Loading prices…
STKR NewsSTKR News0 of 3 free this month
Markets

EU parliament passes ‘chat control,’ allowing private chat scans until 2028

The European Parliament extended rules allowing providers to scan private messages until 2028, creating a temporary carve-out for encryption that feels more like a stay of execution than a win.

Originally on Cointelegraph
AB

Adrian Boysel

Contributor

Jul 10, 2026

4 min read

Photo illustration / STKR News

The Illusion of Temporary Measures

The European Parliament just signed off on a three-year extension of the legislation commonly referred to as Chat Control. Officially, this is a derogation from privacy laws intended to let tech companies scan private communications for child sexual abuse material. On paper, it sounds like a necessary evil to protect the vulnerable. In practice, it is a persistent crack in the door for mass surveillance that builders and privacy advocates have been trying to slam shut for years.

What is particularly striking about this move is the timeline. The extension pushes the current status quo out to April 2028. This is not a long-term solution; it is a stay of execution. By kicking the can down the road, the EU is admitting it has no idea how to balance public safety with the fundamental right to privacy. For founders in the decentralized space, this is a clear signal: the pressure on private communication is not a passing phase. It is the new baseline.

The Encryption Carve-out: A Fragile Peace

One of the more contentious updates in this specific vote involves end-to-end encryption. The parliament claims that encrypted messages are currently exempt from these scanning requirements. This is supposed to be a win for privacy-focused tools like Signal or Telegram, as well as the growing list of Web3 messaging protocols. But if you have been watching how European regulation evolves, you know that exempted for now usually means targeted for later.

The issue is that scanning for illegal material and maintaining end-to-end encryption are mathematically at odds. You cannot have a private, unbreakable tunnel between two users if a third party—even an automated bot—is peeking at the traffic. The moment you introduce a scanning mechanism, you introduce a back door. And doors, by their very nature, can be opened by anyone with the right key, whether that is a well-meaning regulator or a malicious actor.

Why Builders Should Worry

If you are building a platform today, this legislation creates a massive headache for product roadmaps. You are forced to operate in a gray area where you have to decide whether to prioritize user privacy or regulatory compliance. The EU is essentially asking tech companies to act as voluntary digital police. This creates a weird incentive structure where companies that prioritize security are penalized by being forced into legal battles, while companies that comply early effectively bake surveillance into their architecture.

As a founder, you have to ask yourself what your platform stands for. If you claim to be a champion of self-sovereignty and privacy, but you operate under a regime that demands the ability to scan user content, you are selling a lie. We are seeing a divergence in the market: those who build for the current regulatory whims of Brussels, and those who build protocols that are physically incapable of complying with surveillance overreach.

  • Compliance costs: Managing scanning tools and moderation queues is expensive and distracts from core product development.
  • User Trust: Once users know their private chats are being scanned, the psychological safety of the platform evaporates.
  • Jurisdictional Risk: Operating in the EU is becoming a liability for privacy-first startups.

The Slippery Slope of 'Just a Scan'

The core rhetoric behind Chat Control is that it only targets the worst kind of illegal content. Most people agree that stopping abuse is a noble goal. However, history shows that surveillance tools rarely remain limited to their original purpose. Once the infrastructure exists to scan every image or video sent in a private message, the threshold for adding new categories of illegal content drops significantly. Today it is abuse material; tomorrow it could be political dissent or unapproved financial transactions.

For the crypto community, this is a red alert. We are already dealing with intense pressure on non-custodial wallets and peer-to-peer exchanges. If the communication layer is compromised, the transaction layer follows. You cannot have a free market if the people participating in it cannot speak to each other without a government-mandated bot reading over their shoulder.

What This Means for the Future of Decentralized Messaging

We are likely to see a surge in the development of truly decentralized, metadata-minimized messaging protocols. Projects that don't just use encryption, but also obscure who is talking to whom, will become the gold standard. The EU's decision to extend these scanning powers until 2028 gives the dev community exactly four years to make these tools so robust and distributed that they cannot be shut down or censored.

This is not just about catching criminals; it is about who controls the infrastructure of human interaction. If we let the state dictate the terms of our private conversations, we have already lost the battle for decentralized finance.

The 2028 deadline is a countdown. It is the period of time builders have to create alternatives that don't rely on central servers or corporate entities that can be easily subpoenaed. The EU is betting that they can eventually force companies to break encryption. The builder community needs to bet on making encryption unbreakable.

Final Takeaway for Founders

Don't be fooled by the encryption exemption. It is a temporary truce designed to get the extension passed without too much pushback from the tech lobby. The long-term goal of the EU is clear: total visibility into digital life. If you are building a product that relies on central servers located in Europe, you are on a collision course with these laws.

Now is the time to look at zero-knowledge proofs, onion routing, and decentralized storage. The goal shouldn't be to build something that complies with the rules of 2024, but something that survives the rules of 2028. We are moving toward a world where privacy must be guaranteed by code, because it is no longer being guaranteed by law.


Read the original at Cointelegraph →

The Brief

Stay Updated on Cutting-Edge Tech

A six-minute morning dispatch on the markets and the technology shaping them.

Free. No spam. Unsubscribe anytime.

Write for STKR

Become a Contributor

Earn $STKR for published stories on markets, protocols, and culture.

  • Earn $STKR for every published piece
  • Editorial support from the STKR desk
  • Byline visibility across the network
  • First look at the upcoming creator program
Apply to Write

Keep reading

All stories

Comments

24 reader responses