EU Revives Warrantless Chat Scanning Despite Majority Opposition

European Parliament revived temporary Chat Control scanning rules on July 9 despite 314 MEPs voting against the extension versus 276 in favor. The absolute majority threshold of 361 blocked rejection, allowing warrantless CSAM checks to continue until 2028. Critics decry the undemocratic outcome and its impact on privacy.
EU Revives Warrantless Chat Scanning Despite Majority Opposition
Written by Juan Vasquez

BRUSSELS — European lawmakers just handed a win to proponents of mass message scanning. They did so even though more MEPs voted against the plan than for it. The numbers tell one story. The rules told another.

On July 9, 314 MEPs cast ballots to kill the temporary extension of so-called Chat Control 1.0. Only 276 backed keeping it alive. That should have ended the matter. But under the European Parliament’s absolute-majority requirement for this urgent procedure, 361 votes were needed to block revival. The rejection fell short. Scanning continues. The measure now runs until 2028.

Critics call the outcome a procedural farce. Former MEP Patrick Breyer didn’t mince words. “The fact that Chat Control is moving forward against the will of the majority of voting MEPs is a farce and damages democracy,” he told The Register. “Our children are the real losers in this undemocratic process.”

The interim rule first appeared in 2021. It created a derogation from the ePrivacy Directive. Platforms gained legal cover to voluntarily scan private communications for child sexual abuse material, or CSAM. No warrants. No specific suspicion. Tech firms didn’t have to scan. Many did anyway. The assumption was that a permanent framework, known as the Child Sexual Abuse Regulation or Chat Control 2.0, would replace it quickly. That never happened.

By April 3, 2026, the temporary measure had expired. Parliament had rejected an earlier extension. Yet governments and the center-right EPP group refused to let the issue die. On July 7 they forced a fast-track vote. It passed 331-303 with 11 abstentions, according to Heise Online. Pirate Party MEP Markéta Gregorová blasted the move. She called it a violation of the chamber’s own rules of procedure.

But the real drama hit two days later. The binding vote on July 9 exposed the split. A simple majority opposed continuation. The absolute threshold saved it. A separate proposal to restrict scanning to accounts already flagged by judicial authorities also failed. That left the door open for indiscriminate checks across all users.

One bright spot for privacy advocates emerged. MEPs approved language excluding end-to-end encrypted services from the scanning regime. Signal, WhatsApp and similar apps appear protected for now. Yet experts warn the practical impact remains limited. Providers cannot inspect message contents in transit anyway. And the broader precedent worries many.

Breyer, a longtime opponent, linked the vote to the fightchatcontrol.eu campaign. “Warrantless mass scanning of private messages continues until 2028,” the site stated after the tally. “The fight over the permanent Chat Control 2.0 resumes in September.” He added that the Council of the EU will likely cling to the old approach. Real progress on targeted child protection measures now looks doubtful.

The debate pits child safety against fundamental rights. Supporters point to the scale of online abuse. They argue voluntary tools help law enforcement act on real threats. Euronews reported the extension allows platforms to detect, report and remove CSAM material. Greens/EFA MEP Ignazio Marino pushed back hard. “Children are protected by smart enforcement, not by scanning the private messages of millions of innocent people,” he said. Marino labeled the entire effort “mass surveillance.”

But the risks go further. False positives plague current detection systems. Researchers have long flagged high error rates in both image and text analysis. One mistaken flag can expose innocent conversations. And once the infrastructure exists, governments could expand its use. Signal has publicly warned that client-side scanning technology could be repurposed to block other content. Political speech. Activism. Anything a future regime dislikes.

Germany once stood as a brake on the full Chat Control push. In late 2025, Berlin opposed mandatory elements after public pressure. That stance helped stall the permanent version. Yet the interim extension slipped through anyway. The EPP and several member states saw a procedural opening before the summer recess. They took it.

Trilogue negotiations on the permanent regulation remain deadlocked after five rounds. The last scheduled session on June 29 produced no breakthrough. Key sticking points include whether to mandate risk assessments that effectively require scanning, how to handle encryption, and what safeguards apply to user data. Without agreement, the temporary rules buy time. They also reduce urgency for a cleaner, more targeted alternative.

Tech companies sit in an awkward spot. Many already scan unencrypted services such as email or cloud storage. The derogation gives them legal certainty. Extending it avoids a regulatory cliff. Yet implementing client-side scanning on encrypted apps would demand deep changes to core architectures. It could erode user trust. Some firms have signaled they would resist or even exit markets rather than break encryption promises.

Privacy groups and digital rights organizations reacted swiftly. The outcome, they say, normalizes suspicionless monitoring. It sets a precedent other jurisdictions might copy. Authoritarian governments could cite EU practice to justify their own surveillance tools. And for European citizens, the message is clear. Your chats aren’t fully private. Not if a platform decides to look.

Parliament President Roberta Metsola faced criticism for backing the urgent procedure. Opponents argued it bypassed normal committee scrutiny and ignored earlier votes. The process, Breyer noted on fightchatcontrol.eu, jeopardizes the legitimacy of EU institutions. Children, he repeated, lose most of all. The focus on scanning distracts from better enforcement, funding for investigators, and cooperation with tech firms on specific leads.

What’s next? The amended Parliament position heads back to the Council. Member states have three months to accept or reject the changes. Full agreement seems unlikely. A conciliation committee would then try to hammer out differences. Meanwhile, the scanning regime stays in force. And talks on the permanent CSAR regulation pick up again after the summer break.

This isn’t the end of the story. It’s a reminder of how procedural rules can override apparent majorities. How child protection gets weaponized in privacy fights. And how once introduced, surveillance measures prove hard to kill. The numbers on July 9 showed clear opposition. The outcome showed something else entirely. Power, not popularity, decided the day.

Subscribe for Updates

CybersecurityUpdate Newsletter

The CybersecurityUpdate Email Newsletter is your essential source for the latest in cybersecurity news, threat intelligence, and risk management strategies. Perfect for IT security professionals and business leaders focused on protecting their organizations.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us