NEW RULES

Europe revives a law allowing companies to inspect private chats

Signals Inbox·July 10, 2026·Cybersecurity

EU lawmakers have revived the rules nicknamed Chat Control, reopening a legal path for tech platforms to scan some private communications for child sexual abuse material.

The Signal, Explained in 3 Minutes

Q1What actually happened?

The European Parliament backed the return of a temporary rule that lets online providers voluntarily detect, report, and remove child sexual abuse material. The Council describes it officially as an exception to normal electronic communications privacy rules. Critics call it Chat Control because it gives private companies legal room to scan communications that would normally be confidential.

Q2Did Europe just legalize reading every private message?

No. Governments did not receive a button that opens everyone’s inbox. The rule lets platforms run voluntary detection systems for child sexual abuse material. End-to-end encrypted services such as Signal and encrypted WhatsApp chats are excluded from the Parliament’s current version.

Q3Why are people saying Chat Control came back?

Because this system already existed from 2021 until April 3, 2026. It temporarily exempted messaging providers from parts of the EU’s ePrivacy rules, allowing companies to keep using detection technologies. Parliament rejected another extension in March, with 311 members voting against it and 228 supporting it. Three months later, lawmakers brought the measure back through an urgent procedure.

Q4How did it pass when more lawmakers opposed it?

This is the strangest part of the story. In the final Parliament vote, 314 lawmakers tried to reject the measure. But blocking it required an absolute majority of 361 members, not simply more no votes than yes votes. The opposition therefore fell 47 votes short, so Parliament’s position stood even though more participating lawmakers voted against it.

Q5What can platforms actually scan?

The temporary framework covers private texts, emails, images, and other communications handled by participating providers, but only for detecting online child sexual abuse. Companies may look for known illegal material and certain suspicious patterns, then report possible matches. It is voluntary, not a blanket order forcing every platform to scan every user.

Q6Is this the permanent Chat Control law?

No. This is usually called Chat Control 1.0, a temporary bridge that is expected to run until 2028 unless permanent rules replace it earlier. Chat Control 2.0 is the much bigger proposal still being negotiated. That version could create lasting obligations for platforms to assess risks, prevent abuse, remove illegal material, and cooperate with a new EU child protection center.

Q7Why does this matter if companies already scan content?

Because private communications are treated differently from public posts. Companies such as Google, Meta, Microsoft, and Snap have used automated systems to find abuse material for years, but European privacy law limits how they can process confidential messages. When the exception expired in April, the industry lost its clear legal basis for doing that. The new vote restores that protection and makes voluntary scanning easier to continue.

Q8So what is the real point of tension?

Europe is trying to protect children without turning private messaging into permanent surveillance infrastructure. Supporters argue that the April gap made it harder to find victims and offenders. Critics argue that once automated scanning becomes normal, its scope can expand and false matches can expose innocent conversations.