EU Chat Control

Licking the envelope closed is now mandatory!
The old Dutch ‘briefgeheim’ (confidential letter) meant the postal service (and by analogy social media platforms) could not open and read letters. But there were conditions. Postal cards like those that you sent from your holiday location were plain, and openly readable. Those were exempt.
That is the current situation for messages online now that the EU has again weakened the ePrivacy directive. The encripted messages that we send are confidential, the others are potentially accessible to anyone. We have to lick the envelope closed, use encryption, for our personal communication to have them private again.
As a result of the void in digital regulations that will protect our private messages, a number of Pirates have issued statements, including a statement by Dr. Patrick Breyer
and an official Czech Pirate Party statement featuring comments from Pirate MEP Markéta Gregorová
While the specific regulation is related to the European Union, at PPI we would like to emphasize the importance of this issue as a global concern.
What happened?
On 9 July 2026, the European Parliament supported the return of the temporary “Chat Control 1.0” framework but also adopted an amendment explicitly protecting encrypted communications. Because Parliament amended the proposal, the text returns to the Council. If the Council rejects Parliament’s changes, further negotiations may be required. The temporary framework is intended to apply until 2028, unless it is replaced earlier by a permanent regulation.
Negotiations for the permanent law will resume in September. The core dispute between the EU Parliament, member state governments, and the EU Commission remains the scanning of private chats: should it be indiscriminate, or targeted at criminal suspects?
What changes with the return of Chat Control 1.0—and what stays the same:
- What is coming back: US tech companies are once again allowed to scan private messages without a warrant or prior suspicion. This affects direct messages on platforms like Instagram, Discord, Snapchat, Skype, and Xbox, as well as emails via Google’s Gmail and Apple’s iCloud.
- What remains unchanged: Public social media posts and files hosted in cloud storage could already be scanned without this law. Furthermore, private messages can always be reported by users, or monitored by authorities using targeted, court-ordered wiretapping.
- What is still NOT being scanned: End-to-end encrypted chats, such as those on WhatsApp, have always been exempt from these scans. Additionally, European providers of messaging and email services have never implemented chat control measures.
Background: The deadlock over a permanent solution
In parallel, negotiations are ongoing for a permanent regulation to protect children from sexualized online violence (the “CSAM Regulation” or “Chat Control 2.0”). In these talks, the EU Parliament is pushing for a paradigm shift in how we approach online child safety, demanding:
- Mandatory, targeted detection orders against actual criminal suspects, rather than blanket mass scanning left to the tech industry’s discretion.
- An EU Child Protection Centre tasked with the systematic removal of known abuse material from the public internet.
- Strict security standards for messaging apps (“Security by Design”) to prevent cyber grooming.
Patrick Breyer sums up the problem:
“As long as EU governments can use procedural loopholes to continually extend their comfortable status quo of voluntary, indiscriminate mass scanning, they have zero incentive to engage with the Parliament’s targeted, legally sound, and far more effective child protection strategy.“
Dorothée Hahne, founding member and vice-chair of the survivors’ initiative MOGiS e.V. (A Voice for Survivors), emphasizes the danger mass surveillance poses to victims themselves:
“As survivors, we see our ‘safe spaces’, our protected areas and communication channels, endangered or destroyed by this. For survivors, this need is existential.“
Markéta Gregorová:
“The fight to protect privacy does not end here. On the contrary. Today’s vote showed that there is still a strong majority of Members of the European Parliament who oppose at least the weakening of encryption. But that does not change the fact that Parliament approved the possibility of carrying out mass surveillance of millions of messages belonging to innocent citizens.”
