Germany has committed to oppose the EU’s controversial “Chat Control” regulations following huge pressure from multiple activists and major organizations.

The draft regs would allow authorities to compel providers of communications services – such as WhatsApp, Signal, etc – to monitor user comms for potential child sexual abuse material. And they wouldn’t exempt encrypted services.

Jens Spahn, a member of the Bundestag for Germany’s Christian Democratic Union (CDU) – part of the ruling coalition in the country – confirmed in a statement on Tuesday that the German government would not allow the proposed regulations, which are commonly referred to as Chat Control, to become law.

“We, the CDU/CSU parliamentary group in the Bundestag, are opposed to the unwarranted monitoring of chats. That would be like opening all letters as a precautionary measure to see if there is anything illegal in them. That is not acceptable, and we will not allow it.”

As The Reg has mentioned previously, to pass the legislation,EU leaders need support from nations representing the majority of the member-state bloc’s population – which is why Germany’s is a key player.

The news follows speculation last week that Germany would reverse its stance and oppose the Child Sexual Abuse (CSA) Regulation, which EU politicians have tried to pass since it was first tabled in 2022.

Essentially, it’s the EU’s version of the UK’s long-held ambition to force encrypted messaging platforms to break end-to-end encryption (E2EE), packaged under a similar guise.

If passed, the CSA Regulation would require communications platforms to deploy AI-powered content filters to ensure CSA material was blocked, and those possessing and sharing it be brought to justice.

And, of course, would also undermine E2EE, theoretically allowing the EU to spy on any citizen’s private communications.

So far, Chat Control has naturally received similarly heated opposition as the UK’s equivalent plans, first through the Investigatory Powers Act and later through the Online Safety Act.

Among the strongest opponents to the CSA Regulation is the human rights organization European Digital Rights (EDRi), which believes that the proposed mandatory technologies platforms would be required to deploy are ineffective and unreliable.

It echoed the repeated messaging from E2EE messaging platforms that such regulations cannot be implemented while simultaneously upholding private encryption, with many threatening to leave markets that mandate such measures.

EDRi also warned in September that the CSA Regulation would likely force platforms to verify users’ ages, much like how the Online Safety Act has in the UK in recent months.

It argued: “All current age verification tools pose a threat to free expression, autonomy, and privacy. As a result, such measures would risk systematic exclusion of people without digital identity documents, and could also mean the end of online anonymity. This would put a lot of people at risk: whistle-blowers, activists, people seeking reproductive healthcare, and more.

“In short, the negative impact of Chat Control on democracy would be unprecedented. And by legitimising these dangerous practices, the EU would be giving a signal to the rest of the world that there can be no privacy of digital communications.”

Just a few months into the Online Safety Act requiring age verification, user data collected by these platforms has already been leaked in a major data breach at one of Discord’s suppliers.

Why Germany’s vote is so important 

The EU Council requires what’s known as a qualified majority to pass most pieces of legislation.

To block that legislation, there must be a blocking minority, the requirements for which include at least four member states opposing a given proposal and the opposition representing at least 35 percent of the EU’s total population.

With the likes of France, Spain, Portugal, and a number of other countries supporting the proposed CSA Regulation, the opposing states needed a large country to join them and create that blocking minority.

Before Germany signaled its position this week, Poland and the Netherlands were the largest of the states to have committed their opposition ahead of a formal vote on the matter on October 14.

Germany’s population of around 83.5 million people represents around 19 percent of the total population of EU member states, meaning that it holds a great deal of power when it comes to deciding qualified majorities and blocking minorities.

With Germany opposing the CSA Regulation, it’s now unlikely to pass as EU legislation, factoring in the population of the other, smaller nations that also oppose it.

Italy, Belgium, and Sweden are the largest states yet to decide on how they will vote next week.

Under pressure

Multiple major organizations such as Signal and Tuta Mail – both of which are built on privacy-preserving tech – have threatened to pull out of the EU if the CSA Regulation passes.

Meredith Whittaker, Signal’s president and an outspoken critic of anti-privacy legislation, said she would pull Signal from the EU in the same way she threatened to do with Sweden earlier this year.

Following reports last week suggesting that Germany was leaning toward supporting the proposal, Whittaker pleaded with the country in an open letter [PDF] to vote against it.

She wrote: “Under the guise of protecting children, the latest Chat Control proposals would require mass scanning of every message, photo, and video on a person’s device, assessing these via a government-mandated database or AI model to determine whether they are permissible content or not.

“This is a horrifying idea for many reasons. First, the technical consensus is clear. Scanning every message – whether you do it before, or after these messages are encrypted – negates the very premise of end-to-end encryption. Instead of having to break the gold-standard Signal encryption protocol to access someone’s Signal messages, hackers and hostile nation states only need to piggyback on the access granted to the scanning system. This threat is so severe that even intelligence agencies agree it would be catastrophic for national security.

“These proposals ignore the strategic importance of private communications, and the longstanding technical consensus that you cannot create a backdoor that only lets the ‘good guys’ in. What they propose is in effect a mass surveillance free-for-all, opening up everyone’s intimate and confidential communications, whether government officials, military, investigative journalists, or activists. For all of Europe’s talk of sovereignty, this is a bizarre cybersecurity decision on multiple fronts.”

Matthias Pfau, CEO of Germany-based Tuta Mail, which was one of the 40 pro-privacy signatories consisting of multiple European SMEs on a separate but similar open letter addressed to Germany, also threatened to pull out of the EU.

“If Chat Control passes, we as an encrypted provider have two options: sue to fight for people’s privacy, or leave the EU. And we’ve decided to fight. We will never weaken or backdoor our encryption,” he said.

These letters add to the 600 signatories of a similar one, which The Register covered in September, issued ahead of a European Council debate before the proposed regs went to full vote next week.

Additional pressure has come from former MEP and longstanding digital rights activist Patrick Breyer, who is a major critic of Chat Control.

He is a longtime supporter of the European Parliament’s alternative to the CSA Regulation in its current form. Drafted in 2023, the Parliament’s negotiating mandate [PDF] removes some of the most controversial aspects of the regulation, such as client-side scanning and plans for what Breyer describes as blanket chat control.

A Danish software engineer going by the name of Joachim runs fightchatcontrol.eu – a website displaying information about how each member state plans to vote next week, and a handy tool that generates semi-personalized email templates for users to bombard their MEPs, urging them to vote against the legislation.

Evin Incir, Swedish MEP for the Socialists and Democrats, told Politico that the party’s office receives hundreds of emails per day as a result of Joachim’s tool. ®