Sir Keir Starmer has given Apple and Google three months to build scanners that review every photo, video, and message on UK phones, with the threat of criminal liability for executives who refuse to comply. The prime minister set the deadline in a June 8 speech at London Tech Week. He framed it as the first step toward making Britain the first country where children cannot take, share, or view nude images on a device.
Critics call the same technology a foundation for device-level mass surveillance. It builds on the Online Safety Act, on Apple’s quiet removal of iCloud end-to-end encryption from the UK in February 2025, and on a digital identity layer the government has been wiring into phones for the past year.
The Three-Month Deadline
“Tech companies like Apple and Google have three months. Activate safeguards on smartphones and tablets to detect and block nude images for children or we will bring forward legislation to force you to do so.” The Home Office’s direct message to the industry on June 8, posted on X, carried the urgency of an enforcement deadline rather than a consultation, and laid the political track for the prime minister’s speech a few hours later.
Starmer used the London Tech Week stage to spell out the consequences: the government will bring forward legislation if companies do not act voluntarily within three months, and that legislation will include fines for companies, with “nothing off the table, and as a last resort we are exploring criminal liability for tech bosses who fail to comply,” according to the government’s June 8 child safety plan. The measures would apply to UK devices, both existing and newly sold smartphones and tablets, and could cover operating system providers and others in the supply chain, including retailers.
Google’s only public response has been a statement that it is “deeply committed to protecting children online” and “working constructively with UK partners to find effective, privacy-preserving solutions that deter the spread of harmful content while ensuring a safe digital environment for young people.” Apple has not responded to comment requests, per the three-month deadline and Apple’s existing safety features. Google frames its position that way in a single public statement issued on the same day as the announcement.
The justification leans on a single stat: 91% of online child sexual abuse reports recorded in 2024 contained self-generated content from children themselves, and the average child now views pornography by the age of 13, according to the government’s published figures.
- 3 months: deadline for Apple and Google to activate broader on-device scanning
- 91%: share of 2024 online child sexual abuse reports that contained self-generated content
- 13: average age at which UK children first view pornography, per government figures
- 52%: share of all child sexual abuse cases involving children aged 10 to 17 offending against other children
- 39%: share of UK teenagers aged 13 to 17 who experienced emotional or physical abuse from a partner
What the Government Wants Activated
Both companies already ship on-device features that detect and warn about nudity in messages for children, with Apple’s Communication Safety blurring explicit images in Messages, AirDrop, and FaceTime for under-18s with a Child Account, and Google’s Android settings doing the same for supervised users. Neither tool blocks the content; both warn or blur.
Those features are not what the government is asking for. Under the new plan, Big Tech companies must activate built-in features or implement technical solutions on smartphones and tablets to detect and block nude images for children across the whole device by default, so they can only be deactivated via age assurance. The nudity detection must extend to the camera, to third-party messaging services, and to search functions, the government said, areas where Apple’s current system does not reach.
| Tool | What it does | What the government wants |
|---|---|---|
| Apple Communication Safety | Warns on nudity in Messages, AirDrop, FaceTime for Child Accounts | Extend to camera, third-party apps, and search; block by default |
| Google Messages | Blurs nudity for supervised users on Android | Activate by default and broaden across the device |
| SafeToNet HarmBlock | On-device AI that blocks nude content and disables the camera when a child is detected | Cited by government as the model for what is technically feasible |
Adults will still be able to take, share, or view adult content by providing proof of age. That age verification is the piece critics say quietly turns the scanner into something larger, since it requires the same device that scans content to also verify the identity of the person behind the screen.
A Fight That Has Been Building for Years
- 2023: The Online Safety Act passes, including Section 122, which authorises client-side scanning of private messages for child sexual abuse material and terrorism content.
- 2023: WhatsApp and Signal publicly threaten to leave the UK rather than comply with Section 122; the government pauses the scanning requirement pending “technical feasibility.”
- 21 February 2025: Apple removes Advanced Data Protection, its end-to-end iCloud encryption layer, from UK users after a Home Office Technical Capability Notice under the Investigatory Powers Act.
- May 2026: Labour safeguarding minister Jess Phillips resigns, accusing Starmer of being slow to threaten legislation on the same scanning technology.
- 8 June 2026: Home Office gives Apple and Google a three-month deadline to activate broadened on-device scanning, with criminal liability for executives if they refuse.
The pattern on the government’s side has been to build the legal tools first, then wait for the technology to catch up, then turn the screws when both pieces are in place. The Online Safety Act gives Ofcom the duty. Section 122 authorises the scanner, and the Investigatory Powers Act grants the Technical Capability Notices, while the June 8 announcement is the next layer: the threat of criminal liability for executives at companies that do not build the technology the law has been authorising since 2023.
Apple is now fighting the 2025 iCloud order in court, with the trial ongoing. Signal’s position, written by president Meredith Whittaker in 2023 and reaffirmed on June 8, has been consistent: “encryption is either broken for everyone, or it works for everyone. There is no way to create a safe backdoor.”
The Industry Pushes Back
Signal, the encrypted messaging app whose entire product rests on communications that even the company cannot read, responded the same day. “Our statement on the UK government’s demand that all content on all devices sold or used in the country be scanned, on the presumption of nudity, using a dystopian combination of age verification and content scanning,” the company wrote on X, linking to Signal’s four-page statement on UK surveillance. The statement warns that the architecture cannot be limited to its stated purpose.
This proposal will not safeguard children. It endangers us all.
Signal’s position carries weight the big platforms cannot easily match. Its protocol underpins WhatsApp, Facebook Messenger’s secret conversations, and Skype, and the company’s nonprofit structure means it cannot be bought off with a UK-only accommodation.
In London, Big Brother Watch’s director Silkie Carlo struck a similar note. “Protecting children online is vital, but these are outrageous plans that will fail to address the underlying causes of online harm,” she said in Big Brother Watch’s June 8 press response. “Put simply, the Labour Government is threatening ID checks for the internet. No one in a democracy should need to show their passport just to get online.” The Open Rights Group’s James Baker went further: “This would turn every phone into a surveillance device.” The government denies the move amounts to surveillance. Inside the child safety world, the reaction ran warmer. The NSPCC called it a “major step forward” and said “time is up for big tech,” while the Internet Watch Foundation said on-device protections are a “pivotal part” of a coordinated, multi-layered approach to safeguarding children online.
Why the Safeguarding Minister Quit in May
The political pressure inside government has been building for a year. Jess Phillips resigned as safeguarding minister at the Home Office in May 2026, accusing Starmer of being slow to threaten legislation on preventing children taking naked images of themselves, despite the technology being available. She had publicly questioned how many children had gone without protections while focus remained on tech company objections.
Phillips’ departure, the second cabinet exit in a week over the government’s broader handling of child safety, cleared the way for the more aggressive posture Starmer took at London Tech Week. He framed the three-month deadline as a moral test: “When it comes to the safety of our children, standing by is not an option. Nobody gets a free pass.”
The Digital ID Architecture Underneath
Carlo’s warning about “ID checks for the internet” is not rhetorical. The same set of policies the government is now extending to device content already requires age verification to access adult content online, and the new rules would tie that verification to the phone itself. “Unless you submit to intrusive identity checks when setting up your phone or computer, there will be a chokehold on your software and internet access leaving you with a child-locked device,” Carlo said, adding that planned restrictions on messaging, streaming, and browsing raise the potential of spyware in pockets that will be exploited for other purposes before long.
For the UK’s 50 million adults using the internet, Carlo said, “this backdoor digital ID requirement would invoke the death of anonymity and internet privacy.” That number matters because the same adults are the population the government’s digital identity trust framework is being designed to enrol, with Google already rolling out digital ID support in the UK via Google Wallet on Android and Apple implementing parallel age-gating on iOS in Britain.
Client-side scanning, age verification, and a phone-anchored digital identity are built to work as a single system. The scanner checks content. The age check ties content rules to a verified identity. The digital ID layer makes that identity portable across every government and private service that opts in, and the child-safety framing gives political cover for a system that has been under construction since the Online Safety Act passed in 2023.
What Refusal Would Cost
If Apple and Google do not voluntarily activate the broadened safeguards, the government has signalled legislation if companies do not act within three months. Companies that fail to comply under existing Online Safety Act rules already face fines of up to £18 million or 10% of revenue, whichever is greater, with that ceiling written into the Act. The new criminal liability for tech bosses would sit on top of those corporate penalties, which is the layer the June 8 announcement introduced. The June 8 criminal-liability threat is the second UK attempt to put tech executives personally at risk; a previous UK amendment on tech exec liability for non-consensual intimate image abuse has already moved through Parliament and sets the template for the personal-penalty route the child-safety push now borrows.
Neither company has signalled a willingness to weaken product security in the way the government is now demanding. Apple’s existing Communication Safety feature, the only on-device nudity detection the company has built, runs locally and does not break end-to-end encryption, but the government’s demand to extend it to the camera and to third-party apps would require new architecture. Signal has said it will not comply, and would rather leave the UK market than build the scanner. WhatsApp’s position, last stated in 2023, was the same. The clock starts now.
Frequently Asked Questions
What is client-side scanning?
Client-side scanning is technology that analyses photos, videos, and messages directly on a device, before they are encrypted or after they are decrypted, to check them against a database of banned content. The UK government wants this scanning to run continuously on UK phones, covering every app, extending beyond Messages, and tied to a verified user identity.
Will my phone be affected?
The proposed rules would apply to both existing and newly sold smartphones and tablets used in the UK, regardless of the owner’s age. Adults who verify their age could disable the nudity-blocking features, but the verification step itself would happen on the same device that runs the scanner.
What happens if Apple and Google refuse?
The government has said it will bring forward legislation imposing fines and, as a last resort, criminal liability for executives. Existing Online Safety Act fines already reach £18 million or 10% of global revenue, whichever is higher. The June 8 announcement is the deadline, not the law.
Is this only about protecting children?
Child safety is the stated justification and the political trigger. The technology the government is asking companies to build, device-level scanning tied to a verified user identity, would also be the technical foundation for inspecting any category of content the government later designates as prohibited, with updates pushed remotely and without fresh legislation, Signal and other privacy advocates argue.
