On 8 June 2026, Prime Minister Keir Starmer stood at London Tech Week and issued an ultimatum: Apple and Google have three months to implement device-level scanning that blocks children from taking, sending, or viewing nude images across the whole device — or face new legislation, substantial fines, and potential criminal liability for tech executives. The announcement crossed a significant policy threshold. This is not a demand for better content moderation within individual apps or stronger age-gating on social media. It is a requirement for operating-system-level interception across cameras, messaging apps, browsers, and third-party services on every phone used by anyone in the UK.
The child safety rationale is not trivial. The Internet Watch Foundation's 2025 annual report confirms 312,030 verified reports of child sexual abuse material — a 7 percent increase from 2024. The more alarming trend is AI-generated abuse: IWF analysts identified 3,443 AI-generated CSAM videos in 2025, a 26,385 percent increase from just 13 such videos the year before. Sixty-five percent were classified Category A, the most severe tier. When a child safety charity describes the internet as an AI-powered abuse machine, dismissing political urgency as performative is not honest analysis. Governments are right to press platforms harder than they have been pressed.
What the Proposal Actually Requires
The government's announcement describes technology that would function 'device-wide without collecting personal data.' That formulation conceals a fundamental technical impossibility. To inspect content before it is encrypted — the only point at which plaintext is accessible — a scanning agent must operate at the device level. That is client-side scanning (CSS): code installed on your phone that examines content before it leaves your hands. However the government frames it, CSS requires a persistent process with privileged access to a device's camera, storage, and messaging stack.
Section 122 of the Online Safety Act 2023, which came into force on 10 January 2024, already grants Ofcom authority to issue technology capability notices compelling platforms to scan for child sexual exploitation and abuse content. Crucially, the government had previously acknowledged that technically viable scanning of end-to-end encrypted messages 'did not yet exist,' reserving the power to act once compliant technology emerged. Starmer's June ultimatum treats political urgency as a substitute for that missing engineering solution.
Apple Tried This. Apple Stopped.
The clearest precedent for CSS's practical failure is Apple's own abandoned system. In 2021, Apple proposed scanning images on-device against hashed databases supplied by the National Center for Missing and Exploited Children before photos reached iCloud. The system was never deployed. In December 2022, Apple formally concluded the plan was 'not practically possible to implement without ultimately imperiling the security and privacy of users.' That determination came from engineers who control their own silicon, operating system, and cryptographic framework — and who still could not build CSS safely enough to ship.
There is no credible engineering basis for believing Apple or Google can now deliver a UK-compliant version on a three-month government schedule. Signal's statement published the same day as Starmer's announcement — titled 'Surveillance Is Not Safety' — characterises the assumption that encryption can be broken while privacy is preserved as 'magical thinking.' Signal president Meredith Whittaker described the proposed system as 'very dangerous mass surveillance' that would effectively 'phone home' data to governments and tech companies, and warned that scanning infrastructure 'purportedly designed to detect nudity can easily be weaponized by governments for political speech or other content.'
The Infrastructure Outlasts Its Pretext
Signal's deeper concern is not the stated goal but the architecture it creates. Once scanning code is installed at OS level, it does not expire with the policy that commissioned it. The Open Rights Group's 2026 analysis of the Online Safety Act makes this point in direct legislative terms, recommending explicitly that 'Ofcom should not require client-side scanning through the OSA' — on the grounds that the architecture creates reusable surveillance capacity no future government would be required to dismantle.
The European Union confronted precisely this tension through four years of Chat Control negotiations. The EU Parliament's Scientific Service concluded that mandatory CSS would violate Articles 7 and 8 of the EU Charter of Fundamental Rights — the rights to privacy and data protection. The Danish Council presidency eventually abandoned mandatory scanning of encrypted channels under that legal pressure. The revised proposal dropped CSS but retained broad age-verification requirements, illustrating how each compromise still expands the surveillance surface. The UK's response to this history appears to be that Europe simply lacked the political resolve to push through.
Who Bears the Cost
Device-level scanning cannot be surgically targeted at minors. Any system that scans a device scans its owner. Big Brother Watch has characterised the proposal as invoking 'the death of anonymity and internet privacy' for approximately 50 million adult UK internet users who would face population-wide identity checks simply to use their phones. Signal has said it would 'absolutely, 100% walk' from the UK rather than weaken its encryption. That is not a bluff worth testing: Signal, WhatsApp, and iMessage are the communications tools of journalists, abuse survivors, lawyers, healthcare workers, and political dissidents. Degrading them for all users to address harms that determined bad actors can circumvent via offshore or peer-to-peer platforms is neither proportionate nor effective.
Proportionate Alternatives Exist
Effective child protection online does not require universal device surveillance. App stores already control software distribution and can enforce age-verified accounts at the account level without on-device scanning. Ofcom's existing codes of practice require platforms to match uploaded content against known CSAM hashes — a targeted, server-side measure that does not compromise end-to-end encryption. Mandatory fast-track takedown obligations and resourcing of the NCA's CEOP Command address criminal distribution and prosecution without building interception infrastructure.
The government has three months to do the harder work of evidence-based policy. The alternative — mandating surveillance architecture that Apple's own engineers found too dangerous to ship and that Europe's courts found incompatible with fundamental rights — is a deadline that should not be met.