Scientists and civil society call for consultation on digital rights

A coalition of Cypriot organisations, researchers, and citizens has addressed an open letter to key government officials, calling on the Republic of Cyprus to withdraw its support for the proposed European Child Sexual Abuse Regulation (CSAR), widely known as ‘ChatControl’.

The letter, released earlier this month but updated with more signatures since then, was sent to the Minister of Justice and Public Order, Marios Hartsiotis, the Deputy Minister of Research, Innovation and Digital Policy, Nicodemos Damianou, and other commissioners and members of the European Parliament of the Republic of Cyprus.

The signatories, which include individuals like Chrystalleni Loizidou from Next Generation Internet Zero, Brno University of Technology, and Marios Isaakidis of 101.CY, Cyprus University of Technology, voiced their position on the Cypriot government’s stance regarding the proposed “Regulation laying down rules to prevent and combat child sexual abuse (COM(2022) 209 final, 11/05/2022)” and its current trajectory in the Council of the European Union.

The groups also cc’d the Permanent Representation of the Republic of Cyprus to the European Union and the European Data Protection Board, alongside the wider Cypriot and European public.

The signatories are demanding that the Republic of Cyprus state explicitly that it will not support any mechanism that weakens end-to-end encryption, such as client-side scanning or backdoors.

They also call on the government to launch immediately a public, open consultation with the participation of experts, institutions, and civil society before forming a final position.

“The recent amendments to the proposal (2024–2025) do not remedy the fundamental legal and technical issues,” the letter stated, adding that generalised or compelled scanning of private communications remains disproportionate and incompatible with fundamental rights.

The letter reinforced the stance of the European Data Protection Board and the European Data Protection Supervisor (EDPB/EDPS), who in their Joint Opinion 04/2022 explicitly stated that generalised, indiscriminate scanning of communications “cannot be considered proportionate” and constitutes a form of mass surveillance.

“The genuine protection of children requires strengthening prevention, early intervention, education, victim support, and international cooperation, not mass-surveillance technologies,” the letter emphatically stated.

“Protecting children is a top priority for any democratic society,” the letter noted, but added that to be effective, “policy must be evidence-based, proportionate, and democratically legitimate, and must not put the fundamental rights of all citizens at risk.”

As noted in the Council of Europe’s Digital Citizenship Education Handbook, “Privacy, data protection and security are intricately linked to rights, freedom and responsibility, and should be introduced to children from their very first steps on the internet,” the signatories quoted.

The signatories highlighted that the current form of CSAR is immature and technically incomplete, failing to account for real technical impacts and the issues of governance and democratic accountability it entails.

The proposal would oblige online service providers to read and filter users’ private messages, photos, and videos at scale, even in apps using end-to-end encryption.

This method, known as client-side scanning, “cannot be implemented without undermining encryption, while provisions on transparency, independent oversight, and judicial review remain inadequate,” the letter warned, citing the Scientists’ Open Letter on Client-Side Scanning of October 8, 2025.

“As more than 780 experts explain, including Professor Ilias Athanasopoulos in the Security Research area of the Department of Computer Science at the University of Cyprus, the current form of CSAR is immature and technically incomplete, failing to account for real technical impacts and the issues of governance and democratic accountability it entails,” the letter stated.

The letter contrasted Cyprus’s apparent lack of public dialogue with countries such as Germany, Austria, and the Netherlands, which are conducting systematic public consultations and have indicated they will not approve the proposal in its present form due to constitutional concerns.

The absence of transparent debate “makes it imperative for the government to take a clear stance grounded in scientific and institutional evidence,” the organisations stressed.

The letter also made note of an exception was the briefing session organised by Ellak, the Greek Free / Open Source Software Society (GFOSS), on September 11, 2025, which examined technical and legal arguments for a more balanced approach and formed the basis for the Open Letter.

Ellak, a non-profit founded in 2008 with 26 universities, technological education institutes, and research centres, aims to promote Open Technologies in Greece and Cyprus, defining Free / Open Source Software as software that everyone can freely use, copy, distribute, and modify according to their needs, with the purpose of empowering and not trapping the end user.

The letter concludes with specific recommendations, urging the Ministry of Justice and Public Order to publish Cyprus’s position in the Council negotiations and for the Deputy Ministry of Research, Innovation and Digital Policy to organise an open public consultation.

It also calls on the government to commit that the CSAR proposal will not be brought back to the negotiating table during the upcoming Cypriot Presidency of the Council of the EU unless its compatibility with fundamental rights and communications security is ensured.

The full letter, which remains open for co-signing, can be accessed here.