
European Parliament backs chat scanning until 2028
July 10, 2026
The European Parliament supported the extension of a temporary regime that allows technology companies to voluntarily scan private messages to detect child sexual abuse material. This decision has brought the debate around the so-called Chat Control back into focus — the balance between children’s online safety and users’ right to privacy.
What exactly the European Parliament approved
The decision concerns temporary rules that allow platforms to use tools for detecting CSAM content in online communications. They do not create a direct obligation to scan all messages, but they give companies the legal ability to apply such mechanisms voluntarily.
The regime is expected to remain in force until 2028 or until the EU adopts permanent legislation to combat illegal content of this type. The temporary nature of the decision has become one of the reasons for heated debate: critics believe that “temporary” exceptions can gradually become a new norm.
What will happen to end-to-end encryption
One of the key details is the exception for messages with end-to-end encryption. In other words, services where the content of messages is not accessible even to the platform itself do not fall under this regime in the same format.
This is an important compromise for privacy advocates. Signal, WhatsApp, Telegram and other encrypted services have long warned that mandatory scanning of encrypted chats would effectively require breaking the very logic of private communication. That is why the exception for E2EE has become one of the main lines of privacy protection in the updated framework.
Why the decision is controversial
Supporters of the rule extension say that without such tools, platforms would lose the ability to quickly detect and remove child sexual abuse material. For them, this is a matter of safety, child protection and the ability of technology companies to respond to criminal content.
Critics, however, see the risk of mass scanning of private communications. Even if the regime is voluntary and does not apply to end-to-end encrypted messages, the very idea of automatically checking private correspondence remains highly sensitive.
- the European Parliament supported the extension of the temporary regime until 2028
- companies can voluntarily scan messages to search for CSAM content
- end-to-end encrypted chats remain outside the direct scope of this mechanism
- the main dispute is between protecting children online and the right to privacy
What this means for platforms
For large technology companies, the decision gives them the ability to continue using tools for detecting illegal content without the risk of violating the confidentiality rules for electronic communications. At the same time, it creates additional responsibility: platforms must show that such mechanisms work carefully, proportionally and do not turn into uncontrolled surveillance.
For users, the situation is more complicated. On the one hand, the goal of these rules is to protect children and reduce the spread of dangerous content. On the other hand, people want to understand whether their private messages can be checked automatically, what data is analyzed and who controls these processes.
Why this matters for digital privacy
The Chat Control story shows that the EU is increasingly facing a difficult choice: how to fight real online crimes without weakening the basic rights of users. At the center of this discussion is not only one specific law, but the future of digital communication in general.
If the rules are too weak, platforms may lose effective tools to fight CSAM. If they are too strict, this may create a dangerous precedent for scanning private correspondence under other pretexts.
What is the takeaway for digital communications
The extension of the “chat scanning” regime until 2028 became the EU’s attempt to buy time and avoid leaving platforms without mechanisms to fight illegal content. But this decision does not remove the main dispute. On the contrary, it once again shows how difficult it is to combine online safety, child protection and user privacy.
The main signal for the market is simple: the future of digital communications will increasingly depend on whether regulators can find the line between protection and surveillance.
And this line will become one of the most important topics for platforms, users and the privacy community in the coming years.