The European Parliament voted on July 9, 2026, to extend Chat Control 1.0 — the law permitting platforms such as Instagram, Discord, Gmail, and Xbox to scan private messages for child sexual abuse material (CSAM) — until approximately October 2028. Despite 314 MEPs voting against the extension, the motion to reject it failed because it needed an absolute majority of 361 votes to pass; only 276 voted in favour of extending the law while 17 abstained. WhatsApp, Signal, and iMessage with Advanced Data Protection are explicitly exempt because an amendment protecting end-to-end encryption (E2EE) was adopted in the same vote.
What Is Chat Control 1.0, and What Did the Vote Decide?
Chat Control 1.0 is the ePrivacy derogation originally adopted in 2021 that authorises — but does not mandate — platforms to scan private messages against databases of already-known CSAM hashes. The July 9 vote extended that permission to approximately October 2028, following a July 7 urgent-procedure vote (331 in favour, 304 against) that set up the final vote. Participation was voluntary: platforms are allowed to scan, not required to. Most major US platforms, including Meta, Google, and Microsoft, already perform this scanning globally under NCMEC reporting requirements.
Which Platforms Are Affected — and Which Are Not?
Instagram DMs, Discord, Snapchat, Xbox messaging, Gmail, and iCloud fall within the scope of Chat Control 1.0. The Parliament adopted an amendment protecting E2EE alongside the main extension, meaning WhatsApp, Signal, and iMessage in Advanced Data Protection mode remain outside the law’s reach, because end-to-end encrypted messages are technically unscannable on the server side. The EU Council has three months — until approximately October 9, 2026 — to accept or reject the E2EE amendment; if the Council rejects it, the legal status of encrypted platforms becomes contested again.
How Did Opponents Win the Vote Count but Still Lose?
The procedural rule that produced the result is central to understanding the story. Under EU parliamentary procedure, some motions require an absolute majority — a majority of all MEPs, present or not — rather than a simple majority of those casting votes. On July 9, 314 MEPs voted against extending Chat Control 1.0, more than the 276 who voted for it. The motion to reject still failed because reaching the absolute majority of 361 required 47 additional votes that were not present in the chamber. MEP Patrick Breyer of the Pirate Party, a leading opponent of the law, stated: “Our children lose out,” arguing that the law is ineffective because CSAM trading primarily occurs on platforms outside EU jurisdiction.
Chat Control 2.0 Is a Separate, Still-Pending Proposal
Chat Control 2.0 — a distinct proposal that would require platforms to proactively scan all messages, including encrypted ones, before encryption is applied — has not passed. Chat Control 2.0 remains in EU Council deliberations and is not part of the July 9 vote. The significance of the Chat Control 1.0 extension for the future of Chat Control 2.0 is procedural: the same absolute-majority mechanism could, in theory, allow a similarly contentious proposal to pass through insufficient opposition turnout. Privacy advocates and open-source communities have flagged this precedent as the most consequential outcome of the vote.
For broader context on EU and US moves to regulate AI-adjacent technology, see our coverage of the White House voluntary AI framework for frontier models — a contrasting case where regulators chose non-binding guidance over binding votes. On platform compliance pressure, our earlier report on Anthropic’s China-loophole crackdown covers how AI providers respond to regulatory access restrictions.
Last updated:

