EU Backs Chat Control Extension, but the Bigger Fight Over Encrypted Messages Lies Ahead
Parliament extends temporary child safety rules while excluding encrypted chats as lawmakers negotiate permanent law

The European Parliament has backed a limited extension of temporary rules that let online platforms voluntarily detect child sexual abuse material in private communications, while keeping end‑to‑end encrypted messages outside the scope as lawmakers wrangle over permanent EU rules.
The vote preserves an interim exemption from the bloc's ePrivacy rules, allowing providers to continue voluntary detection efforts while the EU negotiates a permanent child sexual abuse regulation, known as 'Chat Control 2'. The long-term framework has become politically contentious over questions about detection requirements, encryption and the role of technology companies in monitoring online communications.
Parliament Extends Temporary Rules, Narrows Encryption Scope
The European Parliament adopted amendments to the Council's position on extending the temporary ePrivacy exemption, allowing online communication providers to voluntarily detect and report child sexual abuse material (CSAM) and child solicitation on their services.
The framework had expired on 3 April 2026 after Parliament rejected an earlier extension proposal. The latest vote restores the temporary rules while negotiations continue on a permanent EU regulation covering online child sexual abuse.
MEPs added a key restriction by excluding communications where end‑to‑end encryption is, has been or will be applied. The amendment limits the measure's scope by preventing providers from using the voluntary detection tools covered by the law on encrypted communications.
The vote followed a narrow procedural path. MEPs first voted on whether to reject the Council's position, with 314 voting in favour, 276 against and 17 abstentions. However, rejection required an absolute majority of 361 votes, meaning the proposal failed despite receiving more votes in favour than against.
Introduced in 2021, the temporary framework was designed to prevent a legal gap while permanent legislation was negotiated. Providers using detection tools must follow safeguards including data protection assessments, using less intrusive technologies where possible, human review and reporting obligations.
Focus Shifts To The Permanent Child Abuse Rules
The debate quickly moved beyond the temporary extension towards the EU's proposed permanent regulation, which would replace the interim framework once adopted.
French MEP Leïla Chaibi criticised the outcome, writing that 'Chat Control 1.0 has passed' and arguing that the result was enabled by an alliance between the National Rally and the majority supporting European Commission President Ursula von der Leyen. She said those who supported the measure carried 'immense responsibility' for the decision.
Privacy-focused VPN provider Mullvad also criticised the process, saying the measure returned despite previous parliamentary opposition. The company argued that the urgent procedure affected the outcome, pointing to the rejection vote where a majority of participating MEPs supported blocking the Council position but did not reach the required threshold.
Supporters of the extension have argued that it preserves tools used by platforms to detect child sexual abuse material and avoids a period where providers would lose the legal basis for voluntary reporting while lawmakers negotiate permanent rules.
What Is Chat Control 2 and Why Has It Become So Controversial?
Chat Control 2 refers to the EU's proposed permanent regulation on preventing and combating child sexual abuse online. Unlike the temporary exemption, it is intended to establish a long-term system covering prevention measures, risk assessments, detection obligations and cooperation between platforms and authorities.
The controversy centres on how future rules would apply to private communications. Critics have raised concerns about proposals that could require technology companies to detect illegal material in user communications, particularly where encryption is involved.
End‑to‑end encryption is designed so that only the sender and recipient can access message contents. Privacy advocates argue that expanding detection requirements could affect those protections, while supporters say stronger tools are needed to identify child sexual abuse material and protect victims.
The issue also affects major messaging platforms operating in Europe, including services such as WhatsApp and Signal, where encryption is a core feature. Companies would face questions over how any future detection requirements could be implemented without changing existing security models.
Negotiations on the permanent regulation are continuing. Some elements of the proposal have changed during discussions, but EU lawmakers have not yet reached a final agreement on the rules that will replace the temporary framework.
© Copyright IBTimes 2025. All rights reserved.
























