Encrypted messaging is a service enabling messages to be exchanged confidentially using encryption algorithms. Only the sender and recipient can read the message, which is encrypted before it is sent and decrypted with a key after it is received.
In principle, even the service provider cannot access the content of the messages, as it does not possess the necessary keys.
The regulation of encrypted messaging aims to balance privacy, data security and the needs of the authorities. No single text governs it: it is based on a range of laws such as the RGPD, the ePrivacy directive, the Postal Code, or the law on cybersecurity (NIS2).
The use of these messaging systems by criminals raises questions about access to encrypted content, which have often been debated, particularly during recent legislative discussions on combating drug trafficking.
| THE CHALLENGES | CLARIFICATION |
|---|---|
| Encryption security | This model depends entirely on key management. If it is strictly adhered to, the service provider has no way of accessing the content of the messages. However, in many cases, the encryption keys are created, managed and even stored by the provider's servers, even if only temporarily. In these situations, the provider can technically access the messages. End-to-end encryption is therefore only truly protective if key management is strictly local, on the users' devices, and if no copy of these keys is accessible to the provider. |
| The question of backdoors | This is a mechanism that is deliberately integrated into a computer system, enabling a specific authority or actor to access it, even if the system is encrypted or protected. This mechanism is highly controversial from the point of view of the protection of fundamental rights, in particular the right to privacy. In 2024, the European Court of Human Rights underlined the illegality of systematic backdoors. |
| National security VS Right to privacy | Encrypted messaging illustrates the persistent tension between the imperatives of national security and respect for privacy. While it guarantees the confidentiality of communications for citizens, it considerably complicates access to evidence as part of cybercrime investigations, particularly into drug trafficking or child pornography. |
"The use of encrypted messaging raises another issue: that of trust. Whether it's the publisher, the host or the authorities, there will always be someone likely to interfere with your encrypted communications. The question is therefore to know who you are trusting, and for what types of exchanges. Where is the data stored? Who designs the messaging system, and how secure is it? Who manages the infrastructure, the encryption keys and the messaging terminals? Not all messaging uses present the same security challenges. As a result, hybrid approaches may be appropriate: practical solutions for ordinary use, sovereign or enhanced tools for the most sensitive exchanges.
Article 8 ter of the anti-narcotics bill provided for the imposition of an obligation on providers of encrypted messaging services to make the content exchanged accessible in the event of an investigation, including by technical means.
It aroused strong opposition from the digital industry, which saw it as a direct threat to the right to privacy. Finally judged to be disproportionate and technically unrealistic, the article was withdrawn before the law was promulgated on 13 June 2025.