
The European Parliament has approved legislation that restores the temporary legal framework allowing online platforms to voluntarily scan private communications for child sexual abuse material (CSAM).
This vote effectively revives a regime that expired in April after the EU Parliament previously rejected its extension.
The European Parliament on Thursday cleared legislation restoring the temporary derogation from the ePrivacy Directive after a motion to reject the proposal failed to obtain the required absolute majority of all MEPs. The motion to reject received 314 votes in favor, 276 against, and 17 abstentions, well short of the 361 votes needed, allowing the proposal to proceed.
The outcome follows Wednesday's procedural vote in which Parliament agreed to fast-track the proposal under an urgency procedure, bypassing the normal committee process and setting up the decisive vote just one day later.
The legislation reinstates the temporary exemption from the EU's ePrivacy Directive that allows providers of certain communications services to voluntarily detect, report, and remove CSAM from private communications. The original regulation, Regulation (EU) 2021/1232, expired on April 4, 2026, after Parliament rejected an earlier extension and negotiations with the Council broke down.
In practical terms, the restored framework once again provides legal certainty for companies such as Meta, Google, Microsoft, Apple, and other providers of email and messaging services that choose to deploy automated CSAM detection technologies on services not protected by end-to-end encryption. Public social media content and cloud storage were already outside the scope of the temporary derogation and can continue to be scanned under separate legal bases.
The proposal is separate from the EU's proposed Child Sexual Abuse Regulation (CSAR), commonly referred to as “Chat Control 2.0.” While Chat Control 1.0 is a temporary measure permitting voluntary detection, the permanent CSAR proposal remains under negotiation and would establish a long-term legal framework governing how providers detect and report child sexual abuse material and grooming.
Several amendments proposed during Thursday's session failed to secure the required absolute majority of all Members of Parliament. According to former Pirate Party MEP Patrick Breyer, an amendment that would have limited scanning to users identified through judicial authorization received 322 votes in favor and 255 against, while another amendment concerning encrypted communications also failed despite attracting majority support among voting members.
Breyer criticized the outcome, arguing that the legislation advanced despite lacking majority support for several proposed safeguards because amendments required 361 votes, an absolute majority of all MEPs, to pass.
“The fact that Chat Control is moving forward against the will of the majority of voting MEPs is a farce and damages democracy,” Breyer said after the vote. He argued that extending the temporary regime could reduce pressure to reach agreement on a permanent child protection framework, while expressing confidence that negotiations over the permanent regulation will remain contentious.
Privacy-focused email provider Tuta also condemned the vote, calling it “a sad day for the privacy of EU citizens” and encouraging users to adopt end-to-end encrypted communication services. The company argued that the revived framework enables large technology companies to broadly scan private communications, although end-to-end encrypted services generally remain outside its scope unless providers voluntarily implement client-side scanning technologies.
Supporters of the temporary regulation, meanwhile, have argued that restoring the derogation prevents a legal gap that could disrupt existing voluntary CSAM detection programs while negotiations on the permanent regulation continue.
The temporary framework is expected to remain in force until 2028 or until a permanent CSAM regulation is adopted, whichever comes first. Negotiations on the much broader and more controversial Chat Control 2.0 proposal are expected to resume in September, with the central disagreement remaining whether detection should be limited to targeted investigations authorized by courts or continue to permit broader voluntary scanning by online service providers.







Leave a Reply