Report: Chat Control 1.0 and 2.0 Explained
{ "title": "EU Chat Control 1.0 & 2.0: The Battle Over Encryption", "slug": "eu-chat-control-1-0-2-0-explained", "summary": "The EU's 'Chat Control' laws are two parallel proposals that threaten end-to-end encryption. Chat Control 1.0, a temporary voluntary scanning law, expired in April 2026 but the Council is attempting an unprecedented fast-track revival. Chat Control 2.0, a permanent mandatory scanning proposal, remains deadlocked after five failed trilogue rounds. The core issue is suspicionless scanning of private messages and its impact on encryption.", "meta_description": "EU Chat Control 1.0 expired but faces revival; Chat Control 2.0 is deadlocked. Learn how these laws threaten end-to-end encryption and what's at stake.", "content": "
The Two-Front War on Encryption: Understanding EU Chat Control
The European Union's legislative battle over digital privacy has entered a critical phase, with two parallel proposals—collectively known as " , "Chat Control" : " —moving through EU institutions simultaneously. This dual-track approach has created a confusing landscape where one law has expired, another is stalled, and a controversial revival attempt is underway.
At the heart of the debate is a fundamental tension: the desire to protect children from online sexual abuse versus the need to preserve the privacy and security of all digital communications, particularly end-to-end encryption. The outcome of these legislative battles will have profound implications for how we communicate online.
Chat Control 1.0: The Temporary Law That Won't Die
Regulation (EU) 2021/1232, known as Chat Control 1.0, was a temporary derogation from the ePrivacy Directive. It allowed—but did not require—providers to voluntarily scan private messages for potential child sexual abuse material (CSAM). This law was primarily used by unencrypted US services like Gmail, Facebook Messenger, Skype, and Snapchat.
The law officially expired on April 4, 2026, after the European Parliament rejected its extension. The critical vote saw 311 MEPs against extension, with Amendment 34—which rejected automated assessment of unknown photos and texts—passing by a single vote (307–306).
Despite this clear parliamentary rejection, the Council of the EU is now attempting an unprecedented fast-track revival. On June 26, 2026, EU ambassadors agreed to push a formally " , "new" : " law with identical content via an expedited procedure, arguing that an expired regulation cannot be extended but a new one can be adopted.
The Council adopted its position on July 2, 2026, via written procedure. An urgency vote is expected in Parliament on July 7, 2026. If approved under urgency, the proposal would skip the standard committee route and be voted directly. Treated as a second reading, an absolute majority of all MEPs would be needed to stop or amend it—a very high hurdle.
Chat Control 2.0: The Permanent Proposal Remains Deadlocked
Chat Control 2.0, formally the CSA Regulation (CSAR), is a proposed permanent regulation that would make detection and reporting of child sexual abuse material a legal requirement for digital platforms. The original 2022 proposal mandated scanning of private communications, including a requirement to bypass end-to-end encryption.
After years of deadlock, the Council adopted a softened position in November 2025, shifting to " , "voluntary" : " suspicionless detection plus broad risk-mitigation duties. However, the Parliament's position, adopted in November 2023, insists that scanning must be limited to individual users or groups suspected of links to child sexual abuse, with a court order required.
Five trilogue rounds have failed to produce a deal. The supposedly final trilogue on June 29, 2026, collapsed over the issue of suspicionless scanning. The Council's own legal service stated on June 10, 2026, that the " , "voluntary" : " scanning proposal still constitutes generalised scanning of communications, incompatible with Article 7 of the EU Charter absent reasonable suspicion and prior judicial authorisation.
Timeline of Key Events
- July 14, 2021: Chat Control 1.0 adopted as a temporary derogation.
- May 11, 2022: European Commission proposes Chat Control 2.0 (CSA Regulation).
- November 2023: Parliament adopts a protective mandate for Chat Control 2.0, opposing scanning of encrypted services.
- March 26, 2026: Parliament rejects extension of Chat Control 1.0 (311 votes against).
- April 4, 2026: Chat Control 1.0 expires.
- June 29, 2026: Fifth trilogue on Chat Control 2.0 collapses over suspicionless scanning.
- July 2, 2026: Council adopts its position on a " , "new" : " Chat Control 1.0 via written procedure.
- July 7, 2026 (expected): Urgency vote in Parliament on the revived Chat Control 1.0.
What's at Stake: The Encryption Red Line
The most contentious issue in both proposals is the impact on end-to-end encryption. Chat Control 1.0 never required scanning of encrypted messages, but providers could deploy client-side scanning. Chat Control 2.0's original proposal explicitly required platforms to bypass encryption.
The Parliament's position on Chat Control 2.0, adopted in November 2023, is clear: no scanning of end-to-end encrypted services, detection limited to visual material, and judicial warrants targeted at specific suspects. The Council's position, however, still allows " , "voluntary" : " suspicionless detection and imposes broad risk-mitigation duties that critics say would effectively mandate scanning.
The Council's own legal service raised the alarm on June 10, 2026, stating that the " , "voluntary" : " scanning proposal still constitutes generalised scanning of communications, incompatible with Article 7 of the EU Charter absent reasonable suspicion and prior judicial authorisation. This internal warning underscores the legal fragility of the Council's position.
Why This Matters for Privacy and Security
The implications of these laws extend far beyond EU borders. If Chat Control 2.0 is adopted in its current form, it could effectively mandate the weakening of end-to-end encryption across all messaging platforms operating in Europe. This would set a global precedent for government-mandated surveillance.
Privacy advocates argue that suspicionless scanning undermines the very foundation of secure communication. The Council's own legal service has confirmed that the " , "voluntary" : " scanning proposal still constitutes generalised scanning of communications, incompatible with Article 7 of the EU Charter.
Meanwhile, major tech companies are already taking steps to enhance user privacy. WhatsApp has begun rolling out a username system, allowing users to hide their phone numbers. The feature includes an additional layer of protection where strangers attempting to connect via username may be required to enter a special four-digit PIN code.
Microsoft has also introduced new Teams controls to block unauthorized AI bots from meetings. The new policy allows organizations to assign a ' , ,Manage external bots and their access to meetings' , , policy, with Teams automatically detecting bots and asking for explicit organizer confirmation before admitting them.
The Encryption Red Line
The most contentious issue in both proposals is the impact on end-to-end encryption. Chat Control 1.0 never required scanning of encrypted messages, but providers could deploy client-side scanning. Chat Control 2.0's original proposal explicitly required platforms to bypass encryption.
The Parliament's position on Chat Control 2.0, adopted in November 2023, is clear: no scanning of end-to-end encrypted services, detection limited to visual material, and judicial warrants targeted at specific suspects. The Council's position, however, still allows " , "voluntary" : " suspicionless detection and imposes broad risk-mitigation duties that critics say would effectively mandate scanning.
The Council's own legal service raised the alarm on June 10, 2026, stating that the " , "voluntary" : " scanning proposal still constitutes generalised scanning of communications, incompatible with Article 7 of the EU Charter absent reasonable suspicion and prior judicial authorisation. This internal warning underscores the legal fragility of the Council's position.
What's at Stake: The Encryption Red Line
The most contentious issue in both proposals is the impact on end-to-end encryption. Chat Control 1.0 never required scanning of encrypted messages, but providers could deploy client-side scanning. Chat Control 2.0's original proposal explicitly required platforms to bypass encryption.
The Parliament's position on Chat Control 2.0, adopted in November 2023, is clear: no scanning of end-to-end encrypted services, detection limited to visual material, and judicial warrants targeted at specific suspects. The Council's position, however, still allows " , "voluntary" : " suspicionless detection and imposes broad risk-mitigation duties that critics say would effectively mandate scanning.
The Council's own legal service raised the alarm on June 10, 2026, stating that the " , "voluntary" : " scanning proposal still constitutes generalised scanning of communications, incompatible with Article 7 of the EU Charter absent reasonable suspicion and prior judicial authorisation. This internal warning underscores the legal fragility of the Council's position.
Timeline of Key Events
- July 14, 2021: Chat Control 1.0 adopted as a temporary derogation.
- May 11, 2022: European Commission proposes Chat Control 2.0 (CSA Regulation).
- November 2023: Parliament adopts a protective mandate for Chat Control 2.0, opposing scanning of encrypted services.
- March 26, 2026: Parliament rejects extension of Chat Control 1.0 (311 votes against).
- April 4, 2026: Chat Control 1.0 expires.
- June 29, 2026: Fifth trilogue on Chat Control 2.0 collapses over suspicionless scanning.
- July 2, 2026: Council adopts its position on a " , "new" : " Chat Control 1.0 via written procedure.
- July 7, 2026 (expected): Urgency vote in Parliament on the revived Chat Control 1.0.
What's at Stake: The Encryption Red Line
The most contentious issue in both proposals is the impact on end-to-end encryption. Chat Control 1.0 never required scanning of encrypted messages, but providers could deploy client-side scanning. Chat Control 2.0's original proposal explicitly required platforms to bypass encryption.
The Parliament's position on Chat Control 2.0, adopted in November 2023, is clear: no scanning of end-to-end encrypted services, detection limited to visual material, and judicial warrants targeted at specific suspects. The Council's position, however, still allows " , "voluntary" : " suspicionless detection and imposes broad risk-mitigation duties that critics say would effectively mandate scanning.
The Council's own legal service raised the alarm on June 10, 2026, stating that the " , "voluntary" : " scanning proposal still constitutes generalised scanning of communications, incompatible with Article 7 of the EU Charter absent reasonable suspicion and prior judicial authorisation. This internal warning underscores the legal fragility of the Council's position.
Timeline of Key Events
- July 14, 2021: Chat Control 1.0 adopted as a temporary derogation.
- May 11, 2022: European Commission proposes Chat Control 2.0 (CSA Regulation).
- November 2023: Parliament adopts a protective mandate for Chat Control 2.0, opposing scanning of encrypted services.
- March 26, 2026: Parliament rejects extension of Chat Control 1.0 (311 votes against).
- April 4, 2026: Chat Control 1.0 expires.
- June 29, 2026: Fifth trilogue on Chat Control 2.0 collapses over suspicionless scanning.
- July 2, 2026: Council adopts its position on a " , "new" : " Chat Control 1.0 via written procedure.
- July 7, 2026 (expected): Urgency vote in Parliament on the revived Chat Control 1.0.
What's at Stake: The Encryption Red Line
The most contentious issue in both proposals is the impact on end-to-end encryption. Chat Control 1.0 never required scanning of encrypted messages, but providers could deploy client-side scanning. Chat Control 2.0's original proposal explicitly required platforms to bypass encryption.
The Parliament's position on Chat Control 2.0, adopted in November 2023, is clear: no scanning of end-to-end encrypted services, detection limited to visual material, and judicial warrants targeted at specific suspects. The Council's position, however, still allows " , "voluntary" : " suspicionless detection and imposes broad risk-mitigation duties that critics say would effectively mandate scanning.
The Council's own legal service raised the alarm on June 10, 2026, stating that the " , "voluntary" : " scanning proposal still constitutes generalised scanning of communications, incompatible with Article 7 of the EU Charter absent reasonable suspicion and prior judicial authorisation. This internal warning underscores the legal fragility of the Council's position.
Timeline of Key Events
- July 14, 2021: Chat Control 1.0 adopted as a temporary derogation.
- May 11, 2022: European Commission proposes Chat Control 2.0 (CSA Regulation).
- November 2023: Parliament adopts a protective mandate for Chat Control 2.0, opposing scanning of encrypted services.
- March 26, 2026: Parliament rejects extension of Chat Control 1.0 (311 votes against).
- April 4, 2026: Chat Control 1.0 expires.
- June 29, 2026: Fifth trilogue on Chat Control 2.0 collapses over suspicionless scanning.
- July 2, 2026: Council adopts its position on a " , "new" : " Chat Control 1.0 via written procedure.
- July 7, 2026 (expected): Urgency vote in Parliament on the revived Chat Control 1.0.
What's at Stake: The Encryption Red Line
The most contentious issue in both proposals is the impact on end-to-end encryption. Chat Control 1.0 never required scanning of encrypted messages, but providers could deploy client-side scanning. Chat Control 2.0's original proposal explicitly required platforms to bypass encryption.
The Parliament's position on Chat Control 2.0, adopted in November 2023, is clear: no scanning of end-to-end encrypted services, detection limited to visual material, and judicial warrants targeted at specific suspects. The Council's position, however, still allows " , "voluntary" : " suspicionless detection and imposes broad risk-mitigation duties that critics say would effectively mandate scanning.
The Council's own legal service raised the alarm on June 10, 2026, stating that the " , "voluntary" : " scanning proposal still constitutes generalised scanning of communications, incompatible with Article 7 of the EU Charter absent reasonable suspicion and prior judicial authorisation. This internal warning underscores the legal fragility of the Council's position.
Timeline of Key Events
- July 14, 2021: Chat Control 1.0 adopted as a temporary derogation.
- May 11, 2022: European Commission proposes Chat Control 2.0 (CSA Regulation).
- November 2023: Parliament adopts a protective mandate for Chat Control 2.0, opposing scanning of encrypted services.
- March 26, 2026: Parliament rejects extension of Chat Control 1.0 (311 votes against).
- April 4, 2026: Chat Control 1.0 expires.
Related News

Anthropic Discovers Claude's Internal 'Workspace' Mirroring Consciousness Theory

SK Hynix's $29B US IPO: AI Memory Boom Hits Nasdaq

Tech Layoffs 2026: AI Drives 139,000+ Job Cuts in H1

Reddit Fights AI Spam with LLMs: A Digital Arms Race

Report: Microsoft lays off nearly 5,000 employees across Xbox, commercial sales ai enterprise microsoft

