Published 9 July 2026.
The short version: The European Parliament voted today on reinstating "Chat Control 1.0" — the regime that lets platforms scan your private messages without a warrant or any suspicion. 314 MEPs voted against it. 276 voted for it. It passed. Suspicionless scanning is legal again until 2028.
Read that twice, because it isn't a typo.
I've been tracking this story on the show for over a year, and I've watched it survive on margins thin enough to be uncomfortable. But today was different. Today the proposal didn't win an argument. It won a threshold.
What actually happened
Today's vote was a second reading, taken under an urgent procedure that Parliament fast-tracked on Tuesday by 331 to 304. That procedural detail is the whole story, so stay with me for one paragraph.
In a second reading, Parliament doesn't vote to pass a text. It votes to reject or amend it. And to do either, you don't need a majority of the people in the room — you need an absolute majority of all 720 MEPs, whether or not they showed up. That's 361 votes.
So here's the arithmetic that governs your private messages for the next two years:

- Motion to reject: 314 for rejection, 276 against, 17 abstentions. A clear majority of everyone who voted wanted this thing dead. It needed 361. It got 314. It failed.
- Amendment to limit scanning to suspects identified by a judge: 322 in favour, 255 against. An even bigger majority. It needed 361. It failed too.
Both times, the majority said no. Both times, the majority wasn't big enough to count.
A symbolic exemption for end-to-end encrypted communications was adopted. I want to be precise about what that's worth: essentially nothing. E2E chats were never being scanned under this regime in the first place. It's an exemption for something that wasn't happening.
Net result: warrantless, suspicionless scanning of private messages is reinstated until 2028, or until a permanent regulation is agreed — whichever comes first.
The distinction everyone keeps botching
If you take one thing from this post, take this. There are two Chat Controls, and today's news is about the smaller one.

Chat Control 1.0 — a temporary derogation that permits platforms to scan voluntarily. It expired on 3 April after Parliament refused to renew it. It came back today. This is what passed.
Chat Control 2.0 (the CSA Regulation, or CSAR) — the permanent law that would require scanning via detection orders. This is the one that reaches for client-side scanning and, with it, the foundations of end-to-end encryption. It has not passed. The fifth and supposedly final trilogue on 29 June ended without agreement. Talks resume in September.
When you see a headline this week saying "Chat Control passed," it is almost certainly about 1.0. When someone tells you encryption is now dead in Europe, they're conflating the two. Encryption isn't dead. It's just that the political machinery that wants to reach into it survived a vote it should have lost.
So what is actually being scanned?
Worth being exact here, because both the alarmists and the reassurers are shading it.

Coming back: warrantless scanning of private messages on a handful of mostly-American platforms — direct messages on Instagram, Discord, Snapchat, Skype and Xbox, and email via Gmail and iCloud.
Never stopped: public social posts and files in cloud storage were always scannable without this law. So were user reports. So were targeted, court-ordered wiretaps. None of that was ever at risk.
Still not scanned: end-to-end encrypted chats — Signal, WhatsApp. They were exempt before and they're exempt now. European messaging and email providers never implemented chat control at all.
Which means the thing that lapsed in April, and returned today, is narrower than the panic suggests: the indiscriminate, warrantless searching of the private, unencrypted messages of innocent people on a small number of US platforms. That's a real and serious erosion of privacy. It is not the end of encryption. Precision matters, and the people arguing for this proposal benefit enormously when we lose it.
The case against, in numbers
The argument for suspicionless scanning rests on the idea that it works. The EU's own figures make that hard to sustain:
- Mass scanning of private chats produced only 36% of all abuse reports in 2024. The majority came from public posts and cloud storage — neither of which needed this law.
- Reports from US platforms have halved since 2022 as encryption spread, and the sky did not fall.
- Germany's Federal Criminal Police Office finds 48% of incoming alerts aren't criminally relevant at all.
- Roughly 40% of the resulting investigations end up targeting minors themselves — teenagers, sexting, criminalized by an algorithm.
- An estimated 99% of Meta's reports concern previously known material, which does little to interrupt abuse that is happening right now.
- The European Commission itself concedes there is no evidence that suspicionless scanning has increased convictions or rescued more children.
Patrick Breyer, the former MEP who has been the most persistent opponent of this thing, put it about as well as it can be put: "Trying to protect children with suspicionless mass surveillance is like frantically mopping the floor while the faucet is still running."
Listen to the survivors
The framing of this debate — privacy nerds versus child protection — is a lie, and the people best placed to say so keep saying so.
Alexander Hanff, a survivor of child sexual abuse and a privacy advocate, relied on confidential communication to tell his story and pursue justice for 28 schoolboys, himself among them. Multiple offenders were convicted. His view: "We survivors need privacy, because without it we lose our voice."
Dorothée Hahne of the survivors' initiative MOGiS e.V. describes surveillance as destroying the protected communication channels survivors depend on — a need she calls existential.
If you want to argue for mass scanning, you have to argue past them. Most people pushing this bill simply don't mention them.
What comes next, and why I'm not writing an obituary
Here's the thing Breyer said today that I keep turning over: "The resistance we saw in Parliament today was so strong that finding a majority for permanent, suspicionless mass scanning in future negotiations is a complete pipe dream."
He's right, and it cuts both ways.

The bad news: by handing the Council a comfortable interim regime that runs to 2028, Parliament just removed the pressure that was forcing a permanent deal. Governments now have their status quo and no reason to negotiate toward Parliament's position — targeted judicial detection orders, an EU Child Protection Centre that actually removes known material from the public internet, security-by-design requirements for messaging apps. Why compromise when you already have what you want?
The good news: 314 and 322. Those numbers are not the numbers of a Parliament that is about to mandate scanning every phone in Europe. Chat Control 2.0 needs to win, not merely survive a threshold. On the evidence of today, it can't.
Trilogues on the permanent regulation resume in September 2026. The core dispute hasn't moved an inch: blanket scanning at the tech industry's discretion, or targeted detection ordered by a judge against actual suspects. And the single variable that decides it remains what it has always been — whether Germany holds the line in the Council. Four member states representing more than 35% of the EU population can block this. Berlin is 19% of that on its own.
What you can do
If you're in the EU: today proved that MEPs respond to pressure, because 314 of them didn't get there by accident. Tell yours what you think about a law that passed against the majority's wishes. September is not far away.
Everywhere else, the through-line of this show holds. Use end-to-end encrypted messaging — it's exempt, and that's not a coincidence, it's leverage. Prefer European or self-hosted providers where you reasonably can. And understand the actual mechanism you're defending against: client-side scanning doesn't break encryption, it steps around it, inspecting your message on your own device in the instant before the lock closes. That's why "just use Signal" is necessary but not sufficient advice. The question isn't only which app. It's which device platform, which jurisdiction, and how much of your stack you actually control.
I'll be covering this on the next episode, and I'll keep the live tracker current through September.
A majority of Europe's elected representatives voted to stop this today. It wasn't enough. Remember that in September, when they tell you the permanent version has momentum.
Sources & further reading
- Patrick Breyer — EU Parliament greenlights Chat Control 1.0 (9 July 2026)
- Patrick Breyer — the procedural trick before summer recess
- Patrick Breyer — Chat Control tracker
- Euronews — EU to extend temporary message-scanning regime (7 July 2026)
- European Parliament — statement by the EP negotiating team on the CSA Regulation
- Council of the EU — moving to reinstate the interim measure (2 July 2026)
- EDRi — CSA Regulation document pool
- CDT Europe — response to the Parliament's rejection of the 1.0 extension
- European Commission report on the interim derogation (CELEX 52025DC0740)
This is a developing story and I'll update the tracker as the permanent regulation moves. If you want the fast version in your ears, it's the lead segment on the next episode of Closed Network.
— Simon