On this page
We started Filen with a simple promise: privacy that actually holds up in the real world. That promise matters to journalists, founders, doctors, teachers, parents, and to anyone who cares about keeping personal life personal.
Right now, the European Union is currently working on a proposal often referred to as Chat Control. Its stated aim is to prevent the spread of illegal and harmful content online. While the goal is important (and we support it), the proposal would have consequences far beyond its intended target.
According to the current draft, providers of online services, including those offering encrypted communications, would be required to detect and report prohibited content, even when it is sent through private and encrypted channels (European Commission proposal, May 2022).
The law does not prescribe exactly how detection must be implemented. However, for services that use true end to end or zero knowledge encryption, the only realistic technical way to comply would be to scan files and messages on the device before they are encrypted. That conclusion is widely shared by cryptography and security researchers and by privacy focused providers. See for example the peer reviewed paper "Bugs in our pockets" and related analyses like "Client-Side Scanning"
Why this matters
- It would end true privacy
Once scanning happens before encryption, your device effectively becomes a monitoring tool. Even completely innocent personal content like vacation photos, medical documents, or private business files would be analysed before being sent or stored. Automated detection systems are imperfect and can generate false positives. Source - Backdoors are always a risk
Building scanning tools into devices creates a government mandated backdoor. History has shown that once such backdoors exist, they become valuable targets for hackers, criminals, and even foreign governments (EFF, 2021 ). A vulnerability built for one reason will eventually be used for another. - Everyone becomes a potential suspect
The proposal is not limited to people under investigation. It would apply to every user, all the time, shifting the presumption of innocence and making mass surveillance part of everyday technology (European Digital Rights, 2022). - It will not stop determined criminals
While Chat Control would harm the privacy of everyone, it will likely be ineffective against those actually engaging in illegal activity. Criminals could simply encrypt their messages themselves before sending them through a service that is complying with the law. This is easy to do with many free tools and would make their communications unreadable to detection systems. In practice, the people who would be most affected are ordinary users who are doing nothing illegal but do not want their personal data scanned.
"CSS by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which client‑side scanning can fail, can be evaded, and can be abused."
-Bugs in our Pockets: The Risks of Client-Side Scanning, 2021
"We introduce an encrypted keyboard ... enabling users to employ it across all applications ... By utilizing this encrypted keyboard, users can locally encrypt and decrypt messages, effectively bypassing the CSS system."
-Exploring Encrypted Keyboards to Defeat Client-Side Scanning in End-to-End Encryption Systems, 2023 - It threatens Europe’s tech ecosystem
Many privacy-focused companies would be forced to either compromise their products or leave the EU. This would reduce choice for users and push innovation elsewhere (Open letter on CSA regulation). (ComputerWeekly: Tech companies warn ministers over EU encryption plans)
Where things stand
There is active pressure in the Council of the EU to secure a majority. Reporting in 2025 shows that a majority of member states have leaned toward mandatory scanning at different points, while others remain opposed, and no final Council agreement has been reached yet. In short, momentum exists, but the file is contentious and not settled.
Right now the situation looks kinda bleak. As of August 2025, many EU member states have already expressed support for this proposal, making its passage far more likely.
Sources:
https://fightchatcontrol.eu/ - Brusselssignal - Heise Online
Note on numbers: some outlets and leaks have cited specific tallies of supportive governments at various times. For instance, a 2023 leak reported that 15 of 20 countries in one Council discussion supported scanning, but that was not a formal decision and is not a current official count.
Our position
At Filen we use zero knowledge encryption. That means we do not have your keys and cannot access your files.
If this proposal becomes law, the only way for us to technically comply would be to add pre encryption scanning to our apps. We believe this would destroy both the privacy and security of our service. So...
We will not do that!
If forced, we would rather leave the EU than compromise user privacy. Even though we are optimistic about overturning the law as before, we are already preparing Plans B and C to keep operating as usual. We will never scan user data!
How you can help
This is not just about Filen. It affects anyone who values the right to communicate and store information without constant monitoring.
You can take action:
- Visit https://fightchatcontrol.eu/
- Learn about the proposal
- Contact your Members of the European Parliament
- Share this with your network
Privacy is not a feature. It is a right. Once it is gone, it will not come back.
-The Filen Team
TL;DR
The EU’s proposed “Chat Control” law would require scanning all private communications, including those using end-to-end encryption, before they’re sent. This would end true privacy, create backdoors vulnerable to abuse, treat all users as suspects, and still fail to catch determined criminals who can easily bypass scanning with free encryption tools. It risks driving privacy-focused companies out of the EU. Filen will never add built-in surveillance to its apps and would rather leave the EU than compromise user privacy. Learn more and take action at fightchatcontrol.eu.
Sources overview:
European Commission proposal text on detection orders and scope (May 2022, EUR-Lex).
Peer reviewed research on client side scanning risks (Oxford University Press, 2024) and original technical paper (2021). (Other Link)
Internet Society factsheet on why client side scanning breaks end to end encryption.
EDRi analysis on mass scanning and fundamental rights.
Heise reporting on Council dynamics, showing a majority leaning toward mandatory scanning at points in 2025.
ComputerWeekly: Tech companies warn ministers over EU encryption plans
Open letter on CSA regulation
Signal on client side scanning and upload moderation (2023, 2024)
