eco – Association of the Internet Industry Warns Against Chat Control: No Weakening of Secure Encryption

• eco Board: “A ‘compromise’ that enshrines the indiscriminate scanning of private communications is unconstitutional, technically misguided and dangerous in terms of security policy.”
• Why chat control is the wrong path
• eco calls for a course correction on the EU CSAM Regulation in five key points

eco – Association of the Internet Industry warns against the planned chat control as part of the EU Regulation on the prevention and combatting of child sexual abuse (CSAM Regulation) and calls on the German federal government and EU Member States to reject the proposal by the Danish Council Presidency. The draft, which the Justice and Home Affairs Council will discuss on 14 October, continues to provide that providers of digital communication services can be obligated to search private messages – including end-to-end encrypted services. A new element is a so-called “consent solution” that forces users to choose between agreeing to surveillance or losing key functions such as sending pictures and videos. From eco’s perspective, however, this approach also remains unconstitutional and is dangerous in terms of security policy: the indiscriminate scanning of private communications would create an uncontrollable infrastructure for mass surveillance and effectively undermine secure encryption.

Klaus Landefeld, Vice Chair of the Board of eco – Association of the Internet Industry, says: “A ‘compromise’ that enshrines the indiscriminate scanning of private communications without cause – whether only for known or also for unknown content – is not a compromise. It remains unconstitutional, technically misguided and dangerous in terms of security policy. Weakening encryption always weakens the protection of citizens, companies and critical infrastructure. Germany must say a clear ‘no’ in the Council.”

eco: Why chat control is the wrong path

With the CSAM Regulation, the EU Commission is pursuing the goal of combatting depictions of child abuse on the Internet. This concern is important and justified – but the current approach misses the goal for several reasons:

• Lack of effectiveness: Searching for already known material does not prevent ongoing abuse (e.g., grooming, extortion, live offences) and does not identify new groups of perpetrators – it reinforces a reactive approach and lulls the public into a false sense of security.
• Interference with secure encryption: Client-side scanning and general search obligations undermine end-to-end encryption. This jeopardises the confidentiality and integrity of digital communication – with direct consequences for business, administration and civil society.
• High error risks & fundamental rights: AI-supported detection is prone to error. Generalised scanning of private content is disproportionate and conflicts with privacy and communication rights.
• Criminalisation of young people: Blanket surveillance and reporting obligations carry the risk of criminalising young people (see, among others, statements by child protection organisations).
• Misallocation of resources: Billions invested in questionable scanning technology tie up funds that could be used more effectively in prevention, victim protection, international deletion coordination and strengthening specialised investigations. The goal should be to increase the clearance rate, not a further significant increase in the number of cases to be dropped.
• Burden on SMEs and ecosystem diversity: Extensive risk assessment, search, reporting and deletion obligations disproportionately affect a wide variety of services – especially small and medium-sized providers – both technically and financially.
• Parallel structures instead of strengthening proven methods: A new EU centre threatens to duplicate and slow down established, functioning complaint and deletion channels (e.g., the INHOPE network) instead of strengthening them.

eco Board Klaus Landefeld: “Child protection needs effective measures – not symbolic politics. We need better international removal processes, more personnel and technical resources for investigators, and targeted prevention and education work. eco has been operating a Complaints Office (also known as a hotline) for around 30 years, which deals with combatting illegal Internet content on a daily basis. So we know what we’re talking about when we say: an infrastructure for indiscriminate mass surveillance does not help victims – it only endangers the safety of everyone.”

eco calls for a five-point course correction to the EU CSAM Regulation

1. A clear rejection of indiscriminate scans of private communications – even “only” for known CSAM content.
2. No weakening of end-to-end encryption – neither through client-side scanning nor through other circumvention techniques.
3. Strengthening proven structures: consistent international deletion, faster legal assistance, close cooperation with hotlines and law enforcement.
4. Focus on prevention and investigation: invest resources in undercover investigations against perpetrator structures, victim protection, media literacy and counselling.
5. SME-appropriate regulation instead of blanket obligations that slow down innovation and diversity in the European digital ecosystem.

Background: eco Complaints Office achieves 99 per cent deletion rate

The Complaints Office of eco – Association of the Internet Industry has been working with law enforcement agencies and international partners for over 25 years to combat illegal online content. The current 2024 annual report shows the high effectiveness of existing structures:

In 2024, 25,893 reports of potentially criminal or youth protection-related content were investigated. In 42 per cent of cases, a legal violation was found – and in 99 per cent of the cases reported, deletion was achieved.

The figures prove that effective child protection works even without indiscriminate surveillance. To the eco Complaints Office Annual Report 2024 »

With regard to the upcoming Council meeting on 14 October, eco calls on the German federal government and Member States to unequivocally reject any approval of scans of private communications without exception and to actively support child protection measures that are both effective and compatible with fundamental rights.