EU Chat Control: Fifth Trilogue Fails, Encryption Holds - For Now

04.07.2026 3
EU Chat Control: Fifth Trilogue Fails, Encryption Holds - For Now

The European Union's fifth trilogue on Chat Control failed to produce a final deal on June 29, 2026, with the European Parliament again refusing to accept mass scanning of encrypted messages. Negotiators made progress on several technical points, but the core fight over encryption remains unresolved, and the next political round will not happen until September 29.

What the Fifth Trilogue Actually Settled

As we covered when the current draft of the Child Sexual Abuse Regulation (CSAR), better known as Chat Control, first took shape, the fight has always centered on how far platforms must go to detect abuse material. The June 29 session under the outgoing Cyprus presidency narrowed several of those disputes: voice messages can be reported by users but will not be subject to automatic scanning, live calls are excluded entirely, cross-border removal and delisting orders will follow an existing takedown-order model, and mandatory age verification was dropped after Parliament and the Council could not agree on how to enforce it.

Encryption Held, But the Fine Print Isn't Settled

On the most consequential point, the Parliament again stated clearly that end-to-end encryption must not fall within the regulation's scope and that no general, suspicion-less scanning obligation should apply to encrypted services. According to negotiators' notes from the session, both sides have provisionally accepted that principle. What remains open is the exact legal wording that would exclude encrypted content from detection technology, meaning services like Signal, WhatsApp, and Proton Mail are not yet safely out of scope, only provisionally so.

Important: "Provisional agreement" is not final law. Every previous Chat Control trilogue has seen encryption carve-outs proposed and then renegotiated once other parts of the text changed.

The Workaround: Reviving "Voluntary" Scanning by Emergency Procedure

While the permanent regulation stalls, EU member states are pushing a parallel track. The temporary "Chat Control 1.0" rule, which let platforms voluntarily scan private messages for abuse material, expired earlier in 2026 after Parliament refused to extend it again. Internal Council documents show Germany's Interior Ministry pressing for the fastest possible restoration of that legal basis through an expedited procedure, aiming for a Parliament vote in early July, before lawmakers leave for summer recess. If it passes, companies would be allowed to resume voluntary scanning until April 3, 2028, effectively reviving the expired rule under a new label while the real permanent regulation remains stuck.

Why This Keeps Mattering for VPN Users

Chat Control has never only been about child safety compliance for tech companies. Every version of the proposal, whether framed as mandatory detection or voluntary scanning, has required some mechanism to inspect message content before or after encryption, and every attempt to carve out exceptions has proven difficult to write into durable law. The parallel push to revive voluntary scanning by emergency procedure shows how quickly a supposedly settled carve-out can be reopened through a different legislative door.

As long as the fight over that exception continues, privacy-conscious users in the EU have reason to keep an eye on encrypted messaging alternatives and on tools like a VPN that limit what can be inferred about their activity outside the apps themselves, regardless of which version of Chat Control eventually becomes law.

Conclusion

Conclusion: The fifth Chat Control trilogue ended without a final deal, but encryption survived this round intact, at least provisionally. The real test comes twice more this year: a possible July vote to revive voluntary scanning, and the next full political trilogue on September 29.
Tags: vpn privacy surveillance eu chat control encryption digital rights csar

Read also