What Happened to EU Parliament's "Chat Control" Proposal (Child Sexual Abuse Regulation - CSAR)?

The EU Parliament's "Chat Control" Proposal, formally titled the Regulation to Prevent and Combat Child Sexual Abuse (CSAR), was initially proposed by the European Commission in May 2022. Its stated goal is to establish a framework for the mandatory detection, reporting, and removal of child sexual abuse material (CSAM) across online communication services. A key controversial aspect of the proposal has been the potential requirement for 'client-side scanning,' where messages would be analyzed on a user's device before encryption, effectively bypassing end-to-end encryption and raising significant privacy concerns.

Opposition to the proposal has been widespread, coming from digital rights organizations, privacy advocates, tech companies, and even some EU member states, who argue that it poses unprecedented risks to privacy, encryption, and cybersecurity. Critics, including former MEP Patrick Breyer, have labeled it as mass surveillance, arguing that it could lead to high error rates and the exposure of innocent communications. The European Parliament's Civil Liberties Committee (LIBE) and the Parliament itself have consistently pushed for stronger protections for end-to-end encryption and a more targeted approach to detection.

Key turning points include the European Parliament's first-reading position in November 2023, which aimed to narrow the scope for detection orders and safeguard end-to-end encryption. In contrast, the Council of the EU struggled to reach a consensus, with negotiations stalling in 2024. However, in November 2025, the Council finally adopted a position that removed mandatory detection orders but still allowed for 'voluntary' scanning by platforms and included a review clause for the Commission to assess the necessity of detection obligations within three years. This Council position also introduced concerns about mandatory age verification, which critics argue could undermine anonymous communication.

As of early 2026, trilogue negotiations between the European Parliament, the Council, and the Commission commenced to reconcile their differing positions on the permanent CSAR. Simultaneously, the temporary 'Chat Control 1.0' derogation, which allowed voluntary scanning and was set to expire in April 2026, became a focal point. On March 11, 2026, the European Parliament voted to extend this temporary measure until August 2027, but with crucial amendments, including limiting scanning to targeted individuals/groups with judicial authorization and explicitly excluding end-to-end encrypted communications. However, trilogue negotiations on this interim extension failed on March 16, 2026, due to a lack of agreement between Parliament and Council.

Most recently, on March 26, 2026, the European Parliament held another vote on the extension of voluntary chat monitoring. A majority of MEPs rejected the extension of the voluntary control without stricter conditions, meaning the transitional regulation will now expire on April 4, 2026. This creates a legal vacuum for voluntary CSAM detection by platforms. Despite this, trilogue negotiations for the permanent CSAR (Chat Control 2.0) are continuing, with further rounds scheduled for May and June 2026, and a potential final adoption expected in July 2026. The battle over balancing child protection with fundamental rights, particularly the integrity of encrypted communications, remains a central and unresolved issue.