Hmm, so this will probably make the life for those who don't scan quite hard and if they experience a high profile scandal getting out of it will not be easy I assume.

I'm not sure what to think of it, not being mandatory and requiring risk assessment sounds like "Fine, whatever don't do it if you don't want to do it but if something bad happens it's on you". May be fair to some extent, i.e. Reddit and Telegram can decide how much they trust their users not to run pedo business and be on the hook for it.

On the other hand, it is a backdoor and if the governments go crazy like they did in some other countries where high level politicians are implicated with actual pedophiles and have a tendency for authoritarianism Europe may end up having checking user chats for "enemies of the state" instead of CSAM materials. Being not mandatory here may mean that you get constant bullying because you must be hiding something.

Our government has today turned the EU into a tool for total surveillance I don't know if there can be any return from. Our democratic processes have been abused, and our politicians shown to be nothing but craven, self-interested agents of control.

Good old democracy at work.

The root question: how did an organization that ushered in things like the Euro become a body that decides whether Europeans are allowed to have personal privacy?

Here is the actual text: https://data.consilium.europa.eu/doc/document/ST-15318-2025-...

High risk classification is at the end of the text.

Some highlights of what is defined as high risk, and thus can be forced to go through mandatory scanning or forbidden:

- Encrypted messaging follows closely due to privacy concerns and the potential for misuse. Posting and sharing of multimedia content are also high-risk activities, as they can easily disseminate harmful material.

- The platform lacks functionalities to prevent users from saving harmful content (by making recordings, screenshots etc.) for the purpose of the dissemination thereof (such as for example not allowing recording and screenshotting content shared by minors)

- Possibility to use peer-to-peer downloading (allows direct sharing of content without using centralised servers)

- The platforms’ storage functionalities and/or the legal framework of the country of storage do not allow sharing information with law enforcement authorities.

- The platform lacks functionalities to limit the number of downloads per user to reduce the dissemination of harmful content.

- Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE

Also, a lot of these points do not sound like they are about the safety of children

- Platforms lack a premoderation system, allowing potentially harmful content to be posted without oversight or moderation

- Frequent use of anonymous accounts

- Frequent Pseudonymous behavior

- Frequent creation of temporary accounts:

- Lack of identity verification tools

Based on the light of the proposal, Hacker News is very dangerous place and need to have its identity verification and CSAM policies fixed, or face the upcoming fines in the EU.

More correct would be to state the in power EU governments have decided to use the EU council power to override the will of both the EU parliament and the member states' own parliaments - for now, by threatening parliament with the override.

In this context putting the entirety of the population under the suspicion of facilitating child rape is completely and utterly deranged.

The path from position to actual implementation (details) is long

And you can bet there's still a lot of opposition of people (with actual involvement in the legislative process)

And legal hurdles for implementation as well

(this all reminds me of the discussion around the copyright directive where people here were decrying it was going to be the end of memes. So, how did that go again?)

Source: Swedish national public service radio (Sveriges Radio) interviewing Jon Karlung, CEO of Bahnhof AB - a major privacy-centric and politically outspoken ISP in Sweden. Think XS4ALL (RIP) but in Sweden. Here's the interview: https://www.sverigesradio.se/artikel/efter-flera-ar-eu-overe... (Swedish speech).

Here's their blog post (in Swedish, use browser translation tools):

https://bahnhof.se/2025/11/26/eu-bromsar-chat-control/

I have the feeling this will not happen.

But unfortunately I feel like the big tech interests probably somewhat want this happen, are happy to hand the citizenry over to the state. That we won't hear much from them over this all. With some notable Signal sized / Medium Tech exceptions.

It sure does seem like there's a huge legitimacy crisis the EU council is creating around itself by going so far against the will of the people, by intruding so forcibly into literally everyone's life.

The EU ostensibly wants to improve innovation, i wonder how these new assessment regulations help with that, especially for SME and startups.