The vote on Thursday did not approve unrestricted monitoring of private messages, as some social media posts claimed. Parliament backed a modified framework that permits companies to scan certain communications voluntarily but excludes encrypted services such as WhatsApp, Signal and Telegram from the proposed extension.
The decision marks the latest turn in a prolonged dispute over how the European Union should combat child sexual abuse online without establishing a system of mass surveillance. Supporters say automated detection tools help platforms identify illegal images, grooming and other abusive activity. Opponents warn that scanning private communications could undermine confidentiality, produce false accusations and weaken cybersecurity.
The legislation is commonly described by critics as “Chat Control”, although the term covers several related proposals and has sometimes blurred the distinction between temporary voluntary arrangements and a separate permanent regulation still under negotiation.
Under the text approved by Parliament, online service providers would receive a renewed legal exemption from parts of the EU’s electronic privacy rules. The exemption would allow them to use detection technologies to identify and report suspected child sexual abuse material on services that are not protected by end-to-end encryption.
Encrypted communications were specifically carved out following pressure from privacy campaigners and lawmakers who argued that analysing such messages would require weakening the security architecture protecting all users. End-to-end encryption ensures that only the sender and recipient can read a message, preventing platforms, governments and criminals from accessing its contents.
The amendment protecting encrypted services secured an absolute majority. However, lawmakers also approved the continued use of voluntary scanning on other services, drawing criticism from civil liberties advocates who maintain that users can still be subjected to broad and indiscriminate monitoring.
The rules have not yet completed the legislative process. EU member states must decide within three months whether to accept Parliament’s changes. Negotiations may follow if national governments seek a different approach, meaning the measure cannot immediately take effect across the bloc.
Temporary rules allowing voluntary detection were introduced in 2021 as a derogation from the EU’s ePrivacy framework. They were designed to remain in place while institutions developed permanent legislation covering prevention, reporting, removal and investigation of online child sexual abuse.
The arrangement expired on April 3 after Parliament rejected an earlier extension in March. That decision created a legal gap for technology companies that had used automated tools to identify suspected abuse in private communications. Major platforms and child protection organisations warned that the lapse would reduce reporting and make it harder to identify victims.
Privacy groups welcomed the expiry, arguing that voluntary detection systems had operated without sufficient transparency, judicial oversight or safeguards against mistakes. They also questioned whether scanning could be considered genuinely voluntary when companies face regulatory pressure to detect harmful material.
The European Commission first proposed a permanent child sexual abuse regulation in 2022. The original plan included detection orders that could compel platforms to search for known and unknown abuse material and identify grooming. Its potential application to encrypted messaging triggered sustained opposition from cybersecurity experts, privacy advocates and several lawmakers.
Parliament later adopted a position aimed at restricting detection orders, protecting encryption and limiting monitoring to targeted cases. EU governments have struggled to agree on a common approach, with member states divided over whether effective detection can be achieved without examining encrypted content.
Child protection campaigners argue that offenders increasingly use private messaging, disappearing content and encrypted platforms to distribute abuse material and contact children. They say voluntary action by technology companies has generated millions of reports and helped investigators identify victims across borders.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.