On 26 March 2026, the European Parliament rejected the extension of the provisional rules on ‘chat control’, the measure that would have allowed the indiscriminate scanning of private messages for child pornography.

The decision represents yet another defeat for a proposal that, in various forms, has been opposed for years by the tech community, digital rights activists and a significant proportion of MEPs.

But what exactly did these provisional rules provide for? And how did they differ from the final regulation that was already rejected last November?

Under surveillance

The temporary ‘Chat Control’ regime, dubbed with a hint of sarcasm ‘Chat Control 1.0’, was introduced in 2021 and already extended in 2024.
This system allowed digital platforms (such as Gmail, Facebook Messenger, Instagram, Skype and even Xbox) to voluntarily scan users’ private messages for illegal material, even without the need for a judicial warrant and without the suspicion of a specific crime.

Version ‘2.0’, still under discussion after an initial rejection, would have made scanning mandatory, no longer voluntary, extending it to services with end-to-end encryption (such as Signal or WhatsApp).
As we have explained several times in our columns, this would be done by installing backdoors (programmed holes in the encryption) or client-side scanning systems on users’ devices.

In practice, every message, image or file shared would have risked being analysed by automatic algorithms looking for evidence of paedophilia, with the statistical certainty of false positives(users appearing to be paedophiles without being so) and massive violations of personal privacy.

End-to-end encryption, a pillar of digital security, would also have been weakened, exposing not only users to the danger of mass surveillance, but entire nations to the danger of cyber attacks by hostile powers such as Russia.
Once the flaw in the system is open, anyone can sneak in.

The worst is over

In 2022, however, the Commission had proposed an even more invasive version, which included mandatory scanning of all messaging services, forced identification of users (with the end of online anonymity) and the blocking of children under 16 from many platforms.
After the protests, the European Parliament had adopted a more cautious stance, at least excluding mandatory scanning and end-to-end encryption from the scope.

However, the extension of the temporary regime would still have legitimised a surveillance system already blamed for its ineffectiveness: according to the Commission itself, 75 per cent of the reports generated by these systems turn out to be unfounded, overburdening law enforcement agencies and violating the privacy of millions of innocent citizens.

As we always mention in our columns, the European Union has remained, together with the US, the only area in the world that does not impose a system of mandatory surveillance of messages or mandatory weakening of encryption. Not only dictatorships like China and Iran and formal democracies like India, but also some mature democracies like the UK and Canada have adopted such laws. Despite the fact that the majority of the Commission and the majority of the member states have repeatedly come out in favour, the Parliament and the Council of the Union have failed in every attempt.

Left for freedom, right for control

The curious aspect of yesterday’s vote is that, while historically the right-wing media and influencers have been the most ardent opponents of‘European Big Brother‘ while the left-wing voices have been the most sensitive to humanitarian scruples against paedophilia, in yesterday’s vote the sides were reversed: for a moment, we saw a more familiar pattern return, in which the left values personal freedom while the right values security.

311 MEPs voted against, 228 voted in favour and 92 abstained. On some individual amendments, the ‘No’ side won by only one vote.

The groups most strongly opposed were the Greens, the Left, the Liberals(Renew) and part of the Socialists (S&D).
Crucial was the role of the German Socialists, who refused to support the extension, despite pressure from the European People’s Party (EPP ) and some national governments.
The Conservatives and Reformists (ECR) group, the one that includes Meloni, the Polish nationalist Morawiecki and the Romanian fascist ultranationalist Simion, also voted in favour of the ‘Brussels Leviathan’.

The supposedly moderate People’s Party itself lost its nerves after the defeat and tweeted from its official account that the socialists ‘shiled the predators’.

Birgit Sippel: the German socialist who made a difference

Birgit Sippel, Socialist MEP and rapporteur of the text, played a decisive role. The 66-year-old has repeatedly stressed that the fight against child pornography cannot justify the systematic violation of privacy. In the days before the vote, she stated on X (formerly Twitter): ‘We cannot accept that fear should be used to introduce measures that destroy trust in digital services. There are more effective alternatives, such as targeted investigations and increased law enforcement resources’.

His views, supported by cybersecurity experts and organisations such as EDRi and CEPIS, convinced many colleagues to reject the extension. Sippel also criticised the Commission’s approach, calling it ‘technologically short-sighted and legally untenable’.

Another battle is won, but the war continues

The defeat of ‘chat control’, even in its light and provisional version, is good news, but it is not the end of the story.
The Commission is already working on a new proposal, and the risk of a return of mass surveillance remains real.
However, the vote on 26 March shows that when it comes to defending privacy and digital security, Europe knows how to say no.
It is now up to citizens and institutions to be vigilant, so that this victory is no longer the exception, but the rule.