• Category: Security
  • Status: confirmed
  • Sources: Euronews, Patrick Breyer (advocacy), HN discussion
  • Summary: On 2026-07-09 the European Parliament voted on the extension of the interim derogation (Regulation 2021/1232, called "Chat Control 1.0") that permits providers to voluntarily scan communications for child sexual abuse material. The vote ran under the ordinary legislative procedure second reading, where an absolute majority of at least 361 MEPs is required to reject or amend the text. Reporting states 314 MEPs voted to reject, 47 short of that threshold, so the derogation proceeds and runs until 2028-04-03. The derogation covers voluntary scanning on services that are not end-to-end encrypted (reported to include Gmail, Facebook Messenger, Instagram DMs, Skype, Snapchat, iCloud Mail, and Xbox) and does not mandate breaking end-to-end encryption.
  • Comments: HN commenters focus on the procedure, noting the reversed burden of proof under the urgency route meant a measure most voting MEPs opposed still passed. Several draw the line between this voluntary derogation and the separate proposed CSA Regulation ("Chat Control 2.0"), which would mandate client-side scanning and is still under negotiation.
  • Why it matters: The legal basis for server-side CSAM scanning across major EU email and messaging platforms continues for nearly two more years, and the procedural route sets a precedent for the contested mandatory-scanning proposal.
  • Follow-up: Watch the Council and Parliament negotiations on the mandatory CSA Regulation ("Chat Control 2.0") and any provider changes to scanning or encryption defaults under the extended derogation.

Send feedback on this story