Liberty News

The Financial Times reports that the U.K. is once again demanding that Apple create a backdoor into its encrypted backup services. The only change since the last time they demanded this is that the order is allegedly limited to only apply to British users. That doesnt make it any better.

The demand uses a power called a 'Technical Capability Notice' (TCN) in the U.K.s Investigatory Powers Act. At the time of its signing we noted this law would likely be used to demand Apple spy on its users.

After the U.K. government first issued the TCN in January, Apple was forced to either create a backdoor or block its Advanced Data Protection feature--which turns on end-to-end encryption for iCloud--for all U.K. users. The company decided to remove the feature in the U.K. instead of creating the backdoor.

The initial order from January targeted the data of all Apple users. In August, the US claimed the U.K. withdrew the demand , but Apple did not re-enable Advanced Data Protection. The new order provides insight into why: the U.K. was just rewriting it to only apply to British users.

This is still an unsettling overreach that makes U.K. users less safe and less free. As weve said time and time again , any backdoor built for the government puts everyone at greater risk of hacking, identity theft, and fraud. It sets a dangerous precedent to demand similar data from other companies, and provides a runway for other authoritarian governments to issue comparable orders. The news of continued server-side access to users' data comes just days after the UK government announced an intrusive mandatory digital ID scheme , framed as a measure against illegal migration.

A tribunal hearing was initially set to take place in January 2026 , though its currently unclear if that will proceed or if the new order changes the legal process. Apple must continue to refuse these types of backdoors. Breaking end-to-end encryption for one country breaks it for everyone. These repeated attempts to weaken encryption violates fundamental human rights and destroys our right to private spaces.

The EU Commission presented a Roadmap on how it intends to ensure that law enforcement has access to citizens' data. EU politicians are seeking capabilities to decrypt private data by 2030.

The Roadmap is part of the ProtectEU strategy, first unveiled in April 2025. It stems from the work of the High-Level Group (HLG) carried on under the so-called Going Dark initiative . The group was tasked, by the EU Council in June 2023, to develop a strategic plan on access to data for effective law enforcement.

Specifically, the group's final report, published in March 2025, referred to end-to-end encryption as the biggest technical challenge to the investigative work of law enforcement agencies, explicitly targeting the use of the best VPN services, encrypted messaging apps, and similar tools.

The EU plan focuses on six key areas:

• Data retention. The EU Commission is expected to carry out an impact assessment with the aim of extending the EU's data retention obligations and reinforcing cooperation between service providers and authorities.
• Interception. Lawmakers seek to explore measures aimed at improving cross-border cooperation for lawful interception of data by 2027.
• Digital forensics. The goal here is to develop technical solutions that allow authorities to analyze and preserve digital evidence stored on electronic devices.
• Decryption. Next year, the EU Commission is set to present a Technology Roadmap on encryption to identify and evaluate decrypting solutions. These technologies are expected to equip Europol officers from 2030.
• Standardisation. The Commission is said to be committed to working alongside Europol, industry stakeholders, experts, and law enforcement practitioners to standardize the new approach to internal security.
• AI solutions for law enforcement. Lawmakers also seek to promote the development and deployment of AI tools by 2028. These solutions will enable authorities to lawfully and effectively process large volumes of seized data.

Other articles suggest that the EU is thinking along the lines of key escrow where the authorities mandatorily demand a copy of people's encryptions keys