---
title: "EU Lawmakers Fail to Block an Extension of Chat-Message Scanning Rules"
description: "Contrary to some breathless headlines, the EU did not just pass a sweeping surveillance law. On July 9, the European Parliament fell short of the votes needed to block an extension of a temporary, voluntary regime that lets platforms scan messages for child-abuse imagery. Encryption is untouched, for now, but the bigger fight over mandatory scanning still looms."
category: "Tech"
category_url: https://boursel.com/category/tech
author: "Priya Venkatesan"
published: 2026-07-10T07:37:36.000Z
updated: 2026-07-10T07:37:36.000Z
canonical: https://boursel.com/article/eu-lawmakers-fail-to-block-an-extension-of-chat-message-scanning-rules
tags: ["eu", "chat-control", "encryption", "privacy", "regulation"]
---
# EU Lawmakers Fail to Block an Extension of Chat-Message Scanning Rules

Contrary to some breathless headlines, the EU did not just pass a sweeping surveillance law. On July 9, the European Parliament fell short of the votes needed to block an extension of a temporary, voluntary regime that lets platforms scan messages for child-abuse imagery. Encryption is untouched, for now, but the bigger fight over mandatory scanning still looms.

It is worth cutting through the noise on this one, because the headlines and the reality diverge. The EU did not just enact a law forcing companies to spy on your private messages. What actually happened on July 9 is narrower, and more procedural: the European Parliament tried, and failed, to block the extension of an existing, temporary scanning regime, [Euronews reported](https://www.euronews.com/my-europe/2026/07/07/eu-to-extend-temporary-message-scanning-regime-to-detect-child-sexual-abuse-online).

## What "chat control" actually is

"Chat control" is shorthand for EU efforts to detect child sexual abuse material, known as CSAM, in online messages. The version at issue here is a temporary rule that allows, but does not require, platforms like messaging apps and email services to voluntarily scan users' communications for known illegal images and report them. It is a carve-out from the EU's privacy laws that has been renewed periodically while lawmakers argue over a permanent framework.

Two things it is not, in its current form: it does not force platforms to scan, and it does not require them to break encryption. End-to-end encrypted services, where only the sender and recipient hold the keys, are exempt, because their messages cannot be read on the way through in the first place.

## The vote

The step on July 9 was about extending that temporary regime, which member-state governments in the EU Council had already backed on July 2. In the European Parliament, a large bloc of lawmakers, 314 of them, voted to reject the extension, [The Register reported](https://www.theregister.com/security/2026/07/09/meps-fail-to-prevent-chat-control-snoopfest-revival/5269379). But under the procedure in play, blocking it required an absolute majority, around 360 votes, and the objectors fell short. So the extension survives not because a majority actively endorsed it, but because its opponents could not muster the numbers to stop it. The temporary rules are set to run to 2028.

## Why privacy advocates are worried anyway

If it is voluntary and spares encryption, why the alarm? The objection is partly principle and partly precedent. Scanning the private messages of hundreds of millions of people to catch a small number of offenders is, critics argue, mass surveillance of the innocent, however good the intent. Digital-rights groups and security researchers warn that once the machinery to scan communications exists, it can be widened, to more content, or to political uses, and that pressure will grow to extend it to encrypted services.

That last point is the crux of the real battle to come. The temporary regime is "Chat Control 1.0". Looming behind it is a proposed permanent law, sometimes called "Chat Control 2.0", that would make detection mandatory and could, in some versions, require platforms to scan messages before they are encrypted, so-called "client-side scanning". Security experts near-unanimously argue that weakening encryption for one purpose weakens it for everyone, and at least one major private messaging app has said it would leave the EU rather than comply with such a mandate.

## What happens next

Because Parliament attached amendments, the extension goes back to the Council, which has a few months to accept Parliament's version or open negotiations to reconcile the two. Meanwhile the fight over the permanent regulation grinds on separately.

## Why it matters

For anyone who uses a phone in Europe, and for the tech companies that serve them, this is a slow-motion battle over a fundamental question: how far a democracy should go in monitoring private communication in the name of safety. The July 9 vote did not resolve it; it kept a limited, voluntary scheme alive while the harder question, whether the EU will ultimately require the scanning of private, encrypted messages, remains open. Getting the facts straight matters, because on this issue the gap between the scary headline and the actual decision is wide. This article is informational and not investment advice.

## Sources

- [EU to extend temporary message-scanning regime to detect child sexual abuse online](https://www.euronews.com/my-europe/2026/07/07/eu-to-extend-temporary-message-scanning-regime-to-detect-child-sexual-abuse-online)
- [EU 'Chat Control' returns after vote to kill it falls short](https://www.theregister.com/security/2026/07/09/meps-fail-to-prevent-chat-control-snoopfest-revival/5269379)

