Over recent months Europe has been facing important decisions about the future of its digital infrastructure, decisions that could affect both the personal security of citizens and the competitiveness of the continent against global technology giants. At the centre of these debates sits the Danish proposal known as Chat Control, which aims to strengthen measures against child sexual exploitation through mandatory scanning of all online messages, regardless of whether they are encrypted. If adopted, this proposal could have serious consequences for decentralised communication networks in Europe, while at the same time calling into question the core principles of digital sovereignty and personal privacy.
The technical flaws of the proposal
Before discussing the political aspects, it is important to understand what the regulation actually requires. The core aim is to oblige platforms to scan user messages for illegal content, including child sexual exploitation material. This covers all types of online services, from hosting platforms to messaging apps. Although the intentions behind the regulation appear good, its technical requirements are fundamentally flawed. One of the main problems is that the proposed measures are practically impossible to implement with open, federated protocols like XMPP and Matrix, which form the basis of many decentralised communication platforms. The regulation requires companies to scan messages before they are encrypted, which is completely impossible in federated systems that do not control every client using the protocols. In all these systems, messages and media files are transmitted directly between users rather than through a server, making it unrealistic to scan all content. As a result, platforms would have to violate core data protection principles, breaking the very concept of secure and private communication.
Risks to privacy and democracy
While protecting children is unquestionably important, there is a serious risk of excessive surveillance that would affect not only criminals but ordinary citizens too. The issue is not just about preventing the spread of illegal content, but about creating a mass surveillance infrastructure that could be used for political suppression in the future. What starts as a child protection mechanism can easily be repurposed to monitor political opponents and suppress democratic discourse. When governments have the ability to scan private messages, there are no guarantees that these technologies will not be used for other purposes later, including controlling citizens and limiting freedom of expression. The proposed regulation also puts many emerging European technology alternatives at risk. Companies providing independent and decentralised solutions are in a vulnerable position, as they would have to violate core principles of their technologies in order to comply with the requirements.
Between digital sovereignty and American tech giants
The proposal puts European technology companies at a disadvantage. The regulation gives a significant advantage to American tech giants, who can adapt easily to the new requirements thanks to their closed ecosystems and considerable financial resources. Many of these platforms already have closed networks and control their clients, making them capable of complying with such requirements. European companies building decentralised and open solutions, on the other hand, will find it impossible to comply. Many independent servers running technologies like XMPP will have to shut down or accept serious compromises on user security and privacy.
The postponed vote - a chance for Europe
The vote on the proposal was postponed after Germany withdrew its support, creating a blocking minority. This provides an opportunity for the technology community to raise its concerns and inform policymakers about the realities of modern technology. The period until the end of the Danish presidency in December gives European engineers and infrastructure operators a chance to explain the technical limitations and bridge the gap between political vision and technical reality. As European companies including Proton, NordVPN and Element have stated, the goal is to build independent digital infrastructure that ensures sovereignty and meets the needs of European citizens without relying on American tech giants. Achieving that sovereignty requires preserving the principles of security and decentralisation.
Conclusion
What can we learn from current developments? Is Europe ready to learn from its own technology sector and create a strategy that supports sovereignty and security in the digital space? Or will it continue following policies that contradict its goals of independence and the protection of civil rights? Europe needs a consistent, well-thought-out strategy for digital sovereignty, one that ensures both citizen safety and freedom of communication. Technology must be built with purpose, backed by sound engineering, and must serve the democratic values of the continent.