Imagine: the year is 1914. Somewhere on the Western Front, a small pigeon is released with a message tied to its leg. It doesn’t know why. It doesn’t know for whom. It simply flies β reliable, unseen, tireless β and delivers the message.
For centuries, the pigeon was the gold standard of secure communication. No wires to tap. No central server to hack. Decentralised by nature. And surprisingly hard to intercept.
We thought of that pigeon when we saw the logo of BSC β Belgian Secure Communications. Golden circle. Belgian colours. And inside: a large white bird with wings spread wide. Immediately, a discussion broke out in our BeLibre chat. “Is that an eagle? We’re not Americans, are we?” Someone suggested: “a falcon perhaps?” And then, after a brief silence: “Looks like a pigeon. Communication bird. Makes sense.”
We still haven’t settled whether the bird in the logo is actually a pigeon. But the metaphor holds either way.
Beam: not a secret, but not advertised either
On 18 March 2026, an article appears on Computable.be: the Belgian government is launching its own secure messaging app for civil servants. It’s called Beam and serves as a replacement for WhatsApp. It’s designed for defence, police and government services. Developed by Belgian Secure Communications (BSC), a fairly recent government body under the Ministry of Justice.
The article describes Beam as a “semi-internally developed application”. And with that, the tone is set: mysterious, closed, homemade.
But is it really?
The detective method: browser devtools and a hunch
Emma opens the web version of Beam, launches the browser devtools and immediately recognises what they see: the network requests unmistakably betray the fingerprint of Element and Synapse, the two most widely used open source building blocks of the Matrix ecosystem. A brief detour via the version endpoint confirms their suspicion. (Want to know the details? Read on at the end of this article in the “nerds section”.)
Beam is a rebrand of Element, the most popular client for the Matrix protocol. Not a secret, but not explicitly mentioned on the official website either. Unfortunately, they also removed the “Powered by Matrix” link at the bottom of the login page.
Matrix: the open standard that’s quietly winning
Matrix is an open, decentralised communication protocol. Messages are not stored on a single central server somewhere in Silicon Valley, but distributed across a federation of homeservers β comparable to how email works, but with end-to-end encryption.
It has existed since 2014, yet it never reached the mainstream. Discord won the market. WhatsApp won the families. But Matrix has been quietly winning over governments: the French government runs on Tchap (a Matrix fork), the Bundeswehr uses it, NATO has its own Element client, and now so does the Belgian civil service.
Matrix is the pigeon of the digital world: not the fastest, not the prettiest, but utterly reliable. And they’re not the hardest creatures to keep yourself: anyone can set up their own pigeon loft tailored to their own housing situation.
What BSC actually built: a fork of Synapse
Behind the Element client runs a homeserver. At Beam, it’s called beam.belgium.be, and it turns out there are not one but at least 15 separate Synapse instances behind it, presumably one per domain or service.
Synapse is the Matrix implementation on which Beam is based, developed by Element (the company behind Matrix). It is AGPLv3-licensed β meaning anyone who modifies it and offers it as a service must release the source code. And BSC duly did so: at the bottom of the copyright page of beam.belgium.be, there is a discreet link to their GitHub organisation: bsc-oss, under which the Beam Synapse repository is made available. No fanfare. No press release. Just a quiet obligation fulfilled. Exactly as it should be.
The version string of their homeserver reveals that it is a customised build: 1.147.1+pg2. BSC most likely uses the FOSS version of Synapse, supplemented by a proprietary module that is not released publicly, but which β judging by their other modifications β almost certainly carries the PG name. More on that in the technical section below.
Belgium is not alone: Europe’s silent Matrix army
While digging into the details of Beam, a question arises: how far along are other European governments? The answer is striking.
Matrix has been quietly advancing in government communications for years, without the major tech publications paying much attention. A sample of what is already running:
France led the way as early as 2017. The result is Tchap, rolled out across all ministries, running on 60 Matrix servers in a closed network. By 2025, Tchap counts nearly 300,000 active users per month. On 4 August 2025, Prime Minister Bayrou formally enshrined the use of Tchap by circular β as the secure messaging service to replace WhatsApp and Telegram in all ministries. Budget-wise it is remarkably efficient: in 2024, Tchap’s budget was β¬1.5 million β or β¬0.50 per active user. DINUM, the French Interministerial Digital Directorate, also became the first government in the world to join the Matrix.org Foundation as a Silver member.
Germany has perhaps embraced Matrix most systematically of all European countries. The Bundeswehr uses BwMessenger (more than 100,000 active users), there is a BundesMessenger for the broader public sector, and 2.5 million schoolchildren in North Rhine-Westphalia communicate via Matrix. ZenDiS (the Centre for Digital Sovereignty of Public Administration) runs Matrix as the backbone of OpenDesk, the sovereign workspace platform for the entire German government. The P20 programme for Germany’s 20 police forces has recommended Matrix as a uniform messaging protocol.
Poland went a step further: the Ministry of National Defence built Merkury 2.0 entirely in-house on the basis of Matrix open source code: not an off-the-shelf Element fork, but built from scratch.
NATO is experimenting with NI2CE (NATO Interoperable Instant Communication Environment), a self-hosted Matrix-based messenger. The architectural vision is remarkable: each nation hosts its own instance, and those instances federate into a sovereign network. The Bundeswehr can keep using BwMessenger, the French keep using Tchap, the Belgians keep using Beam β and they can still communicate with each other via the Matrix federation layer.
Alongside Germany and France, the US (US Navy, made public by senators Wyden and Schmitt), the UK, Ukraine, Sweden, Austria, Estonia and Luxembourg are all deploying Matrix-based systems. There are currently at least 16 governments using Matrix-based software for their communications β a figure that Element made public in January 2025. Because it is usually the most security-conscious parts of government that pioneer Matrix adoption, those deployments often cannot be cited publicly. By the end of 2025, Matrix was already tracking more than 25 countries β and the number keeps growing.
Belgium is therefore no pioneer, but it is not too late either. Beam fits into a pattern that has been growing for years, and to which the Belgian government is now actively contributing.
The knowledge is there now. Use it further.
This is the point where we at BeLibre would like to pause for a moment, because this goes beyond Beam alone.
By building Beam on these open source tools, BSC didn’t just save themselves a great deal of work. They also built something valuable: expertise in the Matrix protocol. A team of Belgian developers who know how Synapse works from the inside out. Adapting Synapse to strict government requirements takes more than copy and paste: you have to understand how the system works from within. And that knowledge now exists.
That infrastructure, spread across at least 15 servers, is running in production. That is no small thing. They are making use of Matrix’s extensive adaptability. That is no small thing either.
But that knowledge is currently locked inside a single application, for a single audience: civil servants with a government email address.
So why stop there?
The Matrix protocol is not exclusive to defence or justice. It is an open standard β the same layer on which schools, municipalities, hospitals, parliaments and public broadcasters could all communicate. Without dependency on American cloud services. Without a subscription to a company that can unilaterally change its terms of service. Without data flowing through server farms outside Europe.
The knowledge built up at BSC is a strategic asset for the entire Belgian public sector. We therefore explicitly encourage the government services involved β BSC, BOSA, and the Flemish, Walloon and Brussels authorities β to deploy that expertise not only for internal defence use, but also to explore how Matrix could be used more broadly: for communication between government services and citizens, for schools in need of a secure collaboration platform, for hospitals that need to discuss patient data securely, for local authorities looking to replace WhatsApp groups with something they control themselves.
The geopolitical context makes all of this more urgent than ever. The US decision in February 2025 to impose sanctions on the International Criminal Court in The Hague demonstrated that sovereign states can no longer assume that cloud-based IT services will remain reliable when the geopolitical winds shift. The EU runs on Microsoft: that’s a vulnerability, not a choice.
Where Computable briefly missed the mark
The Computable article claimed that Beam is “closed” and that it “structurally excludes” phishing through its closed architecture. That is only partially correct.
Federation is enabled. Beam runs 15 Synapse servers with active federation. The room directory has been manually disabled over federation, but that is a configuration choice, not an architectural constraint. Whether federation is actively used, or simply not disabled, remains unclear (and we did not investigate further). Most likely, the current federation configuration only allows connections between the 15 Beam deployments themselves, not with other instances or the broader Matrix network.
The access restriction via government email address is real and sensible β but that is an access control, not the same as a closed system.
Matrix for everyone: including you
BSC has chosen open standards and free software. Not a proprietary platform from an American tech giant with all the associated legal risks. Not vendor lock-in. They build on Matrix, they use AGPLv3-licensed software, and they publish their modifications on GitHub. Three points for BSC!
And Matrix is not just for governments.
- Creating an account is possible on servers such as
matrix.org,tchncs.deor one of dozens of other public servers. - Setting up your own group is barely more difficult than creating a WhatsApp group, and can easily replace one.
- Running your own server is technically feasible for a school, municipality or non-profit with its own server. You do need some technical knowledge, but less than you might think, and it is well documented. This gives you full control over your data.
- Using Element as a client works on desktop, mobile and in the browser (or one of the other clients, such as FluffyChat on your phone), and is fully compatible with the Beam infrastructure (though BSC will probably not let you onto their servers).
The Belgian government has quietly sent a signal: open standards are good enough for defence and justice. If they are suitable for state secrets, they are certainly suitable for your school community, your neighbourhood association, or your club β even for your family and friends.
Finally: about that bird
We still don’t know for certain what it is on the BSC logo: eagle, falcon, or pigeon after all?
But let’s go with pigeon. Because the pigeon delivers the message: without a central server, without a subscription, and without a 47-page privacy policy.
Matrix does the same. And now so does the Belgian government.
For the nerds: technical analysis of the BSC Synapse fork
This section is for the technically curious reader. Not interested in the technical side? You can perfectly well stop here. What follows only explains how Emma found all of this and what the technical differences are.
For those who want to know exactly what BSC changed compared to upstream Synapse: a direct diff was made between the BSC public GitHub repo and the corresponding upstream version. Here are the most notable findings, from the most innocuous to the most significant.
π How Emma identified Beam
Beam’s login page spams requests to /_synapse/client/rendezvous β the endpoint Synapse uses for QR code login. After a page refresh, config.json from the Element Web client is fetched, including Element-specific icon paths.
The version endpoint at web.beam.belgium.be/version returns MS4wLjI= β base64 for 1.0.2. The same endpoint at app.element.io/version returns 1.12.12 in plaintext. Two different versions, but the same endpoint and the same format: the fingerprint doesn’t lie.
β±οΈ Rendezvous TTL: from 1 to 5 minutes
The QR code login (rendezvous) expires after 1 minute in standard Synapse. BSC extended that to 5 minutes. Probably pragmatic: civil servants with centrally managed devices sometimes need more time to complete the pairing procedure.
π Notification sound enabled by default
In the Rust code for push rules, SOUND_ACTION has been added to the default notification rule for messages. In plain terms: Beam plays a sound by default when new messages arrive, whereas upstream Synapse is silent. A small change with a large impact on daily use.
π Manhole fully and thoroughly removed
Synapse has a debug feature called “manhole” β essentially an interactive Python shell accessible via TCP that gives direct access to the internal state of the running process. Useful for developers, potentially catastrophic if accidentally left open in production.
BSC did not merely disable this β they actively blocked it: anyone who sets the manhole option in the configuration now receives a hard error on startup. The listener has been removed from the list of known listener types, from the config parser, from the worker config, and from the command-line arguments. Five separate places in the codebase β thorough work.
π Device names hidden from other users β a questionable choice
In Matrix, you can query other users’ end-to-end encryption keys via /keys/query, including the display name of their device (“Bob’s Laptop”, “Work iPhone”). BSC changed this: you can now only see the device names of your own devices, not those of others.
At first glance this sounds like a privacy measure. But in a security context it is actually a step backwards: visibility of device names is precisely how users can detect that an unknown or suspicious device has been added to their account. Hiding them makes it harder to recognise a compromise, since the data is reduced to short, randomly generated IDs (e.g. CNQATVTHNF). A debatable trade-off.
𧩠The PG Synapse module: the secret heart of Beam
This is the most architecturally significant change, and it encompasses several interrelated modifications.
BSC has added a new callback system to the Synapse module API: on_enrich_membership_content. When someone joins a room (or is invited, or removed), registered modules can supplement the content of that membership event β adding fields before the event is committed and federated.
To make this possible, BSC also had to circumvent Synapse’s event-freeze mechanism. Synapse “freezes” events after creation to prevent unintended mutations. BSC added an unfreeze() method to the event base class, and applies it in the check_event_allowed callback β so that events can still be mutated by the module.
This is not a trivial change. It breaks a deliberate immutability guarantee in Synapse, and has the side effect of changing the return semantics of check_event_allowed: whereas upstream would previously stop at the first rejection or replacement, BSC’s callbacks now iterate over all handlers and combine the results. This breaks compatibility with existing Synapse modules that relied on the original behaviour.
What does the module actually do? We don’t know for certain β the PG Synapse module is not public. But the architecture makes it clear: the module writes additional fields into membership events, presumably to inject user data from an external Belgian identity system. The comments in the modifications explicitly reference email addresses, incidentally.
β οΈ Email addresses in the sliding sync response
In the sliding sync code (the more modern sync API for Matrix clients), the email field from membership events is passed as part of the “hero” data β the user information returned to the client during room synchronisation.
If the PG Synapse module writes a user’s email address into the membership event (which the architecture strongly suggests), that email address could reach other clients in the same room via sliding sync. Whether this actually happens depends on what the module injects and what access controls are in place β but it is a data point that warrants further investigation.
π³ Custom PKI and a private module registry
The Dockerfile installs custom CA certificates (custom-cas) at multiple points in the build β indicating that BSC has its own internal certificate infrastructure. The PG Synapse module is fetched from a private GitLab package registry, with an access token (pg_access_token) temporarily copied into the container and then removed. That is a common approach, but it does mean the build pipeline is not fully reproducible from the public repo.
Finally: throughout the entire diff, modifications are neatly marked as # PG_CHANGED β including a sparse but faithful collection of trailing spaces.