TL;DR: The UK government is pushing Ofcom to investigate encryption backdoors under the Online Safety Act, with a report due April 2026. Sweden's parliament is considering a law requiring messaging apps to store and provide access to user communications, potentially as early as March 2026. Signal's president Meredith Whittaker says the company will leave both countries before it compromises encryption. Apple already buckled, disabling end-to-end encryption for UK iCloud users in February 2025. If you're in the UK or Sweden and use Signal or WhatsApp, the clock is ticking.
Two Countries, One Ultimatum
Two separate governments. Same demand. Give us access to encrypted messages or face the consequences.
In the UK, Ofcom has been tasked with investigating how to break encryption under Section 121 of the Online Safety Act. Lord Hanson of Flint confirmed the timeline in the House of Lords: "We have set a date of April 2026, and we expect to act extremely speedily once we have had the report back" [1].
In Sweden, the government is pushing legislation that would force messaging apps like Signal and WhatsApp to store user communications and hand them over to law enforcement. The bill could take effect as early as March 1, 2026 [2].
Signal's response to both? We'll leave.
Signal Draws the Line
"Signal's position on this is very clear: we will not walk back, adulterate, or otherwise perturb the privacy and security guarantees that people depend on," Signal President Meredith Whittaker said during the RightsCon 25 conference in January 2026 [3].
Whittaker didn't hedge: "We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betraying the people who count on us for privacy, or leaving."
On Sweden, she was equally direct: "In practice, the law would mean that we are being asked to break the encryption that is the basis of our entire business. Asking us to store data would undermine our entire architecture and we would never do that. We would rather leave the Swedish market completely" [4].
This isn't new posturing. Whittaker made the same threat in 2023 when the UK's Online Safety Bill was being debated. Back then, Meta joined Signal in threatening to withdraw WhatsApp from the UK, and the government backed down. Temporarily [5].
Apple Already Caved
Apple chose a different path. In February 2025, the company disabled its Advanced Data Protection (ADP) feature for UK users after the government demanded backdoor access under the 2016 Investigatory Powers Act [6].
ADP provided end-to-end encryption for iCloud backups, photos, notes, voice memos, and nine other data categories. Without it, that data is protected only by "Standard Data Protection." Meaning Apple can access it. Which means the UK government can demand it.
Apple's public statement tried to thread a needle: "As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will."
Technically true. Apple didn't build a backdoor. It just turned off the lock.
The original UK demand was even broader: a secret order requiring Apple to create a backdoor that would provide access to the unencrypted data of any Apple user worldwide [7]. Apple refused that. But instead of fighting, it withdrew ADP from the UK entirely. The company spokesperson Fred Sainz confirmed that current UK users "will eventually need to disable this security feature."
UK iPhone users can still use iCloud Keychain and Health data with end-to-end encryption. Everything else? Not protected anymore.
Sweden's Data Retention Push
Sweden's proposed law goes further than the UK's. It wouldn't just demand access to encrypted messages. It would require messaging apps to store user communications and make them accessible to law enforcement [8].
Justice Minister Gunnar Strömmer argues the measures are "necessary for authorities to carry out investigations effectively." But security experts say what he's asking for is technically impossible without destroying the security model that makes encryption work.
The Swedish Armed Forces (Försvarsmakten) said as much in their official consultation response. According to their assessment, "access requirements in end-to-end encrypted communications cannot be fulfilled without introducing vulnerabilities and backdoors that third parties could exploit" [9].
Read that again. Sweden's own military is telling its government: this will make us less safe, not more.
The Global Encryption Coalition (a network of over 400 organizations including Signal, cryptographers, and security researchers) sent a joint letter to Sweden's parliament in April 2025: "The creation of an encryption backdoor creates vulnerabilities that would leave Sweden less safe against cyber threats and foreign adversaries" [10].
The Riksdag is expected to vote on the bill sometime in 2026.
Why "Just for the Good Guys" Doesn't Work
Every time a government demands an encryption backdoor, they frame it as a targeted tool for catching criminals and terrorists. Just give law enforcement a special key. It'll only be used for the bad guys.
Cryptographers have been explaining for decades why this is fantasy.
A backdoor is a vulnerability. Once it exists, it can be discovered and exploited by anyone: foreign intelligence services, criminal hackers, rogue employees, or whoever finds it first. There's no such thing as a backdoor that only opens for people with good intentions.
As Whittaker put it: "I think we need to be very clear that there's no way to implement a safe backdoor" [3].
A 2021 study by researchers from Cambridge, Johns Hopkins, MIT, Stanford, and other institutions examined "client-side scanning," the technical approach the UK is considering under Section 121. Their conclusion: it "by its nature creates serious security and privacy risks for all society" [11].
Security expert Alec Muffett described Ofcom's backdoor proposals as displaying "a horrifying lack of safety by design" [12].
The technology Ofcom wants doesn't exist without breaking the security model. That's not an engineering challenge waiting to be solved. That's the point.
The UK Watchdog Calls Signal "Hostile"
The UK's National Security Technology Centre, which advises on national security risks from technology, released guidance in January 2026 suggesting that creating apps like Signal or WhatsApp could constitute "hostile activity" [13].
Building tools that protect user privacy is now, apparently, a threat to the state.
This is the framing battle. Governments aren't saying they want to read your messages. They're saying encryption helps terrorists and child abusers, and anyone who builds unbreakable encryption is enabling them.
It's an old playbook. The same arguments were used in the 1990s crypto wars, when the US government tried to mandate the "Clipper chip," a hardware backdoor for all encrypted communications. That effort failed. But the arguments never stopped.
What's Actually at Stake
If Signal leaves the UK and Sweden, millions of users lose access to one of the most secure messaging platforms available. They'll migrate to something else. Maybe WhatsApp, which faces the same pressure. Maybe SMS, which has no encryption at all.
If encryption backdoors become law in the UK and Sweden, the precedent spreads. The EU has been debating similar measures under CSAR (the "Chat Control" regulation). Australia already has encryption-weakening laws. The Five Eyes intelligence alliance has pushed for backdoors for years.
What happens in London and Stockholm doesn't stay there. Every country watching this fight will use the outcome to justify their own demands.
And here's the irony: UK government officials use Signal themselves. Ministers, civil servants, and law enforcement officers rely on encrypted messaging for sensitive communications. Breaking encryption doesn't just affect ordinary citizens. It affects everyone who depends on secure communications, including the people demanding the backdoors.
The Timeline
- February 2025: Apple disables Advanced Data Protection for UK iCloud users
- January 2026: Signal's Meredith Whittaker reiterates exit threat at RightsCon
- March 1, 2026: Sweden's encryption law could take effect
- April 2026: Ofcom encryption backdoor report due to UK government
- 2026: Sweden's Riksdag expected to vote on data retention bill
The deadlines are real. The consequences are permanent.
What You Can Do
If You're in the UK or Sweden
Download Signal now while you still can. If the laws pass and Signal leaves, you won't be able to get it from local app stores. Consider whether you need to set up communications before the deadline. Contact your MP or Riksdag member. These laws aren't passed yet.
Diversify Your Encrypted Tools
Signal isn't the only option. Element (Matrix protocol), Session, and Briar are decentralized alternatives that don't rely on a single company's presence in a market. Learn how they work before you need them.
Support the Organizations Fighting This
The Electronic Frontier Foundation, Open Rights Group (UK), and Global Encryption Coalition are actively fighting these laws. They need funding and public support to keep up the pressure.
Understand What You're Losing
If you're an Apple user in the UK, know that your iCloud backups, photos, and notes are no longer end-to-end encrypted. Consider local backups. Consider what you store in iCloud. The protection you thought you had is already gone.
The Line in the Sand
Apple folded. Signal says it won't.
The UK and Sweden are betting that encryption providers will choose market access over security principles. Signal is betting that leaving those markets will cause enough political backlash to stop the laws.
Someone's going to be wrong. And if Signal leaves and the laws stay, the message to every other encrypted service is clear: there's no market big enough to protect you from government demands.
This isn't about whether you have something to hide. It's about whether secure communication can exist at all. Journalists protecting sources. Activists organizing under authoritarian regimes. Abuse survivors hiding from stalkers. Businesses protecting trade secrets. Ordinary people who just don't want their private conversations readable by anyone with a warrant, or a hack.
Once the backdoor exists, it exists for everyone.
References
- Computer Weekly - Privacy Will Be Under Unprecedented Attack in 2026
- The Record - Swedish Authorities Seek Backdoor to Encrypted Messaging Apps
- TechRadar - Signal Would Rather Leave the UK and Sweden Than Remove Encryption Protections
- Infosecurity Magazine - Signal May Exit Sweden If Government Imposes Encryption Backdoor
- TechCrunch - Meredith Whittaker Reaffirms Signal Would Leave UK (September 2023)
- TechCrunch - Apple Pulls iCloud End-to-End Encryption for UK Users (February 2025)
- Computer Weekly - Apple Withdraws Encrypted iCloud Storage from UK
- TechRadar - Experts Urge Swedish Parliament to Reject Encryption Backdoor Law
- Digital Watch - Sweden Considers Law Requiring Encrypted Messaging Backdoors
- Cyber Insider - Global Coalition Warns Sweden Against Encryption Backdoor Legislation
- Proton - The Online Safety Act Doesn't Protect Encryption
- Reclaim The Net - UK Orders Ofcom to Explore Encryption Backdoors
- TechRadar - Creating Apps Like Signal Could Be 'Hostile Activity' Claims UK Watchdog