The EU revives Chat Control: scanning of messages and emails until 2028 despite the majority of Parliament voting against

On July 9, 2026, 314 MEPs tried to block the extension — more than the 276 in favor — but 47 votes were missing for the absolute majority of 361. Gmail, iCloud and unencrypted messaging remain in the framework until April 3, 2028.

Hemicycle of the European Parliament in Strasbourg, venue for the vote on the extension of the Chat Control regime on July 9, 2026
The European Parliament held the decisive vote on Chat Control on July 9, 2026 in Strasbourg. Source: Wikimedia Commons — Strasbourg Hemicycle

«The EU has passed a law allowing companies to conduct mass surveillance on private messages and emails despite the majority of parliament voting against it.» This is how Pubity summarized it in 2026, in a post that exceeded 32,000 views: the controversial extension of Chat Control, the regime that allows platforms to scan private messages in search of child sexual abuse material (CSAM) — and which came back into force because the European Parliament did not gather the absolute majority necessary to overturn it.

What exactly happened in Strasbourg

On Thursday, July 9, MEPs voted on a motion to reject the extension of the temporary repeal of the ePrivacy Directive, known as Chat Control 1.0 (Regulation (EU) 2021/1232). The count, collected by media such as Patrick Breyer, TechTimes and Reclaim The Net:

  • 314 votes to reject the extension (block scanning)
  • 276 in favor of maintaining it
  • 17 abstentions

In terms of attendees who voted, more MEPs wanted to stop the measure than support it. But the second reading procedure requires an absolute majority of 361 of Parliament's 720 seats – including absentees – to reject the Council's position. The 314 fell 47 votes short, and the extension continued.

The EU has passed a law allowing companies to conduct mass surveillance on private messages and emails despite the majority of parliament voting against it. Chat Control will now be in place until at least April 9, 2028.

Editorial note: parliamentary sources and Brussels Signal place the end of the extension on April 3, 2028, not 9. The standard allows voluntary scanning — not mandatory for all companies — and focuses on already identified CSAM, not general reading of conversations.

Viral post from Pubity on X about the extension of Chat Control and the surveillance of private messages in the EU
Pubity summarizes the controversy: majority against in the chamber, but absolute threshold not reached. Source: @pubity on X — Jul 9, 2026

From March to July: the norm that "died" and was revived

In March 2026, Parliament had rejected an extension with 311 votes against — a simple majority sufficient then. The temporary rule expired April 3-4. The EU Council adopted a new second reading position on July 2 and, after an emergency procedure on July 8 (331 in favor, 304 against), the final vote was set for the last day of the plenary session before the summer recess — when many MEPs had already left Strasbourg, according to analysts cited by Reclaim The Net.

Frame What it allows What it doesn't do
Chat Control 1.0 (extended) Voluntary scanning for known CSAM in unencrypted chats/mails Does not bind all platforms; does not open direct access to governments
Chat Control 2.0 (in negotiation) Permanent regulation of online child sexual abuse Still no agreement; debate on end-to-end encryption (E2EE)

Video: European Parliament vote on Chat Control

Coverage of the parliamentary vote on the extension of Chat Control. Source: EU Parliament Vote On Chat Control (YouTube)

Platforms affected and privacy criticism

According to Patrick Breyer and Cryptopolitan, the framework once again authorizes large American technology companies to scan direct messages in services such as Instagram, Discord, Snapchat, Skype, Xbox, in addition to emails in Gmail and storage in iCloud — without a court order or prior individual suspicion.

Critics like Breyer — and the EU Council's own legal service, according to TechTimes — warn of incompatibility with article 7 of the Charter of Fundamental Rights (privacy). A Parliamentary study concluded that mass screening leads to high false positives; The German BKA estimates that almost half of alerts are not criminally relevant.

In the same session, Parliament approved an amendment to exclude services with end-to-end encryption (E2EE) from the regime — WhatsApp, Signal, etc. That amendment must return to the Council before October 2026. Negotiations on the permanent regulation (Chat Control 2.0) resume in September.

Mass surveillance or child protection?

Brussels frames the measure as a fight against CSAM; Digital activists call it indiscriminate surveillance. What is clear after July 9: the voluntary scanning of private communications in the EU has a legal basis until 2028, approved by a mechanism in which whoever did not reach a simple majority against won — exactly the headline that went viral Pubity and that divides jurists, companies and European citizens.