By weakening encryption in the name of security, the State would take the risk of weakening one of its main shields against cybercrime and attacks on digital sovereignty.
One thing about end-to-end encryption is that it is disruptive precisely because it works. Would weakening it amount to sawing off the branch on which our administrations, our businesses and our intelligence services rest? In the name of national security, certain public officials want to reopen a debate on which technical experts have already decided.
On May 4, 2026, the Parliamentary Intelligence Delegation (DPR) submitted a communication[1] highly anticipated on encrypted messaging. His position: “targeted access by intelligence services and the judiciary to encrypted communications is both necessary and legitimate”. Three weeks earlier, the DPR was already worried about the consequences of article 16 bis of the Resilience bill[2]adopted last March by the Senate, aimed at preventing the installation of back doors to encrypted service providers.
The state is divided. On the one hand, its intelligence services are pushing for “legal access” to encrypted content. On the other hand, the Senate adopts the Resilience bill, which transposes the NIS 2 directive and whose article 16 bis protects encryption.
Result: the text, expected since the end of 2024, is now postponed to July 2026 subject to an extraordinary session. A delay which exposes France to a European infringement procedure and our critical infrastructures to an incomplete legal framework.
A backdoor is a backdoor
The public debate suffers from a stubborn technical misunderstanding. The attractive idea of “targeted, supervised access reserved for authorities” comes up against an elementary cryptographic reality: a flaw voluntarily introduced into an encryption system does not have an exclusive owner. Whoever finds it, uses it. And recent history shows bad actors are still finding it: in October 2024, the Wall Street Journal[3] reveals Operation Salt Typhoon. A group affiliated with the Chinese state has penetrated the networks of major American telecoms. The front door? Legal interception devices imposed by the CALEA law. These same “legal access” designed for judicial investigations and domestic intelligence. Beijing was thus able to access the metadata of more than a million users, wiretapping of leading political figures, and the list of targets that American services were monitoring on Chinese soil. Former national security adviser Jamil Jaffer called it a “counterintelligence failure of the highest order.”
The lesson is simple, and it applies to Paris as well as to Brussels. Creating a back door amounts to inviting French justice, Chinese services, and organized mafia groups to enter. Criminal organizations with resources and great agility will easily migrate to other channels (marginal signal-like applications, in-house protocols, dedicated terminals). Those who will remain exposed are precisely those that these systems claim to protect: strategic companies, hospitals, communities, administrations, journalists, lawyers, and whistleblowers.
For Europe, same ambivalence, same risks
The CSAR (Chat Control) regulation, a European messaging surveillance project, has had a chaotic journey with the cancellation of the Council vote on October 14, 2025 after firm opposition from Germany. Its version 2.0, proposing an unprecedented step forward for the confidentiality of communications, is now aiming for an agreement for July 2026 with the ambition of imposing voluntary scanning upstream of encrypted messages. Encryption survives in text, anonymity less so.
France, until now rather favorable to this controversial text, must now listen to the many voices who are concerned about the consequences of the adoption of this text for cybersecurity. Strict supervision of the application of this regulation should make it possible to protect public freedoms and European digital sovereignty.
Remember that end-to-end encryption remains to this day the only technology to ensure the confidentiality of communications and to guarantee two of the fundamental rights of the European Union: respect for private life (article 7) and the protection of personal data (article 8).
With Chat Control, Europe is contradicting itself to the extent that the NIS 2 directive explicitly recommends end-to-end encryption for sensitive communications from essential and critical entities.
Encryption is not the enemy of the state, it is its infrastructure
In a world marked by hybrid wars, influence operations, industrial cyber espionage and the industrialization of cyberattacks, end-to-end encryption is no longer a luxury for defenders of freedoms. It is a rampart of sovereignty. Breaking it is like turning a cure into a vulnerability.
By maintaining article 16 bis of the Resilience bill, France will accelerate the transposition of NIS 2 and assume a cybersecurity policy consistent with its own digital sovereignty ambitions.
[1] Communication from the parliamentary intelligence delegation – Senate
[2] Bill, adopted by the Senate, after initiation of the accelerated procedure, relating to the resilience of critical infrastructures and the strengthening of cybersecurity, No. 1112filed on Thursday March 13, 2025.
[3] US Officials Race to Understand Severity of China’s Salt Typhoon Hacks – link
