In December 2024, the UK government issued a Technical Capability Notice (TCN) to Apple, requiring the firm to create a mechanism for law enforcement access to its end-to-end encrypted iCloud service, Advanced Data Protection (ADP) for the UK market. This directive was issued under the Investigatory Powers Act 2016 that allows UK authorities to compel a company to enable access to encrypted user data. During this time, Apple formally removed the ADP feature from UK users in February 2025 and reiterated its commitment to user privacy.

Apple’s Legal Challenge and Secrecy Concerns

Apple is dosed in the TCN in UK’s Investigatory Powers Tribunal (IPT) claiming that such an order is harmful to global cybersecurity and the security of users’ trust. The IPT noted that there was a case before it and dismissed the government’s request for secrecy in its entirety. This case has triggered an international conversation about the balance between national security and individual privacy rights.

US Lawmakers’ Intervention

On May 7, 2025, US House Judiciary Chair Jim Jordan and Foreign Affairs Chair Brian Mast sent a joint letter to UK Home Secretary Yvette Cooper, outlining their serious concerns regarding the TCN. The lawmakers expressed that giving a back door into an encrypted system provides a systemic vulnerability that can be used by both cybercriminals and authoritarian regimes. In adding to these warnings, the lawmakers cautioned that the negative consequences of a backdoor not only affects users in the UK, but will also affect American citizens, and indeed users all over the world, due to the international extent of Apple’s services.

Implications for International Agreements and Human Rights

Jordan and Mast caught up with the UK and asked the UK authorities to let Apple disclose the existence of the TCN to the US Department of Justice to determine compliance with the US-UK CLOUD Act which does not allow orders that require companies to decrypt data. However with UK laws, US companies would commit a criminal offense if they were to disclose, confirm, or share such an order, including with their own government.

The legislators also argued that the order is incompatible with various international human rights standards, including a European Court of Human Rights decision declaring that undermining the strength of encryption contravenes privacy rights, and requested the United Kingdom Home Office to re-examine the issuance of TCNs that involve weakening encryption.

Global Ramifications

This situation highlights the complex nexus of national security, corporate responsibility and individual privacy rights in the digital age. While governments are struggling with the issues around encryption and state access to data, the outcome of Apple’s legal action in the UK could create a very significant precedent for the way technology companies respond to similar requests from countries around the world.