No statutory shield for end-to-end encryption
Technical Capability Notices under the Investigatory Powers Act are issued and contested in secret: the late-2024 TCN forced Apple to withdraw Advanced Data Protection from all UK users in February 2025, a narrower replacement order followed in late 2025, and the IPT heard the case on 'assumed facts' in 2026 only because Apple and Privacy International litigated. Separately, Online Safety Act s121 'accredited technology' notices could compel scanning of encrypted services, unused but on the statute book. UK law contains no presumption protecting E2EE and not even a duty to publish TCN numbers.
Every UK user now has weaker cloud security than users elsewhere, a unique national downgrade. Secret orders against encryption chill security investment, threaten adequacy, and were checked only by leaks and foreign-government pressure, not by any domestic institution.
IPA/OSA amendment creating a statutory presumption against notices that weaken end-to-end encryption, mandatory aggregate transparency reporting on TCNs, and independent technical review before issuance.
// State-led: Instrument: IPA/OSA amendment creating statutory presumption and mandatory TCN transparency.
Every UK user has a unique cloud-security downgrade threatening adequacy, but a statutory encryption shield is politically fraught against the security establishment, checked so far only by litigation and foreign pressure.