EU 'Chat Control' snoopfest returns after vote to kill it falls short
Security
Opponents won the count but missed the 360-seat threshold needed to stop the interim CSAM-scanning rule
An effort by European parliamentarians to block the reintroduction of an interim rule allowing tech companies to scan chats for evidence of child sexual abuse failed today, despite securing more votes than the MEPs who want to keep it alive.
Commonly referred to by critics as Chat Control, or Chat Control 1.0, the interim rule acts as a derogation from the ePrivacy Directive, allowing online communications platforms to voluntarily detect, report, and remove child sexual abuse material (CSAM).
Chat Control expired on April 3, 2026, after first being introduced in August 2021. Today, however, MEPs did not reach the required threshold to prevent it from moving toward reintroduction.
Although 314 politicians voted to scrap Chat Control, while 276 voted to keep it, the vote required 360 MEPs to reject the Council of the European Union's position. As a result, the attempt to abolish the interim rule failed, despite more voting MEPs opposing it than supporting it.
A separate, but related vote, which sought to limit scanning to accounts belonging only to individuals identified by the judiciary, also failed to reach the necessary majority, effectively permitting the scanning of all accounts without a warrant.
MEPs did manage to secure a majority for excluding end-to-end encrypted (E2EE) platforms from Chat Control's scanning provisions, although the practical effect of that change may be limited, since providers should not be able to inspect message contents in transit.
What's left is essentially the same legislation as introduced in 2021 – Chat Control 1.0, but without legal permission to scan E2EE messages.
The European Parliament's amended position will now be sent back to the Council of the European Union, which has three months to approve or reject the legislation.
Chat Control could be reintroduced in the EU in that time frame. If the Council cannot accept all the amendments, a conciliation committee will be convened to reach a resolution.
If approved, it will be valid until 2028, or until a permanent solution is passed.
One of the movement's more outspoken campaigners, former MEP Patrick Breyer, called Chat Control a vehicle for "suspicionless mass surveillance," and said it serves as a smokescreen to delay real action against the spread of CSAM online.
"The fact that Chat Control is moving forward against the will of the majority of voting MEPs is a farce and damages democracy," he said. "Our children are the real losers in this undemocratic process. The passage of a genuine, permanent child protection regulation is now in serious jeopardy. The Council will never agree to a desperately needed paradigm shift as long as they can simply stick to the old approach of suspicionless scanning at the whim of the tech industry."
At the heart of the Chat Control debate is the long-running conflict between the public's right to privacy and law enforcement's need to access evidence that could help prosecute those who create, possess, or distribute CSAM.
Chat Control 1.0 is the interim measure the EU introduced to give tech companies legal permission to voluntarily scan user chats for signs of child sexual abuse. Tech companies are not required to scan messages, but may do so if they wish.
It was introduced under the assumption that the Child Sexual Abuse Regulation (CSAR), aka Chat Control 2.0, would not take so long to pass.
The CSAR is intended as the EU's permanent framework for detecting and tackling online child sexual abuse. Unlike the interim measure, it would create lasting obligations for platforms to assess and mitigate the risk of their services being used to spread CSAM or facilitate grooming.
The Council wants laws that preserve E2EE while allowing client-side scanning for harmful material. Many say those two goals cannot coexist. Client-side scanning remains highly controversial. While technically feasible, client-side scanning breaks the principle of fully encrypted communications without exposing message contents in transit.
Those on the other side of the argument, such as lawmakers and law enforcement officials, argue it is the best balance on offer: preserving user privacy by keeping analysis on the device while allowing authorities to protect children from serious online harms.
Privacy campaigners, however, say the same technology could be repurposed by governments as a mass surveillance tool.
Signal has previously said that the same scanning mechanisms could theoretically be used to block certain communications, such as negative expressions related to the state.
Chat Control 2.0, or the CSAR, is still being discussed in trilogue negotiations between the European Parliament, the Council, and member states. Five rounds of negotiations, including what was supposed to be the final round on June 29, have passed without agreement on the legislation's shape. ®
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Wow
0
Sad
0
Angry
0
Comments (0)