No, not any random law. To the extent the relevant law-making is within EU's competence (ie excluding certain areas like national security and similar), the general framework for rules on the processing of personal data has been laid down by the GDPR (and for law enforcement related stuff, a similar Directive[1]), in particular, considerably restricting, limiting and in part downright precluding national law-making within that legislative and policy area, including eg the legal bases available for in-scope processing activities (Art 6 GDPR, also Art 9 for certain sensitive data categories).

Anyway, as far as human/fundamental rights go, the encryption and related issues in Chat Control tend to fall more on the Article 7 side of the Charter[2] like many similar questions related to different forms of (mass) surveillance, secrecy / confidentiality of (electronic) communications, including related national regimes with often diverse jurisdiction-specific histories, etc.

[1] The main difference between a Directive and a Regulation under EU law is that a Directive requires implementation on the national level to work properly (ie national legislation, usually with some room for discretion and details here and there), while a Regulation is directly binding and effective law in member states wholly in itself.

[2] And similar/corresponding language in the European Convention on Human Rights (ECHR), including the related case law of the European Court of Human Rights (ECtHR). While these are not EU institutions, European human rights law is recognized and applied as constitutional / fundamental rights-level law both by the EU and member state courts.