The U.K. has backed away from its demand that Apple build a backdoor into its encrypted iCloud services, according to comments from U.S. Director of National Intelligence Tulsi Gabbard. The move, which followed months of negotiations involving U.S. officials, including President Donald Trump and Vice President JD Vance, represents a significant shift in how far allied governments are willing to press for access to encrypted data.
Earlier this year, Apple had disabled its Advanced Data Protection (ADP) feature for U.K. customers after receiving a Technical Capability Notice under the country's Investigatory Powers Act. That order would have effectively forced the company to weaken end-to-end encryption, providing authorities with a pathway into data stored by both British and non-British users.
For privacy advocates and the cybersecurity community, the decision is a landmark. Mandated backdoors have long been criticized as undermining the very protections they are meant to bypass. By their nature, they do not discriminate between lawful use and malicious exploitation.
"Dropping a universal 'backdoor' demand is a win for everyone's security and civil liberties," said Adam McKissock, Principal Security Consultant at Black Duck. "Mandating a 'technical capability' to read end-to-end encrypted iCloud data would have created a permanent weakness that criminals and hostile states could also exploit. It was especially troubling that the order asserted reach into the data of people outside the U.K. If this reversal holds, the next step is clear: allow Apple to restore Advanced Data Protection for U.K. customers and commit—explicitly—that powers under the Investigatory Powers Act will not be used to require systemic weakening of encryption. Lawful access should remain targeted, case-by-case, and under due process. We don't make the internet safer by making it less secure."
Beyond the technical risks, the decision carries significant geopolitical weight. Encryption debates don't happen in isolation; global precedents can ripple quickly across borders.
Casey Ellis, Founder at Bugcrowd, framed it this way: "Deliberately weakening the security posture of everyone to enable the surveillance of a few is a universally bad solution, prone to unintended exploitation by cybercriminals and hostile states, overreach, and creeping abuse. Encryption is essential for civil liberty, and backdoors undermine security for everybody. It's also good to see aspects of global collaboration happening here. Once a global precedent around this type of thing is established, there's a real risk of that triggering a race to the bottom."
In other words, the U.K.'s retreat may help prevent a domino effect in which other governments would attempt to force similar requirements.
While Apple and privacy advocates are celebrating the development, experts warn the fight isn't over. The Investigatory Powers Act—and its provision for Technical Capability Notices—remains intact. That means the legal infrastructure for future demands still exists, even if political pressure has scaled back this particular order.
For now, the focus shifts to whether Apple will be allowed to re-enable ADP for U.K. customers. That decision will be seen as a litmus test of whether the government's reversal is substantive or merely temporary.
Either way, this outcome underscores an important lesson: strong, uncompromised encryption is not just a technical issue—it is a global standard tied directly to civil liberties, trust in technology, and the future of cybersecurity itself.
Follow SecureWorld News for more stories related to cybersecurity.