Over 200 experts have called on the Swedish Parliament to reject a proposed law that would force the likes of Signal, WhatsApp, and email service providers to create an encryption backdoor in their software.

The draft bill seeks to introduce new obligations on data retention and access to electronic information for law enforcement while "ensuring respect for fundamental rights and freedoms."

Yet, the coalition, made up of some of the best VPN and secure email service providers, cryptographers, and digital rights advocates, warns that the new rules "would greatly undermine the security and privacy of Swedish citizens" instead.

The security risk of weakening encryption

As experts pointed out in a joint open letter published on April 8, 2025, "the legislation presents a dangerous approach which would instead create vulnerabilities that criminals and other malicious actors could readily exploit."

Encryption refers to the scrambling of data, making it unreadable and preventing third-party access. Specifically, end-to-end encryption (E2E) is the technical infrastructure that encrypted messaging apps use to keep your messages private between you and the receiver, end to end.

The proposed Swedish legislation seeks to make it easier for law enforcement to fight crime by forcing companies to store and provide access to people's private communication upon request.

However, experts have long argued that this isn't possible without creating a backdoor that fundamentally breaks the security infrastructure upon which encryption is built.

It's like building "a master key that unlocks every door in a building," noted the coalition, adding that "compromising encryption would leave Sweden’s citizens and institutions less safe than before."

The Swedish Armed Forces also echoed such security concerns, arguing that the proposed new requirements for E2E services "cannot be fulfilled without introducing vulnerabilities and backdoors that third parties can exploit."

In February, the Swedish Army even endorsed the use of Signal among its employees to make it more difficult for non-classified calls and messages to be intercepted.

Outside Sweden, recent events like the Salt Typhoon attack on all the major US telecoms have also sparked a pledge for all citizens to switch to encrypted services.

Ironically, though, Signal President Meredith Whittaker already said the company would rather leave Sweden than undermine its encryption protections.

If the bill passes, the new rules could be enforced as early as March 2026.

Experts are now calling on the Swedish Parliament to reject the law and prioritize policies that strengthen rather than weaken cybersecurity. They wrote: "Sweden's security, prosperity, and freedom depend on it."

Not only Sweden

Sweden isn't the only EU member striving to make people's data more easily accessible to authorities during investigations.

After over three years of trying to pass a law to scan all citizens' messages in the hunt for child sexual abuse material (CSAM) – what's known as Chat Control by its critics – the EU Commission just published a new strategy on encryption backdoors and lawful data access.

Outside the EU, Apple is currently facing the UK in court over the request to make iCloud's encrypted data accessible at all times by law enforcement.

Once believed to be a privacy paradise, even Switzerland now wants to amend its surveillance law to add new types of monitoring and information collection. A change that would widen the authorities' reach to no-log VPNs and other secure messaging providers.