- EU Council reaches agreement on child sexual abuse regulation
- Voluntary discussion analysis remains in bill despite privacy backlash
- The Council is now preparing to begin negotiations with the Parliament
The EU Council has finally reached an agreement on the controversial Child Sexual Abuse Regulation (CSAR) after more than three years of failed attempts.
Dubbed Chat Control by its detractors, the deal has kept cryptographers, technologists, encrypted service providers and privacy experts in turmoil since its inception.
Presidency after presidency, the bill has taken many forms. But its most controversial feature is the requirement for all messaging service providers operating in the EU – including those using end-to-end encryption – to scan their users’ private chats for child sexual abuse material (CSAM).
Earlier this month, the Danish presidency decided to change its approach with a new compromise text that makes cat analysis voluntary. This proved to be a winner, as the proposal managed to reach agreement in Council on Wednesday 26 November 2025.
Privacy experts are unlikely to rejoice, however. The decision came days after a group of scientists wrote a new open letter warning that the latest text “still poses high risks to society.” That’s after other privacy experts dismissed the new proposal as “political deception” rather than a real solution.
The EU Council is now preparing to begin negotiations with the European Parliament, in the hope of reaching an agreement on the final terms of the regulation.
What we know about the Council agreement
In line with the EU Council’s announcement, the new law imposes a series of obligations on digital companies. Under the new rules, online service providers will be required to assess how their platforms could be misused and, based on the results, they may need to “implement mitigation measures to counter this risk”, notes the Council.
The Council also introduces three categories of risks for online services. Those deemed high risk may be required “to contribute to the development of technologies aimed at mitigating the risks associated with their services.” Voluntary scanning also remains in the bill.
A new European agency is then responsible for overseeing the implementation of the new rules.
“I am pleased that member states have finally agreed on a way forward that includes a number of obligations for communications service providers to combat the dissemination of child pornography,” said Danish Justice Minister Peter Hummelgaard.
But concerns about how the deal threatens our digital rights persist, with one person on the forum, Hacker News, saying that “the Danish government has today turned the EU into a tool of total surveillance, I don’t know if there can be a comeback.”
As trilogue negotiations approach, the ongoing challenge for lawmakers remains finding the right balance between ending online abuse, without compromising fundamental rights and strong encryption.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
