The European Parliament killed Chat Control on Thursday, rejecting the automated scanning of private photos and text messages by a single vote. One vote separated Europeans from continued mass surveillance of their private communications by American tech companies. After that razor-thin margin knocked out the most invasive provisions, the remaining proposal failed to reach a majority at all.
The vote came after some forces in Parliament tried to force a repeat of a decision already made on March 13, when lawmakers had already rejected blanket scanning. The push for a re-vote was an attempt by the EPP to rewrite the outcome after negotiations failed, a maneuver that MEP Markéta Gregorová called “spitting in the face of their colleagues and citizens.”
Starting 4 April, the EU derogation that allowed Meta, Google, and Microsoft to voluntarily scan every private message sent by European citizens expires permanently. The legal basis for warrantless bulk scanning of your people’s data disappears.
What the surveillance regime actually did
The expiring regulation, EU interim regulation 2021/1232, gave US corporations permission to read your messages at scale. Three types of scanning were authorized. Hash scanning matched images against databases of known illegal material and generated over 90% of reports.
Reclaim Your Digital Freedom.
Get unfiltered coverage of surveillance, censorship, and the technology threatening your civil liberties.
Automated AI assessment targeted images and videos that the algorithms hadn’t seen before. And text analysis trawled through private chat conversations looking for suspicious language.
All of it happened without a warrant, without individual suspicion and without meaningful European oversight.
The AI-based scanning of unknown images and texts was, by every technical measure, broken. A newly published study from researchers at KU Leuven and Ghent University delivered the technical confirmation.
They reverse-engineered Microsoft’s PhotoDNA, the standard algorithm used by tech companies for Chat Control, and found fundamental weaknesses. Their verdict was damning. The software is “unreliable.”
Criminals can make illegal images invisible to the scanner with minimal changes, like adding a simple border, while harmless images can be manipulated to falsely flag innocent users to the police. The most computationally demanding attacks take under ten minutes on a personal laptop.
The numbers that buried Chat Control
The EU Commission’s own 2025 evaluation report reads like a catalogue of failure.
Germany’s Federal Criminal Police Office reported that 48% of all flagged chats were criminally irrelevant. Nearly half of everything this surveillance system surfaced was junk, private conversations between innocent people exposed to law enforcement for nothing. That flood of false reports consumed investigative resources that could have gone toward actual cases.
Around 40% of investigations triggered in Germany targeted teenagers sharing images consensually. The system built to protect children was criminalizing them.
And the whole apparatus was already collapsing under its own logic. As messaging services adopted end-to-end encryption, the number of reports dropped 50% since 2022. The Commission’s report found no measurable link between mass scanning and actual convictions. Years of warrantless surveillance of hundreds of millions of people, and the EU’s own data shows it didn’t work.
In a statement to Reclaim The Net, Patrick Breyer, the former Pirate Party MEP who has fought Chat Control for years, called today’s result historic.
“This historic day brings tears of joy! The EU Parliament has buried Chat Control – a massive, hard-fought victory for the unprecedented resistance of civil society and citizens! The fact that a single vote tipped the scales against the extremely error-prone text and image search shows: Every single vote in Parliament and every call from concerned citizens counted!
“We have stopped a broken and illegal system. Once our investigators are no longer drowning in a flood of false and long-known suspicion reports from the US, resources will finally be freed up to hunt down organized abuse rings in a targeted and covert manner. Trying to protect children with mass surveillance is like desperately trying to mop up the floor while leaving the faucet running. We must finally turn off the tap! This means genuine child protection through a paradigm shift: Providers must technically prevent cybergrooming from the outset through secure app design. Illegal material on the internet must be proactively tracked down and deleted directly at the source. That is what truly protects children.
“But beware, we can only celebrate briefly today: They will try again. The negotiations for a permanent Chat Control regulation are continuing under high pressure, and soon the planned age verification for messengers threatens to end anonymous communication on the internet. The fight for digital freedom must go on!”
The next threat is already moving
Today’s win is real but narrow. Trilogue negotiations on a permanent child protection regulation, the one digital rights groups call Chat Control 2.0, continue under severe time pressure. EU governments still want “voluntary” mass scanning, a label that functions as political cover for the same bulk surveillance the Parliament just rejected.
And the next attack on digital privacy is already on the agenda. Lawmakers will soon negotiate whether messenger services and app stores must implement mandatory age verification.
That means government ID uploads or facial scans before you can send a message. Anonymous communication, the kind that protects whistleblowers, journalists, dissidents, and anyone who simply doesn’t want to hand their identity to a tech company, would effectively cease to exist across the EU.
The Parliament won this fight by a single vote. The surveillance apparatus that governments and the Commission have spent years building doesn’t dismantle itself because of one close call. It comes back, rebranded, repackaged, pushed through quieter procedural channels.
