EU Child Abuse Scanning Law Expires: Tech Giants Face Legal Limbo
Technology companies operating in Europe have reached a legal cliff edge. The European Parliament has voted down rules that would have allowed these firms to continue scanning online messages for child sexual abuse material (CSAM), leaving the industry in a state of uncertainty as the temporary authorization expires.
- The European Parliament rejected the extension of a temporary law allowing platforms to scan for CSAM.
- A total of 311 lawmakers voted against the proposal, while 228 voted in favor and 92 abstained.
- The expiration of the law makes scanning for this content illegal in Europe.
- EU officials and child protection agencies warn that the decision severely impairs the ability to identify victims and investigate abuse.
The Parliamentary Vote and Legal Fallout
In a decisive move, the European Parliament blocked the extension of the temporary framework that permitted technology companies to scan their services for child sexual abuse material. The vote followed weeks of intense clashes between national governments, who urged the Parliament to drop privacy objections, and lawmakers concerned about the scale of surveillance.
The rejection comes despite significant pressure from high-profile figures, including German Chancellor Friedrich Merz, four European commissioners, and tech giants such as Meta, Google, and Microsoft. With the law lapsing, tech firms now face a landscape where scanning for such content becomes illegal across the EU.
Expert Reactions: A “Devastating Failure”
The decision has sparked immediate backlash from EU security and child protection officials, who argue that the lack of scanning capabilities leaves victims vulnerable.
- Magnus Brunner, Home Affairs Commissioner: Stated that the vote is “hard to understand” and warned that it leaves “countless victims without visibility or protection,” noting that Europe hosts the highest volume of CSAM globally.
- Catherine De Bolle, Head of Europol: Argued that the lapse of the law undermines investigations and “severely impair[s] the EU’s security interests of identifying victims and safeguarding children.”
- Kerry Smith, CEO of the Internet Watch Foundation: Described the outcome as a “devastating failure for child protection in the EU.”
The Privacy Conflict: The “Chat Control” Debate
The core of the dispute lies in the tension between child safety and digital privacy. The legislation, originally proposed in May 2022, aimed to establish a framework requiring digital platforms to detect and report images of child abuse within private messages—a concept often referred to as “Chat Control.”
Opponents of the rules argued that the temporary regime provided tech companies with excessive leeway to scan user messages on a massive scale, potentially compromising the privacy of millions of European citizens. This fundamental disagreement led to the failure of multiple attempts by negotiators from the Parliament, Council of the EU, and Commission to reach a political deal.
Current Regulatory Status
While the scanning law has expired, the EU continues to pursue other avenues for child protection. On November 26, 2025, the Council reached a position on a regulation to prevent and combat child sexual abuse. Once adopted, this new law will impose obligations on digital companies to prevent the solicitation of children and the dissemination of CSAM, though it differs from the specific scanning rules rejected by the Parliament.
Frequently Asked Questions
What happens to tech companies now that the law has expired?
Tech firms are currently in “legal limbo.” While scanning for CSAM has develop into illegal in Europe, some reports suggest that firms may not cease the practice immediately, creating a period of significant legal uncertainty.
Why did the European Parliament reject the scanning rules?
Lawmakers resisted the rules primarily due to privacy concerns, arguing that the framework allowed for large-scale scanning of private user messages.
Does the EU have any other laws to fight child abuse?
Yes. The Council has already reached a position on a separate regulation intended to prevent and combat child sexual abuse, focusing on obligations for digital companies to prevent solicitation and the spread of abuse material.
Looking Ahead
The expiration of the scanning law marks a significant victory for privacy advocates but a major setback for law enforcement and child protection agencies. As the EU moves forward with its broader regulation to combat child sexual abuse, the tension between encryption, privacy, and the necessity of protecting minors will remain a central conflict in European digital policy.
Related reading