The UK government has reportedly renewed its push to force Apple to create a backdoor into its encrypted iCloud backups, this time targeting only British users.
The Financial Times reports that the Home Office issued a new demand in September 2025, months after Apple withdrew its Advanced Data Protection (ADP) feature from the UK in response to an earlier sweeping order.
According to sources familiar with the matter, the latest Technical Capability Notice (TCN) issued under the Investigatory Powers Act (IPA) asks Apple to break encryption solely for UK citizens’ data stored in iCloud. This move follows a January TCN that demanded global access, a request that triggered fierce backlash from the Trump administration, prompting fears of international surveillance overreach and jeopardizing trade negotiations between the US and UK.
Apple, in response to the original demand, removed ADP from its UK offerings in February 2025, citing a firm stance against weakening encryption. ADP, which provides end-to-end encryption for iCloud backups, including photos, messages, and sensitive metadata, remains unavailable to new users in the UK. The company reiterated this week that it is “gravely disappointed” that UK customers cannot benefit from its highest-level privacy protections.
Apple maintains that it has never built a backdoor into any of its services and “never will,” emphasizing that doing so would create a systemic vulnerability exploitable by malicious actors. The company has taken its case to the Investigatory Powers Tribunal, challenging the legality and scope of the original TCN. A joint legal action filed by civil liberties groups Privacy International and Liberty is also underway, aiming to curtail the UK government’s broad surveillance powers under the IPA.
The Home Office declined to confirm or deny the issuance of any TCN, stating only that it acts decisively to keep UK citizens safe. TCNs are legally binding orders that compel companies to remove electronic protection such as encryption when deemed necessary for national security or law enforcement operations, often citing terrorism or child exploitation as justifications.
Apple operates a global cloud infrastructure that includes storing encrypted backups for hundreds of millions of users. Its ADP feature, launched globally in late 2022, marked a major privacy milestone by allowing users to encrypt nearly all iCloud data, including device backups, end-to-end. However, enabling ADP makes even Apple unable to decrypt that data, which is precisely what governments like the UK object to.
Director of National Intelligence Tulsi Gabbard intervened earlier this year to block the global demand. Gabbard stated in August that the UK had agreed to drop its attempt to gain access to encrypted data of American citizens, with Trump likening the UK’s request to Chinese-style surveillance.
However, with the September order now apparently limiting the demand to British users, UK authorities appear to be testing the bounds of what they can compel under domestic law, without triggering another international dispute.
Political theatre! All the top level security agencies can already access everything. If you think otherwise, you’re naïve.