Chat Control: These alternatives are available for companies

Editorial note: The information in this article was compiled to the best of our knowledge at the time of publication. Technical details, prices, versions, licensing terms, and external content may change. Please verify the information provided independently, particularly before making business-critical or security-related decisions. This article does not replace individual professional, legal, or tax advice.

Update July 10, 2026: The EU regulation on "preventing and combating child sexual abuse" - better known as Chat Control - has taken a new turn: on July 9, 2026, the attempt to stop the return of voluntary chat control failed in the EU Parliament. The reinstatement of the interim rules until 2028 is thus effectively waved through - at least with an explicit exemption for end-to-end encrypted services. The permanent regulation, meanwhile, remains stuck in the trilogue. Read on to find out what this means for companies and why self-hosted communication remains the most robust answer.
Table of Contents
- Chat Control in 2026: Where Do We Stand?
- What is Chat Control?
- Why chat control is dangerous
- Germany's position
- What does this mean for companies?
- The solution: secure, self-hosted communication
- Why self-hosted solutions?
- Act now: Protect your corporate communications
- Our services for your secure communication
- Conclusion: Digital sovereignty is not a luxury, but a necessity
- Get in touch with us
- Further Links and Sources
Chat Control in 2026: Where Do We Stand?
A lot has happened since the original version of this article (September 2025). The key milestones:
- October 9/14, 2025: The Danish Council Presidency takes the planned vote on mandatory scanning off the agenda - Germany's no to indiscriminate chat control made a qualified majority impossible.
- November 26, 2025: The Council adopts its position - mandatory scanning is scrapped (and with it forced client-side scanning). In return, voluntary scanning is to be made permanent and expanded (to include text and video), plus mandatory age verification and an EU centre. A review clause lets the Commission examine after three years whether mandatory scanning should be introduced after all.
- December 2025 to June 2026: Five trilogue rounds between Council, Parliament and Commission - without agreement. The only provisional consensus is to exempt encrypted content; indiscriminate scanning remains contested. Negotiations continue under the Irish Council Presidency, expected in September 2026.
- April 3, 2026: The interim regulation ("Chat Control 1.0") expires after Parliament rejected an extension at the end of March - Google, Meta, Microsoft and Snap kept scanning anyway, without a legal basis.
- July 2-9, 2026: Using a procedural trick, the Council and the Parliament's leadership bring back the textually identical old proposal. On July 9, the motion to reject it falls short of the required absolute majority in Parliament (314 votes in favor) - voluntary chat control returns until 2028. At least an amendment was adopted that explicitly exempts end-to-end encrypted services from scanning (the Council's confirmation of this change is still pending).
For companies, this means as of today: no scanning obligation for providers, E2EE services are exempt from voluntary scanning - but indiscriminate voluntary screening by the big US platforms is back, and the review clause keeps the door open for mandatory scanning. If you do not want your business communication to depend on this back and forth, move it onto your own infrastructure.
What is Chat Control?
Chat Control (officially: the CSAR Regulation) is an EU legislative project that was meant to oblige messaging services and email providers to scan all messages from their users for suspicious content - this obligation has been off the table since the Council position of November 2025, but the review clause keeps it lurking as a potential comeback. Affected would be:
- WhatsApp, Signal, Telegram and other messengers
- E-mail communication
- Cloud storage and file sharing
- Even encrypted communication is to be screened
The technical problem: client-side scanning
The proposed technology is called Client-Side Scanning (CSS). Messages and files are scanned directly on your device before they are encrypted and sent. This means that
- End-to-end encryption is effectively undermined
- A backdoor to all private data is created
- The security of all EU citizens is compromised
As Patrick Breyer, former EU parliamentarian for the Pirate Party, warns: "With demonstrably false claims, the Danish Council Presidency is trying to push through the controversial Chat Control 2.0."
Why chat control is dangerous
1. Undermining the encryption
The Internet Architecture Board (IAB) clarifies: Chat Control would "impose unrestricted access to private content and thus undermine end-to-end encryption."
2. Mass surveillance
Every message, every image, every file would be scanned - without suspicion, without a court order. This is mass surveillance without cause.
3. Technical uncertainty
Over 470 scientists from 34 countries have taken a stand against chat control. The technology is prone to errors and opens the door to abuse.
4. False Positives
Automated scans produce false hits. Vacation photos of your own children could be incorrectly marked.
Germany's position
Officially, the German government rejects indiscriminate mandatory scanning. Federal Minister of Justice Stefanie Hubig put it succinctly in October 2025: "Indiscriminate chat control must be taboo in a state governed by the rule of law." That rejection derailed the planned Council vote in October 2025.
The full picture is less clear-cut, however: according to internal documents, the Federal Ministry of the Interior, which leads the Council negotiations, supports the broadest possible voluntary, indiscriminate scanning with minimal restrictions - and Germany backed both the Council position of November 2025 and the reinstatement of the interim rules in July 2026. Germany's data protection authorities, by contrast, are calling for chat control to be abandoned entirely. No one should count on a stable political no.
What does this mean for companies?
Chat control would have disastrous consequences for companies:
- Company secrets could be compromised
- Confidential customer data would be at risk
- Compliance issues with GDPR and other data protection regulations
- Industrial espionage would open the floodgates
- Legal and medical confidentiality could no longer be guaranteed
The solution: secure, self-hosted communication
The best protection against chat control and other surveillance measures is digital sovereignty through self-hosted communication solutions. WZ-IT offers you professional implementation and operation of the following secure alternatives:
1. Matrix with element
Matrix is an open standard for secure, decentralized communication. With Element as a professional client, you get:
- ✅ Genuine end-to-end encryption without backdoors
- ✅ Federation between different servers
- ✅ Complete data sovereignty on your own infrastructure
- ✅ GDPR-compliant and auditable
- ✅ Voice & video calls encrypted
- ✅ Used by NATO, the German Armed Forces and the French government
2. Mattermost
Mattermost is the open source alternative to Slack and Microsoft Teams:
- ✅ Self-hosted on your infrastructure
- ✅ End-to-end encryption available
- ✅ Extensive integration into existing systems
- ✅ DevOps features and workflow automation
- ✅ GDPR-compliant without US cloud dependency
3. Rocket.Chat
Rocket.Chat offers a flexible communication platform:
- ✅ Omnichannel communication (chat, e-mail, social media)
- ✅ End-to-end encryption
- ✅ White label-capable with own branding
- ✅ LiveChat for customer service
- ✅ Federation between servers possible
4. Zulip
Zulip revolutionizes team communication with thread-based conversations:
- ✅ Topic-based organization instead of chronological chaos
- ✅ Asynchronous communication perfect for distributed teams
- ✅ Open source and transparent
- ✅ Mobile and desktop apps
- ✅ Powerful search across all messages
Why self-hosted solutions?
Complete control
You retain complete control over your data. No cloud providers, no third-party providers, no hidden access.
No back doors
Open source software is transparent and auditable. The code can be checked by experts - backdoors are ruled out.
GDPR-compliant
All data remains in Germany or your desired jurisdiction. No transfers to unsafe third countries.
Independence
No vendor lock-in, no dependence on US companies, no sudden price increases or service closures.
Act now: Protect your corporate communications
The permanent regulation has not been adopted yet - but voluntary chat control is back, and the development clearly shows that digital privacy is under attack. Companies that rely on secure, self-hosted solutions now are not only protected from chat control, but also from:
- Industrial espionage
- Data leaks
- Compliance violations
- Reputational damage
Our services for your secure communication
WZ-IT supports you in the implementation of secure communication solutions:
Consulting & conception
- Analysis of your communication requirements
- Selecting the optimal solution (Matrix, Mattermost, Rocket.Chat, Zulip)
- Migration strategy for existing systems
Installation & Setup
- On-premise in your data center
- Private cloud on dedicated servers
- Hybrid solutions according to your requirements
- Integration into existing IT infrastructure (LDAP, SSO, etc.)
Operation & maintenance
- 24/7 monitoring
- Automatic backups
- Security updates
- Performance optimization
- SLA with guaranteed availability
Training & Support
- Employee training
- Admin training
- Documentation
- Personal contact person
Conclusion: Digital sovereignty is not a luxury, but a necessity
The Chat Control Regulation clearly shows that encryption and privacy can no longer be taken for granted. Companies that want to protect their communications must act now.
With self-hosted solutions such as Matrix, Mattermost, Rocket.Chat or Zulip, you not only secure your data, but also your independence and digital sovereignty.
"Privacy is not a crime - it is a fundamental right."
Get in touch with us
Would you like to secure your corporate communications? We will be happy to advise you on suitable solutions.
Arrange a free initial consultation
Further Links and Sources
- netzpolitik.org: EU Parliament - voluntary chat control passes via procedural trick (2026-07-09)
- netzpolitik.org: EU Council agrees on chat control - worst fang pulled, but still dangerous (2025-11-26)
- netzpolitik.org: Trilogue on chat control enters the decisive phase (2026-06-12)
- netzpolitik.org: Big Tech wants to keep scanning without a legal basis (2026-04-07)
- heise: The double game around the EU chat control
- Council of the EU: press release on the general approach (2025-11-26)
- Patrick Breyer - Chat Control overview
- Campaign against Chat Control
- Society for Civil Rights (GFF)
Frequently Asked Questions
Answers to important questions about this topic
No. The permanent CSA Regulation is still in trilogue negotiations; the fifth round on June 29, 2026 ended without agreement. All that was adopted is the return of the interim rules: providers may voluntarily scan for abuse material - there is no obligation to scan.
No. Mandatory detection orders were removed from the Council position of November 26, 2025. On July 9, 2026, the EU Parliament also pushed through an explicit exemption of end-to-end encrypted services from voluntary scanning.
Mandatory client-side scanning is not part of any version currently under negotiation; in the trilogue, the institutions have provisionally agreed to exempt encrypted content. However, a review clause obliges the EU Commission to assess after three years whether mandatory scanning should be introduced after all - so the issue can come back.
The old derogation expired on April 3, 2026. The Council (July 2, 2026) and Parliament (July 9, 2026) have put its reinstatement without substantial changes on track until 2028 - or until the permanent CSA Regulation enters into force.
Officially, Germany rejects indiscriminate mandatory scanning - that rejection derailed the planned Council vote in October 2025. However, the Federal Ministry of the Interior, which leads the negotiations, supports broad voluntary scanning and backed both the Council position of November 2025 and the reinstatement of the interim rules in 2026.
The trilogue negotiations continue under the Irish Council Presidency (second half of 2026), with the next round expected in September 2026. The main point of contention remains whether indiscriminate voluntary scanning will be enshrined permanently.

Written by
Timo Wevelsiep
Co-Founder & CEO
Co-Founder of WZ-IT. Specialized in cloud infrastructure, open-source platforms and managed services for SMEs and enterprise clients worldwide.
LinkedInLet's Talk About Your Idea
Whether a specific IT challenge or just an idea - we look forward to the exchange. In a brief conversation, we'll evaluate together if and how your project fits with WZ-IT.


Timo Wevelsiep & Robin Zins
Managing Directors of WZ-IT





