That's the neat part, it doesn't have to. The regulation comes from the EU, you don't comply you can't provide the service in the common market.

It's with the users permission, of course. There are no providers offering the service without it though, because is an EU rule. So users can choose not to agree to the pre-encryption scan, but then they can't use any messaging app.