A Majority of EU Lawmakers Voted Against Message Scanning. It Passed Anyway.
Parliament's urgent procedure required 361 votes against to block the renewal; opponents reached 314, 47 votes short.
Parliament's urgent procedure required 361 votes against to block the renewal; opponents reached 314, 47 votes short.
A majority of the European Parliament's lawmakers voted against renewing a temporary law that lets big tech companies scan private messages for child sexual abuse material. The extension passed anyway. The result hinged on a procedural rule: under the Parliament's "urgent procedure," blocking the extension required 361 votes against, an absolute majority of the 720-member chamber. Opponents reached 314.
The 47 votes came from how the rule is constructed. Ordinary EU procedure rejects a bill on a simple majority of those voting. Urgent procedure raises the bar to 361 "no" votes, an absolute majority of all 720 members. The threshold has been used twice on this file. Parliament used it first to renew the temporary mandate in 2025 and again now, after that earlier rule expired in April. The European People's Party (EPP), the Parliament's largest political group, drove both renewals.
The renewal is narrower than the critics' nickname suggests. The temporary law lets providers run client-side scanning on non-encrypted services: Facebook Messenger, Instagram direct messages, Gmail, Outlook, and similar inboxes. End-to-end encrypted platforms, including WhatsApp and Signal, are exempt. Providers participate on a voluntary basis; the renewal does not require firms to scan, but once they opt in it gives them a legal basis to do so under the EU's ePrivacy Directive, which would otherwise block content inspection on private messages. WIRED reported on the vote this week.
The nickname "Chat Control" is critic-coined. It originated with the fightchatcontrol.eu coalition and former Pirate Party MEP Patrick Breyer's campaign, shorthand for what critics describe as the incremental normalization of private-channel monitoring. The Commission's working name is the Interim CSAM Detection Order; the original proposal is COM(2022) 209, and the Council's negotiating mandate is laid out in ST-16495-2025.
Simeon de Brouwer of European Digital Rights told WIRED that if firms opt in, they "may read every message you write, every email you send, every picture you share." Breyer, a former Pirate Party MEP who voted against the file, called the process a "farce" inside the Parliament. Critics point to two specific concerns: that urgent procedure removes the kind of legislative scrutiny a file of this scale would normally attract, and that voluntary client-side scanning installs technical infrastructure that a future bill could extend to encrypted services or make compulsory.
The EPP's stated case is the inverse: rescinding the renewal would leave investigators without a usable legal basis for tools that have identified abuse victims, with the permanent bill still being negotiated. That argument treats the temporary renewal as a stop-gap, not as the substantive policy.
The next lever is procedural, and it belongs to the permanent bill. The temporary extension runs to 2028; ST-15318-2025 already carries the Council's mandate on the permanent file. If the Council retains urgent procedure for the permanent bill and Parliament applies the same 361-vote absolute-majority threshold, a future majority-opposed bill could pass the same way. The 47-vote shortfall in this week's vote now defines the coalition that civil-liberties groups need to assemble, and the 2028 sunset is the deadline they are tracking.