Setback in Brussels for Chat Control: Parliament Blocks Generalized Scanning of Communications

The European Parliament voted this week to impose strict limits on so-called "Chat Control" — the EU regime that authorized generalized scanning of private digital communications. The vote marks a significant, if incomplete, victory for privacy advocates across the continent.

The measures form part of an extension to the temporary framework approved in 2021 to combat child sexual abuse material online (CSAM), which had been set to expire in April. Rather than simply rubber-stamping Brussels' proposed extension through 2028, a parliamentary majority chose to accept the extension while introducing substantial modifications to the underlying surveillance architecture.

What the Parliament changed

The approved text removes all references to proactive message scanning. From now on, any monitoring must be restricted to specific users or groups for whom there is founded suspicion, and must receive authorization from a judicial authority before it can proceed. The measures must also not apply to services using end-to-end encryption — one of the most contested points of the entire debate, and an unambiguously significant departure from the Commission's original proposal.

The institutional clash

The decision has exposed a sharp divide between EU institutions. Neither the European Commission nor the Council supported modifying the current regime — what they wanted was an extension that preserved full supervisory control. A majority in Parliament denied them that.

Several member state governments continue to maintain that broad detection tools are essential to fighting child exploitation online. Patrick Breyer, former MEP for the Pirate Party and one of the most prominent critics of the proposal, pushed back directly: investigations should focus on specific suspects under judicial authorization, not treat the entire population as subjects of suspicion. Mass monitoring, he argued, produces large volumes of irrelevant data, overloads law enforcement, and does not necessarily improve protection of minors.

Private platforms as surveillance proxies

Among the most contested elements of the original proposal was the central role it assigned to major technology platforms. The Commission's model effectively deputized private companies as surveillance agents — allowing them to analyze users' messages and images and report findings to authorities.

Critics, including members of the Patriots for Europe group, raised concerns about this arrangement from both a legal and political standpoint. Giving large commercial platforms a state-adjacent role in content detection creates accountability gaps that, opponents argue, are incompatible with a rights-respecting legal framework. The prosecution of crimes, they contend, must be built on targeted investigations under judicial control — not the systematic analysis of millions of citizens' private communications.

What comes next

Despite this parliamentary setback, Brussels insiders treat the Chat Control debate as far from over. The Commission retains its intention to push for a permanent framework, and multiple member states continue to advocate for broader supervisory powers. Similar proposals may resurface during negotiations on the final regulation — or through entirely new legislative vehicles.

For now, the vote stands as a signal that the European Parliament is prepared to act as a meaningful check on surveillance expansion. But the structural pressures that generated Chat Control in the first place have not gone away.