Today we learned the UK has issued a new secret order forcing Apple to undermine iCloud’s advanced encryption again, but this time only for UK users.

While this seems like progress – and it is in the sense that the UK is clearly reacting to the global concern and US Government pressure generated by its original directive to Apple – the new order may be just as big a threat to worldwide security and privacy as the old one. The status of the original order remains unclear.

If true, this new order is not ‘less worse’ than the first. That’s because, as we have been saying all along, Apple cannot undermine end-to-end encryption of iCloud services only for the UK when those services are used worldwide. If Apple breaks end-to-end encryption for the UK, it breaks it for everyone. The resulting vulnerability can be exploited by hostile states, criminals and other bad actors the world over.

The impact of the UK’s new order may be limited if it only targets Apple’s Advanced Data Protection (ADP), which it withdrew from the UK in February 2025. But we learned last month that the original order may extend to other information which is end-to-end encrypted on iCloud, not just that protected by ADP. Unless Apple is willing to turn off all iCloud end-to-end encryption for its UK users, then this order’s negative impact will spread.

And unless Apple plans to build walled off systems just for UK users, so it can then undermine the security of UK users alone for the UK Government, then this new order could have a quite similar impact to the old one. This could also put at risk information like user passwords, location, and health data.

By using a secret order to undermine the security of Apple products, the UK Government is making security harder for us all. If this new order isn’t stopped, the UK Government will likely issue similar orders to other companies, too.

In the name of protecting the UK people, the UK Government is instead undermining a crucial security protection, which seems ill-advised in a world where security risks are mounting every day.

Privacy International and Liberty’s legal challenge to the power under which the UK has issued these orders continues.