The U.K. government is reportedly renewing efforts to compel Apple to grant authorities access to encrypted iCloud backups for British users via a new “technical capability notice” issued in September, even after earlier demands targeting global data access were dropped. The latest move would confine the scope of the request to citizens inside the U.K., but critics warn it still undermines the principle of end-to-end encryption and could pose broader security risks. Apple, which previously pulled its “Advanced Data Protection” (ADP) feature in the U.K. rather than comply, has not publicly responded to the new notice. Privacy advocates argue that backdooring encryption—even for a subset of users—weakens protections for all and may set a precedent for other governments to demand access. Meanwhile, the prior order drew significant pushback from U.S. officials who viewed it as threatening to civil liberties and international tech partnerships.
Sources: The Guardian, Reuters
Key Takeaways
– Even though the new U.K. request is narrower (targeting British users only), it still challenges the security model of end-to-end encryption and risks weakening global data protections.
– Apple previously responded to the original demand by disabling its most secure iCloud feature (ADP) in the U.K., rather than comply with building a backdoor.
– The renewed demand has reignited tensions over the balance between national security and individual privacy, drawing sharp criticism from privacy advocates and international tech stakeholders.
In-Depth
In early October 2025, reports surfaced that the U.K. government had issued a fresh attempt to force Apple to build a means of accessing encrypted iCloud backups belonging to British users. The latest request, described as a new “technical capability notice,” comes after an earlier, broader demand earlier this year sought access to encrypted backups from Apple users worldwide. That original effort had ignited a fierce backlash, including objections from U.S. officials who saw the move as an overreach that could undermine civil liberties and upset international tech norms.
Apple, for its part, responded decisively: rather than comply with a backdoor, the company withdrew its Advanced Data Protection (ADP) offering for new users in the U.K. and signaled its unwillingness to reenable it. By doing so, Apple maintained its long-standing stance that it would never build a master key or backdoor into its services, even under governmental pressure. Under the Investigatory Powers Act, which gives U.K. authorities the legal power to issue such notices, Apple is legally constrained from discussing or confirming these orders. That secrecy further complicates public oversight and debate.
While the new demand is narrower—focused only on U.K.-based accounts—it still raises serious questions about the durability of encryption guarantees. Even a localized backdoor can introduce vulnerabilities that malicious actors might exploit, and it sets a precedent for other nations to demand similar access. Privacy organizations argue that once a company concedes on the principle of strong encryption, it erodes trust and undermines the digital security landscape for everyone.
Beyond the technical and legal implications, this standoff has geopolitical dimensions. The earlier broad demand triggered diplomatic pressure, particularly from U.S. leaders who viewed access to American users’ encrypted data as a violation of privacy rights. Those tensions played a role in the original order’s retreat. Now, with the U.K. attempting a more circumscribed version, the question returns: will Apple stand firm again, and will allies or opponents weigh in as the stakes around encryption, surveillance, and data sovereignty continue to rise?