EU Parliament Falls Short of Votes to Block Chat Control Return

European Parliament voted 314-276 against EU Chat Control but fell short of the 360-seat absolute majority needed to block the message scanning law's return.
Table of Contents
    Add a header to begin generating the table of contents

    The European Parliament voted 314-276 to block EU Chat Control — with a majority of votes cast in opposition — but failed to reach the 360-member absolute majority required to formally prevent the Council of the European Union from reintroducing the interim regulation, leaving the legislation that would require mass scanning of private messages on path to advance despite majority parliamentary opposition.

    The Vote: 314 Against, 276 For, but the Threshold Was 360

    The parliamentary vote’s outcome created a result where the majority of members who cast a vote opposed the legislation, but the procedural requirement for an absolute majority of all members — not merely a majority of those who voted — prevented that opposition from translating into a formal block. Members who were absent, did not participate, or abstained effectively contributed to the legislation’s survival in the same way as members who voted in favor.

    This structural asymmetry — where inaction has the same effect as supporting the legislation — is what civil liberties organizations including EDRi and Privacy International characterized as a democratic override of parliamentary intent. The 314 members who actively voted against Chat Control represent a majority of the active vote, but the absolute majority rule created an outcome that does not reflect that majority in the formal result.

    Why 314 Votes Against Was Not Enough to Block EU Chat Control

    The absolute majority mechanism requires 360 affirmative votes against a measure to block it — a threshold that goes beyond winning the active vote and requires mobilizing enough of the full Parliament membership to constitute a majority of all seats, not merely a majority of participants. The 314-276 split represents 590 members who voted; 191 members were either absent or did not participate. The 46-vote gap between 314 and 360 is the margin by which Chat Control survived the parliamentary challenge despite majority opposition among voting members.

    The consequence is that the legislation returns to the Council of the European Union — the body representing EU member state governments — for consideration and potential advancement to a trilogue negotiation between the Council, Parliament, and European Commission.

    Client-Side Scanning and the Encryption Backdoor That Signal and WhatsApp Would Require

    Chat Control — formally the interim CSAM Regulation — requires communications platforms to scan private messages for child sexual abuse material. For platforms including Signal, WhatsApp, and iMessage that use end-to-end encryption, this scanning requirement has a specific technical implication: the scanning must occur at the client level, before encryption, because the platform operator cannot decrypt messages at rest or in transit once end-to-end encryption is in effect.

    Client-side scanning means building a surveillance mechanism directly into the messaging application that examines every message’s content before the user sends it. Security and cryptography researchers have consistently argued that any such mechanism — regardless of its stated purpose — constitutes a backdoor into the communication: a capability that can read message content before encryption that could be exploited by unauthorized parties, nation-states, intelligence services, or attackers who gain access to the scanning infrastructure.

    The security objection is not about the stated purpose of detecting CSAM. It is that the technical architecture required to fulfill the mandate — a client embedded capability that can inspect message content before encryption — creates infrastructure that does not remain limited to its stated purpose once built.

    Chat Control’s Path Through the Council of the European Union

    The legislation moves to the Council of the EU, where the previous Hungarian Council presidency had blocked a vote. The legislative calendar and the current presidency rotation determine when the Council will take up the measure again. If the Council votes to advance the legislation, it would enter a trilogue negotiation between the Council, the Parliament, and the European Commission — the three institutions whose positions must be reconciled into final law.

    In that trilogue, the Parliament’s position — that a majority of voting MEPs opposed the measure — provides the parliamentary delegation with grounds to push for significant modifications or rejection. But the trilogue outcome depends on negotiating dynamics among all three institutions, and the Parliament’s blocked attempt to formally reject the legislation before it reached the Council weakened its negotiating leverage.

    Security Implications of a Legislated Client-Side Scanning Mandate

    If Chat Control ultimately advances into law requiring client-side scanning on E2EE platforms serving EU users, platforms that cannot comply without breaking their encryption model face a choice between withdrawing from the EU market for encrypted communications or building scanning capabilities that their own security teams have identified as incompatible with maintaining strong end-to-end encryption.

    The cybersecurity community’s concern extends beyond user privacy. Client-side scanning infrastructure — once built into applications at scale — represents an attack surface. Any component that can read message content before encryption and relay findings to a central authority is a component that adversaries, including nation-state intelligence services and criminal actors, have incentive to compromise, co-opt, or abuse.

    Related Posts