On July 9, 2026, 314 Members of the European Parliament voted against extending the EU’s temporary chat-scanning regulation, against 276 in favour and 17 abstentions. By any normal reading of a vote, that is a rejection. It was not treated as one. Because the Council of the EU had already adopted a second-reading position on the file, Parliament could only block it with an absolute majority of all 720 seats, 361 votes, regardless of who actually showed up. Absences and abstentions counted, in effect, as support for the Council’s text. The measure passed by default, extending voluntary mass scanning of private messages on platforms including Gmail, Snapchat, Facebook Messenger, Skype, and Xbox until April 3, 2028.
The procedural trick that decided it
The outcome is stranger when set against Parliament’s own history with this file. In March 2026, a nearly identical bloc of MEPs blocked the same extension with just 311 votes against, because that vote fell under a simple-majority rule. This time, a larger bloc of opposition, 314 votes, achieved nothing, because the calendar and the procedure had shifted to require an absolute majority. Critics including MEP Patrick Breyer have pointed to this as a case where the legislative mechanics, not the underlying support, decided the outcome. Whatever one’s view of chat scanning as policy, the pattern is worth understanding for any organisation that tracks EU digital regulation: the same coalition can win in March and lose in July without a single vote changing sides.
The encryption exemption is not settled yet
Alongside the default extension, Parliament adopted an amendment explicitly excluding services using end-to-end encryption from the scanning obligation. In practice this formalises what was already technically true, since E2EE by design prevents the kind of server-side content scanning the regulation contemplates, but writing it into the text closes room for future reinterpretation. That amendment now goes back to the Council, which has until approximately October 9, 2026 to accept or reject it. If the Council accepts, the exemption becomes binding law. If it rejects, the file heads into a Conciliation Committee process, and the question stays open for months longer.
What this means for businesses operating in Europe
If your organisation communicates with EU customers, employees, or partners through consumer messaging platforms, or if you are evaluating which messaging and email infrastructure to build product features on top of, this is now a live compliance and architecture question rather than a settled one. Platforms without end-to-end encryption remain within scope for voluntary scanning through at least April 2028, and the legal status of the encryption exemption will not be clear until autumn. Businesses that route customer communications, support channels, or internal collaboration through unencrypted or server-side-encrypted services should reassess that exposure now rather than waiting for the Council’s decision.
If you need help mapping which of your communication channels fall inside this regulatory grey zone, or want a second opinion on your messaging and data protection architecture ahead of the Council’s October deadline, contact Excello Digital. We help European businesses turn shifting EU digital regulation into a concrete, defensible technical posture.
