CSAR is a proposed EU Regulation whose purpose is "to prevent and combat child sexual abuse" (procedure 2022/0155(COD))1.

Most of the public opposition to CSAR boils down to "no surveillance" as a first principle, full stop. On the other side, there are at least some documented cases where the existing, voluntary Chat Control 1.0 has helped catch people committing crimes against children — which is usually where the counter-argument lands: "yes, but we will save the kids". Both of these are too short to be useful.

Here are my notes, and a huge list of references for further investigation.

There are two similarly named EU laws

CSAR is not to be confused with the Child Sexual Abuse Directive — a separate EU law with an almost identical name, currently also under revision.2 The Directive is criminal law: it defines the offences and the penalties — what counts as child sexual abuse and how it is prosecuted. CSAR defines what online services must do about it: detection, reporting, and removal. This post is only about CSAR.

What happend on July 9?

On 9 July 2026, the European Parliament voted on a proposal to reject the Council's extension of the temporary ePrivacy derogation commonly called "Chat Control 1.0".3

Of the MEPs voting, 314 supported rejection and 276 opposed it. However, rejecting the Council text required an absolute majority of all Parliament's members — 361 votes — so the rejection failed.4 The temporary framework allowing providers to voluntarily scan certain private communications for child sexual abuse material therefore moved forward, with additional Parliament amendments intended to exclude end-to-end encrypted communications and limit the scope of scanning.

This vote concerned the temporary "Chat Control 1.0" rules, not the permanent CSAR proposal commonly called "Chat Control 2.0".

CSAR remains under negotiation and has not yet been adopted, so there is currently no confirmed date on which it will take effect.5


Scanning private communications without consent becomes legal

EU law is clear that scanning private communications is illegal without consent.6

CSAR practically changes this, by permitting "voluntary" scanning of content.7

  • before: scanning was prohibited unless covered by a (temporary) exception.3
  • after: scanning becomes an ordinary, permanent legal possibility under EU law.

Note

Even the "voluntary" version has been questioned by the Council's own lawyers, who warned that indiscriminate scanning of private communications is incompatible with EU fundamental rights.8


On-device scanning is the only technically viable option

What does scanning mean?

A chat app may scan the content (your texts, photos, videos) either on-device, in transit (as the message is transmitted) or in storage (when the message is stored in their servers).

Modern apps apply cryptography to encrypt these messages, and the strongest model is end-to-end encryption (E2EE). This means that the message is encrypted before leaving your device and it can only be decrypted on the device of the recipient. If properly implemented, it is computationally infeasible to decrypt the message without the keys stored in the recipient's device.

The initial version of CSAR did not exempt end-to-end encrypted services from detection obligations.9 In practice, complying would mean weakening encryption — for example, by adding backdoors — so that messages could be decrypted without the sender's or recipient's consent. This approach introduces many problems, including the possibility of a security leak that would jeopardize the security of every user's communications to criminals and foreign adversaries.

The Commission repeatedly stated that it was not banning end-to-end encryption. At the same time, depending on the final text, providers may be required — or permitted — to detect known CSAM (Child Sexual Abuse Material), unknown CSAM, and grooming.

Which leaves providers with only one option: scan all content, on-device, before it is encrypted.


Millions of false positives

So, your phone, or your laptop, will have to scan content you send and receive to identify CSAM.

Scanning can be classified under two categories:

  • Match a content hash (a digital fingerprint) against a database of known CSAM hashes.
  • Try to use machine learning and fuzzy algorithms to identify unknown CSAM.

The first one is a mature and very low-error method. The second one is much more prone to errors.

But here is where big numbers are important. Even 0.1% false positives, across billions of daily messages, produces enormous volumes of flagged innocent content — and every flag is a person suspected of one of the worst crimes that exist.10

That photo you sent to your doctor in a moment of despair, when the rash on your kid's belly looked extremely alarming? It could flag you in some database as a potential child offender.

Not to mention consensual sexting between teenagers. How would you feel if your 17-year-old, who is texting and exchanging photos with their partner, was accused of CSAM or grooming? In order to "protect" our kids, we may be actually harming them.

Keep in mind that wrongful suspicion is not the only consequence in these cases: flagging may lead to house searches and police database entries.11

Note

The European Parliament's own study concludes that no technology can detect CSAM or grooming without unacceptable error rates, and that consensual teen imagery is a known weak spot of the classifiers.12


CSAM scanning is an attack vector

On-device models and hash databases can be extracted and reverse-engineered.13

Perceptual hashes admit adversarial collisions — i.e. innocent-looking images crafted to match database hashes. This isn't hypothetical. Shortly after Apple announced NeuralHash in 2021, researchers demonstrated practical hash collisions.14

This is a new attack vector: an adversary can send victims content that appears innocuous but will trigger reporting. People already harass journalists by sending them CSAM and then reporting them to the authorities. Automated reporting might provide a means to scale up such attacks.

Dear politician, you will be the victim too

Keep in mind that politicians may be among the first victims of such an attack.

How would you feel if, before an important vote or election, it was relatively easy for your opponents to trigger an investigation accusing you of distributing Child Sexual Abuse Material?

Now, add to this that flagged users are not notified, cannot contest the classification, and may enter police databases as CSAM suspects on automated evidence — with downstream effects on employment vetting, custody, border crossings.9


The remedy for false positives is even worse

OK, you may say, we will put guardrails, to protect innocent citizens from being wrongfully accused. We can't entirely depend on automated systems, we will also have humans review these flags.

CSAR has this covered: flagged content may be reviewed by provider staff, by the EU Centre, and by law enforcement.9

Not really a remedy

So, the remedy for machine error is industrial-scale human reading of the most private content, and the EU Centre becomes a standing archive of Europe's most sensitive flagged material: a breach target without precedent.


Purpose creep: once the infra is in place, it can be used for any type of content

Once the technical ability, the legal framework and the legal procedures for client-side scanning against a centrally distributed database exist, extending it to other content categories is a political decision, not a technical project.15

Child sexual abuse is something everyone agrees on, so it's always the first step of such frameworks. But it is important to understand CSAR is not just a law. It is also a technical framework and infrastructure that makes flagging additional types of content just a database update.

The next target could be something more controversial, like immigration. Then maybe something even more controversial like copyrighted material. Then a vague definition of misinformation. Then some type of dangerous political speech.

You may say that most or all of these things are already covered by existing laws. But these laws have processes and visibility, cases have to be brought to justice, and they can be challenged, and the prosecuting authorities have to pick where they spend their time and resources; which is a welcome limitation that makes the system work better.

CSAR is automated enforcement: no friction, zero cost to scale. You can't sue 1,000,000 EU citizens in one afternoon, but you can easily flag them under the suspicion that they sent illegal material.


The blocklist is secret and unauditable

And, what is in the blocklist, anyway?

Ordinary users cannot inspect the hash lists the EU Centre would distribute, and independent public auditability is inherently limited — reviewing the source material (CSAM) used to build it is itself illegal.

So, we have a scanning system that we can't review what it is scanning for, and even curation errors (not to mention intentional abuse) propagate silently to every device in Europe.

If you think shadow banning in social media is bad, think about a centralized blocklist, blessed by EU Regulation, that you can't review, and which — for some weird reason — is blocking your content.

No need for bad actors

It requires no future bad actor, only ordinary bureaucratic error, for a photo or an image to be classified as suspicious.9 It could be the embarrassing photo of a politician, or a famous work of art, or just a meme.


Exporting the risk outside the EU

While EU citizens may accept that they can trust their local legal framework, messaging is global. Protocols and clients are shared.

If EU compliance weakens clients or protocols, it degrades the security of at least everyone who communicates with EU users, including journalists, dissidents, and abuse victims outside the EU whose threat models are far worse.

It also exposes EU users when they communicate with users outside the EU to these threat models too, since other jurisdictions may flag other types of content.

Worth mentioning

Podchasov v. Russia (2024)16 is the mirror image: the European Court of Human Rights found that forcing a provider to weaken encryption for all its users violates the right to respect for private life — in a case where Russia's FSB required Telegram to hand over information that would allow decrypting users' messages.


The small-provider / fediverse problem

CSAR's core obligations — risk assessment, mitigation, reporting, exposure to detection orders — apply to hosting and communication services of any size. There is no exemption for small providers, unlike other EU digital laws.17

What does a risk assessment mean for a single-admin Mastodon or Matrix homeserver? What about a decentralized, open source project? Who serves a detection order on software with no company behind it?

This leads to compliance costs only Big Tech can absorb and further centralization of communications onto the platforms whose scanning produced the justifying dataset.

I thought we wanted to disentangle from US-based Big Tech

This may be the best way to kill any EU-based startup, or open source community, building a messaging alternative and proliferate US-based services dominance.


Is it even worth it?

Client-side scanning in mainstream apps is trivially defeated by motivated users: pre-encryption, custom clients, self-hosted servers, non-compliant platforms.

Even assuming a perfect classifier, the users reliably covered are practically the ones who aren't hiding anything.

This is the big question

So, given all the risks to privacy, freedom of speech, the introduction of new attack vectors, the collateral damage caused by false positives and their mitigation mechanisms, and a system that EU citizens will rightfully distrust, is it worth it?

Are there concrete data proving that CSAR will actually have any effect in combating the sexual abuse and sexual exploitation of children?12


Further reading (secondary)

  1. European Parliament Legislative Observatory, procedure file 2022/0155(COD), "Regulation laying down rules to prevent and combat child sexual abuse": https://oeil.europarl.europa.eu/oeil/en/procedure-file?reference=2022/0155(COD)

  2. Directive 2011/93/EU on combating the sexual abuse and sexual exploitation of children — the EU's criminal-law instrument on the same subject, currently being revised ("recast") under procedure 2024/0035(COD): https://oeil.europarl.europa.eu/oeil/en/procedure-file?reference=2024/0035(COD) The recast proposal is COM(2024) 60: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2024:60:FIN

  3. Regulation (EU) 2021/1232, the interim derogation from the ePrivacy Directive ("Chat Control 1.0"): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32021R1232 Parliament voted against extending it in March 2026 and it lapsed on 3 April 2026: https://www.techradar.com/vpn/vpn-privacy-security/chat-control-eu-parliament-said-no-to-big-tech-mass-surveillance-of-your-chats-but-the-battle-for-privacy-isnt-done 2

  4. On the 9 July 2026 second-reading vote (314–276, 17 abstentions, against a 361-vote absolute-majority threshold): https://www.theregister.com/security/2026/07/09/meps-fail-to-prevent-chat-control-snoopfest-revival/5269379 Timeline of both Chat Control tracks: https://fightchatcontrol.eu/chat-control-overview

  5. Latest Council Presidency state-of-play on the CSAR negotiations (June 2026), mirrored by netzpolitik: https://cdn.netzpolitik.org/wp-upload/2026/07/2026-06-22_Council_Presidency_CSAR_State-of-play_10906.pdf An earlier June 2026 state-of-play (Council doc. 10499/26) is also mirrored there; it confirms trilogues began 9 December 2025, records provisional agreement on parts of the text, and notes the Parliament/ Council split over making the interim regime permanent: https://cdn.netzpolitik.org/wp-upload/2026/06/2026-06-22_Council_Presidency_CSAR_State-of-play_10499.pdf

  6. Directive 2002/58/EC (ePrivacy Directive), Art. 5 (confidentiality of communications): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32002L0058

  7. Council of the EU, negotiating mandate on the CSA Regulation, doc. 15318/25 (13 Nov 2025, "Danish compromise"): permanent voluntary-scanning framework, risk categories, age-verification obligations, 3-year review clause: https://data.consilium.europa.eu/doc/document/ST-15318-2025-INIT/en/pdf It was adopted on 26 November 2025 as a "Partial" General Approach (partial because the seat of the EU Centre is left open), at ambassador level without a formal public vote; Czechia, Poland, Slovakia and the Netherlands voted against, Italy abstained. See the EDRi document pool for the voting record: https://edri.org/our-work/csa-regulation-document-pool/

  8. Council Legal Service opinion, doc. 8787/23, 26 April 2023 (marked LIMITE, leaked May 2023) — generalised scanning of private communications is incompatible with Arts. 7 and 8 of the EU Charter of Fundamental Rights absent reasonable suspicion and prior judicial authorisation. The opinion also states that screening encrypted communications would leave providers three options: abandoning end-to-end encryption, introducing a back-door, or client-side scanning — i.e. the Council's own lawyers reached the same conclusion as this post's "on-device scanning is the only technically viable option". Full PDF (mirrored by Statewatch): https://www.statewatch.org/media/3901/eu-council-cls-opinion-csam-proposal-8787-23.pdf Coverage: https://techcrunch.com/2023/05/09/eu-scam-scanning-unlawful-advice/ and https://european-pirateparty.eu/leaked-eu-council-legal-analysis-chatcontrol-plans-doomed-to-fail/ The doc number is confirmed by the Council's own June 2026 state-of-play (doc. 10499/26), which cites 8787/23 directly. A subsequent Legal Service assessment found the Danish "voluntary" framework still violates fundamental rights: https://www.techradar.com/computing/cyber-security/a-political-blackmail-the-eu-parliament-is-pressing-for-new-mandatory-scanning-of-your-private-chats

  9. European Commission, Proposal COM(2022) 209 final, 11 May 2022. Risk assessment/mitigation: Arts. 3–6; detection orders: Arts. 7–11; reporting/removal: Arts. 12–15; blocking: Arts. 16–18; EU Centre and indicator databases: Arts. 40 ff. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52022PC0209 Note: these article numbers refer to the Commission's 2022 proposal. The final text is still being negotiated in trilogues (resuming September 2026), so the numbering and content of individual articles may change in the adopted regulation. 2 3 4

  10. National police statistics on the quality of automated referrals — with the honest caveat that "not actionable" is not the same as "innocent": Switzerland: a fedpol spokesperson told Tages-Anzeiger (regarding 2020) that of ~9,000 NCMEC reports received, "just under ten percent were criminally relevant". NCMEC publicly disputed this: its own visual review of every 2020 report sent to Switzerland concluded at least 63% contained CSAM under a conservative definition (https://www.missingkids.org/blog/2020/we-are-in-danger-of-losing-the-global-battle-for-child-safety). fedpol's Annual Report 2023 states it received 14,420 NCMEC reports and forwarded 1,895 to cantonal authorities for prosecution (~13%): https://fedpol.report/en/report-2023/fedpol-in-figures/paedophile-criminals-on-the-lookout/ Ireland: data obtained by ICCL and Digital Rights Ireland from An Garda Síochána (Oct 2022): of 4,192 NCMEC referrals in 2020, 409 (~10%) were actionable and 471 (11%) were verified as not CSAM (e.g. "children playing on a beach"); the rest were age-undetermined (506), IP-not-progressable (940), below threshold (606), viral (333), self-generated (75), adult (51), with 852 marked as CSAM: https://www.iccl.ie/news/an-garda-siochana-unlawfully-retains-files-on-innocent-people-who-it-has-already-cleared-of-producing-or-sharing-of-child-sex-abuse-material/ (The same release documents that the Gardaí retained the data of the wrongly flagged.) Germany: in 2024 the BKA received over 205,000 NCMEC reports; criminal relevance was established in 106,353 cases — roughly half were not criminal (netzpolitik, June 2026): https://netzpolitik.org/2026/automatisierte-falschmeldungen-bka-meldet-kinderpornografie-die-keine-ist/

  11. In Germany, an NCMEC report alone routinely serves as the basis for a house-search warrant, and the courts are split on whether that is lawful: the Regional Court of Detmold ruled that a report without further evidence does not establish sufficient initial suspicion (LG Detmold, 11.4.2022 – 23 Qs 27/22, a search of a household with seven registered residents), while the Regional Court of Bamberg considers a report matched to an IP address sufficient (LG Bamberg, 18.12.2023 – 15 Qs 86/23), and the Federal Constitutional Court has declined to object (BVerfG, 21.10.2024 – 1 BvR 2215/24). Overview with case citations: https://anwaltspraxis-magazin.de/fachbeitraege/strafrecht/2025/02/13/meldungen-des-ncmec-grundlagen-und-ideen-fuer-die-verteidigung-im-bereich-kinder-und-jugendpornografie/ For a documented false accusation by automated flagging, see the Flokinet case (June 2026): the BKA formally accused a hosting provider of distributing CSAM based on two entirely legal YouTube videos — one a documentary about composer Hans Zimmer — without having checked the content: https://netzpolitik.org/2026/automatisierte-falschmeldungen-bka-meldet-kinderpornografie-die-keine-ist/

  12. European Parliamentary Research Service, "Proposal for a regulation laying down rules to prevent and combat child sexual abuse — Complementary Impact Assessment" (April 2023), which also concludes the proposal's overall effectiveness is expected to be limited: https://www.europarl.europa.eu/RegData/etudes/STUD/2023/740248/EPRS_STU(2023)740248_EN.pdf See also EPRS briefing PE 753179: https://www.europarl.europa.eu/RegData/etudes/BRIE/2023/753179/EPRS_BRI(2023)753179_EN.pdf 2

  13. H. Abelson, R. Anderson, S. Bellovin, J. Benaloh, M. Blaze, J. Callas, W. Diffie, S. Landau, P. Neumann, R. Rivest, J. Schiller, B. Schneier, V. Teague, C. Troncoso, "Bugs in Our Pockets: The Risks of Client-Side Scanning" (2021). arXiv:2110.07450: https://arxiv.org/abs/2110.07450

  14. NeuralHash reverse-engineering and collision PoC (Aug 2021): https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX (the first collision was reported in that repository's issues).

  15. Joint statements of scientists and researchers on the proposed CSA Regulation (rounds: July 2023, May 2024, Sept 2024, Sept/Oct 2025 with 807 signatories from 37 countries, plus a 2026 round), naming function creep and abuse risk explicitly. Canonical archive: https://csa-scientist-open-letter.org (e.g. https://csa-scientist-open-letter.org/Sep2025).

  16. ECtHR, Podchasov v. Russia, app. no. 33696/19, judgment of 13 Feb 2024, on Art. 8 ECHR (right to respect for private life and correspondence). HUDOC: https://hudoc.echr.coe.int/fre?i=001-230854 Case background and third-party intervention: https://privacyinternational.org/legal-action/podchasov-v-russia

  17. Compare Regulation (EU) 2022/2065 (Digital Services Act), Art. 19, which excludes micro and small enterprises from certain obligations: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32022R2065