Newly published court filings reveal the UK government issued a secret technical capability notice seeking broad access to data held in Apple’s iCloud service, and that the notice may have been framed to apply worldwide, not only to users in the United Kingdom.
Court filings outline scope of Home Office demand
The Investigatory Powers Tribunal made the filings public as part of a legal challenge brought by Apple, showing the Home Office instructed Apple to “provide and maintain a capability to disclose categories of data stored within a cloud-based backup service.”
According to the documents reported by the Financial Times, the technical capability notice did not limit its obligations to Advanced Data Protection — Apple’s end-to-end encryption option — and instead covered a range of standard iCloud categories that are routinely used for backups, photos and passwords.
Most notably, the filings say the TCN’s obligations “are not limited to the UK or users of the service in the UK,” indicating the notice intended to apply to the relevant data categories of all iCloud users globally.
Impact on iCloud encryption and Apple services
Apple informed UK customers that it had suspended its Advanced Data Protection option after receiving the government order, a move that removed an extra layer of end-to-end encryption for some iCloud content in the UK.
Standard iCloud already encrypts data in transit and at rest but allows Apple to respond to lawful requests for access to certain categories of content. The technical notice, as described in the IPT filings, sought capabilities well beyond typical legal demands, according to privacy advocates.
Legal challenge proceeds under secrecy constraints
Apple has mounted a legal challenge to the Home Office notice and the IPT has agreed to hear the case in open court, while allowing parts of the process to proceed on the basis of “assumed facts” so as to avoid breaching the Official Secrets Act.
The UK government has refused to confirm or deny the existence of the specific order, citing national security considerations, which has limited what both Apple and outside observers can disclose publicly about the technical details and scope of the demand.
Security experts and civil liberties groups raise alarms
Cryptography specialists and civil liberties organizations such as the Open Rights Group have warned that any requirement to create a “backdoor” or special-access capability would weaken security for all users and could be exploited by malicious actors or foreign states.
Apple has consistently argued that building systemic access for law enforcement undermines the integrity of encryption and exposes citizens and businesses to greater risk, a position it defended during its high-profile dispute with U.S. authorities over device access nearly a decade ago.
International implications and diplomatic sensitivity
The filings have reopened questions about how governments coordinate on lawful access to data hosted by multinational technology firms based in the United States, such as Apple, and how any requirements are reconciled with foreign privacy laws and extraterritorial reach.
U.S. officials previously signaled publicly that the UK was reconsidering heavy-handed encryption demands, but the new tribunal documents suggest the Home Office has not formally rescinded the global aspects of the notice, according to sources familiar with the filings.
As the IPT moves forward, legal teams, digital-rights advocates and international partners will be watching closely for a ruling that could set precedent on the limits of state access to encrypted cloud services and the responsibilities of global tech platforms.
