iPad Chats  Image © JESHOOTS.COM (@jeshoots)iPad Chats (Image © JESHOOTS.COM (@jeshoots))

End-to-End Encryption (E2EE)

Technically speaking, this current regulation reaches its limits when it comes to end-to-end encryption (E2EE). On platforms like Signal, WhatsApp, Threema, and Facebook Messenger, content is encrypted before it leaves the device. Without the appropriate decryption keys, these service providers cannot read the messages. Apple’s iMessage follows this model for RCS and internal communication, while services like Session and Element also ensure a high standard of security by default.

Secret Chats

Not every app offers this level of privacy. Google Messages encrypts RCS data but leaves traditional SMS and MMS unprotected. Telegram is another special case. Most users assume their chats are private, but only “Secret Chats” use E2EE. Standard Telegram messages are stored on servers in the Netherlands, Singapore, or the United States.

Meta and X – As Shady as Ever

On May 8, 2026, Meta took a different approach with Instagram and removed E2EE for direct messages. This change allows the company to view the history of conversations. The situation is similar with the X platform, which claims to use end-to-end encryption; however, since it stores private keys on its own servers, this claim is technically questionable.

For those who want more control, Mastodon plans to introduce E2EE by the end of 2027, while Bluesky has no such roadmap. Some users circumvent these issues entirely by using Briar or Bitchat, which work without an internet connection and keep data encrypted.

Chat Control 2.0 Becomes an Issue

The focus is now shifting to a concept called “Chat Control 2.0.” This proposal aims to close the encryption gap through client-side scanning. Instead of scanning the message on a server, software would be installed directly on the user’s smartphone or computer. The system would check the text and images before they are encrypted and sent.

This step would essentially force apps like Signal or WhatsApp to monitor every private interaction without a valid reason. Supporters argue that this is a necessary tool for child safety. Critics see it differently. They view client-side scanning as a backdoor for mass surveillance. While EU member states have so far blocked these efforts, certain political factions are now using procedural maneuvers to push the legislation through despite the lack of consensus.