The European Parliament is considering another extension of Chat Control 1.0, the “temporary” exemption that allows communications providers to scan private messages (under the premise of preventing child abuse) despite the protections of the EU’s ePrivacy Directive.
A draft report presented by rapporteur Birgit Sippel (S&D) would prolong the derogation until 3 April 2027.
At first glance, the proposal appears to roll back some of the most controversial elements of Chat Control. Text message scanning and automated analysis of previously unknown images would be explicitly excluded. Supporters have framed this as a narrowing of scope.
However, the core mechanism of Chat Control remains untouched.
The draft continues to permit mass hash scanning of private communications for so-called “known” material. This is not a marginal feature of Chat Control 1.0. It is the system’s backbone.
According to former MEP and digital rights activist Patrick Breyer, approximately 99 percent of all reports generated under Chat Control 1.0 originate from hash-based detection.
Almost all of those reports come from a single company, Meta, which already limits its scanning to known material only. Under the new proposal, Meta’s practices would remain fully authorized.
As a result, the draft would not meaningfully reduce the volume, scope, or nature of surveillance. The machinery keeps running, with a few of its most visibly controversial attachments removed.
Hash scanning is often portrayed as precise and reliable. The evidence points in the opposite direction.
First, the technology is incapable of understanding context or intent. Hash databases are largely built using US legal definitions of illegality, which do not map cleanly onto the criminal law of EU Member States.
The German Federal Criminal Police Office (BKA) reports that close to half of all chat control reports are criminally irrelevant.
Each false positive still requires assessment, documentation, and follow-up. Investigators are forced to triage noise rather than pursue complex cases involving production, coercion, and organized abuse.
Meanwhile, the system does little to protect children in immediate danger. Searching for images that are already known to authorities does not interrupt ongoing abuse or lead to rapid victim identification. It identifies content after the fact.
The strategic weakness is compounded by a simple reality. Offenders adapt. As more services adopt end-to-end encryption, abusers migrate accordingly. Since 2022, the number of chat-based reports sent to police has fallen by roughly 50 percent, not because abuse has declined, but because scanning has become easier to evade.
“Both children and adults deserve a paradigm shift in online child protection, not token measures,” Breyer said in a statement to Reclaim The Net.
“Whether looking for ‘known’ or ‘unknown’ content, the principle remains: the post office cannot simply open and scan every letter at random. Searching only for known images fails to stop ongoing abuse or rescue victims.”
Breyer added:
“The EU Parliament must now follow Ms. Sippel’s logic to its natural conclusion: If warrantless mass surveillance is wrong for text, it is also wrong for images. Real child protection requires secure apps (‘Security by Design’), proactive cleaning of the public web, and targeted investigations against suspects—not Chat Control.”
The draft report implicitly accepts a distinction that is difficult to justify. It treats the scanning of private images as fundamentally different from the scanning of private text. Yet both involve the same principle: warrantless, suspicionless inspection of personal communications.
If opening and analyzing every private message is unacceptable, then opening and analyzing every private image should raise the same constitutional concerns. The medium changes. The intrusion does not.
The ePrivacy Directive was designed to prevent exactly this kind of generalized monitoring. Chat Control 1.0 suspends that protection temporarily. Each extension further normalizes the exception.
Members of the European Parliament can submit amendments to the draft report until February 10. Negotiations will follow. The Parliament retains the power to reject the extension entirely.
Public opposition is expected to intensify during this period. Whether that pressure translates into substantive change remains an open question.
