Apple has formally challenged the United Kingdom's secret demand to undermine end-to-end encryption, filing a case in the Investigatory Powers Tribunal to oppose a controversial order issued under the Investigatory Powers Act 2016.
The tech giant is seeking to overturn a “technical capability notice” (TCN) requiring it to create mechanisms enabling UK intelligence services to access encrypted iCloud backups globally.
The case, officially titled Apple v. Secretary of State for the Home Department, represents the latest escalation in a months-long confrontation between Apple and the British government over the future of encrypted communication and user privacy.
Legal battle over sweeping surveillance mandate
Apple's claim was lodged in February 2025, shortly after revelations surfaced that the UK Home Office had quietly issued a legally binding TCN compelling Apple to bypass encryption on its iCloud services. The notice allegedly demands the capability to decrypt all cloud-stored user data at the request of UK authorities, not limited to users within the country.
Such demands are issued in secret, and their recipients are prohibited from publicly acknowledging their existence under criminal penalty. Apple, however, has leveraged the limited legal recourse available under the law — bringing the case to the Investigatory Powers Tribunal, a court that reviews surveillance-related complaints against UK public bodies.
The case, which is supported by Apple's legal counsel and coordinated with civil liberties groups, contends that the TCN is both disproportionate and extraterritorial, effectively requiring Apple to compromise the security of users worldwide. The company argues that the order violates fundamental rights to privacy and data protection, with global implications for secure communication.
Apple's encryption in the crosshairs
Apple, which introduced Advanced Data Protection (ADP) in 2022, has made strong privacy protections a core part of its product philosophy. ADP enables end-to-end encryption for iCloud backups, meaning only the user — not even Apple — can decrypt the stored data. Law enforcement has long criticized the feature for impeding criminal investigations, but Apple has held firm on its refusal to build backdoors into its systems.
Faced with the UK's mandate, Apple removed ADP for users in the country in February 2025 rather than compromise the security of all users globally. While core protections for services like iMessage and FaceTime remain in place, iCloud backups are now subject to potential government access in the UK.
Apple has stated it “never built a backdoor into any product” and “never will,” reiterating its commitment to user privacy even amid increasing regulatory pressure.
The Home Office's order is based on the Investigatory Powers Act (IPA), a sweeping surveillance law passed in 2016 and widely criticized for enabling broad, opaque powers with minimal oversight. The Act allows government ministers to issue TCNs that compel companies to provide technical means to intercept or decrypt data. Notably, these orders are secret by default, and noncompliance is a criminal offense.
The most alarming aspect of this case is the global reach of the UK's demand. If enforced, it would require Apple to weaken its encryption systems worldwide, creating a precedent for similar demands from other countries, including authoritarian regimes.
What's next?
Apple's legal challenge could take months, or even years, to resolve. In the meantime, the company is adhering to the TCN in the only way it sees viable — by removing encrypted backups in the UK while preserving the integrity of its global infrastructure.
If Apple prevails, it could restrain government overreach into encrypted systems and reinforce the legal protections surrounding end-to-end encryption. If it loses, the consequences for digital privacy could be severe and far-reaching.
For users in the UK, alternatives remain limited. While device-level encryption and certain secure services continue to operate, the loss of ADP means cloud-stored data is no longer fully protected. Users seeking full privacy may need to explore third-party storage providers based outside UK jurisdiction.
Leave a Reply