For the better part of three decades, the so-called 'crypto wars' have followed a predictable arc: a government demands a way to read encrypted communications, technologists explain that selectively breaking encryption breaks it for everyone, and policymakers eventually retreat — until the next cycle. Europe is now firmly in the next cycle. The European Commission's ProtectEU internal security strategy, unveiled in April 2025, committed the bloc to a Technology Roadmap on Encryption that is now moving into its substantive 2026 phase, with expert groups tasked to find technical and legal mechanisms for 'lawful and effective access' to encrypted data by law enforcement.
Layered on top of the still-unresolved Child Sexual Abuse Regulation (CSAR, popularly known as 'Chat Control'), which successive Council presidencies have repeatedly tried and failed to push across the line, the message from Brussels is unmistakable: end-to-end encryption is back on the table as a political problem to be solved. From a pro-innovation, pro-speech standpoint, that framing is the problem.
What ProtectEU Actually Proposes
The ProtectEU strategy is broader than encryption — it covers hybrid threats, organised crime, and critical infrastructure — but its encryption workstream has drawn the most scrutiny. The Commission has not (yet) proposed mandating backdoors. Instead, it has asked technical experts to map options for access to data 'in transit and at rest,' with a Technology Roadmap expected to inform legislative proposals later in the term.
That bureaucratic restraint is real, but it should not be mistaken for neutrality. As civil society groups including European Digital Rights (EDRi) have noted, the entire premise of the roadmap is that 'lawful access' is achievable without weakening the security properties that make encryption useful in the first place. Three decades of cryptographic research suggest otherwise.
The Math Has Not Changed
The argument against exceptional access mechanisms — whether implemented as key escrow, 'ghost user' participation in group chats, or client-side scanning — is not a political preference. It is a technical conclusion. A widely cited 2015 paper by leading cryptographers including Hal Abelson, Ross Anderson, Whitfield Diffie, Ronald Rivest and Bruce Schneier — 'Keys Under Doormats' — concluded that mandated access would introduce systemic vulnerabilities, increase complexity in ways that breed bugs, and create high-value targets for hostile actors.
Nothing in the intervening decade has falsified that conclusion. If anything, the steady drumbeat of breaches at telecoms, cloud providers, and government agencies has reinforced it. Any 'lawful access' interface is, by definition, an access interface — and access interfaces get abused, leaked, or stolen.
The Chat Control Shadow
The CSAR file makes the stakes concrete. Originally proposed by the Commission in 2022, the regulation would require providers of messaging and hosting services to detect known and novel child sexual abuse material, and in some versions also grooming behaviour. Because much of the targeted content moves through end-to-end encrypted services, compliance would in practice require client-side scanning — software on the user's device that inspects messages before they are encrypted.
Repeated qualified-majority pushes under the Belgian, Hungarian, and most recently Danish presidencies have stalled, with Germany, the Netherlands, Poland and others raising fundamental rights concerns. The European Data Protection Supervisor and Board have issued a joint opinion warning that the proposal, as drafted, would not survive proportionality review. Signal President Meredith Whittaker has publicly stated that Signal would withdraw from EU markets rather than implement client-side scanning. WhatsApp has signalled similar reluctance.
Mandating that a private message be inspected on the sender's device before it is sealed is not a workaround for end-to-end encryption. It is its abolition, dressed in friendlier language.
What Proportionate Regulation Would Look Like
None of this means law enforcement concerns are illegitimate. Serious crimes — including child sexual exploitation, terrorism financing, and organised fraud — do move through encrypted channels. But a proportionate response starts by asking what tools already work, rather than what new powers would be convenient.
- Metadata and lawful interception of unencrypted signalling, account information, and transaction data remain enormously productive for investigators, as the EncroChat and Sky ECC takedowns demonstrated — both achieved without weakening consumer encryption.
- Targeted device access under judicial authorisation, using lawful hacking against specific suspects, is more invasive than bulk client-side scanning but far less corrosive of systemic security.
- Investment in human-led investigation, financial intelligence, and victim-centric reporting channels — the kinds of capacities Europol and national agencies have repeatedly said they need — addresses harm without conscripting messaging apps into a surveillance role.
A Competitiveness Question, Too
There is a competitiveness dimension Brussels rarely acknowledges. Europe is simultaneously trying to position itself as a trusted home for cloud, AI, and digital identity services — the entire premise of the EU Digital Decade and the recent EuroStack debate. A regime in which messaging providers must architect access mechanisms for European users, or in which device manufacturers must ship scanning software by law, is not a regime that attracts the next generation of privacy-respecting infrastructure. It is one that exports it.
If the ProtectEU Technology Roadmap produces a serious, honest report, it will likely conclude what every previous expert review has concluded: there is no technically sound way to give law enforcement a key that adversaries cannot also use. The right response is not to commission a fifth opinion until one says otherwise. It is to invest in the investigative capacities that work, drop the CSAR client-side scanning mandate, and let Europe's encryption stack remain one of the few parts of the internet's trust layer still worth exporting.