On September 11, 2025, the Partnership for Information and Democracy held the third meeting of its workstream on “Strengthening Information Integrity on Private Messaging Platforms”, led by Ukraine and Luxembourg. The discussion explored concrete policy approaches to promoting information integrity on these platforms.
Towards a regulatory approach
A questionnaire among States of the Partnership for Information and Democracy and discussions with the European Commission revealed that private messaging platforms remain a regulatory blind spot despite their growing importance in providing access to information and their role in spreading disinformation and illegal content.
The meeting provided the opportunity to present and discuss first regulatory recommendations, focusing on the need to regulate features rather than platforms as such, the importance of setting procedures to distinguish between private and public spaces and to safeguard end-to-end encryption, a vital feature for privacy, journalistic source protection and civil society. These recommendations aim to set a framework to create accountability regimes for private messaging platforms while acknowledging their changing nature.
Insights from media literacy approaches
While few media literacy frameworks are specifically tailored to tackling the challenges of private messaging platforms, these approaches also teach skills to critically interact with such platforms. Insights from Ireland highlighted the need for lifelong learning and localised and trusted partners. The Ukrainian example shed light on strategies to foster youth engagement through creativity even in times of war.
The myth of bypassing encryption
Finally, the meeting tackled the myths of bypassing encryption. In an attempt to fight child sexual abuse material, suggestions are regularly made to scan content claiming not to enfringe upon encryption, such as in the current discussion on the proposed EU Regulation to Prevent and Combat Child Sexual Abuse. The meeting served to demystify these suggestions: client-side scanning for example opens doors for security leakages and accessing private content, it makes end-to-end encryption meaningless. Requiring proactive scanning or reporting of content are technically incompatible with encrypted services and should not be required on such services.
The third meeting highlighted that comprehensive approaches are needed to tackle private messaging platforms, recognising how actors can exploit divisions in society to spread disinformation. It reiterated the importance that any regulatory or policy approach should guarantee end-to-end encryption, which is vital for privacy, security, and human rights.
