The European Union is pushing a dangerous surveillance law called “Chat Control” that would force tech companies to scan everyone’s private messages — even those protected by end-to-end encryption.
This proposal would force tech companies to use “client-side scanning” — so your private messages, photos, and files could be read before you send them, opening the door for hackers, corporations, and governments to spy on your data.
If passed, Chat Control won’t just weaken privacy — it will change the way we live online. Private conversations would no longer be private. Trust, security, and freedom on the internet would vanish.
The Mozilla community is urgently calling on EU policymakers to:
- Protect encryption: Ensure that end-to-end encrypted services are fully excluded from any broad detection requirements.
- Defend online security: Reject all measures that weaken encryption, violate the integrity of our devices or create new vulnerabilities in digital services.
- Rely on expertise: Consult independent experts — cryptographers, child protection specialists, and fundamental rights advocates — to design solutions that are both technically sound and proportionate.
Sign Mozilla Foundation’s petition today to tell the EU: Drop Chat Control. Defend encryption. Protect our digital future.
What's the latest on the EU's Chat Control proposal?
Updated: November 2025
On November 26, EU member states finally agreed on a position on the proposed regulation. That kicks off the next phase: Trilogue negotiations, where Member States, the European Parliament and the European Commission work toward a single, joint text.
The good news: neither the position of the Council nor the Parliament currently requires mandatory client-side scanning. But both texts still contain serious problems — and the upcoming negotiations could make things better or significantly worse. Lawmakers are also racing to finalize the regulation before an April deadline.
No matter where your government stands today, your voice matters. Members of the European Parliament (MEPs) and national ministers will decide the future of this law. Contact your representatives now and tell them clearly: protect encryption, reject client-side scanning, and defend our rights online. Visit fightchatcontrol.eu to see where your country stands and to contact your representatives.
What is “client-side scanning” (CSS)?
Client-side scanning means your messages, photos, or files are scanned on your device before they’re encrypted.
Client-side scanning (CSS) is often promoted as a child safety measure — but in reality, it undermines the very promise of encryption. Detection tools, especially those meant to identify “unknown” content, are error-prone and create new security vulnerabilities.
Even if scanning starts with one type of content (like CSAM), it sets a dangerous precedent: the scope can easily be expanded to monitor other kinds of conversations. And once encryption is weakened, the risks multiply — hackers can steal sensitive data, abusers can track vulnerable people, and authoritarian regimes can spy on journalists, activists, and citizens.
CSS doesn’t make people safer. It makes everyone less secure.
Which encrypted apps and products would be impacted?
The current negotiating position stops short of mandatory client-side scanning — for now. But that could still change as talks continue.
If client-side scanning moves forward, messaging apps like WhatsApp, Signal, Telegram and iMessage, along with cloud services like iCloud, Google Drive, and Microsoft OneDrive could all be required to scan your private messages, photos, and files before they’re sent or stored.
That would expose services used by millions of people every day to new, dangerous forms of surveillance.