In a nutshell: The European Parliament has spent the past several years grappling with whether to allow or compel platform holders to scan everyone’s messages for Child Sexual Abuse Material (CSAM). A voluntary version of the law was in force from 2021 until April 2026 and was revived this week.
Europe’s Parliament voted on Thursday to reinstate legislation that allows companies such as Google, Meta, and other digital communication providers to voluntarily scan messages, emails, photos, and other files for illegal content. Supporters and opponents have long argued over whether to make the practice mandatory.
The current law, introduced in 2021 and nicknamed Chat Control 1.0, enables email providers, social media platforms, and cloud services to check online communications for CSAM voluntarily. However, end-to-end-encrypted messaging services such as Signal and WhatsApp are exempt.

According to Patrick Breyer, a blogger and European MP who opposes the measure, Chat Control 1.0 expired in April after Parliament voted down its extension by a single vote. A July vote restored the law until 2028 even though 314 MPs voted against it, 276 voted in favor, and 17 abstained. Killing Chat Control would have required an outright majority of 361 votes.
Many supporting MPs consider the status quo a stepping stone to a more stringent version, unofficially dubbed Chat Control 2.0, which would require platform holders to scan all client-side communications, even those with end-to-end encryption. After encrypted email provider Tuta argued late last year that the measure would defeat the point of end-to-end encryption, Germany signaled its intention to oppose the legislation, tipping the scales against it. The Danish presidency of the Council of the EU also withdrew support soon after, but the topic remains a hot issue in the European Parliament.

Breyer, like most opponents, argues that Chat Control amounts to warrantless mass surveillance, mostly from US tech giants, and doesn’t effectively protect children. The MP warns that the strategy grants Meta excessive power over European citizens’ privacy, drowns authorities in junk data, and can sometimes needlessly criminalize minors. Furthermore, some companies use AI-based methods to scan messages, which can produce false positives.
Chat Control supporters claim that reports from automated scans have already saved children, but Breyer argues that existing methods, such as targeted scanning after obtaining a warrant and user-based reporting, are more effective.
The United Kingdom has also encountered resistance while attempting to pass similar legislation. The country dropped efforts to force Apple to build a backdoor into iCloud encryption, and Signal accused the UK of using children as an excuse to conduct mass surveillance.

