Chat control 1.0 was approved. EPA/OLIVIER MATTHYS

EU bubble Free speech

European Parliament approves ‘mini-chat control’

4 minutes read

A motion to reject the extension failed to achieve the absolute majority needed in the second-reading procedure.

The European Parliament has voted to extend a temporary exception from EU privacy rules that permits online platforms to voluntarily scan for known child sexual abuse material (CSAM). The measure, often referred to in public debate as part of the broader “Chat Control” discussion, will now run until April 3, 2028.

The decision concerns the so-called ePrivacy derogation (sometimes labelled Chat Control 1.0), originally introduced in 2021 as Regulation (EU) 2021/1232.

It allows, but does not require, messaging services and platforms to scan communications for already-identified CSAM, primarily images and videos.

According to Patrick Breyer, a former MEP for the Pirate Party, US tech companies are once again allowed to scan private messages without a warrant or prior suspicion. This affects direct messages on platforms like Instagram, Discord, Snapchat and Xbox, as well as emails via Google’s Gmail and Apple’s iCloud.

A motion to reject the extension failed to achieve the absolute majority needed in the second-reading procedure.

It is worth noting that this vote relates only to the temporary, voluntary framework. It does not mandate scanning, does not require the breaking of end-to-end encryption, and does not give governments direct access to private messages.

True end-to-end encrypted services have not been subject to routine content scanning under these interim rules. Breyer said an exemption for encrypted communications had been adopted, though he called it symbolic because providers do not scan such traffic in any case.

The more controversial permanent Chat Control proposal pushed by Brussels (the full Child Sexual Abuse Regulation), which could impose broader obligations and has raised significant concerns about encryption and mass surveillance, continues to be negotiated separately in trilogues and has not (yet) been adopted.

The European Parliament has repeatedly emphasised the need for targeted, proportionate measures.

The extension comes after the previous temporary rules lapsed on April 3, 2026, once MEPs rejected an extension on March 26 by 311 votes to 228, with 92 abstentions, and follows controversial procedural manoeuvres that brought the issue back to the plenary on an urgent basis before the summer recess.

Digital rights groups have criticised the process, arguing it limited full debate on long-term implications.

Critics, including some MEPs and digital rights groups, argue the move undermines democratic scrutiny and raises concerns over privacy and encrypted communications.

They say the derogation, despite being more limited than Chat Control 2.0, suspends a fundamental right nonetheless.

Breyer said: “The fact that Chat Control is moving forward against the will of the majority of voting MEPs is a farce and damages democracy.”

“Our children are the real losers in this undemocratic process. The passage of a genuine, permanent child protection regulation is now in serious jeopardy. The Council will never agree to a desperately needed paradigm shift as long as they can simply stick to the old approach of suspicionless scanning at the whim of the tech industry.”

Breyer said at heart, this legislation has a mass surveillance approach.

“Trying to protect children with suspicionless mass surveillance is like frantically mopping the floor while the faucet is still running. Blanket chat control is just as unacceptable as indiscriminately opening everyone’s physical mail.

“For five years, this failed system has served as a smokescreen to delay real action, all while overwhelming the police with false alarms. We need more child protection, not less—but we need effective protection, not the illusion of security.”

He also added a few striking statistics.

According to European Commission figures cited by Breyer, mass scanning of private chats made up just 36 per cent of abuse reports in 2024, with most coming from public posts and cloud storage. The German Federal Criminal Police Office (BKA) found that 48 per cent of alerts are not criminally relevant, while 40 per cent of resulting investigations target minors themselves.

Moreover, 99 per cent of Meta’s reports under chat control involve previously known material, doing little to address active abuse.

The European Commission itself admits there is no evidence that suspicionless scanning of private messages has increased convictions or rescued more children.

Breyer stresses that the most effective law enforcement tools, court-ordered wiretaps, user reports, and the scanning of public platforms and cloud storage, were never at risk and remain fully intact.

Key Topics

More like this

EU bubble

German Child Protection Association comes out against EU digital chat control

By Carl Deconinck

EU bubble

Germany’s Christian Democrats say ‘Nein’ to chat control

By Carl Deconinck

EU bubble

EU’s ‘chat control’ vote scrapped amid continuing opposition

By Carl Deconinck

EU bubble

EU Chat Control law is a step towards mass surveillance

By Rafael Pinto Borges