The United Kingdom has agreed to drop its controversial demand for Apple to provide backdoor access to encrypted data belonging to US citizens. But unfortunately, this concession specifically excludes UK users and other global Apple customers, leaving them without access to Apple’s strongest privacy protections.

Key takeaways

  • Only US Citizens Benefit: The UK has dropped its demand for Apple to provide backdoor access to encrypted data of Americans, but this policy does not cover UK citizens or users from other countries.
  • UK Privacy Erosion Continues: British Apple users cannot use ADP and remain subject to government access requests via warrant.
  • Global Precedent Avoided – For Now: The carve-out for US citizens prevents a dangerous global precedent, but the underlying surveillance powers remain in place for UK residents and others.

What forced the UK government to change stance?

US Director of National Intelligence Tulsi Gabbard announced in August 2025 that the UK had withdrawn its mandate requiring Apple to create a “backdoor” that would have compromised the encrypted data of American citizens. This agreement resulted from months of diplomatic negotiations involving President Donald Trump, Vice President JD Vance, and UK officials.

The resolution came after intense pressure from US lawmakers who accused the UK of conducting what they called “a foreign cyberattack waged through political means” and threatened to remove the UK from the Five Eyes intelligence sharing network. Such removal would have meant UK security services would not have access to key intelligence to protect against foreign threats.

What UK users lost – and won’t get back

The UK government’s original demand, issued through a secret Technical Capability Notice under the Investigatory Powers Act in January 2025, targeted Apple’s Advanced Data Protection (ADP) feature. This opt-in service provides end-to-end encryption for iCloud data, ensuring that only users can access their stored photos, messages, backups, and other sensitive information. Once encrypted, not even Apple can access the stored data.

In response to the government order, Apple withdrew ADP from UK users in February 2025. The company stated it was “gravely disappointed” but maintained its position: “We have never built a backdoor or master key to any of our products or services, and we never will”.

Limited protection for UK citizens

The new UK-US agreement specifically protects only American citizens’ data. Recent court documents from the Investigatory Powers Tribunal reveal that the UK’s demands remain active and “are not restricted to the UK or users of the service within the UK; they are applicable globally concerning the relevant data categories of all iCloud users”.

This means:

  • UK users cannot activate ADP if they haven’t already enabled it
  • Existing UK ADP users will eventually be forced to disable the feature to continue using their iCloud accounts
  • Non-US citizens worldwide remain potentially subject to the UK’s data access demands

Put simply, the new exemption applies only to US citizens. Everyone else, no matter where they live in the world, could still be subject to access requests from the UK government.

What data remains protected

The ADP withdrawal doesn’t affect all Apple encryption. Core communication services like iMessage, FaceTime, and iCloud Keychain remain end-to-end encrypted globally, including in the UK. Additionally, 14 other iCloud data categories maintain their default encryption.

However, nine critical data categories that were previously protected under ADP now use standard encryption that Apple can access and potentially share with authorities under legal warrants:

  • iCloud Backup
  • iCloud Drive  
  • Photos
  • Notes
  • Reminders
  • Safari Bookmarks
  • Siri Shortcuts
  • Voice Memos
  • Wallet Passes
  • Freeform

The broader privacy implications

Privacy experts warn that the UK’s approach sets a dangerous global precedent. In her submission to the US Government, Caroline Wilson Palow from Privacy International noted: “The current state of play threatens the privacy and security of Americans, and indeed people worldwide, by undermining the crucial protection of encryption”.

In his opinion piece for WebSecurityLab, David Odes wrote, “Any vulnerability created for “good guys” can—and eventually will—be exploited by adversaries”. He goes on to explain that “Once the infrastructure exists, history indicates that it will be exploited [by governments].”

What this means for UK Apple users

UK users now have weaker privacy protections than Apple customers in most other countries. While the company successfully negotiated protection for US citizens through diplomatic channels, no similar protections exist for British users or other global customers.

Apple has not indicated any timeline for potentially reinstating ADP in the UK. And the government has not confirmed whether it will modify or withdraw its demands for non-US citizens. The Investigatory Powers Tribunal is scheduled to review Apple’s legal challenge in early 2026, but this process may not restore the privacy protections UK users have lost.

For UK users concerned about data privacy, cybersecurity experts recommend considering alternatives. These include disabling iCloud backups entirely or switching to third-party services with stronger encryption protections.

So although the UK’s concession marks a rare victory for transatlantic privacy rights, it is a narrow one. And UK citizens should not expect a return to strong encryption or privacy controls anytime soon.