Executive Vice-President Henna Virkkunen, in a written answer on 24 June 2026, expressed regret that EU co-legislators failed to extend the temporary derogation from the ePrivacy Directive before its expiry on 3 April 2026, warning that the lapse could have serious consequences for child protection online. The answer, responding to a priority question from S&D MEP Birgit Sippel, reaffirms the Commission's commitment to both combating child sexual abuse material and upholding privacy and data protection rights under EU law.
The question, submitted on 16 April 2026, raised concerns that US-based companies such as Meta, Snapchat, Google, and Microsoft continue scanning private communications without a legal basis following the expiry of Regulation (EU) 2021/1232. Sippel asked on what legal basis providers could continue scanning, whether such practices are compatible with the ePrivacy Directive and GDPR, and what enforcement measures the Commission would take.
Virkkunen's answer did not announce new enforcement actions or infringement proceedings. Instead, she stated that the Commission's focus is on supporting co-legislators to finalise the ongoing legislative process on the proposed regulation to prevent and combat child sexual abuse, first tabled in 2022. The answer signals a policy orientation favouring legislative completion over immediate unilateral enforcement, prioritising a negotiated solution among EU institutions. The Commission's stance leaves providers in a legal grey zone, with no clear derogation or enforcement timeline, impacting child safety advocates who seek stronger protections, and tech companies facing legal uncertainty over scanning practices. Data protection authorities may also face pressure to clarify enforcement, while EU legislators are urged to resolve the impasse swiftly.