Fathom adds enterprise features competitors launched months ago while testing whether unlimited free access and HubSpot distribution can compensate for transcription accuracy that independent reviews place 30% below market leaders.
Germany blocked Chat Control, killing the Council majority needed for mandatory message scanning. The move preserves Europe's encryption advantage but leaves child safety policy unresolved—and exposes the continent's privacy-versus-sovereignty split.
Good Morning from San Francisco, Sam Altman promised one AI that follows you everywhere. The bill arrived. OpenAI signed $1
Germany blocked Chat Control, killing the Council majority needed for mandatory message scanning. The move preserves Europe's encryption advantage but leaves child safety policy unresolved—and exposes the continent's privacy-versus-sovereignty split.
Berlin’s explicit no to client-side scanning removes the path to a qualified majority and exposes Europe’s privacy-versus-safety split.
Germany said no. On October 8, Justice Minister Stefanie Hubig stated that warrantless “chat control” has no place in a constitutional state, and that Berlin would not back the proposal at the EU level—an on-record position that scrambles Council math ahead of the October 14 meeting. That’s the pivot.
Key Takeaways
• Germany refused to back Chat Control on October 8, blocking the qualified majority needed for EU adoption at next week's scheduled Council vote
• Danish proposal mandates client-side scanning for CSAM detection, creating backdoors in encrypted platforms that security experts warn hostile states will exploit
• European SMEs built competitive advantage on GDPR-backed encryption guarantees that Chat Control would eliminate while US law protects American platforms from weakening
• Signal threatened EU exit and 120,000+ petition signatures pressured Berlin's reversal, exposing tension between child protection urgency and encryption security requirements
For years, Germany hedged. On Wednesday, it didn’t. Hubig’s statement ended days of brinkmanship inside the coalition and with EU partners. The decision lands after a six-figure petition surge and a public break from the conservative bloc: parliamentary group leader Jens Spahn compared the plan to opening every letter “just in case.” That’s unusually blunt.
The immediate consequence is procedural. Without Germany, backers struggle to reach the EU’s “double majority” threshold—both country count and population share. A formal vote may still sit on the agenda, but adoption looks unlikely. Momentum matters.
The Danish presidency tried to narrow scope and cool the politics. The latest text empowers authorities to issue “detection orders” that would compel encrypted platforms to scan for child sexual abuse material, limiting the initial target set to videos and URLs and excluding text and audio. The mechanism is still client-side scanning—code on user devices that inspects content before encryption. Same method, smaller surface. Same risk.
Critics call that a backdoor by design. If scanning code can read it, an attacker can aim for it. The safety promise becomes the attack surface. Simple point, high stakes.
Europe built a competitive advantage on privacy. GDPR, NIS2, and the Cyber Resilience Act codified a security-first posture that many European SMEs turned into their pitch: buy European, keep encryption intact, keep trust. Mandating client-side scanning would invert that logic overnight.
SMEs would pay first and hardest. Building and running scanning pipelines is costly; defending them is costlier; litigating them is costliest. Signal has said it would leave rather than weaken end-to-end encryption. Threema has vowed to “examine all options,” while insisting the measure won’t survive in court. Courts take time. Startups burn cash. Scale wins.
The irony is obvious. A sovereignty agenda that weakens European providers would deepen reliance on the very platforms Brussels worries about. That’s a bad trade.
Supporters of the bill focus on the real harm: the spread of CSAM and the difficulty investigators face once data lives behind strong crypto. No one disputes the problem. The dispute is over the tool.
Germany’s security establishment has flagged the costs of breaking end-to-end encryption, even indirectly. Every bypass expands the attack surface for hostile states and criminal groups. And while the presidency’s text trims categories, it cannot trim away the systemic risk introduced by device-level surveillance code. The mechanism is the message. It alarms defenders.
One more tension: earlier legal analyses inside the Council warned that sweeping, indiscriminate scanning conflicts with fundamental-rights doctrine. Politics met jurisprudence. Jurisprudence bit back.
If “Chat Control” had passed, large platforms could have amortized compliance across vast engineering teams and legal budgets. Smaller rivals would face existential choices—comply, sue, or exit. Either path concentrates market power. Even a defeat has costs: two years of legislative uncertainty that chills investment in privacy-first challengers.
Germany’s move resets the board. It also raises the bar for any compromise that returns. Any future text will need to honor encryption as a baseline, not a bargaining chip. That’s the line now.
Three tells will signal where this goes.
👉 First, whether the Danish presidency presses for a roll-call regardless, or acknowledges the numbers and pauses.
👉 Second, whether the Commission pivots toward the European Parliament’s “security by design” approach—hardening products and accelerating takedowns without device-level scanning.
👉 Third, whether France, Ireland, and other backers recalibrate now that Berlin has moved. The coalition is fluid. Watch it.
Germany has not ended the fight. It has changed it. For privacy-led European tech, that buys time to ship and prove value. For lawmakers, it’s an invitation to design child-safety policy that doesn’t hollow out the very security Europe says it wants to lead. That’s the opportunity.
Q: What is client-side scanning and why do security experts call it a backdoor?
A: Client-side scanning places code on your device that reads messages before encryption is applied. This creates an access point that can inspect private content—exactly what encryption is designed to prevent. Security researchers argue that once this code exists, hostile states or criminals can exploit it for purposes beyond its stated child-protection goal. The mechanism itself becomes the vulnerability.
Q: What's the EU's qualified majority requirement that Germany just blocked?
A: EU Council decisions need a "double majority": at least 15 of 27 member states (55%) that also represent at least 65% of the EU's total population. Germany alone represents roughly 19% of EU citizens. Without Berlin's support, backers struggle to reach the population threshold even if they secure 15 countries, making adoption mathematically difficult.
Q: What happens at the October 14 Council meeting now?
A: The scheduled vote likely won't happen or will fail. Denmark's presidency could withdraw the item, call a vote knowing defeat is certain to formally close the chapter, or attempt last-minute negotiations to modify the text. France and Ireland still support the measure, but without Germany the math doesn't work. The proposal either stalls or gets reworked entirely.
Q: Why did EU governments exempt themselves from the scanning requirements?
A: The proposal's text excludes government communications from detection orders, acknowledging that client-side scanning creates security risks too dangerous for sensitive state communications. This exemption became politically toxic once privacy advocates highlighted it: if scanning is too risky for diplomats and ministers, why force it on citizens and businesses using identical platforms?
Q: What's the "Security by Design" alternative the European Parliament proposed?
A: The Parliament's approach focuses on hardening platforms against abuse without breaking encryption: mandatory safety features built into apps, faster content takedown obligations for providers, and proactive moderation of public spaces. It targets the same child-protection goal but through product design and platform accountability rather than device-level surveillance of private communications.
OpenAI signed $1 trillion in compute deals with Nvidia, AMD, and Oracle—obligations stretching to 2029 that dwarf its current revenue. The company burns $5B annually while chipmakers now hold equity and expect payment. The tab comes due by 2027.
Tech giants are committing billions to small nuclear reactors that won't exist until 2030—while AI's power demands double now. The bet hinges on untested manufacturing efficiencies and fuel supplies that don't yet exist at scale.
BlackRock's $40 billion bet on AI data centers collides with stubborn physics: chips demand exponential power, cooling consumes half the energy budget, and grids struggle to keep pace. The construction boom is real. So are the constraints.
California just made voluntary AI safety pledges legally binding—the first state to do so. OpenAI and Meta cautiously support it. Venture capital opposes it. Congress remains paralyzed. Now 49 other states face the same choice, and the industry's nightmare patchwork begins.
Get the 5-minute Silicon Valley AI briefing, every weekday morning — free.
