European Parliament Halts Mass Surveillance of Private Messages
Brussels, Saturday 28 March 2026
The European Parliament has rejected mass chat surveillance. From April 2026, tech companies must stop scanning private messages, ending a system where 48% of flagged content was criminally irrelevant.
A Decisive Vote Against Mass Scanning
Building upon earlier reports regarding the critical revote on message surveillance [6], the European Parliament has firmly rejected the proposed extension of ‘Chat Control’. Following a tense period of negotiations, parliamentarians voted decisively this week against prolonging the voluntary measures that permitted tech companies to scan encrypted communications [5]. The final tally on 25 March 2026 saw 311 members voting against the extension and 228 in favour [1][5], meaning that exactly 57.699 per cent of participating MEPs opposed the measure. This outcome effectively dismantles the interim regulation (EU) 2021/1232, which had previously allowed US-based corporations such as Meta, Google, and Microsoft to indiscriminately scan the private messages of European citizens [1][2].
Protecting the European Digital Economy
For the broader digital economy—encompassing Software as a Service (SaaS), Fintech, and Cybersecurity—the rejection of Chat Control is a critical victory for operational security and software scalability [GPT]. Dozens of European technology companies and the European Digital SME Alliance had previously warned that digital sovereignty could not be achieved if Europe mandated client-side scanning, a process that inherently weakens encryption [2]. Privacy-centric communication platforms had taken severe stances to protect their business models; the encrypted messaging app Signal, for instance, had threatened to exit the EU market entirely if mandatory surveillance laws were enacted [5].
A Legislative Thriller in Brussels
The path to this resolution was fraught with political manoeuvring. On 24 March 2026, conservative political forces attempted a highly contested manoeuvre to force a repeat vote on extending the Chat Control law [1]. However, the following day on 25 March 2026, the amended proposal—which sought to automate the assessment of private photos and text messages—ultimately failed to secure a majority in the European Parliament [1]. Member of the European Parliament Patrick Breyer described the event as a ‘voting thriller’ and a ‘massive, hard-fought victory for the unprecedented resistance of civil society’ [1].
The Pivot to ‘Security by Design’
While law enforcement advocates, such as BKA President Holger Münch, have argued that without indiscriminate Chat Control authorities will be ‘flying blind’ [1], the European Parliament is charting a new course. The legislative body is now strongly advocating for a ‘Security by Design’ approach, which mandates that internet services and applications are built securely by default [2]. This paradigm shift focuses on targeted surveillance based on judicial suspicion rather than the blanket scanning of populations [1].