The European Parliament voted Thursday to reinstate a law permitting large tech companies to voluntarily scan user messages for child sexual abuse material (CSAM), a practice critics have dubbed Chat Control. The vote came the day before summer recess and relied on a legislative mechanism requiring an absolute majority to defeat the measure.

Because absolute majority rules count absent lawmakers as yes votes, the provision passed despite more present members voting against it than for it. The original law, dating to 2021, had expired in April after Parliament failed to agree on a path forward amid mounting privacy concerns. Some tech companies reportedly continued scanning even after the legal authorization lapsed, prompting warnings from European officials about operating without legal protection.

Parliament President Roberta Metsola had pushed to prioritize renewal of the rule, which does not extend to scanning on end-to-end encrypted platforms such as Signal. With Thursday’s vote, companies including Google, Microsoft, and Meta now have explicit legal cover to continue voluntary CSAM detection until 2028.

Procedural Backlash

Privacy advocates say the maneuver is especially troubling because Parliament had rejected the same measure through normal procedure just three months earlier. Rand Hammoud of the Center for Democracy and Technology’s Europe office called the tactic “highly politicised” and unprecedented, accusing lawmakers of overstepping Parliament’s own prior vote and mandate.

A Bigger Fight Looms

The Thursday vote is a stopgap compared to the more consequential negotiations underway over a permanent framework, known informally as Chat Control 2.0. Simeon de Brouwer, a policy adviser at European Digital Rights, warned that the most extreme version of the permanent law could force providers to scan all hosted content and conversations, including those protected by end-to-end encryption.

Lawmakers have been negotiating that permanent framework since November 2023 without significant progress. Law enforcement officials, including Europol Executive Director Catherine De Bolle, have argued that continued detection and reporting of suspected CSAM is essential for child protection.

Critics counter that the tradeoffs are too steep. De Brouwer argued that Chat Control effectively allows companies to inspect millions of private conversations without a warrant, meaningful oversight, or clear legal basis, raising fundamental concerns about surveillance and due process in the EU’s digital communications landscape.