As we navigate the ever-evolving digital world, especially here in Europe, it’s crucial we stay informed. Have you heard about the EU’s new ‘ProtectEU’ strategy, announced by the European Commission? It’s making waves, and frankly, as of May 6, 2025, some of its proposals have us at the Made in Europe Association quite concerned.

So, what’s ProtectEU all about? On the surface, it’s a comprehensive plan for the 2024-2029 period, aiming to bolster the EU’s internal security against a range of threats, from organised crime to cyberattacks. A key, and rather controversial, component is its plan to prepare a “Technology Roadmap on encryption”. The stated goal? To identify and assess technological solutions that would allow law enforcement authorities to access encrypted data – think your private messages or secure files – in a “lawful manner,” all while supposedly “safeguarding cybersecurity and fundamental rights”. For those less familiar, ‘end-to-end encryption’ is the technology that keeps your digital conversations truly private, ensuring only you and the person you’re communicating with can read them; not even the service provider can get a look in.

The Big Concern: Weakening Encryption

Now, why the alarm bells from so many quarters? This idea of “lawful access” often translates into proposals for measures that could fundamentally weaken encryption. We’re talking about things like ‘backdoors’ – essentially secret keys that bypass security – or ‘client-side scanning,’ where your messages could be scanned for certain content on your device before they even get encrypted and sent. Sounds a bit intrusive, doesn’t it?

Well, a significant number of civil society organizations, academics, technologists, and human rights advocates certainly think so. They argue, and we at the Made in Europe Association agree, that attempting to create ‘safe’ backdoors or ‘privacy-preserving’ client-side scanning is technically unfeasible. Experts have long warned that any system designed to bypass encryption inherently creates vulnerabilities that can be exploited by anyone – not just the intended ‘good guys,’ but also cybercriminals and even hostile state actors, posing severe risks to everyone’s digital safety. Indeed, the European Court of Human Rights has explicitly stated that introducing backdoors to weaken encryption could enable widespread surveillance and be exploited by criminal networks, deeming such a risk disproportionate.

Why This Matters for Europe (and You!)

In these times of considerable geopolitical uncertainty, including the shifting sands of US politics and ongoing global economic competition, strengthening Europe’s digital sovereignty is more critical than ever. We need robust, secure digital infrastructure, ideally built and championed by European innovators. Initiatives that propose weakening encryption, however, could achieve the precise opposite. They risk not only compromising individual privacy but also making our entire digital ecosystem more vulnerable, undermining trust in European technology at a time when we need to bolster it. How can we aim for genuine digital leadership if the very tools that ensure our online security and data privacy are deliberately compromised?

The Open Letter Against ProtectEU’s Encryption Plans

This isn’t just an isolated concern. Tuta, a European secure email provider, recently highlighted an open letter on their blog, addressed to Ms. Henna Virkkunen, the EU’s Executive Vice-President for Tech Sovereignty, Security and Democracy. This letter is signed by an impressive coalition of civil society organizations, scientists, researchers, and other experts specializing in human rights and technology.

Key points from the open letter include:

• Threat to fundamental rights & security: The plan for a Technology Roadmap on encryption to enable law enforcement access to encrypted data is seen as a significant risk.
• Technically impossible to do safely: There’s a wide scientific consensus that providing ‘exceptional access’ without creating vulnerabilities exploitable by malicious actors and authoritarian regimes is not possible.
• Flawed solutions: Proposals like client-side scanning are not truly privacy-preserving; they can enable bulk surveillance and increase the risk of security breaches.
• Encryption must be strong: The letter emphasizes that strong, end-to-end encryption is crucial for safeguarding human rights and ensuring a secure digital infrastructure across Europe.
  The signatories also call for meaningful participation in the development of this Technology Roadmap, requesting seats at the table for independent experts to ensure solutions are evidence-based and respectful of fundamental rights.

Our Stance and A Call to You

Here at the Made in Europe Association, we stand firmly with these critics. We believe that strong encryption is a cornerstone of a secure, free, and innovative digital Europe. Efforts to undermine it, even with the stated aim of lawful access, are technically fraught and could have far-reaching negative consequences for our continent’s digital security infrastructure and our citizens’ fundamental rights. In an era where digital threats are escalating and Europe’s digital autonomy is paramount, pursuing policies that weaken our defences seems counterproductive.

We strongly encourage you to delve deeper. You can find the full open letter and Tuta’s insightful analysis on their blog here. Educate yourselves on the implications.

What are your thoughts on this delicate balance between security and privacy? How should Europe navigate these challenges to protect both its citizens and its digital future? We’d love to hear your views in the comments below.