What Happened to "Chat Control": EU Parliament Stops Mass Surveillance?
The European Parliament recently voted against extending a temporary derogation, often dubbed "Chat Control 1.0," that allowed tech companies to voluntarily scan private messages for child sexual abuse material (CSAM). This decision, effective April 4, 2026, halts indiscriminate mass scanning of private communications in the EU. Meanwhile, negotiations continue on a more comprehensive and permanent "Chat Control 2.0" regulation, with the Parliament advocating for targeted measures that uphold privacy and encryption.
Quick Answer
On March 26, 2026, the European Parliament voted to reject the extension of a temporary measure, known as "Chat Control 1.0," which permitted tech companies to voluntarily scan private messages for child sexual abuse material (CSAM). As a result, from April 4, 2026, indiscriminate mass scanning of private communications by platforms like Meta, Google, and Microsoft will become illegal in the EU. While this marks a significant win for digital privacy, trilogue negotiations are still ongoing for a permanent Child Sexual Abuse Regulation (CSAR), or "Chat Control 2.0," which aims to establish long-term rules for combating online child abuse.
📊Key Facts
📅Complete Timeline12 events
EU Adopts Temporary Derogation ('Chat Control 1.0')
The EU adopted a temporary derogation from the ePrivacy Directive, allowing online service providers to voluntarily scan private communications for child sexual abuse material (CSAM).
European Commission Proposes Permanent CSAR ('Chat Control 2.0')
The European Commission adopted a proposal for a permanent Regulation to Prevent and Combat Child Sexual Abuse (CSAR), which would introduce mandatory detection, reporting, and removal obligations for online service providers.
European Parliament LIBE Committee Amends Proposal
The European Parliament's Civil Liberties Committee (LIBE) debated and amended the CSAR proposal, introducing explicit protections for end-to-end encryption and mandatory auditing of detection tools.
European Parliament Adopts First-Reading Position
The European Parliament adopted its first-reading position on the CSAR, narrowing the scope for detection orders and reinforcing protections for end-to-end encryption.
Council of the EU Agrees Negotiating Position on CSAR
After years of negotiations, the Council of the European Union reached a common negotiating position on the permanent CSAR, removing mandatory scanning requirements but extending voluntary scanning and focusing on risk assessment.
Trilogue Negotiations for Permanent CSAR Begin
Trilogue negotiations, involving the European Commission, European Parliament, and Council, officially began to reconcile their positions on the permanent Child Sexual Abuse Regulation.
Commission Proposes Extension of Interim Regulation
The European Commission proposed extending the temporary derogation (Chat Control 1.0) until April 3, 2028, to avoid a legislative gap while the permanent CSAR was still under negotiation.
European Parliament Votes to Limit Interim Extension
The European Parliament voted to support extending the temporary derogation until August 2027, but with strict conditions, including that measures must be proportional, targeted, and not apply to end-to-end encrypted communications.
Trilogue Negotiations on Interim Extension Collapse
Trilogue negotiations between the European Parliament and the Council on extending the temporary derogation (Chat Control 1.0) failed to reach an agreement, leading to its impending expiration.
European Parliament Rejects Extension of Temporary Derogation
In a pivotal vote, the European Parliament rejected the proposal to extend the temporary derogation (Chat Control 1.0), with 311 MEPs voting against it. This decision effectively ends the legal basis for voluntary mass scanning of private messages.
Temporary Derogation ('Chat Control 1.0') Expires
The temporary derogation allowing voluntary mass scanning of private messages for CSAM expires, making such indiscriminate scanning illegal in the EU from this date forward.
Trilogue Negotiations for Permanent CSAR Continue
As of today, trilogue negotiations between the European Commission, Parliament, and Council for the permanent Child Sexual Abuse Regulation (CSAR, or "Chat Control 2.0") are still ongoing, aiming to establish a long-term framework for combating online child abuse.
🔍Deep Dive Analysis
The concept of "Chat Control" in the European Union refers to a series of legislative proposals aimed at combating child sexual abuse material (CSAM) online. The debate has largely revolved around balancing the critical need for child protection with fundamental rights to privacy and the security of encrypted communications. The initial phase, often called "Chat Control 1.0," was a temporary derogation from the ePrivacy Directive, adopted in July 2020, which allowed online service providers to voluntarily scan private communications for CSAM.
In May 2022, the European Commission introduced a more ambitious and permanent proposal, the Regulation to Prevent and Combat Child Sexual Abuse (CSAR), quickly dubbed "Chat Control 2.0." This proposal initially sought to impose mandatory detection obligations on service providers, potentially including client-side scanning that would analyze content on a user's device before encryption. This aspect drew widespread criticism from privacy advocates, cybersecurity experts, and even the European Data Protection Supervisor, who warned of an "existential catastrophic risk" to end-to-end encryption and the creation of a mass surveillance infrastructure.
Throughout 2023 and 2024, the European Parliament consistently adopted a position that prioritized fundamental rights, advocating for targeted measures based on judicial warrants rather than indiscriminate mass scanning. In November 2025, the Council of the EU (representing member states) finally agreed on its negotiating position for the permanent CSAR. While this position removed the explicit requirement for mandatory scanning of encrypted messages, it still allowed for "voluntary" detection on non-encrypted services and emphasized risk assessment and mitigation.
As the temporary "Chat Control 1.0" was set to expire on April 3, 2026, the European Commission proposed an extension until April 2028 to bridge the gap until the permanent CSAR could be finalized. However, trilogue negotiations between the Commission, Parliament, and Council on this extension collapsed in mid-March 2026, with the Parliament's lead negotiator criticizing the Council's "lack of flexibility."
The decisive moment came on March 26, 2026, when the European Parliament voted against extending the temporary derogation. With 311 MEPs voting against, 228 in favor, and 92 abstentions, the Parliament effectively ensured that the voluntary mass scanning of private messages would become illegal in the EU from April 4, 2026. This outcome was hailed by digital rights activists as a victory against mass surveillance, arguing it clears the way for more effective, targeted child protection. Conversely, some tech companies and child protection groups expressed concerns about a "legal vacuum" and a potential reduction in CSAM detection efforts.
As of March 27, 2026, the immediate consequence is the cessation of indiscriminate scanning of private messages by tech platforms in the EU. However, the broader fight continues, as trilogue negotiations for the permanent "Chat Control 2.0" regulation are still underway. The Parliament remains committed to a framework that protects children without undermining fundamental rights and end-to-end encryption, while the Council's position allows for voluntary scanning on non-encrypted services and focuses on risk-based obligations for platforms.
What If...?
Explore alternate histories. What if "Chat Control": EU Parliament Stops Mass Surveillance made different choices?