The UK has agreed to drop its controversial demand for Apple to offer backdoor entry to encrypted knowledge belonging to US residents. However sadly, this concession particularly excludes UK customers and different international Apple clients, leaving them with out entry to Apple’s strongest privateness protections.
Key takeaways
- Solely US Residents Profit: The UK has dropped its demand for Apple to offer backdoor entry to encrypted knowledge of People, however this coverage doesn’t cowl UK residents or customers from different international locations.
- UK Privateness Erosion Continues: British Apple customers can’t use ADP and stay topic to authorities entry requests by way of warrant.
- International Precedent Prevented – For Now: The carve-out for US residents prevents a harmful international precedent, however the underlying surveillance powers stay in place for UK residents and others.
What compelled the UK authorities to vary stance?
US Director of Nationwide Intelligence Tulsi Gabbard introduced in August 2025 that the UK had withdrawn its mandate requiring Apple to create a “backdoor” that may have compromised the encrypted knowledge of Americans. This settlement resulted from months of diplomatic negotiations involving President Donald Trump, Vice President JD Vance, and UK officers.
The decision got here after intense stress from US lawmakers who accused the UK of conducting what they known as “a overseas cyberattack waged by political means” and threatened to take away the UK from the 5 Eyes intelligence sharing community. Such removing would have meant UK safety companies wouldn’t have entry to key intelligence to guard in opposition to overseas threats.
What UK customers misplaced – and received’t get again
The UK authorities’s authentic demand, issued by a secret Technical Functionality Discover beneath the Investigatory Powers Act in January 2025, focused Apple’s Superior Knowledge Safety (ADP) characteristic. This opt-in service offers end-to-end encryption for iCloud knowledge, making certain that solely customers can entry their saved images, messages, backups, and different delicate info. As soon as encrypted, not even Apple can entry the saved knowledge.
In response to the federal government order, Apple withdrew ADP from UK customers in February 2025. The corporate acknowledged it was “gravely upset” however maintained its place: “Now we have by no means constructed a backdoor or grasp key to any of our services or products, and we by no means will”.
Restricted safety for UK residents
The brand new UK-US settlement particularly protects solely Americans’ knowledge. Current courtroom paperwork from the Investigatory Powers Tribunal reveal that the UK’s calls for stay energetic and “are usually not restricted to the UK or customers of the service throughout the UK; they’re relevant globally in regards to the related knowledge classes of all iCloud customers”.
This implies:
- UK customers can’t activate ADP in the event that they haven’t already enabled it
- Present UK ADP customers will ultimately be compelled to disable the characteristic to proceed utilizing their iCloud accounts
- Non-US residents worldwide stay probably topic to the UK’s knowledge entry calls for
Put merely, the brand new exemption applies solely to US residents. Everybody else, irrespective of the place they dwell on this planet, might nonetheless be topic to entry requests from the UK authorities.
What knowledge stays protected
The ADP withdrawal doesn’t have an effect on all Apple encryption. Core communication companies like iMessage, FaceTime, and iCloud Keychain stay end-to-end encrypted globally, together with within the UK. Moreover, 14 different iCloud knowledge classes preserve their default encryption.
Nonetheless, 9 crucial knowledge classes that had been beforehand protected beneath ADP now use normal encryption that Apple can entry and probably share with authorities beneath authorized warrants:
- iCloud Backup
- iCloud Drive
- Pictures
- Notes
- Reminders
- Safari Bookmarks
- Siri Shortcuts
- Voice Memos
- Pockets Passes
- Freeform
The broader privateness implications
Privateness specialists warn that the UK’s strategy units a harmful international precedent. In her submission to the US Authorities, Caroline Wilson Palow from Privateness Worldwide famous: “The present state of play threatens the privateness and safety of People, and certainly individuals worldwide, by undermining the essential safety of encryption”.
In his opinion piece for WebSecurityLab, David Odes wrote, “Any vulnerability created for “good guys” can—and ultimately will—be exploited by adversaries”. He goes on to clarify that “As soon as the infrastructure exists, historical past signifies that will probably be exploited [by governments].”
What this implies for UK Apple customers
UK customers now have weaker privateness protections than Apple clients in most different international locations. Whereas the corporate efficiently negotiated safety for US residents by diplomatic channels, no related protections exist for British customers or different international clients.
Apple has not indicated any timeline for probably reinstating ADP within the UK. And the federal government has not confirmed whether or not it is going to modify or withdraw its calls for for non-US residents. The Investigatory Powers Tribunal is scheduled to evaluate Apple’s authorized problem in early 2026, however this course of might not restore the privateness protections UK customers have misplaced.
For UK customers involved about knowledge privateness, cybersecurity specialists advocate contemplating options. These embrace disabling iCloud backups fully or switching to third-party companies with stronger encryption protections.
So though the UK’s concession marks a uncommon victory for transatlantic privateness rights, it’s a slender one. And UK residents shouldn’t anticipate a return to robust encryption or privateness controls anytime quickly.
