The UK government has requested access to encrypted data stored by Apple users worldwide in its cloud service.
Currently, only the Apple account holder can access this data—Apple itself cannot view it.
The request was made by the Home Office under the Investigatory Powers Act (IPA), which requires companies to provide information to law enforcement agencies.
Apple declined to comment but states on its website that it considers privacy a "fundamental human right."
By law, the request cannot be disclosed publicly.
The news was first reported by the Washington Post, citing sources familiar with the situation, and the BBC has spoken to similar contacts.
The Home Office stated, "We do not comment on operational matters, including confirming or denying the existence of any such notices."
Privacy International described it as an "unprecedented attack" on individuals' private data.
"This is a fight the UK should not have picked," said the charity's legal director, Caroline Wilson Palow.
"This overreach sets a very harmful precedent and will encourage abusive regimes worldwide."
'Back doors' The demand affects all content stored using Apple's "Advanced Data Protection" (ADP).
This feature uses end-to-end encryption, meaning only the account holder can access the stored data—Apple cannot see it.
It is an optional service, and not all users choose to enable it.
This is because, while it makes your data more secure, it also has a downside—it encrypts your data so thoroughly that it cannot be recovered if you lose access to your account.
It is unknown how many people choose to use ADP.
It's also important to note that the government notice does not mean authorities will start searching through everyone's data.
It is believed that the government would want to access this data only if there were a national security risk—in other words, targeting an individual rather than using it for mass surveillance.
Authorities would still need to follow a legal process, have a valid reason, and request permission for a specific account to access data—just as they do now with unencrypted data.
Apple has previously stated it would remove encryption services like ADP from the UK market rather than comply with such government demands, telling Parliament it would "never build a back door" into its products.
Cybersecurity experts agree that once such an entry point is created, it's only a matter of time before bad actors find it too.
Withdrawing the product from the UK might not be enough to ensure compliance, as the Investigatory Powers Act applies globally to any tech firm with a UK market, even if they aren't based in Britain.
So far, no Western government has succeeded in forcing big tech firms like Apple to break their encryption.
The US government has previously requested this, but Apple has firmly refused.
In 2016, Apple resisted a court order to create software that would allow US officials to access the iPhone of a gunman. This was resolved after the FBI managed to access the device.
That same year, the US dropped a similar case after they found the person's passcode.
Similar cases have occurred, including in 2020, when Apple refused to unlock the iPhones of a man who carried out a mass shooting at a US air base.
The FBI later stated it had managed to "gain access" to the phones.