Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data.
Advanced Data Protection (ADP) means only account holders can view items such as photos or documents they have stored online through a process known as end-to-end encryption.
But earlier this month the UK government asked for the right to see the data, which currently not even Apple can access.
Apple did not comment at the time but has consistently opposed creating a “backdoor” in its encryption service, arguing that if it did so, it would only be a matter of time before bad actors also found a way in.
Now the tech giant has decided it will no longer be possible to activate ADP in the UK.
It means eventually not all UK customer data stored on iCloud – Apple’s cloud storage service – will be fully encrypted.
Data with standard encryption is accessible by Apple and shareable with law enforcement, if they have a warrant.
The Home Office told the BBC: “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.”
In a statement Apple said it was “gravely disappointed” that the security feature would no longer be available to British customers.
“As we have said many times before, we have never built a backdoor or master key to any of our products, and we never will,” it continued.
The ADP service is opt-in, meaning people have to sign up to get the protection it provides.
From 1500GMT on Friday, any Apple user in the UK attempting to turn it on has been met with an error message.
Existing users’ access will be disabled at a later date.
It is not known how many people have signed up for ADP since it became available to British Apple customers in December 2022.
Prof Alan Woodward – a cyber-security expert at Surrey University – said it was a “very disappointing development” which amounted to “an act of self harm” by the government.
“All the UK government has achieved is to weaken online security and privacy for UK based users,” he told the BBC, adding it was “naïve” of the UK to “think they could tell a US technology company what to do globally”.
Online privacy expert Caro Robson said she believed it was “unprecedented” for a company “simply to withdraw a product rather than cooperate with a government”.
“It would be a very, very worrying precedent if other communications operators felt they simply could withdraw products and not be held accountable by governments,” she told the BBC.
Meanwhile, Bruce Daisley, a former senior executive at X, then known as Twitter, told BBC Radio 4’s PM programme: “Apple saw this as a point of principle – if they were going to concede this to the UK then every other government around the world would want this.”
The request was served by the Home Office under the Investigatory Powers Act (IPA), which compels firms to provide information to law enforcement agencies.
Apple would not comment on the notice and the Home Office refused to either confirm or deny its existence, but the BBC and the Washington Post spoke to a number of sources familiar with the matter.
It provoked a fierce backlash from privacy campaigners, who called it an “unprecedented attack” on the private data of individuals.
Last week, Will Cathcart, head of WhatsApp, responded to a post on X expressing his concerns about the government’s request.
He wrote: “If the UK forces a global backdoor into Apple’s security, it will make everyone in every country less safe. One country’s secret order risks putting all of us in danger and it should be stopped.”
Two senior US politicians said it was so serious a threat to American national security that the US government should re-evaluate its intelligence-sharing agreements with the UK unless it was withdrawn.
It is not clear that Apple’s actions will fully address those concerns, as the IPA order applies worldwide and ADP will continue to operate in other countries.
One of those US politicians – Senator Ron Wyden – told BBC News that Apple withdrawing end-to-end encrypted backups from the UK “creates a dangerous precedent which authoritarian countries will surely follow”.
Senator Wyden believes the move will “not be enough” for the UK to drop its demands, which would “seriously threaten” the privacy of US users.
In its statement, Apple said it regretted the action it had taken.
“Enhancing the security of cloud storage with end-to-end-encryption is more urgent than ever before,” it said.
“Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in future in the UK.”
Rani Govender, policy manager for child safety online at the NSPCC, said it wants tech firms like Apple to ensure they are balancing child and user safety with privacy.
“As Apple looks to change its approach to encryption, we’re calling on them to make sure that they also implement more child safety measures, so that children are properly protected on their services,” she told BBC News.
The UK children’s charity has said that end-to-end encrypted services can hinder child safety and protection efforts, such as identifying the sharing of child sexual abuse material (CSAM).
The row comes amid growing push-back in the US against regulation being imposed on its tech sector from elsewhere.
In a speech at the AI Action Summit in Paris at the beginning of February, US Vice President JD Vance made it clear that the US was increasingly concerned about it.
“The Trump administration is troubled by reports that some foreign governments are considering tightening the screws on US tech companies with international footprints,” he said.
