[Messaging Layer Security](https://messaginglayersecurity.rocks/) (MLS) is an [IETF](https://datatracker.ietf.org/wg/mls/about/) [standard](https://www.rfc-editor.org/rfc/rfc9420.html) for end-to-end encryption (E2EE) which supports larger groups and multiple devices better than the sender keys protocol used in Signal ([WG github](https://github.com/mlswg/), [previously](https://www.reddit.com/r/crypto/comments/8o2g3y/google_inria_mozilla_mit_twitter_and_wire_are/), [wiki](https://en.wikipedia.org/wiki/Messaging_Layer_Security)). Wire was quite involved in the WG.
The RCS standard has [added optional support for MLS](https://www.ietf.org/blog/rcs-adopts-mls/) too, or maybe some variant of MLS, but RCS seems rife with downgrade attacks, even to unecrypted SMSes.
Matrix has a [tracker](https://arewemlsyet.com/) for [their MLS effort](https://matrix.org/blog/2023/07/a-giant-leap-with-mls/), but MLS was not initially designed to be federation friendly, so altering MLS for the federation required by Matrix could require more time. Matrix should've some risks for downgrade attacks on new rooms too, due to their focus upn bridging to other messangers, and support for unencrypted rooms, but seemingly much less serious than RCS. Afaik rooms should not be downgradable once created in Matrix, although not sure if the protocol enforces this.