At 3pm on Friday (21 February), Apple shut down Advanced Data Protection (ADP) in the UK. The feature encrypts users’ personal data stored online on the company’s iCloud servers, meaning files such as photos or messages are backed up without Apple even having access to said data. In response to what they saw as a violation of privacy by the UK government, Apple has removed ADP in the UK. As it is optional, those with UK Apple accounts that are not currently using ADP see an error message if they now try to opt in. However, those with UK Apple accounts who are currently using ADP will soon experience Apple phasing out the tool. The end-to-end encryption produced by ADP greatly enhances the security of iCloud accounts. However, iMessage and Facetime will still be protected by the encryption by default.
Earlier this month, the UK Home Office served Apple with a request under the Investigatory Powers Act. The IPA compels companies to provide governments and law enforcement agencies with customer’s information. Apple is very strict with how they share user data, often only when there is a warrant given. In Apple’s Legal Process Guidlines Government & Law Enforcement published in February 2025, it is clearly written that “Apple will provide customer content, as it exists in the customer’s account, only in response to such legally valid process.” The Home Office neither confirmed nor denied whether it requested a TCN, Technical Capability Notice, which would be the document needed to be given to Apple to compel the user information encrypted by ADP. However, even with a TCN being issued, it does not give blanket authorization to the Home Office; other warrants and authorizations would be required to truly compel Apple to turn over access to the UK government.
This dispute is part of an ongoing debate between law enforcement and the tech industry. The access to private data by governments is seen as beneficial to safety and security to government and a complete overstep of privacy by the tech companies that would be forced to provide the data. Many intelligence agencies claim that encrypted data security features like ADP prevent them from investigating criminals. In a statement, Apple said “We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy."
Apple’s statement implied that without ADP, they will be unable to guarantee the same level of security and privacy encryption that users in other countries receive with the feature: “Apple remains committed to offering our users the highest level of security for their personal data, and are hopeful that we will be able to do so in the future in the United Kingdom, … we have never built a backdoor or master key to any of our products or services and we never will.” The position that UK law enforcement needs access to the encrypted data ignores the violation of law-abiding citizens, businesses, and other ogranizations’ privacy. A technology partner at Keystone Law, Robert Peake, claimed that Apple is “calling the government’s bluff” by not succumbing to the pressure to turn over secure user data.
This may not be the end of Apple’s problems with ADP in the UK. Many cybersecurity experts argue that without this feature, it leave UK users much more vulnerable. Dray Agha, who manages security operations at the cybersecurity firm Huntress, said that Apple’s decision to pull ADP in the UK sets a dangerous precedent globally as this event could lead to other tech companies weakening their data security. Cybersecurity academic Alan Woodward described the action as “an act of self harm” by the government as all the Home Office achieved was diminishing privacy for its own citizens.
The most concerns lie in the fact that Apple could simply withdraw ADP as a tool and leave users at risk instead of having negotiations or coming to some sort of compromise with the UK government. Apple’s actions could set precedent for other companies to simply remove features when conflict arises. At the moment, it is unclear how either Apple or the Home Office will proceed. Now, there is the possibility that other nations could request access for this data and ADP could be removed in many different places all over the world.