- 89 organisations caution that weakening encryption could expose EU citizens and infrastructure to cyber threats
- The ProtectEU strategy includes plans for a technology roadmap exploring lawful access to encrypted data
Joint letter against weakening encryption in ProtectEU strategy
On 26 May 2025, a coalition of 89 civil society organisations, technology companies, and cybersecurity experts—including members of the Global Encryption Coalition—issued a joint letter to the European Commission. The letter expresses deep concern over the Commission’s new Internal Security Strategy, ProtectEU, which proposes developing a “Technology Roadmap on encryption” aimed at enabling lawful access to encrypted data by law enforcement.
The signatories argue that such measures could undermine end-to-end encryption, a cornerstone of digital security. They highlight that strong encryption safeguards against cyberattacks, espionage, and threats to critical infrastructure. The coalition warns that compromising encryption would not only weaken privacy but also contradict the EU’s own cybersecurity objectives outlined in directives like NIS2.
The letter emphasises that end-to-end encryption is not only a safeguard for personal privacy, but also a key tool to protect against cyberattacks, hybrid threats, espionage and critical infrastructure attacks. Even in these times of geopolitical instability, strong encryption should be seen as a way to strengthen cyber defences rather than as a barrier.
Also Read: Asymmetric encryption: The Key to secure communication
Also Read: Demystifying data encryption
Why it’s important
The ProtectEU strategy, unveiled in April 2025, seeks to bolster the EU’s internal security by addressing threats such as organised crime, cyberattacks, and geopolitical pressures. While the initiative aims to enhance safety, critics argue that its approach to encryption could have the opposite effect.
Privacy advocates and tech experts caution that introducing backdoors or client-side scanning mechanisms to access encrypted data could create vulnerabilities exploitable by malicious actors. Such measures may erode trust in digital services and deter the use of encryption tools essential for protecting sensitive information.
The debate reflects a broader tension between ensuring public safety and preserving individual privacy rights. As the EU considers the implementation of ProtectEU, stakeholders urge a careful balance to avoid compromising the very security the strategy seeks to enhance.