No, the European Commission is not compelling online service providers to monitor communications. Well, not yet.
I've seen a few comments saying words to the effect of "an amendment to the European directive on ePrivacy will require online service providers to monitor their users' communications".
This is wrong.
It is a derogation, not a mandate
The text in question is a derogation from the ePrivacy directive, which, in limited and specific circumstances permits providers of some online services to use:
specific technologies for the processing of personal and other data to the extent strictly necessary to detect online child sexual abuse on their services and report it and to remove online child sexual abuse material from their services.
This law does not compel a provider to undertake any monitoring. Instead, with one hand, it permits providers to undertake monitoring which some say would otherwise be prohibited, while, with the other hand, imposing strict conditions and limitations that monitoring.
It is not a free pass from data protection law
The derogation relates only to the obligations/restrictions under the ePrivacy directive. It does not provide a derogation from the GDPR.
It is compulsory (Article 3(1)(c)) for a provider to have carried out a data protection impact assessment and gone through a prior consultation with the relevant national data protection regulator.
If a provider wishes to use "new technology" — something that no other relevant provider has used before — they have to provide additional information to the national data protection regulator, over and above the requirements of the GDPR. (Article 3(1)(d))
The remainder of Article 3 contains further limitations and restrictions.
But it could be a path to more monitoring
Even though this measure does not amount to a mandate, it is a recognition that confidentiality of communications has limits, and that, in some circumstances — importantly, perhaps, including circumstances which do not result from a legal mandate — providers can inspect their users' communications.
If, when, and how providers do this is a controversial point. Some will argue that it is a platform's responsibility to do this. Others will argue that the platform's responsibility is to design its services in a way to eliminate the ability for this kind of surveillance and that, if a platform can do it, so can others.
So, while recognising that this amendment is not a requirement for anyone to do anything, an assertion that it is a step towards that is a reasonable conclusion to draw.
It is not relevant to the UK ... yet?
Not unless the UK government chooses to implement it, and that would require Parliamentary time.
Providers subject to the law of England, or other parts of the UK, would need to ensure any such scanning was consistent with the data protection and ePrivacy laws as they apply here, as well as the general prohibition on interception under the Investigatory Powers Act 2016.
It is unlikely that these pose insurmountable obstacles, but the devil will be in the detail of the provider's proposal, and will need careful scrutiny.