Today, the European Parliament allowed the suspicionless mass scanning of private communications (“Chat Control 1.0”) to pass, a measure it had rejected twice in March. Although a majority of voting Members of the European Parliament (MEPs) actually opposed the regulation (314 against, 276 in favor, 17 abstentions), the motion to reject it failed to secure the required absolute majority of 361 votes. As a result, mass scanning is now permitted again until 2028.
A symbolic exemption was adopted for encrypted communications—though in practice, service providers do not scan these anyway. Furthermore, while a majority of voting MEPs wanted to restrict the scanning of private communications strictly to suspects identified by the judiciary (322 to 255 votes), this amendment likewise fell short of the required absolute majority.
Dr. Patrick Breyer, civil rights activist and former Member of the European Parliament (MEP), warns of the consequences:
“The fact that Chat Control is moving forward against the will of the majority of voting MEPs is a farce and damages democracy. Our children are the real losers in this undemocratic process. The passage of a genuine, permanent child protection regulation is now in serious jeopardy. The Council will never agree to a desperately needed paradigm shift as long as they can simply stick to the old approach of suspicionless scanning at the whim of the tech industry.”
Despite the legislative defeat, Breyer remains defiant regarding the upcoming negotiations:
“Today’s vote on the interim regulation was a setback, but the political battle over the permanent ‘Chat Control 2.0’ is just getting started. The resistance we saw in Parliament today was so strong that finding a majority for permanent, suspicionless mass scanning in future negotiations is a complete pipe dream.”
Breyer fundamentally rejects the mass surveillance approach:
“Trying to protect children with suspicionless mass surveillance is like frantically mopping the floor while the faucet is still running. Blanket chat control is just as unacceptable as indiscriminately opening everyone’s physical mail. For five years, this failed system has served as a smokescreen to delay real action, all while overwhelming the police with false alarms. We need more child protection, not less—but we need effective protection, not the illusion of security.”
What happens next?
What changes with the return of Chat Control 1.0—and what stays the same:
- What is coming back: US tech companies are once again allowed to scan private messages without a warrant or prior suspicion. This affects direct messages on platforms like Instagram, Discord, Snapchat, Skype, and Xbox, as well as emails via Google’s Gmail and Apple’s iCloud.
- What remains unchanged: Public social media posts and files hosted in cloud storage could already be scanned without this law. Furthermore, private messages can always be reported by users, or monitored by authorities using targeted, court-ordered wiretapping.
- What is still NOT being scanned: End-to-end encrypted chats, such as those on WhatsApp, have always been exempt from these scans. Additionally, European providers of messaging and email services have never implemented chat control measures.
Why Chat Control is the wrong approach:
- Since 2022, the volume of suspected abuse reports from the US has already dropped by 50 percent due to the growing use of message encryption.
- According to EU Commission figures, mass scanning of private chats accounted for only 36 percent of all abuse reports in 2024 (the majority came from public posts and cloud storage).
- The German Federal Criminal Police Office (BKA) reports that 48 percent of all incoming alerts are not criminally relevant in the first place.
- Crime statistics reveal that 40 percent of the resulting investigations actually target minors themselves.
- Under the chat control system, an estimated 99 percent of reports generated by Meta consist of previously known material, which generally does little to stop ongoing, active abuse.
- The EU Commission admits there is no evidence that suspicionless scanning of private communications has led to an increase in criminal convictions or in rescued children.
Talk of averting a “protection gap” is therefore highly misleading. The most effective law enforcement tools—court-ordered wiretaps, user reports, and the scanning of public platforms and cloud storage—were never at risk and remain fully intact. The only practice that was temporarily banned since April was the indiscriminate, warrantless searching of private, unencrypted messages of innocent people on a handful of US platforms.
Background: The deadlock over a permanent solution
- Mandatory, targeted detection orders against actual criminal suspects, rather than blanket mass scanning left to the tech industry’s discretion.
- An EU Child Protection Centre tasked with the systematic removal of known abuse material from the public internet.
- Strict security standards for messaging apps (“Security by Design”) to prevent cyber grooming.
This permanent legislation has stalled because EU member states insist on maintaining the outdated approach of voluntary, suspicionless scanning of private communications. Critics warn that repeatedly extending the interim rules removes the political pressure needed to reach a viable, permanent agreement. Ultimately, clinging to the status quo threatens to derail real progress on child protection.
Patrick Breyer sums up the problem:
“The Voices of Survivors: “We need privacy to bring abusers to justice”
Survivors of sexual violence explicitly emphasize that untargeted Chat Control did not help victims:
Alexander Hanff, survivor of child sexual abuse and privacy advocate, clarifies:
Marcel Schneider* (name changed), a survivor who has been suing Meta in court over its voluntary Chat Control, adds:
Dorothée Hahne, founding member and vice-chair of the survivors’ initiative MOGiS e.V. (A Voice for Survivors), emphasizes the danger mass surveillance poses to victims themselves: