In my opinion it is not a fiasco at all. It simply allows the current pre-Dec-2020 practice of voluntary screening to continue for a limited period of 3 years (so they have time to get a proper permanent legislation in place). Privacy rules changed in Dec-2020 that made voluntary screening effectively illegal, hence the stopgap.
To be clear - that previous legislation only legalizes in the EU the CSAM content scanning that online services were already doing (by their own choice) in the EU before GDPR, and which they're also doing everywhere else.
It just avoids GDPR unintentionally making it illegal for service providers to scan for CSAM without opt-in user consent from every user involved, and only does so for a temporary period until legislation that formally defines service provider responsibilities is ready.
Personally, I'm fine with that. I firmly agree that private E2E messaging should not be banned (the suggestion in this post, which as noted above is not currently a real proposal) but I don't think that means service providers should be forced to blindly host user data that may contain CSAM against their will.
