EU Parliament Accidentally Extends Mass Message Scanning Until 2028
Too many MEPs skipped the vote. Now service providers on Discord, Gmail, Instagram and more can read your private messages without a warrant, until 2028.

Key points
- The European Parliament failed on 8 July 2025 to block an extension of Chat Control 1.0, a law requiring platforms to scan private messages for illegal content.
- More MEPs voted against the extension than for it, but low attendance meant the motion to block it fell short of the absolute majority needed to pass.
- The extension runs until 2028 and covers direct messages on Discord, Skype, Instagram, Snapchat, Xbox, Gmail, and Apple iCloud.
- Encrypted services such as WhatsApp are not affected by this interim measure.
- A separate amendment requiring warrants before scanning also failed, for the same reason: not enough MEPs were present to reach the required threshold.
The European Parliament did not vote to approve mass message scanning. It voted to reject it, and lost anyway.
More MEPs opposed the extension of Chat Control 1.0, a law that lets internet platforms scan private messages for child sexual abuse material, than supported it. But the vote fell on the eve of the summer recess. Dozens of members were absent. Under EU rules, blocking a measure requires an absolute majority of all 720 seats, not just a majority of those who showed up. The motion to block fell short. The extension passed by default.
An amendment that would have required police to obtain a warrant before any scanning could begin received more yes votes than no votes. It also failed, for the same reason.
What does this mean for ordinary users?
From now until 2028, platforms can scan the content of your private messages without a court order. The services named in the legislative text include Discord, Skype, Instagram, Snapchat, Xbox messaging, Gmail, and Apple iCloud mail. If an automated system flags a message as suspicious, that flag and the message content can be passed to external authorities.
WhatsApp and other services that use end-to-end encryption (a system where only the sender and recipient can read messages, because the platform itself holds no key) fall outside the scope of this interim rule.
The accuracy of automated scanning systems is a live concern. Patrick Breyer, a long-standing critic of the measure and a former MEP, has previously warned about what happens when the system gets it wrong. "For a corporation, a 'false positive' could mean that confidential internal documents, code, or strategic plans are flagged and sent to external authorities or police forces without the company's knowledge," he wrote last November.
Breyer was blunt about the vote's broader significance, writing after the result: "The resistance we saw in Parliament today was so strong that finding a majority for permanent, suspicionless mass scanning in future negotiations is a complete pipe dream."
The interim extension buys time. Discussions on a permanent Chat Control 2.0 law continue, with the EU Parliament, member state governments, and the European Commission still divided on a central question Breyer frames plainly: should scanning be indiscriminate, or limited to people already under criminal suspicion?
First reported by CSO Online, the vote outcome was not a formal approval of the policy. It was a procedural accident caused by empty seats.
If you use affected platforms for sensitive communications, consider switching to an end-to-end encrypted messaging app for anything you would not want flagged by an automated system. Review which platforms your organisation uses for internal messaging, and check whether those platforms fall within the scope of EU data-protection rules that apply to your business.



