Back Original

Chat Control 1.0 and 2.0 Explained

The temporary, voluntary scanning regime — adopted in 2021, rejected by Parliament in March 2026, expired in April 2026, and now the subject of an unprecedented revival attempt.

Jul 14, 2021

Temporary derogation adopted

Regulation (EU) 2021/1232 creates a temporary exception to the ePrivacy Directive, giving providers a legal basis to voluntarily scan private messages for child sexual abuse material. Originally set to expire 3 August 2024.

Apr 29, 2024

First extension

With the permanent regulation (Chat Control 2.0) nowhere near agreement, the derogation is extended until 3 April 2026.

Dec 18, 2025

Commission proposes second extension

The Commission proposes extending the derogation by another two years, to April 2028.

Mar 2, 2026

LIBE committee rejects the extension

In a surprise vote, the Parliament's civil liberties committee rejects the draft extension by 38 votes to 28.

Mar 11, 2026

Parliament adopts a protective position

The plenary votes 458–103 for a compromise: extend to 2027, but only with targeted and proportionate detection of known content, no end-to-end encrypted communications, and limiting scanning to suspected users or groups identified by the competent judicial authority.

Mid-Mar 2026

Trilogue on the extension collapses

The Council rejects Parliament's conditions and shows no flexibility in negotiations; talks on the extension break down.

Mar 26, 2026

Parliament rejects the extension outright

311 MEPs vote against extending the derogation (228 in favour, 92 abstentions). The critical Amendment 34, rejecting automated assessment of unknown photos and texts, passes by a single vote (307–306).

Apr 4, 2026

Chat Control 1.0 expires

The legal ground for voluntary, indiscriminate scanning ends. Google, Meta, Microsoft, and Snap state they will continue scanning private messages regardless.

Jun 26, 2026

Council moves to resurrect the expired law

EU ambassadors agree to push a temporary revival — unprecedented, as Parliament's rejection was considered final. Because an expired regulation cannot be extended, the Council proposes a formally new law with identical content via an expedited procedure.

Jul 2, 2026

Council adopts its position

The Council adopts its position on the "new" regulation via written procedure.

Jul 7, 2026

Urgency procedure approved

Parliament voted 331–303 (11 abstentions) to fast-track the expired derogation, skipping the responsible Committee. A binding vote follows on Thursday, 9 July, where an absolute majority of 361 MEPs is needed to stop it.

The permanent CSA Regulation — proposed in 2022, deadlocked for years, and still unagreed after five rounds of trilogue negotiations. Encryption remains the red line.

May 11, 2022

Commission proposes the CSA Regulation

Home Affairs Commissioner Ylva Johansson unveils a proposal for a permanent regulation making detection and reporting of child sexual abuse material a legal requirement for platforms — including a requirement to bypass end-to-end encryption.

Nov 2023

Parliament adopts a protective mandate

No scanning of end-to-end encrypted services, detection limited to visual material, judicial warrants targeted at specific suspects, and no mandatory age verification.

Oct 2025

Germany breaks the Council deadlock

After years of Council deadlock, Germany announces it will vote against mandatory suspicionless scanning. The Danish presidency drops detection orders and shifts to risk assessment and mitigation obligations for providers, while proposing to make the voluntary suspicionless scanning (interim regulation) permanent.

Nov 26, 2025

Council endorses its position

The Council adopts the softened Danish compromise, opening trilogue negotiations. Critics note the text still allows “voluntary” suspicionless detection and imposes broad risk-mitigation duties, including mandatory age verification, that could reshape private messaging in practice.

Dec 2025 – May 2026

Four trilogue rounds

Negotiations between Parliament, Council, and Commission take place on 9 December 2025, 26 February, 16 April, and 11 May 2026 — without agreement on the core issues.

Jun 10, 2026

Council's own lawyers raise the alarm

The Council Legal Service states that the "voluntary" scanning proposal still constitutes generalised scanning of communications — incompatible with Article 7 of the EU Charter absent reasonable suspicion and prior judicial authorisation.

Jun 29, 2026

"Final" trilogue fails

The fifth trilogue, billed as the last with adoption targeted for July, produces no deal. Negotiators cannot agree on making suspicionless scanning permanent, as requested by Council. Progress is reported on excluding mandatory age verification, but agreement is postponed and talks continue under the incoming Irish presidency.

Jul 14, 2021

Chat Control 1.0

Temporary derogation adopted

Regulation (EU) 2021/1232 creates a temporary exception to the ePrivacy Directive, giving providers a legal basis to voluntarily scan private messages for child sexual abuse material. Originally set to expire 3 August 2024.

May 11, 2022

Chat Control 2.0

Commission proposes the CSA Regulation

Home Affairs Commissioner Ylva Johansson unveils a proposal for a permanent regulation making detection and reporting of child sexual abuse material a legal requirement for platforms — including a requirement to bypass end-to-end encryption.

Nov 2023

Chat Control 2.0

Parliament adopts a protective mandate

No scanning of end-to-end encrypted services, detection limited to visual material, judicial warrants targeted at specific suspects, and no mandatory age verification.

Apr 29, 2024

Chat Control 1.0

First extension

With the permanent regulation (Chat Control 2.0) nowhere near agreement, the derogation is extended until 3 April 2026.

Oct 2025

Chat Control 2.0

Germany breaks the Council deadlock

After years of Council deadlock, Germany announces it will vote against mandatory suspicionless scanning. The Danish presidency drops detection orders and shifts to risk assessment and mitigation obligations for providers, while proposing to make the voluntary suspicionless scanning (interim regulation) permanent.

Nov 26, 2025

Chat Control 2.0

Council endorses its position

The Council adopts the softened Danish compromise, opening trilogue negotiations. Critics note the text still allows “voluntary” suspicionless detection and imposes broad risk-mitigation duties, including mandatory age verification, that could reshape private messaging in practice.

Dec 18, 2025

Chat Control 1.0

Commission proposes second extension

The Commission proposes extending the derogation by another two years, to April 2028.

Dec 2025 – May 2026

Chat Control 2.0

Four trilogue rounds

Negotiations between Parliament, Council, and Commission take place on 9 December 2025, 26 February, 16 April, and 11 May 2026 — without agreement on the core issues.

Mar 2, 2026

Chat Control 1.0

LIBE committee rejects the extension

In a surprise vote, the Parliament’s civil liberties committee rejects the draft extension by 38 votes to 28.

Mar 11, 2026

Chat Control 1.0

Parliament adopts a protective position

The plenary votes 458–103 for a compromise: extend to 2027, but only with targeted and proportionate detection of known content, no end-to-end encrypted communications, and limiting scanning to suspected users or groups identified by the competent judicial authority.

Mid-Mar 2026

Chat Control 1.0

Trilogue on the extension collapses

The Council rejects Parliament’s conditions and shows no flexibility in negotiations; talks on the extension break down.

Mar 26, 2026

Chat Control 1.0

Parliament rejects the extension outright

311 MEPs vote against extending the derogation (228 in favour, 92 abstentions). The critical Amendment 34, rejecting automated assessment of unknown photos and texts, passes by a single vote (307–306).

Apr 4, 2026

Chat Control 1.0

Chat Control 1.0 expires

The legal ground for voluntary, indiscriminate scanning ends. Google, Meta, Microsoft, and Snap state they will continue scanning private messages regardless.

Jun 10, 2026

Chat Control 2.0

Council’s own lawyers raise the alarm

The Council Legal Service states that the “voluntary” scanning proposal still constitutes generalised scanning of communications — incompatible with Article 7 of the EU Charter absent reasonable suspicion and prior judicial authorisation.

Jun 26, 2026

Chat Control 1.0

Council moves to resurrect the expired law

EU ambassadors agree to push a temporary revival — unprecedented, as Parliament’s rejection was considered final. Because an expired regulation cannot be extended, the Council proposes a formally new law with identical content via an expedited procedure.

Jun 29, 2026

Chat Control 2.0

“Final” trilogue fails

The fifth trilogue, billed as the last with adoption targeted for July, produces no deal. Negotiators cannot agree on making suspicionless scanning permanent, as requested by Council. Progress is reported on excluding mandatory age verification, but agreement is postponed and talks continue under the incoming Irish presidency.

Jul 2, 2026

Chat Control 1.0

Council adopts its position

The Council adopts its position on the “new” regulation via written procedure.

Jul 7, 2026

Chat Control 1.0

Urgency procedure approved

Parliament voted 331–303 (11 abstentions) to fast-track the expired derogation, skipping the responsible Committee. A binding vote follows on Thursday, 9 July, where an absolute majority of 361 MEPs is needed to stop it.