A Majority Voted No — And Lost Anyway
On July 9, 2026, the European Parliament held a vote that, on its face, looks like a defeat for the EU's controversial private-message-scanning regime. A total of 314 MEPs voted to scrap the reinstated "Chat Control 1.0" interim rule; only 276 voted to keep it (The Register). By any normal reading, that's a clear majority against. But because the vote was structured as a second-reading rejection of the Council's position, blocking it required an absolute majority of 360 MEPs — a threshold the opposition missed by 46 votes (European Parliament). The rule survives, extended to 2028, despite more lawmakers voting to kill it than to keep it.
What the Interim Rule Actually Does
The measure at issue is a narrow derogation from the ePrivacy Directive, first created by Regulation (EU) 2021/1232 and commonly nicknamed "Chat Control 1.0." It permits — but does not require — messaging and webmail providers to voluntarily scan communications for known child sexual abuse material and grooming behavior, subject to conditions: least-intrusive technology, mandatory data protection impact assessments, prompt reporting to law enforcement, and deletion of retained data within 12 months (EUR-Lex). It is not the more sweeping "Chat Control 2.0" proposal, which would mandate detection orders and remains separately under negotiation. This interim rule lapsed on April 3, 2026 after Parliament rejected an extension in March, and it is this lapse the European Commission and Council moved to reverse.
The Case for Reviving It
The strongest argument for the rule is straightforward: platforms that had been voluntarily scanning for CSAM under the derogation lost the legal basis to do so the moment it expired, and child-safety hotlines reported a real detection gap in the interim. Proponents, led by the European People's Party, argued that a further lapse pending the slower "Chat Control 2.0" negotiations would leave known, hash-matched abuse material undetected on mainstream platforms for months or years. That is a genuine cost, not a hypothetical one, and it deserves to be weighed rather than dismissed by critics who reflexively label any scanning provision "mass surveillance."
The Procedural Problem
What should trouble anyone who cares about how the EU legislates, however, is the mechanism used to get here. On July 7, the EPP invoked a rarely used urgent procedure — requested from Parliament President Roberta Metsola on June 17 — to fast-track a fresh vote, passing that motion 331–304 with 11 abstentions (EU Perspectives). That procedural switch is what converted Thursday's vote from an ordinary majority question into one requiring 360 votes to reject. Greens/EFA negotiator Markéta Gregorová warned on the floor that the maneuver violated Parliament's own rules of procedure — and she turned out to be right about the practical effect: a policy a majority of voting MEPs opposed became law anyway. That is a legitimacy problem independent of what one thinks of chat scanning itself. Rules that can only be blocked by supermajority, invoked selectively to push through contested surveillance-adjacent measures, invite exactly the kind of backlash that has dogged the Chat Control saga since 2021.
The Substantive Problem
On the merits, the extension is narrower than the loudest "Chat Control" headlines suggest — it remains voluntary, targets known CSAM rather than open-ended content, and carries a nominal carve-out for end-to-end encrypted platforms. But that carve-out is close to meaningless in practice. As MEP Patrick Breyer noted after the vote, providers using genuine E2EE cannot scan message content in the first place, so exempting them changes nothing operationally (Patrick Breyer). The carve-out functions as political cover, not a substantive limit — and it tells us nothing about how the permanent Chat Control 2.0 regime, still being negotiated, will treat encrypted services. That is where the real fight over client-side scanning and encryption backdoors will happen, and Thursday's vote does not resolve it either way.
The Bottom Line
A voluntary, non-mandatory scanning regime for known CSAM, bounded by data protection safeguards, is a proportionate stopgap that reasonable people can support — that is the steelman, and it has real force. What isn't proportionate is reviving it through a procedural maneuver that required a supermajority to stop a policy most present MEPs voted against. The EU's credibility on any future encryption or content-scanning rule — especially the more consequential Chat Control 2.0 — depends on those rules being adopted through processes the public can trust were fair. Thursday's vote, whatever one thinks of the underlying policy, was not that.