The European Parliament voted 311-228 in March to let Chat Control 1.0 expire. On July 2, the EU Council brought it back anyway. This is not a mistake or a misunderstanding of process. The Council adopted a position using second-reading procedure — a legislative mechanism that requires Parliament to muster an absolute majority to block, timed for the last session before summer recess when MEPs are already heading home. The derogation that let platforms scan private messages died on April 3. The Council’s answer is to resurrect it with identical content in new legislative packaging. Call it what it is: a deliberate procedural end-run around a democratic vote.
How the Fast-Track Works
In second reading, Parliament cannot simply vote “no.” It needs an absolute majority of all members — not just those present — to reject or amend the Council’s position. That threshold is hard to hit during a normal session. It’s nearly impossible the day before a summer recess. The Council knows this. Former MEP Patrick Breyer, who led parliamentary opposition for years, called the revival attempt “a blatant disregard for democratic processes.”
The legislative text itself is essentially unchanged from what Parliament rejected. The Council has repackaged it as a new proposal to circumvent the rejection mechanism and route around the previous vote. Whether this constitutes a legitimate use of EU legislative procedure or an abuse of it depends on who you ask — but the outcome is the same: a regulation Parliament voted down is heading back to the floor with the procedural deck stacked against opposition.
What Chat Control 1.0 Does to Encryption
Supporters frame Chat Control as voluntary and limited. The technical reality is more direct. The regulation permits platforms to deploy client-side scanning — content is checked on the sender’s device before encryption occurs. Three methods apply: hash-matching against known CSAM databases, machine learning classification for unknown material, and real-time text analysis for grooming patterns.
End-to-end encryption technically remains in place. But if the content is scanned before it’s encrypted, the encryption protects the transport, not the communication. Think of it this way: the lock is still on the door, they just check your bag before you put anything in it. Signal’s vice president for global affairs described the proposals as posing an “existential catastrophic risk” to encryption, warning that scanning would introduce “massive glaring vulnerabilities” into operating systems. Over 500 cryptographers signed an open letter making the same point. Even EU law enforcement agencies requested government device exemptions — because they understand the backdoor they’re asking others to build.
Signal Is Not Bluffing
Signal CEO Meredith Whittaker has been unambiguous: “We will leave the EU market rather than undermine our privacy guarantees. It’s surveillance wine in safety bottles.” WhatsApp has taken the same position. These are not negotiating tactics. Client-side scanning is architecturally incompatible with the product both companies have built and sold to users as private. Implementing scanning means the product is no longer what users think it is.
The child safety argument deserves a direct answer: the scanning doesn’t work well. Swiss federal police data shows 80% of machine-generated CSAM reports turn out to be without merit. Only 20% of reports are confirmed as actual abuse material. The false-positive rate floods law enforcement with noise while doing nothing to stop encrypted distribution on non-compliant platforms. Criminals migrate. Law-abiding users get surveilled. That’s the actual trade-off on the table.
This Is Round Three
ByteIota has covered this story before — when Parliament blocked Chat Control in March, and when the Commission pivoted to “Going Dark” targeting VPNs after losing the 2.0 fight. The pattern is now three rounds old: democratic rejection, regulatory pivot, new legislative vehicle. Chat Control 1.0 expired April 3. By July 2 the Council had a new position. That’s a 90-day turnaround on a regulation Parliament voted to kill.
The EU Council’s own Legal Service warned the current proposal violates Article 7 of the EU Charter of Fundamental Rights. Even if this round passes, it faces strong legal challenge before the EU Court of Justice. This round may not be the last — but every round that passes extends the period during which developers must make architecture decisions under legal uncertainty.
What Developers Should Do Now
If you build encrypted messaging, communication tools, or any platform handling private messages for EU users, this vote matters directly. The Parliament session scheduled before summer recess is the critical moment. If Chat Control 1.0 passes, voluntary scanning obligations apply — but the architecture implications are anything but voluntary. You cannot implement compliant scanning without restructuring your encryption pipeline.
Track the EFF’s ongoing analysis and Patrick Breyer’s legislative tracker for vote status updates. If Signal and WhatsApp exit the EU over this, alternative platforms will face significant user migration pressure. Plan for that scenario regardless of the vote outcome. The Council’s willingness to use procedural maneuvers to override Parliament’s democratic decision is itself the signal: this issue will keep coming back in new forms until it passes or the political will collapses.













