Claim analyzed

Politics

“The European Union is planning to require AI-based scanning of all users' messages on private messaging apps such as WhatsApp.”

Submitted by Noble Dolphin c360

Mostly False
4/10

The claim exaggerates both the current EU position and the scope of the proposal. An earlier Commission draft did contemplate detection orders that critics said could lead to chat scanning, but later Council and Parliament positions rejected blanket scanning and moved away from mandatory scanning of encrypted messaging. The evidence does not support a current EU plan to scan all users' private messages on apps like WhatsApp.

Caveats

  • The claim treats an earlier Commission proposal as if it were the EU's current settled plan, ignoring later changes in Council and Parliament positions.
  • “All users' messages” is not supported by the legislative texts; the debated mechanism was detection orders, not an explicit universal scanning mandate.
  • Commentary from advocacy groups and campaign sites often uses alarmist shorthand such as “chat control,” which can blur the difference between proposed, revised, and rejected provisions.

Sources

Sources used in the analysis

#1
EUR-Lex (European Commission proposal) 2022-05-11 | Proposal for a Regulation laying down rules to prevent and combat child sexual abuse (COM/2022/209 final)

The European Commission’s 2022 proposal for a Regulation on preventing and combating child sexual abuse (CSA Regulation) would allow national authorities to issue ‘detection orders’ requiring providers of interpersonal communication services to detect online child sexual abuse on their services, including in end-to-end encrypted environments. The proposal states that providers must deploy technologies capable of detecting known and new child sexual abuse material and grooming in the communications they transmit or store, and that these detection orders may cover all users of a given service when justified. Because end-to-end encryption prevents server-side scanning, the practical effect is that providers of encrypted messaging services would need to implement some form of on-device or client-side scanning to comply with such orders.

#2
European Commission 2024-03-06 | Fighting child sexual abuse online

The Commission explains that its 2022 proposal for a Regulation to prevent and combat child sexual abuse would require certain online services to detect and report child sexual abuse online. It states that under the proposal, "detection orders" can be issued by courts or independent administrative authorities, obliging providers to detect known and new child sexual abuse material and grooming on their services. The page notes that these obligations can apply to **interpersonal communication services** (private messaging apps) when there is evidence of misuse, and that providers would be required to use "proportionate and sufficiently reliable technologies" to comply with detection orders.

#3
Council of the European Union 2025-02-15 | Combat child sexual abuse online: Council agrees mandate for negotiations with the European Parliament

On 15 February 2025 the Council agreed its negotiating position (general approach) on the proposed regulation to combat child sexual abuse. The press release says the text introduces a system of **detection orders** under which service providers can be obliged, as a last resort and under strict conditions, to detect online child sexual abuse material. According to the Council, detection orders would be targeted and limited in time, and would only be issued where there is evidence of a significant risk that a given service is being used for the dissemination of child sexual abuse material. It also notes that end-to-end encrypted services are not excluded a priori from the scope of detection orders, but any obligation must respect the essence of encryption and fundamental rights.

#4
European Parliament 2023-11-16 | How the EU is fighting child sexual abuse online

The article explains Parliament’s work on the Regulation to combat child sexual abuse. It states that Members of the European Parliament (MEPs) "do not endorse widespread web scanning, blanket monitoring of private communications or the creation of backdoors in apps to weaken encryption." It further explains that providers would have to carry out risk assessments and apply mitigation measures, and that detection orders could be issued only as a last resort "if there is reasonable suspicion that individual users or groups are linked to child sexual abuse material", with "end-to-end encrypted communication and text messages excluded from their scope."

#5
European Commission 2022-05-11 | Proposal for a regulation laying down rules to prevent and combat child sexual abuse

In May 2022, the Commission proposed a Regulation to prevent and combat child sexual abuse online. The proposal would oblige certain online service providers, including hosting and interpersonal communication services, to "detect, report and remove" child sexual abuse material when ordered to do so. The Commission’s factsheet describes that competent national authorities could issue "detection orders" requiring providers to use technologies to detect known or new CSAM or grooming, but stresses that such orders must be targeted, time-limited, and subject to judicial or independent administrative authorisation, not a general obligation to monitor all communications.

#6
EUR-Lex 2021-07-14 | Regulation (EU) 2021/1232 on a temporary derogation from certain provisions of Directive 2002/58/EC

Regulation (EU) 2021/1232, known as the interim derogation to the ePrivacy Directive, allows providers of number-independent interpersonal communications services to "continue the voluntary use of specific technologies" to detect online child sexual abuse on their services. Article 3 clarifies that the Regulation "does not impose an obligation" on providers to use such detection technologies; it merely provides a temporary legal basis for voluntary detection and reporting measures that some providers already apply.

#7
European Parliamentary Research Service 2023-12-01 | Proposal for a regulation laying down the rules to prevent and combat child sexual abuse (CSA)

The study explains that, for CSAM to be detected as per the measures laid down by the CSA proposal, “the communications of users need to be monitored for the types of content identified in the proposal.” It notes that the proposed detection orders “will significantly affect the confidentiality of communications,” and that “with regard to obligations on scanning the content of interpersonal communications by interpersonal communications providers … the analysis shows that the proposed rules compromise the essence of the fundamental right to privacy in the form of confidentiality of communications.” The report specifically flags client-side scanning, stating that “client-side scanning poses substantial vulnerabilities to attacks and abuse” and that extending scanning from servers to users’ devices would create new on‑device security risks.

#8
Council of the European Union 2024-11-26 | Protecting children from sexual abuse: Council agrees its position on the proposed regulation

On 26 November 2024, the Council agreed its general approach on the proposed regulation on preventing and combating child sexual abuse. The Council’s position “removes the mandatory detection obligations” that were present in the Commission’s original proposal and “does not foresee detection orders for end-to-end encrypted communications.” Instead, providers of interpersonal communications services are required to carry out risk assessments and take ‘reasonable mitigation measures’, but the use of detection technologies is framed as voluntary for non‑encrypted communications. The text also includes language that detection measures “shall not weaken or circumvent end‑to‑end encryption.”

#9
European Parliament 2024-04-24 | European Parliament legislative resolution of 24 April 2024 on the proposal for a regulation laying down rules to prevent and combat child sexual abuse

In its first-reading position adopted on 24 April 2024, the European Parliament significantly amended the Commission proposal. The resolution states that the Parliament opposes "general and indiscriminate scanning" of private communications and removes any obligation for providers to scan content of end-to-end encrypted communications. It provides that detection orders must be targeted, based on specific and documented risks, and that "providers of interpersonal communications services offering end-to-end encryption shall not be required to weaken or circumvent encryption". Parliament’s text restricts scanning primarily to images and URLs and emphasises that text and voice communications should not be subject to generalised detection.

#10
European Digital Rights (EDRi) 2025-11-27 | Chat Control is in the final stretch – but it could be a marathon, not a sprint

EDRi summarizes the latest Council position on the Child Sexual Abuse Regulation (CSAR), noting that "this unexpected but welcome agreement in Council means that any final deal on the CSA Regulation should not include provisions that could force services like Signal or WhatsApp to scan all their users’ private messages." It also states that the Council "no longer wants any mandatory scanning, proposing instead a permanent ‘voluntary’ scheme" similar to the earlier ePrivacy derogation, where providers may choose to scan under certain conditions but are not obliged to scan all communications. EDRi contrasts this with Parliament’s position, which allows mandatory scanning only in narrow, suspicion-based circumstances, saying Parliament "does want mandatory scanning, but only in narrow circumstances, where there is reasonable suspicion of a crime (similar to the idea of a warrant)."

#11
Electronic Frontier Foundation 2026-04-09 | EU Parliament Blocks Mass-Scanning of Our Chats—What's Next?

EFF reports that the European Parliament "has dealt a real blow to voluntary mass-scanning of chats by voting to not prolong an interim derogation from e-Privacy rules in the EU. These rules allowed service providers, temporarily, to scan private communication." It stresses that in the EU, "the general and indiscriminate scanning of people’s messages is not legal" without a specific legal basis, and that the e-Privacy derogation that gave limited cover for such scanning "has now expired." EFF notes that the broader "Chat Control" proposal to mandate detection of child sexual abuse material is still being negotiated, but that "the most controversial idea, the forced requirement to scan encrypted messages, was given up by EU member states" in Council discussions.

#12
Max-Planck-Gesellschaft 2025-02-18 | More monitoring, but not more protection

A Max Planck Society analysis of the Council’s ‘chat control’ compromise notes that “a proposal by the Council of the European Union on chat monitoring, aimed at preventing the distribution of Child Sexual Abuse Material (CSAM), is now entering trilogue negotiations between the Council, the European Commission, and the European Parliament.” It explains that “the draft drops the earlier plan for mandatory surveillance. Instead, messaging services such as WhatsApp and Signal would be allowed to voluntarily install software for automated chat monitoring, and the scope of such monitoring could even be expanded.” The article adds that to allow authorities to search encrypted messaging services, “the proposal relies on a controversial technology known as client-side scanning,” where detection software is embedded in the app or operating system and scans content on the device before encryption.

#13
TechGDPR 2026-04-15 | EU Chat Control Regulation: Privacy vs. Security Explained

TechGDPR explains that the original 2022 Chat Control proposal from the European Commission would have allowed or required providers to scan users’ messages, including private communications, for child sexual abuse material. It notes that after criticism, the proposal was significantly changed, and "as of 2025, the detection order provision was eliminated, instead opting for a risk-based approach: whereby scanning of communications was only a possible mitigation measure based on level of risk, and no longer an obligation." The article adds that additional provisions were added to ensure "the use and effectiveness of end-to-end encryption is not to be affected," and that the most controversial ‘chat control’ elements have been removed from the newest version of the Regulation’s text, even though voluntary communication scanning as a risk mitigation measure remains mentioned.

#14
European Newsroom 2024-03-15 | Privacy vs. child protection: EU's “chat control” plans split member states

The article describes the Commission’s 2022 proposal for the Regulation to Prevent and Combat Child Sexual Abuse (CSAR), often called "chat control". It notes that, according to the original proposal, online service providers such as chat apps and social networks "would have a legal obligation to search the content of messages and stored files using algorithms", including scanning both encrypted and unencrypted private messages for CSAM. The piece also reports that the latest compromise text drafted under the Danish Council presidency stated that "only images and links – not text messages – would be subject to scanning" and that the system would be activated only following a decision by an independent authority, with a Commission spokesperson quoted as saying: "under this proposal, there is no general monitoring of online communications. There will be no such thing as ‘chat control’."

#15
Global Encryption Coalition 2026-01-10 | GEC Steering Committee Statement on Council of the EU Position on the European CSA Regulation

The Global Encryption Coalition notes that “previous versions of the proposal would have forced providers of encrypted communication services to introduce client side scanning capabilities to scan their users’ messages for such material.” It states that in the Council’s 26 November 2024 position, “it removes mandatory detection obligations that would have required providers to indiscriminately scan personal communications for child sexual abuse material, including in end-to-end encrypted environments.” The statement describes the new approach: “By making the use of detection technologies voluntary rather than mandatory, providers will no longer be forced to undermine the strong encryption that they offer their customers,” although the Council text requires risk assessments and allows voluntary scanning of non‑encrypted private messages, and obliges the Commission to reassess “the necessity and feasibility of making detection obligations mandatory” three years after entry into force.

#16
European Digital Rights (EDRi) 2024-10-03 | Chat Control: What is actually going on?

EDRi describes the original Commission CSA Regulation proposal by saying that “under the proposal, the private communications of innocent people would be scanned with unreliable AI filters just in case they’re spreading CSAM. This is textbook mass surveillance.” It notes that “the proposal requires this to be done by end-to-end encrypted message services like WhatsApp and Signal,” and warns that “technologists around the world have been crystal clear that this cannot be done without compromising the integrity of these services. It would be like deploying personalised spyware to millions of people’s devices.” EDRi stresses that the law is still a draft: “The good news, however, is that the Chat Control bill still has several legislative hurdles to cross before it can become law. It hasn’t even reached final negotiations (aka trilogues) yet – and there’s a chance it won’t.”

#17
Electronic Frontier Foundation 2025-12-09 | After Years of Controversy, the EU's Chat Control Nears Its Final Hurdle: What to Know

EFF reports that the European Commission’s ‘Chat Control’ plan “would mandate mass scanning and other encryption-breaking measures,” but notes that in the Council’s agreed position “the good news is that the most controversial part, the forced requirement to scan encrypted messages, is out.” It explains that “the Council agreed on its position, which removed the requirement that forces providers to scan messages on their services,” and that the text includes “strong language to protect encryption.” However, it warns that the Council’s version still “allows for ‘voluntary’ detection, where tech platforms can scan personal messages that aren’t end-to-end encrypted,” and calls for clearer assurances that “client-side scanning cannot coexist with encryption.”

#18
Help Net Security 2026-01-12 | EU's Chat Control could put government monitoring inside robots

Help Net Security describes the evolution of the EU Chat Control (CSAR) proposal, stating that "early versions allowed authorities to require communication providers to scan messages, including encrypted content" as part of a mandatory framework against online child sexual abuse. It reports that after heavy criticism and political pushback, "the Council revised the proposal in late 2025" and that in the revised approach, "explicit scanning mandates were removed, and the system shifted toward risk assessments and mitigation duties" rather than blanket obligations to scan all communications. The article nevertheless warns that depending on implementation, providers could still adopt scanning technologies in some contexts under the new framework.

#19
EU Perspectives 2026-03-28 | MEPs vote to extend 'Chat Control' rules to 2027, but limit scanning

EU Perspectives reports that the European Parliament voted to extend the EU’s temporary legal exemption allowing platforms to voluntarily detect and report child sexual abuse material in private communications, known as ‘Chat Control 1.0’, "until August 2027 while negotiations continue." It notes that this extension concerns voluntary scanning by providers, not a new mandatory regime, and that Parliament simultaneously adopted an amendment stating that "scanning of private communications should apply only to users or groups suspected of CSAM and authorised by a competent judicial authority." The article explains that this amendment reflects Parliament’s position for the permanent CSAR framework, which favours targeted, suspicion-based scanning with judicial oversight rather than general scanning of all users’ messages.

#20
CEDMO Hub 2026-03-30 | Chat Control 2.0: Six out of ten Europeans believe it will improve online safety, while one-fifth are willing to protest against this regulation

CEDMO describes the temporary ePrivacy derogation (Chat Control 1.0) that allowed voluntary scanning by providers as a stopgap measure that "is valid until Friday, April 3, 2026, after which it will expire without replacement" unless extended. It notes that "the European Commission’s proposal to extend its validity until August 2027 was rejected by the European Parliament in March," meaning that the temporary legal basis for voluntary scanning of private communications under Chat Control 1.0 is set to lapse. The article highlights that the permanent legal framework, known as Chat Control 2.0 or the Child Sexual Abuse Regulation (CSAR), "is under discussion" and has become highly controversial over potential impacts on encrypted messaging, but that its final form and obligations are not yet decided.

#21
Wikipedia 2025-11-10 | Chat Control

The article explains that the Regulation to Prevent and Combat Child Sexual Abuse (CSAR), commonly known as "Chat Control", was proposed by the European Commission in May 2022. It notes that the purpose of CSAR is "to make it mandatory for service providers to scan messages for CSAM, and to bypass end-to-end encryption." It summarises critics’ concerns that the proposal would "effectively mandate mass scanning of all private digital communications" and enable "generalized, indiscriminate surveillance." The entry also records that, as of mid‑2024 and into 2025, the proposal faced strong opposition in the Council, with several governments announcing they would vote against it and some later texts moving away from mandatory scanning.

#22
LinkedIn (Internet Watch Foundation commentary) 2025-03-05 | Why the EU's temporary law allowing companies to detect child sexual abuse material online matters

This expert explainer on the EU’s interim derogation notes that, under EU privacy law, services are generally not allowed to scan the content of electronic communications, which created uncertainty about voluntary CSAM detection tools. It explains that the temporary derogation "allows companies to continue using technologies" such as hash lists to detect and report CSAM while remaining compliant, but "does not require companies to ‘scan’ messages". The author adds that the measure is a stop‑gap while the EU negotiates a permanent Child Sexual Abuse Regulation, and that the Commission has proposed extending the interim rules until 2028 without asking companies "to do anything new or different" beyond existing voluntary detection.

#23
Nord Security Blog 2024-09-12 | Chat Control returns – Why Europe must reject client-side scanning

This explainer on the EU ‘Chat Control’ debate states that the CSA Regulation draft introduced in May 2022 “set out to mandate sweeping detection, reporting, and removal obligations across messaging and hosting services,” with the “enforcement spine of the proposal” being client-side scanning. It describes client-side scanning as software on a user’s device that “reviews messages, photos, voice notes and links in the clear before end-to-end encryption can even begin, and potentially again on receipt of a message,” generating reports when content is flagged. The article argues that, applied across hundreds of millions of devices, this amounts to “continuous screening of the whole population’s private communications,” and notes that EU data protection authorities have warned that such detection orders would intrude deeply into privacy and raise serious necessity and proportionality concerns.

#24
Patrick Breyer (MEP website) 2025-12-01 | Chat Control: The EU's CSAM scanner proposal

German Pirate Party MEP Patrick Breyer describes the Commission’s CSAM proposal as obliging providers "to search all private chats, messages, and emails automatically for suspicious content" using automated tools. He writes that the proposed legislation "allows the searching of all private chats, messages, and emails" for illegal depictions of minors and grooming, enabling providers like Facebook Messenger and Gmail "to scan every message for suspicious text and images" in a fully automated process, partly using error-prone artificial intelligence. Breyer notes that after protests, "mandatory chat control was removed" from the EU governments’ draft law in late 2025, but argues that revised versions still permit broad scanning at providers’ discretion.

#25
Tech Policy Press 2023-11-02 | How Europe's “Chat Control” Regulation Could Compromise American Communications

The article explains that the EU’s proposed Regulation to Prevent and Combat Child Sexual Abuse, known as "Chat Control", would establish a detection framework requiring platforms to scan communications for child sexual abuse material. It notes that platforms using end-to-end encryption, including WhatsApp, Facebook Messenger and other services based on the Signal Protocol, "would be required to insert a pre-encryption scanning layer" under the Commission’s original vision. Every time a user composes a message or attaches media, the content would be analysed against CSAM databases and AI detection models before encryption, with flagged content transmitted to EU authorities. The author underlines that this is a regulation, so once adopted it would apply directly and uniformly across all 27 EU member states.

#26
Fight Chat Control campaign 2024-06-01 | Fight Chat Control - Protect Digital Privacy in the EU

The civil society campaign site summarises the original Commission proposal as one that “would legalise scanning of all private digital communications, including encrypted messages and photos.” It warns that the regulation would allow or require providers of messaging, email, and other communication services to use automated tools to detect child sexual abuse material and grooming in users’ private communications. The campaign argues that this would, in practice, mean “mass surveillance of personal messages” and would undermine end-to-end encryption by obliging providers to implement scanning either on their servers or directly on users’ devices.

#27
Mullvad VPN 2024-02-29 | The chat control proposal does not belong in democratic societies

Mullvad, a privacy-focused VPN provider, writes that the European Commission is working on legislation called chat control. According to their description, if the law takes effect "all EU citizens will have their communications monitored and audited". They say chat control would involve total interception of private communication, with providers being forced to scan messages, images and other content using automated tools to detect child sexual abuse material. The company warns that this would effectively end secure private messaging and mass-surveil users on platforms such as WhatsApp and Signal.

#28
LLM Background Knowledge 2026-02-01 | Status of EU CSAR negotiations and impact on private messengers

As of early 2026, the EU’s Regulation to Prevent and Combat Child Sexual Abuse (CSAR) has not been finally adopted and remains under negotiation between the Council and Parliament. WhatsApp and other private messaging apps are not yet legally required by EU law to conduct AI-based scanning of all users’ messages; any detection that occurs is based on providers’ existing voluntary safety measures under the interim derogation. Proposals in Council and Parliament have moved away from explicit, universal obligations to scan all encrypted messages, in part due to legal and political concerns about mass surveillance and encryption backdoors.

#29
Reddit 2026-02-10 | EU Chat Control (CSAR): What is the current status and should we be worried about a new push in 2026?

A detailed summary post on r/privacy, citing official documents and news, states that trilogue negotiations on the CSA Regulation are underway and that "most Members of the European Parliament (MEPs) oppose any form of mass scanning, with the exception of the EPP group." The post explains that the Parliament’s position is for "targeted scanning only as a last resort, requiring a court order and aimed at specific individuals or groups (note that end-to-end encrypted apps would be excluded)." It also notes that a recent Council vote failed to approve a compromise text, primarily because of opposition to client-side scanning, and concludes that while the initiative is not dead, "the outcome of the trilogues remains uncertain" and no general obligation to scan all users’ messages has been agreed.

Full Analysis

The arguments

Two AI advocates debated this claim using the research gathered.

Argument for

P
Proponent Argues TRUE

The European Commission's CSA Regulation proposal explicitly empowers authorities to issue “detection orders” to interpersonal communication services and contemplates compliance even in end-to-end encrypted contexts—practically implying client-side/on-device AI scanning of users' communications, potentially covering all users of a service when justified (Source 1, EUR-Lex COM/2022/209; Source 2, European Commission). Multiple independent analyses and summaries of the Commission's original plan describe it as a legal obligation to algorithmically search private messages (including encrypted ones) for CSAM and grooming—i.e., a plan to require AI-based scanning on apps like WhatsApp (Source 7, EPRS; Source 14, European Newsroom; Source 25, Tech Policy Press).

O
Opponent Rebuttal

The Proponent's argument relies on the European Commission's outdated 2022 draft, failing to acknowledge that the EU's legislative process has since eliminated these mandatory scanning requirements. As documented by the Council of the European Union in Source 8 and Source 15, the revised position completely removes mandatory detection obligations for encrypted services and explicitly protects end-to-end encryption from being weakened or circumvented.

Argument against

O
Opponent Argues FALSE

The claim that the European Union is planning to require AI-based scanning of all users' messages is false, as the EU has officially abandoned mandatory scanning requirements. According to the Council of the European Union in Source 8 and Source 10, the revised legislative position completely removes mandatory detection obligations for end-to-end encrypted communications, shifting instead to a voluntary, risk-based framework that explicitly protects encryption.

P
Proponent Rebuttal

The Opponent commits a bait-and-switch by treating the Council's later negotiating line as if it negates the existence of an EU plan, even though the Commission's formal proposal—the EU's initiating legislative plan—explicitly empowers “detection orders” on interpersonal communications services and contemplates compliance in end-to-end encrypted contexts, which in practice implies client-side/on-device AI scanning and can extend service-wide when justified (Source 1, EUR-Lex COM/2022/209; Source 2, European Commission). Moreover, even the Council's own communications concede encrypted services are not categorically out of scope for detection orders (Source 3, Council of the EU), so citing Source 8 and Source 10 as “abandonment” overstates a still-unsettled negotiation and does not rebut that the EU has been planning (via the Commission proposal) to require scanning on apps like WhatsApp.


Expert review

3 specialized AI experts evaluated the evidence and arguments.

Expert 1 — The Logic Examiner

Focus: Inferential Soundness & Fallacies
Mixed
5/10

The pro-claim chain is: the Commission's 2022 CSAR proposal creates “detection orders” for interpersonal communications services and contemplates operation even with end‑to‑end encryption, which would practically imply some form of client-side/on-device scanning and could, in some readings, be service-wide (Sources 1-2, with contextual critique in Source 7). However, the claim asserts the EU is planning to require AI scanning of all users' messages, and the evidence shows the legislative process has moved away from blanket/mandatory scanning—Council and Parliament positions explicitly reject general/indiscriminate scanning and (in their texts/positions) remove or exclude E2EE from mandatory detection orders (Sources 8-9, also 3-5), so the conclusion “EU is planning to require scanning of all users' messages” does not follow from the current state and overextends even the original proposal's conditional, order-based mechanism.

Logical fallacies

Equivocation / bait-and-switch on 'EU is planning': treating the Commission's initial proposal as equivalent to the EU's current plan despite later Council/Parliament positions changing the operative approach (Sources 8-9).Overgeneralization: inferring 'all users' messages' from a framework of targeted, time-limited detection orders that may be broad in some cases but are not established as universal blanket scanning (Sources 3-5).Modal scope error: moving from 'could be required under certain orders/versions' to 'is planning to require' as a definite, general requirement.
Confidence: 8/10

Expert 2 — The Source Auditor

Focus: Source Reliability & Independence
Mostly False
4/10

The most authoritative sources here are official EU institutional documents: EUR-Lex (Source 1), the European Commission (Sources 2, 5), the Council of the EU (Sources 3, 8), and the European Parliament (Sources 4, 9). These high-authority sources collectively show that while the Commission's 2022 proposal did contemplate detection orders that could require scanning of private messages including in encrypted environments, the legislative process has significantly evolved. The Council's November 2024 position (Source 8) explicitly removes mandatory detection obligations for end-to-end encrypted communications, and the Parliament's April 2024 position (Source 9) opposes general and indiscriminate scanning. As of the current date (June 2026), the EFF (Source 11) confirms the interim derogation has expired and that forced scanning of encrypted messages was dropped by EU member states. The claim as stated — that the EU 'is planning to require AI-based scanning of ALL users' messages' — is misleading: the original 2022 Commission proposal did contemplate broad detection orders that could functionally require scanning, but the current state of negotiations has moved decisively away from mandatory universal scanning, with both Council and Parliament positions rejecting blanket obligations. The claim conflates the original proposal with the current legislative trajectory, and overstates the scope by saying 'all users' messages' when even the original proposal required targeted, judicially authorized orders. Weakest sources include the advocacy/campaign sites (Sources 26, 27), the Reddit post (Source 29), and the MEP's personal website (Source 24), which present the most alarmist framing without nuance about the legislative evolution.

Weakest sources

Source 26 (Fight Chat Control campaign) is a civil society advocacy site with a clear political agenda against the regulation, presenting the original proposal in maximalist terms without acknowledging subsequent legislative changes.Source 27 (Mullvad VPN) is a commercial VPN provider with a direct financial interest in opposing surveillance legislation, and its description of the proposal as mandating monitoring of 'all EU citizens' is not supported by the more authoritative institutional sources.Source 24 (Patrick Breyer MEP website) is a personal political website of an MEP with a stated opposition to the regulation, representing a partisan perspective rather than neutral analysis.Source 29 (Reddit) is a user-generated summary post with no editorial oversight, and while it cites official documents, it lacks the authority of primary institutional sources.
Confidence: 9/10

Expert 3 — The Precision Analyst

Focus: Claim Precision & Quantitative Accuracy
Mostly False
3/10

While the European Commission's original 2022 proposal sought to allow broad detection orders (Source 1, Source 2), subsequent legislative negotiations by the Council and Parliament have explicitly rejected and removed mandatory scanning requirements for end-to-end encrypted messaging apps like WhatsApp (Source 8, Source 9, Source 10). Because the EU's active legislative plans have moved away from mandatory scanning to protect encryption, asserting that the EU is planning to require scanning of all users' private messages is inaccurate.

Precision issues

The claim overstates the current scope and status of the EU's legislative plans by presenting the discarded 2022 mandatory scanning proposal as the active, agreed-upon plan of the European Union.
Confidence: 9/10

Expert summary

See the full panel summary

Create a free account to read the complete analysis.

Sign up free
The claim is
Mostly False
4/10
Confidence: 9/10 Spread: 2 pts

Your annotation will be visible after submission.

Embed this verification

Every embed carries schema.org ClaimReview microdata — recognized by Google and AI crawlers.

Mostly False · Lenz Score 4/10 Lenz
“The European Union is planning to require AI-based scanning of all users' messages on private messaging apps such as WhatsApp.”
29 sources · 3-panel audit · Verified Jun 2026
See full report on Lenz →