Brussels Bypassed Its Own Parliament to Revive Mass Chat Scanning — Here's How

The European Parliament has reinstated "Chat Control 1.0," a rule allowing platforms like Gmail and Snapchat to scan private messages without a warrant. The measure had been rejected twice this year. It only returned because of a rare procedural maneuver that let it pass by default — even though more lawmakers voted against it than for it.

Jul 11, 2026 - 10:21
0
Brussels Bypassed Its Own Parliament to Revive Mass Chat Scanning — Here's How

.

A Law Rejected Twice, Passed Anyway

On July 9, 2026, the European Parliament held a vote on extending mass scanning of private communications in the EU. The result should have killed the measure: 314 members of the European Parliament (MEPs) voted against it, only 276 in favor, with 17 abstentions. More MEPs voted against the regulation than in favor of it, yet the motion to reject it failed because it did not secure the required absolute majority of 361 votes.

Because of that technicality, the law was treated as adopted. Voluntary mass scanning of private messages on platforms including Gmail, Snapchat, Facebook Messenger, and Skype is now legal in the EU until April 3, 2028. A policy that failed to win majority support in Parliament is now in force regardless.

This is not a footnote. It is the story.

.

The Procedural Trick, Explained

To understand how this happened, it helps to look at what came before. A temporary extension of the scanning scheme was proposed by the European Commission and rejected by Parliament in March, by 311 votes against, 228 in favor, and 92 abstentions. The rule lapsed. For three months, no legal basis for this kind of scanning existed in the EU.

Then, shortly before the summer break, the center-right European People's Party (EPP) changed the game. On the Tuesday before the final vote, MEPs narrowly approved use of an "urgent procedure," passing 331 votes in favor, 304 against, with 11 abstentions. That single decision changed the rules for everything that followed.

Here is why that mattered. Once the file was treated as being in its "second reading" stage, a different legal threshold applied. Rejecting or amending the proposal now required an absolute majority of all Members of the European Parliament — 361 votes — not simply a majority of those present. Green MEP Markéta Gregorová put it plainly, warning colleagues that the vote violated Parliament's own rules of procedure, and later accused the EPP of "abusing its position as the largest political group to bring back a proposal that Parliament had already rejected".

The final vote was also scheduled for the last sitting day before the summer recess — a day when attendance in Strasbourg is typically at its lowest. Opponents needed a wall of votes at the exact moment fewer lawmakers were in the room. They fell 47 votes short.

Former MEP Patrick Breyer, one of the most consistent critics of the scheme, summed up the outcome bluntly: "The fact that Chat Control is moving forward against the will of the majority of voting MEPs is a farce and damages democracy." He added that the children the law claims to protect are the real losers of this undemocratic process.

.

What the Law Actually Does

Despite the name it has acquired in public debate, "Chat Control 1.0" does not force anyone to scan anything. It formally reactivates Regulation (EU) 2021/1232, a temporary exception to EU privacy rules that allows, but does not require, platforms to scan communications for already-identified child sexual abuse material. In practice, this affects direct messages on services such as Instagram, Discord, Snapchat and Xbox, along with emails sent through Gmail and iCloud.

End-to-end encrypted apps such as Signal and WhatsApp are formally excluded. Parliament passed a separate amendment to lock in that exemption, and it cleared its threshold without difficulty. But critics call this a symbolic win at best. Breyer's office points out that end-to-end encrypted services were never scanning under Chat Control 1.0 in the first place, because their technical design makes scanning impossible without adding client-side scanning — something the current rule does not require.

That encryption exemption is not finished business either. Because Parliament amended the Council's position, the text now returns to the Council, which has roughly three months — until about October 9, 2026 — to accept or reject the change. If it rejects it, the file heads into a formal conciliation process between the EU institutions.

.

Does the Scanning Even Work?

Supporters of the rule frame it as an essential child-protection tool. The numbers tell a more complicated story.

A European Commission evaluation of the existing scheme found that just 0.00000077 percent of scanned messages actually contained illegal material. Germany's Federal Criminal Police Office (BKA) — the country's main federal law enforcement agency — has its own troubling figures. The BKA has reported that 48 percent of all incoming alerts are not criminally relevant, and that 40 percent of resulting investigations end up targeting minors themselves rather than adult offenders.

Even the source data looks thin. According to European Commission figures, mass scanning of private chats produced only 36 percent of abuse reports in 2024, with most flagged content instead coming from public posts and cloud storage. And 99 percent of Meta's reports under the scheme involved material that was already known to authorities, meaning the system is mostly re-finding old evidence rather than catching new abuse in progress.

Perhaps most striking: the European Commission itself has conceded there is no clear evidence that the scanning has led to more convictions or more children being rescued.

Breyer argues the tools that actually work were never at risk. He stresses that court-ordered wiretaps, user reports, and scanning of public platforms and cloud storage — the methods that produce most real detections — remain fully intact regardless of what happens to this law.

.

A Warning From the EU's Own Lawyers

The legal risk here is not just theoretical, and it is not only campaigners raising it. Multiple reports say that in June 2026, the Council of the EU's own internal legal advisors assessed the proposal and found that it still amounts to generalized, suspicionless scanning of private communications, warning that it sits uneasily with Article 7 of the EU Charter of Fundamental Rights — the right to respect for private life and communications.

In other words: the EU's own lawyers flagged that this measure may not survive a court challenge. Lawmakers pushed it through anyway.

.

The Bigger Fight Is Still Ahead

What passed on July 9 is, by design, temporary — a stopgap running until 2028. The real battle is over its permanent successor, known as the Child Sexual Abuse Regulation, or "Chat Control 2.0." Unlike the current voluntary scheme, that proposal would be mandatory rather than voluntary, and could potentially extend to end-to-end encrypted services through client-side scanning — content analyzed on a user's device before encryption is even applied.

That idea has already triggered pushback from the industry. Signal has stated it will withdraw from the EU market before implementing client-side scanning, and WhatsApp has described mandatory scanning of encrypted services as "the end of end-to-end encryption as we know it". Five rounds of trilogue negotiations — the closed-door talks between Parliament, the Council, and the Commission — have already ended without agreement, and talks are due to resume under the Irish EU Council Presidency in September 2026.

Given how the July vote played out, few expect the September round to be straightforward.

.

Outlook

The events of early July set an uncomfortable precedent for how EU law can be made. A measure lost a floor vote, was declared rejected, lapsed for three months — and was then revived using a rules change most MEPs did not expect to face when they first voted it down. Civil liberties groups and several member states, including Germany, the Netherlands, Poland and Austria, have already voiced opposition to a broader, mandatory version of this law. Whether that opposition can hold through the autumn trilogue — under normal voting conditions, not a summer-recess procedural squeeze — will determine the future shape of private communication for 450 million Europeans.


.

Sources

  1. Euronews / EU Tech Loop – "Chat Control 1.0 passed the European Parliament — through the back door" (10 July 2026): https://www.euronews.com/next/2026/07/10/chat-control-10-passed-the-european-parliament-through-the-back-door
  2. Euronews – "EU to extend temporary message-scanning regime to detect child sexual abuse online" (7 July 2026): https://www.euronews.com/my-europe/2026/07/07/eu-to-extend-temporary-message-scanning-regime-to-detect-child-sexual-abuse-online
  3. The Register – "EU 'Chat Control' snoopfest returns after vote to kill it falls short" (9 July 2026): https://www.theregister.com/security/2026/07/09/meps-fail-to-prevent-chat-control-snoopfest-revival/5269379
  4. Brussels Signal – "European Parliament approves 'mini-chat control'" (10 July 2026): https://brusselssignal.eu/2026/07/european-parliament-approves-mini-chat-control/
  5. EU Perspectives – "Parliament forced back to the chat control question" (7 July 2026): https://euperspectives.eu/2026/07/parliament-forced-back-to-the-chat-control-question/
  6. Tom's Hardware – "Chat Control 1.0 sneaks through the EU Parliament..." (10 July 2026): https://www.tomshardware.com/tech-industry/cyber-security/chat-control-1-0-sneaks-through-the-eu-parliament-letting-companies-scan-user-data-without-warrants-legal-tactic-used-to-force-a-majority-required-re-vote-on-eve-of-parliament-break

.

What's Your Reaction?

Like Like 0
Dislike Dislike 0
Love Love 0
Funny Funny 0
Wow Wow 0
Sad Sad 0
Angry Angry 0

Comments (0)

User