Statement to EU countries: Do not agree to mass surveillance proposal, warn NGOs


Over 80 organisations, including Statewatch, are calling on EU member states to block the proposed Child Sexual Abuse Regulation, which would fatally undermine encryption and thus the safety and privacy of all internet users. In the UK, the government has recently conceded that similar clauses in the Online Safety Bill will not be enforced until it is technologically possible to do so - which is likely to be never.

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

Image: DennisM2, public domain

This statement was coordinated by European Digital Rights. On the situation with the UK Online Safety Bill, see: A ‘spy clause’ to break encrypted texts while preserving privacy is still a dream (City A.M., 11 September)

Statement to EU countries: Do not agree to mass surveillance proposal, warn NGOs

EU countries are preparing to agree their position on the draft EU Child Sexual Abuse (CSA) Regulation, commonly known as “chat control”. [1] This proposed law is unprecedented: it could force companies to scan everyones private digital communications, on behalf of governments, all of the time.

Legal experts advising EU governments have warned that in its current form, the CSA Regulation would likely violate the rights of hundreds of millions of people in Europe, without any suspicion that they have done something wrong. [2] It could also force everyone to undergo ID checks in order to access the internet, threatening digital exclusion for those without the ‘right’ documents.

Regardless of the broad concerns raised about the CSA Regulation, [3] EU governments have so far failed to make essential changes to protect human rights, including privacy, free expression and the presumption of innocence. Nevertheless, they propose to exclude their own government communications from the rules, in a shocking admission that otherwise, the law would violate their right to confidentiality of communications. [4]

Hundreds of academics, including those from 19 EU countries, have warned that the proposal is technically dangerous and poses a serious threat to encryption. [5] This could put the 2 billion people worldwide who rely on encryption to keep their digital lives safe and secure at risk – including the very children this law aims to protect.

At least eight EU countries have reportedly attempted to address some of the major problems with the proposal. [6] Parliamentarians in the Czech Republic, Ireland, the Netherlands, Austria and France have also spoken up for their constituents against the mass intrusion of our digital private lives. [7]

Despite this, EU Home Affairs Ministers seem set to adopt a joint position on the CSA Regulation which would be illegal under EU human rights law.

As over 80 groups dedicated to upholding democracy and to protecting digital rights, the open use of the internet, human rights defenders, women and children’s rights and more, we call on all EU governments to say no to the CSA Regulation until it fully protects rights, freedoms and security online.


Pan-European and international:

  • Access Now
  • Alternatif Bilisim (AiA-Alternative Informatics Association)
  • Civil Liberties Union for Europe
  • Centre for Democracy & Technology, Europe
  • CloudPirat - Defend Your Digital Freedom
  • Committee to Protect Journalists
  • Ecoropa
  • Electronic Frontier Foundation - EFF
  • European Digital Rights (EDRi)
  • European Sex Workers Rights Alliance (ESWA)
  • The Georgia Tech Internet Governance Project
  • INSPIRIT Creatives NGO, CIVICUS Member, Human Rights & Civil Society
  • Internet Society
  • Interpeer gUG
  • International Online Safety Corp (IOSCORP)
  • Open Privacy Tech Foundation (OPTF) Ltd
  • Sex Workers' Rights Advocacy Network (SWAN)
  • Statewatch
  • Wikimedia Europe


  • Lobby4kids- Kinderlobby


  • Centre for Peace Studies
  • Politiscope


  • Iuridicum Remedium
  • NoLog s.


  • IT-Pol
  • Nejtil5dk: Videnscentret for elektro-forurening


  • Electronic Frontier Finland


  • La Quadrature du Net
  • Sherpa


  • Chaos Computer Club
  • D64 - Zentrum für Digitalen Fortschritt V.
  • Digitalcourage
  • Digitale Gesellschaft
  • German Bar Association (Deutscher Anwaltverein)
  • Gesellschaft für Informatik V.
  • Giordano-Bruno-Stiftung
  • Humanistische Union V.
  • HYDRA V. Treffpunkt und Beratung für Prostituierte
  • Komitee für Grundrechte und Demokratie
  • Whistleblower-Netzwerk


  • Homo Digitalis


  • Digital Rights Ireland
  • Irish Council for Civil Liberties


  • Privacy Network
  • SWIPE - Sex Workers Intersectional Peer Education

The Netherlands:

  • Bits of Freedom
  • Privacy First
  • Prostitution Information Center


  • Associação D3 - Defesa dos Direitos Digitais
  • Associação Portuguesa para a Promoção da Segurança da Informação (AP2SI)
  • ESOP - Associação de Empresas de Software Open Source Portuguesas
  • Internet Society Portugal Chapter


  • ApTI - Asociația pentru Tehnologie și Internet


  • Danes je nov dan, Inštitut za druga vprašanja
  • Digitas Institute
  • Digital Society Forum
  • Državljan D / Citizen D


  • The Commoners
  • ISOC-CAT (Internet Society Catalan Chapter)
  • Sindicato OTRAS
  • Xnet


  • 5 of July foundation
  • datasknet
  • Red Umbrella Sweden


  • Defend Digital Me – United Kingdom
  • Digital Society - Switzerland
  • NGO 35MM – Montenegro


  • Africa Media and Information Technology Initiative (AFRIMITI) - Nigeria
  • Digital Woman Uganda
  • Webfala Digital Skills for all Initiative – Nigeria
  • La fédération sénégalaise des acteurs de l'environnement - Sénégal
  • L'association pour la défense des droits à l'eau et à l'assainissement du Sénégal

North, Central and South America:

  • Aspiration - US
  • Fight for the Future - US
  • ISOC Brazil - Brazilian Chapter of the Internet Society
  • Internet Society chapter Dominican Republic
  • Superbloom - US


  • JCA-NET – Japan

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.

Further reading

24 May 2023

European Commission: "the content is the crime," so let's break encryption

The EU's proposed Child Sexual Abuse Material (CSAM) Regulation is perfectly legal, the European Commission has argued, in response to the Council Legal Service's arguments that the "detection orders" set out in the proposal would be illegal.

29 March 2023

EU-USA cooperation on biometric data, breaking encryption, radicalisation

The minutes of the recent EU-US Senior Officials Meeting on Justice and Home Affairs, held in Stockholm on 16 and 17 March, demonstrate cooperation on a vast range of topics - including a "proof of concept" of the "Enhanced Border Security Partnership" involving the transatlantic sharing of biometric data, the need to "reinforce law enforcement’s legitimacy to investigate" in debates around breaking telecoms encryption, and US "concerns on radicalisation among police forces."

03 October 2022

EU: Discussion on encryption ponders "retention of vulnerabilities and exploitation by the authorities"

At a recent event hosted by Europol's Innovation Hub, participants discussed questions relating to encrypted data and the ability of law enforcement authorities to access digital information. One issue raised was a possible "EU Vulnerability Management Policy for Internal Security," which could allow for "temporary retention of vulnerabilities and their exploitation by the relevant authorities." In effect, this would mean identifying weaknesses in software and, rather than informing the software developers of the problem, exploiting it for law enforcement purposes.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error