Signal President Meredith Whittaker has warned that the encrypted messaging platform will exit the European Union if the proposed “Chat Control” regulation mandating client-side scanning is adopted.
Whittaker calls on Germany to drop support for the law and reconsider the possibility of a catastrophic reversal that would threaten privacy and national security.
In a published statement, Whittaker commented on reports that Germany may abandon its opposition to the EU’s Child Sexual Abuse Material (CSAM) Regulation, which would require service providers to scan users’ private messages, photos, and videos on their devices before encryption. The proposed law, pushed by the European Commission and currently being negotiated by member states, would effectively break end-to-end encryption, Whittaker said, creating vulnerabilities exploitable by attackers and undermining the security of journalists, government officials, activists, and everyday users alike.
Whittaker made clear that Signal will not build scanning systems into its app if forced to comply with the regulation.
“We will not compromise the integrity of our service, or endanger the safety of the people who rely on us around the world, often in contexts where private communications are the difference between life and death,” stated Signal’s president.
“If we were given a choice between building a surveillance machine into Signal or leaving the market, we would leave the market.”
This ultimatum comes amid reports that the German Federal Ministry of the Interior (CSU) is pressuring the Ministry of Justice (SPD) to approve the proposal during an internal government meeting on October 7. Such a shift would provide the EU Council with a majority for the first time and allow the law to move forward for approval in Brussels. The Committee of Permanent Representatives is scheduled to address the proposal on October 8, followed by a final vote at the Justice and Home Affairs Council on October 14.
Patrick Breyer, a former MEP from the Pirate Party, published internal EU documents showing that during a July 1 meeting with German child protection groups, the European Commission misrepresented the scope of the law, calling it a “more limited version” of current capabilities. Breyer calls this disinformation, pointing out that the regulation would for the first time require universal scanning of private messages and directly break end-to-end encryption.
Germany has historically opposed such measures, citing constitutional protections and the country’s historical experience with mass surveillance. The Federal Office for Information Security (BSI), the Max Planck Institute for Security and Privacy, the Chaos Computer Club (CCC), and hundreds of academics have also warned against the regulation, stating that breaking encryption increases the attack surface and exposes users to serious risk.
Under the latest draft (Council document 13095/25), the proposal claims to focus only on detecting “known” CSAM, but this is a technical distinction without substance. Scanning all private messages, even for known material, still constitutes indiscriminate surveillance. The proposal also controversially exempts communications from police, military personnel, and intelligence agencies from scanning requirements.
The Netherlands formally rejected the latest draft last week, stating that mandatory scanning of private communications remains unacceptable. A blocking minority in the EU Council is still possible, but only if countries like Germany maintain opposition.
Breyer warns that if Chat Control passes, secure messengers in Europe will disappear, leading to a “digital exile” for users and a critical loss of secure communications infrastructure.
Leave a Reply