UK seeks global iCloud access — Apple, ADP removal and the fallout

In spring, the UK government used the Investigatory Powers Act and a Technical Capability Notice (TCN) to demand access to iCloud data — reportedly applying globally to all Apple users, not just residents of the UK. Apple said this conflicted with its Advanced Data Protection (ADP) end-to-end encryption guarantees and removed ADP for UK users in early 2025.

Timeline

• Early 2025: UK issues TCN under the Investigatory Powers Act seeking capabilities to obtain iCloud data, including encrypted backups.
• February 2025: Apple disables Advanced Data Protection (ADP) for UK users, citing incompatibility with the government demand.
• Through 2025: Legal challenges and international pushback raise concerns over extraterritorial reach and conflicts with agreements such as the CLOUD Act.
• By August 2025: Facing legal, diplomatic and intelligence pressure, the UK reportedly withdrew the broad worldwide requirement.

Why this matters

The case highlights a clash between national security and individual privacy. For Apple, ADP represented a strong privacy commitment for end-to-end encryption across iCloud services. For the UK, the TCN was presented as a law-enforcement tool. The dispute raised questions about extraterritorial surveillance, international data-access agreements, and the limits of lawful access to encrypted data.

Sources & further reading

• MacRumors — UK demands global iCloud access (Aug 2025)
• ComputerWeekly — Home Office ‘back door’ seeks worldwide access (news)
• PrivacyGuides — UK forced Apple to remove ADP (analysis)
• JURIST — UK withdraws data-access mandate after US pressure

What do you think? Should companies comply with national surveillance demands even if they weaken global privacy guarantees? Share your views below.