.svg){kind=logo}
Open letter
to EU Member States on the proposed CSA Regulation
Europe's digital sovereignty is at risk
On 14 October, EU governments are expected to vote on the proposed Child Sexual Abuse Regulation, widely known as “Chat Control.” The law would require messaging apps, email providers, and cloud services to scan private communications for potential child sexual abuse material (CSAM) and report it to authorities.
Together with leading European privacy-focused companies and the DIGITAL SME Alliance (representing 45,000+ SMEs), we’ve signed an open letter to EU Member States on the proposed CSA Regulation.
Yes, we all want to protect children online. But is this really the way to go? Is breaking encryption and scanning private communications the only way to achieve this?
Let’s think about some of the implications:
• Who ensures this surveillance stops at CSAM?
• Who monitors the monitors?
• And once encryption is broken for one purpose, what’s stopping governments from expanding it to scan for anything they want?
And what are some of the consequences?
• European businesses forced to implement backdoors that hostile actors can and will most likely exploit
• Loss of trust in European services, driving users to Big Tech
• SMEs unable to compete, cementing foreign dominance
• A direct contradiction to EU cybersecurity policies, like NIS2 Europe, cannot build digital sovereignty by legislating against its own companies.
History has shown us: backdoors built for “good reasons” later become tools for control…or letting attackers in.
We’re calling on EU decision-makers to:
• Protect encryption to reinforce cybersecurity and digital sovereignty
• Preserve the trust European companies have earned globally
• Ensure that EU regulation strengthens, rather than undermines, the competitiveness of European SMEs
• Pursue child protection measures that are effective, proportionate, and compatible with Europe’s strategic goal of digital sovereignty.
Because once encryption is broken, you can’t unbreak it.
At Soverin, we’ve spent 10 years building privacy-first email infrastructure that proves European companies can compete without compromising security. We’re not willing to watch that progress erased by well-intentioned but fundamentally flawed legislation, at least not without a fight.