EU Private Message Scanning: The Return of Chat Control 1.0

EU Private Message Scanning: The Return of Chat Control 1.0

The European Parliament has approved an urgent procedure to fast-track legislation that would revive the EU's expired "Chat Control 1.0" rules. This move sets up a decisive vote on July 9, 2026, to determine if online platforms may once again be allowed to voluntarily scan private user communications for child sexual abuse material (CSAM).

Fast-Tracking the Revival of Voluntary Scanning

MEPs voted 331 to 304 to use an urgency procedure, allowing the Parliament to bypass the usual committee stage and accelerate the consideration of a proposal to restore a temporary legal framework that expired in April 2026. This procedural vote does not reinstate the law, but it clears the path for the final vote on the substance of the legislation.

To reject or amend the proposal on July 9, opponents will need an absolute majority of all Members of the European Parliament (361 votes). If this threshold is not met, the Council's text is expected to proceed without additional safeguards.

Distinguishing Chat Control 1.0 from 2.0

There is significant confusion between two parallel legislative tracks currently being pursued by the EU:

Chat Control 1.0 (Regulation EU 2021/1232)

This temporary regulation created an exemption to the ePrivacy Directive, allowing providers to voluntarily scan private communications for CSAM. It primarily affected services like Gmail, Facebook Messenger, Instagram Messenger, Skype, Snapchat, and iCloud Mail. End-to-end encrypted (E2EE) services were generally unaffected unless providers chose to implement client-side scanning.

Chat Control 2.0 (Child Sexual Abuse Regulation - CSAR)

This is a proposed permanent framework that has been under negotiation since 2022. Unlike the temporary measure, this proposal seeks to establish a permanent, potentially mandatory scanning regime. The primary point of contention is whether providers should be required to conduct broad, suspicionless scanning of all private communications, including those on E2EE services.

Legal and Privacy Concerns

Critics and legal experts have raised significant alarms regarding the impact of these rules on fundamental rights. Former Pirate Party MEP Patrick Breyer has described the move to resurrect rejected legislation as an "unprecedented attempt" to undermine privacy and democracy.

Furthermore, the Council's own Legal Service warned in June 2026 that even "voluntary" generalized scanning of communications could conflict with Article 7 of the EU Charter of Fundamental Rights unless it is supported by reasonable suspicion and prior judicial authorization.

Community Perspectives and Technical Counterpoints

Discussion among technical communities highlights a divide in how these rules are perceived based on the version of the legislation:

  • Perceived Low Risk of 1.0: Some argue that since platforms like Meta and Google already scan non-E2EE communications for various purposes, Chat Control 1.0 merely provides a legal exception for CSAM scanning in communications that are already not private from the provider.
  • Slippery Slope Concerns: Other users express fear that voluntary scanning will inevitably lead to mandatory scanning and the eventual erosion of all private communication.
  • Technical Workarounds: Users have pointed to the use of self-hosted XMPP servers and OMEMO encryption as a way to avoid centralized scanning regimes, noting that these protocols provide the same double-ratchet encryption as Signal without relying on a central server.

"Once instituted they will arrest and try some Child Abusers in a grandly publicized fashion to demonstrate the rationalization for it. Then they will quietly add just one more teeny, tiny thing to watch for… then another… then another until with a whimper the last vestige of freedom disappears into the government’s insatiable obsession with POWER and CONTROL."

Sources