News · News

EU Parliament Passes Chat Control 1.0: Private Message Scanning Extended to 2028, E2EE Exempt

The EU Parliament voted July 9, 2026 to revive Chat Control 1.0, extending voluntary CSAM scanning of private messages to 2028 — with end-to-end encrypted chats explicitly exempt.

EU Parliament Passes Chat Control 1.0: Private Message Scanning Extended to 2028, E2EE Exempt

The European Parliament voted July 9, 2026 to bring Chat Control 1.0 back from the dead — reinstating a voluntary regime that lets tech companies scan private messages for child sexual abuse material through 2028, but carving out a hard exemption for end-to-end encrypted communications. It’s a resurrection. Four months ago, lawmakers killed the extension by a single vote in March; now, almost identically worded legislation has cleared Parliament, with the encryption shield as its lone substantive concession.

Z
Zcash
ZEC
View coin →
$500.06 6.49%
Market cap · $8.4B

The original law was a temporary measure adopted in 2021. It lets technology firms voluntarily scan user communications for CSAM without requiring any individual suspicion of wrongdoing — a framework German MEP Patrick Breyer and other critics have consistently labeled suspicionless mass scanning of private communications. After Parliament’s razor-thin March rejection, the authority lapsed entirely in April 2026, leaving a brief window in which no scanning regime existed at all before this week’s vote snapped one back into place (fightchatcontrol.eu, Wikipedia).

What passed is essentially the 2021 law. Full stop — minus the legal permission to sweep encrypted messages. The Register confirmed as much, and Euronews reported that E2EE messages are explicitly exempted from the scanning requirement under the cleared version. That exemption is the single thing privacy advocates fought hardest to preserve — and, for now, they kept it.

Here is the part that makes the result genuinely strange. Wired reported that a majority of European lawmakers actually voted against the measure, yet it cleared Parliament anyway — pointing to procedural mechanics or coalition dynamics that let legislation through despite more members opposing it than supporting it. A surveillance expansion, enacted against the expressed will of most voting members. The optics don’t get much more uncomfortable than that.

Breyer didn’t mince words. “Our children lose out,” he said in a statement framing the outcome as a failure on both fronts — ineffective at protecting children while simultaneously eroding ordinary citizens’ privacy (patrick-breyer.de). His critique goes to the structural problem: scanning applies broadly and without individual suspicion, meaning communications from people never accused of anything are subject to automated review by private companies operating under voluntary government permission.

Supporters call voluntary scanning a necessary detection tool for CSAM in digital spaces where it increasingly circulates. But that word — voluntary — deserves hard scrutiny. Companies that opt out may face political pressure or downstream regulatory consequences, and the infrastructure built today for voluntary scanning can be repurposed the instant a future mandate arrives. That is precisely what privacy campaigners fear. Chat Control 1.0 normalizes the surveillance plumbing; Chat Control 2.0 — a separate, far more expansive proposal that would make scanning mandatory — remains under active legislative consideration. The two tracks are legally distinct, but critics see the 1.0 extension as a deliberate stepping stone toward the latter.

The timeline alone tells a story. A temporary regime adopted in 2021. Extended. Rejected by one vote in March 2026. Expired in April 2026. Then, four months later, Parliament passed what is effectively the same law again — E2EE exemption as the lone concession. Neither side has consolidated a durable majority; that single-vote margin in March shows exactly how thin the divide remains, and the legislative whiplash suggests this fight cycles back every few years until one coalition finally breaks.

For the crypto and privacy community, the encryption carve-out is the detail that matters most. End-to-end encryption — the technology underlying Signal and WhatsApp, and the cryptographic backbone of privacy-focused blockchain networks — cannot be scanned without breaking the encryption itself; by exempting E2EE, Parliament acknowledged, at least implicitly, that mandating backdoors or client-side scanning of encrypted communications remains politically and technically toxic. The exemption preserves the integrity of encrypted channels, at least under this specific law.

Markets noticed. Or something correlated, anyway. ZZEC$500.066.49% (ZEC) traded at $500 as of July 10, 2026 — up 7.41% over 24 hours and 16.97% over seven days, making it the largest 24-hour gainer among major cryptocurrencies. The broader crypto market cap stood at $2,278.11 billion, up 1.36% in 24 hours, with BBTC$63,947.001.59% at $63,907 and EETH$1,771.811.15% at $1,773. The Fear & Greed Index sat at 23 — extreme fear — a backdrop that makes ZEC’s outperformance stand out even more sharply.

The fight is nowhere near finished. Chat Control 2.0 — the mandatory proposal that would apply to far more services and could revisit the E2EE question directly — remains in the legislative pipeline, with advocates who secured the encryption exemption in 1.0 now facing a steeper battle when the 2.0 framework advances, likely later in 2026 or into 2027. The next flashpoint: whether the European Commission moves to claw back the E2EE carve-out when it pushes the 2.0 proposal forward — and whether those one-vote margins hold.

Nadia Rahman

Nadia Rahman

Markets Editor · 9 years covering crypto · Author page

Nadia Rahman is CoinScoop's Markets Editor. She covers Bitcoin, macro liquidity and the spot-ETF complex, and previously reported on rates and FX for a global newswire.

Disclosure: This article is independent journalism and is for information only — it is not financial advice. CoinScoop is reader-supported and may earn a commission from some links. Read our disclosure policy →