UPDATE: As of 4th March, it has been reported that Apple has now issued a legal challenge to the UK government. However, this does not change the fact that Apple complied with the order and removed Advanced Data Protection for UK users before all legal routes had been explored.
The UK government ordered Apple to weaken encryption by providing access to iCloud data under the Investigatory Powers Act 2016.
Apple’s response? Instead of challenging the notice in court, the company removed its Advanced Data Protection (ADP) feature(nuova finestra), effectively eliminating end-to-end encryption for everyone using iCloud in the UK.
This is the latest attack on encryption and privacy in a campaign that began in the 1990s, often led by liberal democracies, including Australia, the USA, and the EU. Until now, most tech companies have successfully fought for their users’ rights against government overreach. Apple’s decision marks one of the first instances a major democracy successfully pressured a tech company into reversing encryption protections. Given that Apple is one of the world’s largest and richest companies, a company that claimed privacy was its priority, it sets a chilling precedent, both for other governments abroad and for Apple’s future decisions.
To be clear, Proton would take a different approach. We have never and will never compromise our encryption. We didn’t do it under pressure from Russia, China or India, and we wouldn’t do it for the UK. If put in the same position, we would refuse to add a backdoor, but nor would we comply by opening up the front door either.
The UK government risks British citizens’ security
At a time when the UK government should be focused on supporting and encouraging a supportive environment for tech investment and for businesses to thrive, this anti-encryption push will have the opposite effect.
End-to-end encryption is vital for security, protecting people from cyberthreats such as identity theft, financial fraud, and surveillance by bad actors. For businesses, encryption is critical for protecting vital industries — such as banking and finance. Without it, sensitive data is exposed to hackers, other corporations, and even hostile governments. Weakening encryption doesn’t just harm privacy and security — it’s a slippery slope that makes the entire business and digital ecosystem less secure, leaving everyone more vulnerable to cybercrime.
In recent years we’ve seen an explosion of cyberattacks on institutions across Europe and the United States(nuova finestra). In this environment, encryption is a first line of national security and must be strengthened, not undermined. The US Cybersecurity and Infrastructure Security Agency admitted as much, advising all highly targeted individuals to use end-to-end encrypted services(nuova finestra).
The UK government’s approach ignores these risks, putting businesses and individuals in danger. However, while governments can pass whatever laws they like, the laws of mathematics don’t change. That’s why we put our faith in end-to-end encryption, which is either secure for everyone or not secure at all. Lawmakers and tech companies must hold fast on encryption because there is no such thing as a back door that only lets the good guys in.
Apple’s double standard on privacy
Apple’s decision not to fight the UK government’s notice is deeply concerning and raises serious questions about its commitment to privacy. The company aggressively markets itself as a privacy champion, running high-profile “Privacy. That’s iPhone” ads. If Apple prioritizes privacy as it claims, why not fight this notice in court as it has fought other government decisions(nuova finestra)?
Apple has emphasized transparency in its decision making, arguing that this result is better than creating an explicit back door. However, transparency does not change the practical effect of what Apple has done — by removing ADP, Apple made it easier for UK authorities to access private user data. Even if it didn’t get a back door, the Home Office achieved its ultimate goal.
Apple’s handling of this situation echoes how it has dealt with pressure from the Chinese government. In 2017, Apple removed dozens of VPN apps(nuova finestra) from the Chinese version of the App Store, and just last year, in 2024, it removed several encrypted messaging apps(nuova finestra), including Signal and WhatsApp. This displays a pattern, where Apple repeatedly compromises its users’ privacy rather than risk its supply chain or access to markets.
This raises an important question: If governments see they can push Apple, what’s to stop the US government from demanding it weaken encryption? Or India? Or the EU? Apple’s actions in the UK send a clear message — its commitment to privacy stops where government pressure starts.
Proton will never weaken encryption
Proton has faced similar demands before from Russia. We refused, even when it meant being blocked by the government.
The UK is now following in the footsteps of these regimes by demanding companies provide back doors to encrypted data. We’re prepared to resist these requests, as we have elsewhere.
We have experience fighting for privacy and freedom in the face of government overreach. In addition to providing services in Russia, China, and Iran, Proton also successfully challenged an attempt by the Swiss government to undermine email privacy in 2021.
We can take these stances because of the strong legal protections we receive as a Swiss company. The Swiss Federal Constitution(nuova finestra) explicitly establishes a right to privacy, and unlike other democracies, Switzerland has never considered legislation targeting end-to-end encryption. Switzerland is also not a part of EU or US jurisdiction, meaning that even if those governments pass laws that weaken end-to-end encryption, they would not be enforceable in Switzerland.
The future of privacy is in your hands
Governments will keep pushing to weaken encryption unless people and companies push back. Privacy is not a privilege — it is a fundamental right. But rights must be defended.
We created Proton to defend privacy in a world where governments and corporations seek to erode it. We offer end-to-end encrypted services that put people — not governments or tech giants — in control of their own data. At a time when most of our personal information is stored online, securing it with end-to-end encryption is critical.
As consumers, we vote with our wallets. If you’re a privacy-conscious iCloud user in the UK, we urge you to support services that refuse to help create a surveillance state. If we do nothing, the UK’s decision will not remain an isolated case — it will become a new global standard.
Proton believes privacy is a fundamental human right and encryption is the best way to secure it. This is not a fight we will run from — not in the UK. Not anywhere.
