314 voted no
On 9 July 2026, 314 MEPs voted to reject the Council's text and 276 to keep it, but blocking it needed an absolute majority of 361. So it survived: the majority of voters said no, and it passed anyway.
The EU's plan to scan private messages for illegal content has become one of Europe's biggest digital-rights fights. Here is an honest, up-to-date explainer: what it is, how the scanning would work, where the law actually stands after the July 2026 vote, and what it means for your privacy.
On 9 July 2026, 314 MEPs voted to reject the Council's text and 276 to keep it, but blocking it needed an absolute majority of 361. So it survived: the majority of voters said no, and it passed anyway.
Chat Control 1.0, the temporary regime, was reinstated and now runs until 2028, but this version was amended to exclude end-to-end encrypted services like Signal and WhatsApp.
The permanent regulation (CSAR / "Chat Control 2.0"), the one that could force scanning inside encrypted apps, is not law. Five negotiation rounds have failed; the next is expected around September 2026.
"Chat Control" is not a single law. It is shorthand for two parallel EU tracks aimed at detecting child sexual abuse material (CSAM) by scanning communications. Keeping them apart is the key to understanding the news.
A temporary derogation from the EU's ePrivacy rules that lets providers voluntarily scan content for known CSAM. It expired in spring 2026 and was reinstated on 9 July 2026, now running until 2028.
A proposed permanent regulation that could make scanning mandatory through "detection orders", and could reach into end-to-end encrypted apps via client-side scanning. This is the controversial one, and it is not agreed.
It depends entirely on whether a service is end-to-end encrypted. That single fact splits the whole debate in two.
On services without end-to-end encryption, the provider can already read content on its servers, so it scans there before delivering or storing it. This is technically simple and already common for known CSAM.
For end-to-end encrypted apps the servers cannot read anything, so the proposal puts a scanner on your device, checking a message just before it is encrypted or just after it is decrypted. Critics call this a backdoor inside your own phone.
This is a genuine dilemma between protecting children and protecting everyone's privacy. Both sides are argued in good faith.
NOLO is not a messaging app, but it is built on the same idea Chat Control puts under pressure: your private conversations should stay private, by design, not by permission.
NOLO asks for no registration. Your identity is an anonymous ID kept on your device, so there is no profile to scan, subpoena or leak.
Conversation history lives in your browser, not in a NOLO database. The chat models run on GDPR-compliant providers configured for zero data retention, and we do not train on your chats.
No tracking cookies, no ad profiling, no selling your data. Privacy is the product, not a setting you have to go and find.
"Chat Control" is the nickname activists and journalists gave to a set of EU measures that would have providers automatically scan private messages, images and files to detect child sexual abuse material (CSAM) and grooming. Supporters frame it as child protection; critics call it mass surveillance of everyone's communications.
Chat Control 1.0 is a temporary derogation from the ePrivacy rules that lets companies voluntarily scan (mostly unencrypted) content for known CSAM. Chat Control 2.0 (the proposed CSAR regulation) would be permanent and could make scanning mandatory via detection orders. As of July 2026, 1.0 has been reinstated but 2.0 has not been agreed.
Effectively yes, by default. On 9 July 2026, 314 MEPs voted to reject the Council's fast-tracked text and 276 to keep it, but rejecting it required an absolute majority of 361 MEPs. Because that threshold was not reached, the measure survived. The reinstated temporary regime runs until 2028. In short: a majority of those voting said no, and it passed anyway.
Not under the version reinstated in July 2026: it was amended to exclude end-to-end encrypted services like Signal and WhatsApp. The encryption fight centers on Chat Control 2.0, which could require "client-side scanning" inside encrypted apps. Critics argue that scanning a message on your device before it is encrypted is a backdoor by another name. 2.0 is not law yet.
For end-to-end encrypted apps the provider's servers cannot read your messages, so the proposed workaround places detection software on your own device. It checks content just before it is encrypted to send, or just after it is decrypted on receipt, using hash matching against known illegal images plus AI classifiers to flag new material or grooming patterns.
Depending on the final text: messaging apps (WhatsApp, Signal, Telegram, iMessage), private chats in social apps, email providers, cloud storage and VoIP. The reinstated 1.0 excludes end-to-end encrypted services; a future 2.0 could pull them back in.
That it enables suspicionless mass surveillance, structurally weakens encryption for everyone, generates false positives that expose innocent people, and has not been shown to meaningfully increase convictions. Data-protection authorities, security researchers and much of the European Parliament have raised these concerns.
NOLO is not a messaging app, but it is built on the same principle Chat Control threatens: your private conversations should stay private. NOLO is an AI chat with no account, no email, no tracking, that stores your history on your own device and does not train on your chats. We follow this debate because it is about the same right.
NOLO is a private AI chat: no account, no email, no tracking, and your history stays on your device. Whatever the EU decides, this is how it should work.