their own market interests – stated former Offlimits director Marietje Gerkens, adding that Johansson refused to meet with them while regularly finding time for meetings with representatives from Silicon Valley.

The scientific community is also skeptical. Cryptographer Matthew Green from Johns Hopkins points out that European encryption experts, who are world-renowned, were not involved in the drafting of the proposal. Apple publicly acknowledged in 2023 that attempts to scan for CSAM on devices are technically unfeasible without compromising privacy. Furthermore, research from Imperial College warns that scanning technology on devices could be misused, for example, for facial recognition without users’ knowledge.

Final Phase

The proposal is currently in the final phase of the legislative process, with a planned vote in the European Council scheduled for October 14, 2025. According to information from the organization Fight Chat Control, 15 EU member states support the proposal, while 9 remain undecided, and three oppose it (Austria, the Netherlands, and Poland). Final positions of member states are expected to be published on September 12, 2025, and if the proposal is adopted, the next step will be trilateral negotiations between the European Commission, the European Parliament, and the EU Council to finalize the text of the law. According to some estimates, final adjustments and adoption could occur by the end of 2025 or early 2026.

This proposal raises strong concerns among privacy experts, human rights organizations, and tech companies due to the potential jeopardization of end-to-end encryption and the possibility of mass surveillance. Several organizations, including the aforementioned Fight Chat Control, are urging EU citizens to oppose the proposal and contact their representatives in the European Parliament and national governments.