The European Union's fifth trilogue on Chat Control failed to produce a final deal on June 29, 2026, with the European Parliament again refusing to accept mass scanning of encrypted messages. Negotiators made progress on several technical points, but the core fight over encryption remains unresolved, and the next political round will not happen until September 29.
What the Fifth Trilogue Actually Settled
As we covered when the current draft of the Child Sexual Abuse Regulation (CSAR), better known as Chat Control, first took shape, the fight has always centered on how far platforms must go to detect abuse material. The June 29 session under the outgoing Cyprus presidency narrowed several of those disputes: voice messages can be reported by users but will not be subject to automatic scanning, live calls are excluded entirely, cross-border removal and delisting orders will follow an existing takedown-order model, and mandatory age verification was dropped after Parliament and the Council could not agree on how to enforce it.
Encryption Held, But the Fine Print Isn't Settled
On the most consequential point, the Parliament again stated clearly that end-to-end encryption must not fall within the regulation's scope and that no general, suspicion-less scanning obligation should apply to encrypted services. According to negotiators' notes from the session, both sides have provisionally accepted that principle. What remains open is the exact legal wording that would exclude encrypted content from detection technology, meaning services like Signal, WhatsApp, and Proton Mail are not yet safely out of scope, only provisionally so.
The Workaround: Reviving "Voluntary" Scanning by Emergency Procedure
While the permanent regulation stalls, EU member states are pushing a parallel track. The temporary "Chat Control 1.0" rule, which let platforms voluntarily scan private messages for abuse material, expired earlier in 2026 after Parliament refused to extend it again. Internal Council documents show Germany's Interior Ministry pressing for the fastest possible restoration of that legal basis through an expedited procedure, aiming for a Parliament vote in early July, before lawmakers leave for summer recess. If it passes, companies would be allowed to resume voluntary scanning until April 3, 2028, effectively reviving the expired rule under a new label while the real permanent regulation remains stuck.
Why This Keeps Mattering for VPN Users
Chat Control has never only been about child safety compliance for tech companies. Every version of the proposal, whether framed as mandatory detection or voluntary scanning, has required some mechanism to inspect message content before or after encryption, and every attempt to carve out exceptions has proven difficult to write into durable law. The parallel push to revive voluntary scanning by emergency procedure shows how quickly a supposedly settled carve-out can be reopened through a different legislative door.
As long as the fight over that exception continues, privacy-conscious users in the EU have reason to keep an eye on encrypted messaging alternatives and on tools like a VPN that limit what can be inferred about their activity outside the apps themselves, regardless of which version of Chat Control eventually becomes law.
Conclusion
• Interne Dokumente: EU-Staaten wollen Chatkontrolle-Zombie zurueckbringen - netzpolitik.org
• Chatkontrolle vorerst gestoppt: Parlament haelt die Linie, Rat plant den Umweg - blogspan.net
• EU Chat Control: How Brussels Plans to End Private Messaging
• Durov on EU-UK Censorship Playbook: 'Protect the Children' as Cover