Prime Minister Keir Starmer gave tech companies until early September 2026 to build device-level nude image blocking into phones and apps, or face new legislation. Signal calls the underlying technology a foundation for mass surveillance, and compliance teams at Apple, Google, and others now face a hard choice with no statutory text to work from yet.
The UK government has put tech companies on notice. On Monday, June 8, 2026, at London Tech Week, Prime Minister Keir Starmer announced that Apple, Google, Microsoft, and other platform operators have roughly three months to make it technically impossible for children to take, share, or view nude images on their devices. If they decline, the government says it will legislate.
For compliance officers tracking UK online safety obligations, this is a directive without a statute behind it yet. There is no new act, no published regulation, and no formal effective date. What exists is a political ultimatum with a soft deadline of early September 2026 and a clear signal of legislative intent if the industry does not act voluntarily. That ambiguity is itself the compliance challenge.
What the government is actually asking for
The demand is specific in its goal and vague in its mechanism. The government singled out Apple and Google, requiring both to block nudity by default across their platforms. That scope is broad. It covers device cameras, third-party apps, and messaging services. The stated design is a nude-block-by-default model: the block is on for everyone, and adults can lift it by verifying their age.
In Starmer's words: "That is why I'm making sure Britain is the first country in the world to make it impossible for children to take, share or view nude images. And I expect tech firms to make that happen. But if they choose not to, then we will act and change the law."
The technology underpinning this is client-side scanning, which runs content checks on the user's own device rather than on a server. Supporters present it as a privacy-preserving compromise because the image data never leaves the phone. There are two common implementations. The first compares image hashes against a database of known objectionable material, the approach used for detecting previously catalogued child sexual abuse material. The second uses on-device AI models to classify content, which is necessary to catch new images that have never been hashed before. The nude-block-by-default proposal points toward the AI classification approach, since blocking a child from taking a new photo cannot rely on a database of pre-existing images.
Why Signal says this endangers everyone
Signal, the encrypted messaging platform, issued a public statement arguing the plan "will not keep children safe" and instead "endangers us all." The company's objection is structural rather than rhetorical. Client-side scanning breaks the trust model of end-to-end encryption even when message content is never transmitted to a third party. Once a device is scanning content before or after encryption, Signal can no longer truthfully claim that a message stays only between sender and receiver.
The deeper concern is scope creep. Signal argues that the same scanning mechanism, once installed, can be quietly repurposed. The on-device model or hash database has to be updated to stay current, which means new definitions of prohibited content can be pushed to devices at any time. A system built to flag nude images of children could, with a model update, be configured to flag messages criticizing the government. Signal's words: "Once created, they will be expanded, forming a dangerous tool that will be wielded both in the UK and abroad to censor and surveil whatever they might consider 'threats' or 'harmful content.'"
There is also a concrete security argument. The update channel that delivers new scanning models or databases becomes a new attack surface. An adversary who compromises that channel could manipulate what devices flag or block. And because matches could in principle be reported back, authorities could gain a mechanism to identify which device holds flagged content, which is the building block of targeted surveillance.
The regulatory pattern this fits into
This announcement does not arrive in isolation. It extends a line of UK measures that privacy advocates have consistently opposed. The Investigatory Powers Act, known colloquially as the Snooper's Charter, was framed as enabling lawful interception to prevent terrorism, but critics say it lets public bodies access calls and texts far more broadly. The Online Safety Act imposed duties on platforms to keep children away from online harms, and digital rights groups argue it functions as a censorship framework. Enforcement under the OSA is already active. Ofcom has been fining 4chan over its refusal to acknowledge the act applies to it.
The same device-scanning debate is playing out across Europe. Germany recently blocked the EU's Chat Control proposal, which would have mandated similar scanning. Signal has previously said it would withdraw from Sweden if encryption-busting laws took effect, and it raised the same concern over a Canadian bill that would compel platforms to collect user metadata. Poland has directed officials to stop using Signal in favor of a state-built alternative. The UK proposal sits inside this wider contest over whether device-level scanning is compatible with encrypted communication at all.
What compliance teams should do now
There is no statutory deadline to calendar yet, but the practical timeline is clear. The three-month window runs to approximately early September 2026. Treat that as the point at which voluntary compliance expectations harden into likely legislative action.
The immediate steps are preparatory rather than implementational. Map where in your products any image capture, storage, or transmission occurs, because the proposed scope covers cameras, third-party apps, and messaging at the device level. Identify which of your systems rely on end-to-end encryption guarantees, since those are where client-side scanning creates the sharpest conflict between a stated privacy promise and the proposed obligation. Document your age-verification capabilities, because the default-on model depends on a reliable way for adults to lift the block, and age verification carries its own data protection exposure under UK GDPR.
Watch for the form any future legislation takes. The difference between a hash-database approach for known material and an AI-classification approach for new images matters enormously for risk. The classification model carries higher false-positive risk and a broader surveillance potential, both of which feed directly into data protection impact assessments.
Signal, for its part, has not threatened to leave the UK over this, unlike its stance in Sweden and Canada. The company instead called for public funds to be directed toward education, social services, and guardrails on AI platforms rather than mandatory device scanning. Whether that argument shifts the government's position will become clear by autumn. Until then, the prudent posture is to prepare for an obligation that does not formally exist yet but has been announced with unusual specificity about who must comply and how soon.
Comments
Please log in or register to join the discussion