Chat Control and the Repercussions of Mandatory Communication Detection

Abstract

This article analyses the European Union’s proposed Child Sexual Abuse Regulation (“Chat Control”) and the legal, technical, and fundamental-rights challenges arising from its shift from voluntary to mandatory detection of online child sexual abuse material (CSAM). The study situates the proposal within the broader EU regulatory landscape, including the interim derogation provided by Regulation 2021/1232 and its subsequent extension, highlighting the fragmentation and legal uncertainty produced. Although the proposal aims to harmonise obligations and enhance child protection, it presupposes the existence of reliable and safe scanning technologies while disregarding unresolved cybersecurity vulnerabilities and significant risks to privacy and data protection. The analysis demonstrates that mandatory detection orders, potentially affecting all major communication services, would require intrusive age-verification systems and technologies that undermine end-to-end encryption. Existing tools such as client-side scanning, perceptual hashing, and AI-based grooming detection remain technically fallible, prone to false positives, and susceptible to evasion, collision, and data-leakage attacks. The resulting data-processing obligations raise unresolved questions regarding evidence reliability, procedural safeguards, and compliance with Articles 7 and 8 of the EU Charter. The article further argues that large-scale scanning infrastructures risk function creep, enabling forms of mass surveillance incompatible with European fundamental-rights jurisprudence and cybersecurity norms. While combating online child abuse is a critical public interest objective, the current proposal fails to provide a proportionate, legally foreseeable, and technically secure framework. The report concludes that any effective long-term solution must integrate rigorous safeguards, transparency, technological viability, and strong protection of secure communications.