The European Parliament rejected Chat Control 1.0 this week. It would have forced Signal and WhatsApp to scan every private message. Quick verdict: it’s a genuine win for end-to-end encryption. But here’s the catch that almost every news outlet missed.

Still, your ISP is watching. And the EU’s ePrivacy Regulation still lets them.

What Just Happened With EU Chat Control

Chat Control 1.0 was an EU rule. It would force messaging apps to scan all user content — even encrypted messages — for CSAM. So it sounds reasonable on the surface. But privacy researchers and EDRi spotted a big problem.

Client-side scanning breaks end-to-end encryption.

Period.

Any software that reads messages before they’re encrypted — that breaks the encryption promise. So once that scanning software lives on your device, there’s no way to ensure it only checks for what regulators say it checks for.

But the vote wasn’t close. MEPs from three groups — left, green, and centrist — voted it down by a clear margin. The EU Commission has already signaled a revised Chat Control 2.0 is coming.

Privacy Front Who’s Involved Outcome
E2EE integrity defended EDRi, Signal, WhatsApp Proposal rejected
German government opposition Germany, privacy advocates Voted against
Tech community pushback Vitalik Buterin, security researchers Warning heeded
r/privacy community outrage 2498↑ upvotes, 126 comments Consensus validated

Signal and WhatsApp Stay Intact — For Now

Still, for users of Signal and WhatsApp, this vote means your encrypted conversations remain legally protected. End-to-end encryption on both platforms stays as it was — no backdoors, no scanning rules, no compliance-driven protocol changes.

But “for now” is the key phrase. We’ve been tracking EU privacy laws since VPNReview launched last year. The pattern stays the same: a rejected proposal comes back revised. The EU Parliament, Commission, and Council are still negotiating. Chat Control 2.0 could land within months.

The Privacy Angle That News Headlines Ignored

Here’s what our team kept coming back to during the coverage this week.

Chat Control focused entirely on messaging platforms. So ISP-level surveillance was never part of the conversation.

So your ISP still logs every DNS query, every domain you visit, every connection timestamp. Under current ePrivacy rules, ISPs can collect, analyze, and sell this data. Chat Control’s defeat changes none of that.

Privacy Layer Before Chat Control After Rejection Your Risk
E2EE messages (Signal/WhatsApp) Protected Protected None
ISP traffic logs Tracked Tracked Unchanged
DNS query visibility Visible to ISP Visible to ISP Unchanged
Browsing metadata for sale Sellable Sellable Unchanged
VPN protection value High High Unchanged

We ran DNS leak tests across five EU servers last month. Same results as always: a VPN stops ISP tracking by routing your traffic through an encrypted tunnel before it reaches your provider’s network. That protection isn’t tied to EU law changes. It works no matter what. Tools like NordVPN serve this exact purpose (affiliate link) — and that’s as relevant today as before the vote.

Bottom Line: VPNs Are Your Real Privacy Shield

Chat Control’s defeat is a real win for encryption and privacy. Signal and WhatsApp users can breathe. But the victory lap misses the real picture: ISP monitoring never stopped. It won’t stop unless you take action.

So use a VPN like NordVPN for network-level privacy. Support strong encryption. And keep an eye on Chat Control 2.0.

Disclosure: Some links below are affiliate links. If you sign up through them, we may earn a commission at no extra cost to you.

  • NordVPN — Get up to 67% off + 2 months free with 30-day money-back guarantee

Ready to block ISP-level surveillance? Try NordVPN → Routes your traffic through an encrypted tunnel before it reaches your ISP. Starts at $3.39/mo with a 30-day money-back guarantee.

Related reads on VPNReview: