Proton

Last week, the Spanish Presidency of the European Council delayed a vote regarding the Council’s position on the controversial Child Sexual Abuse Regulation(new window) (CSAR) due to a lack of consensus over the issue of encryption, among others. This proposed regulation is contentious as it opens the door to a new mass surveillance regime and could force companies to scan everyone’s digital communications all the time. In other words, it threatens to effectively ban end-to-end encryption. 

Proton and others have been vocal about the dangers of this proposal. As we have discussed previously, banning encryption puts Europe’s cybersecurity (and security in general) at grave risk, undermines the competitiveness of European tech companies, and violates the basic rights to privacy that millions of Europeans have fought for. 

However, last week’s decision to delay has highlighted the differing positions of key EU Member States. As the debate continues, Proton has some specific requests for the representatives of these Member States. 

Supporting encryption

Several Member States have reportedly prevented the vote on the Council’s position from taking place on the grounds that the clauses affecting privacy will have a detrimental impact on privacy and security. We welcome this and encourage them to continue pushing for a progressive approach to tackling crime online. 

In particular, we call on Germany and Austria to use their influence in Europe to bring more countries onto the right side of the debate. Their voices and support for privacy have already had a positive impact. It’s now vital that they hold their ground. 

Sitting on the fence

Not all Member States have decided on their national position yet, most notably France. France is a highly influential member of the European community, and its support for privacy, security, and encryption would be invaluable in debates to come. 

France has rightly made cybersecurity a top government priority. At the same time, it has successfully nurtured an exciting and vibrant start-up scene. If the French government wants to protect these two cultural and economic interests, it must ensure that the EU proposal does not have any negative impact on encryption, as outlined repeatedly by its own cybersecurity agency(new window) (ANSSI).

Disregarding the dangers

Despite these positive steps from some Council members, others still do not yet see the risks this legislation will pose for encryption and security in Europe. 

To Spain, who holds the Presidency of the EU Council, we urge them to consider the facts. There are many ways for law enforcement to fight crime and protect citizens without undermining the rights and online security of the entire population. Spain is in a unique position to take a leadership role in this debate, so we ask them to listen to progressive voices in the European Parliament, their population, and the wider tech industry. 

We urge all European Union Member States to seriously consider the impact of this text specifically in two key areas: 

First, it’s vital to acknowledge that this regulation would endanger European citizens rather than protect them. Largely thanks to the war in Ukraine, Europe is now at the center of a cyberwar. But aside from the current geopolitical situation, it remains a fact that cybercrime in general has steadily increased year over year. Breaking encryption will expose us all to criminals, foreign interference, and state-sponsored actors willing to undermine Europe. Now is not the time to weaken our defenses.

Second, Europe’s economy overall, particularly its tech sector, will suffer if encryption is undermined. Tech companies headquartered and operating in Europe, especially the millions of SMEs that make up the backbone of Europe’s digital economy, are vulnerable to cyberattacks and therefore depend on the trust and security encryption offers. Not to mention the reputational hit European companies will face if they’re seen as unable to protect users’ privacy at a time when global demand for greater privacy is on the rise. 

Time to change course

It remains unclear when the Council vote will finally take place. Last week’s delay means there will have to be further negotiations between Member States. However, we urge those undecided and those unwilling to rebalance the text to better protect privacy to take a moment and seriously consider the alternatives. 

At Proton, we have been very clear. If the legislation is passed in its current form and we subsequently receive requests to undermine our encryption we would mount a robust legal challenge as we have done previously in other countries(new window). The Council’s own legal advice suggested the proposal would likely be illegal(new window) under European law and we expect to win future legal challenges. We all want a safe, secure, prosperous, democratic Europe. Without protecting encryption, none of this will be truly possible. 

Related articles

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
en
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
en
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
en
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
en
  • Guias de privacidade
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
en
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
en
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.