Chat Control just passed. Here is why Nema's architecture is unaffected — and why that matters.
Today the European Parliament reinstated Chat Control 1.0. Through a controversial procedural manoeuvre — bypassing the committee that had previously rejected it — the voluntary message-scanning regime is back in force until 2028.
Here is what actually passed, what it means for encrypted services, and why Nema's architecture puts it in a different category from the platforms this regulation targets.
What passed today
Chat Control 1.0 is a voluntary derogation from the EU's ePrivacy Directive. It gives large platforms a legal basis to scan private messages for child sexual abuse material. It does not require them to scan. It does not apply to end-to-end encrypted communications — the Parliament's own position explicitly states that detection measures "should not apply to end-to-end encrypted communications." And it targets existing large platforms: services like Gmail, Facebook Messenger, and Snapchat that have opted in voluntarily since 2021.
What was not passed
Chat Control 2.0 — the permanent, mandatory regulation that would require platforms to scan messages and potentially require backdoors into end-to-end encryption — is still being negotiated in trilogues. It has not been adopted. The Parliament has repeatedly pushed back on mandatory E2EE scanning. The fifth trilogue on June 29 produced no agreement. That fight continues.
Why Nema is structurally unaffected by today's decision
Three reasons, in order of importance.
First, Nema uses end-to-end encryption throughout. The regulation that passed today explicitly exempts E2EE communications. That exemption is not a loophole — it reflects a basic technical reality that the Parliament acknowledges: you cannot scan what you cannot read.
Second, and more fundamentally: Nema stores no messages on the server. There is no archive. There is no stored ciphertext. Messages are routed live between participants and never written to disk. Even if a scanning obligation applied to Nema, there would be nothing to scan. The data does not exist. You cannot provide what was never retained.
Third, it is voluntary. Chat Control 1.0 has always been opt-in. Nema has not opted in, and nothing in today's decision changes that.
Why architecture matters more than policy
Today is a good illustration of a principle Nema is built around: policy changes. Architecture does not.
A platform that promises not to read your messages is making a commitment that can be revised — by a board decision, a legal order, a change in ownership, or a regulation like the one debated today. That commitment has value only as long as the platform chooses to honour it.
A platform that structurally cannot read your messages because nothing is stored is making a different kind of statement. Not a policy. An architecture. The messages are not there. They were never there. No court order, no regulatory change, no ownership transition changes that fact.
Chat Control 1.0 is back. For most messaging platforms, that is a live compliance question. For Nema, it is not — because the data that would need to be scanned was never written in the first place.
The permanent regulation, if it ever passes with mandatory E2EE requirements, is a different and more serious question. We will address it directly if and when it does. For now: the architecture holds.