UK Directs Ofcom to Assess Compulsory Scanning of Encrypted Messages

TL;DR

The UK government has confirmed plans to empower Ofcom to require messaging services to run accredited scanning technology on user devices before messages are encrypted. Ofcom is expected to publish a report by April 2026, followed by a consultation and further government action.

What happened

The UK government has signalled it will give communications regulator Ofcom powers under the Online Safety Act to require messaging platforms to install "accredited technology" that scans user content on devices prior to encryption. The measure, framed in the source as client-side scanning, would be applied across services that enable private messaging — the article names platforms such as Facebook Messenger, Signal and iMessage as examples. Officials in the House of Lords discussed the timetable: Lord Hanson of Flint said Ofcom should complete a report by April 2026 and that the regulator would act quickly afterward. Other peers urged rapid rollout and described technologies such as "upload prevention technology" intended to stop harmful content from being shared. The source also relays concerns that a scanning infrastructure designed for specific harms could later be expanded to other categories of content.

Why it matters

• Client-side scanning would change how end-to-end encryption operates by inspecting content before it is encrypted on a device, according to the source.
• Compelling platforms to implement device-level scanning raises privacy and civil liberties questions addressed in the article.
• A mandated scanning system could create durable technical infrastructure that might be repurposed for additional types of content over time, per the source.
• The regulator-led approach shifts enforcement responsibilities from platforms to a state-backed technical requirement.

Key facts

• The policy route uses powers in the Online Safety Act, referenced in the source as Section 121.
• Ofcom is expected to be authorised to compel services to deploy "accredited technology" to scan messages on users' devices.
• The scanning approach described in the article is client-side scanning — inspecting content before it is encrypted.
• Examples of services mentioned in the source include Facebook Messenger, Signal and iMessage.
• The government framed initial targets for scanning as terrorism content and child sexual abuse material.
• Lord Hanson of Flint set an internal date for Ofcom's report of April 2026.
• After the report, the source says a consultation will follow and the Home Office intends to move quickly.
• Baroness Berger promoted "upload prevention technology" and accused tech companies of misrepresenting the feasibility of scanning encrypted messages, per the source.

What to watch next

• Ofcom's report, due by April 2026, which the source identifies as the next formal milestone.
• The subsequent public consultation the source says will follow the report.
• The Home Office's planned speed of implementation after the consultation, as described in the source.
• Whether legal or industry responses emerge to challenge or adapt to the requirement — not confirmed in the source.

Quick glossary

• Ofcom: The United Kingdom's communications regulator responsible for broadcasting, telecoms and online safety regulation.
• Client-side scanning: A method that inspects messages or files on a user's device before those items are encrypted or sent.
• End-to-end encryption: A system where only the communicating users can read the messages; intermediaries cannot decrypt the content in transit.
• Online Safety Act: UK legislation referenced in the source that sets regulatory powers and duties for online platforms; Section 121 is cited in relation to scanning powers.
• Upload prevention technology: A term used in the source to describe technology intended to block harmful content from being uploaded or shared.

Reader FAQ

Will Ofcom be able to force apps to scan all messages?
The source states the government plans to give Ofcom authority to require services to install accredited client-side scanning technology, which would inspect messages on devices before encryption.

What kinds of content would be targeted?
The article identifies terrorism-related content and child sexual abuse material as initial targets mentioned by officials.

When will this take effect?
Ofcom is expected to produce a report by April 2026, followed by a consultation; the source says the Home Office intends to act quickly afterward.

Which messaging apps will be affected?
The source names Facebook Messenger, Signal and iMessage as examples, but does not provide a comprehensive list.

Are legal challenges or industry responses expected?
Not confirmed in the source.

Open Subscribe Fight censorship and surveillance. Reclaim your digital freedom. Get news updates, features, and alternative tech explorations to defend your digital rights. Join January 8, 2026 7:14 PM ET…

Sources

• UK Orders Ofcom to Explore Encryption Backdoors
• Ofcom Illegal Harms Consultation Online Safety Act
• The UK's Online Safety Act explained: what you need to know
• The Online Safety Act doesn't protect encryption, but Ofcom …

Related posts

• OpenAI reportedly asks contractors to submit actual work from past jobs for training
• FCC Approves SpaceX Plan to Launch 7,500 More Gen2 Starlink Satellites
• Indonesia Temporarily Blocks Grok amid Surge of Sexualized Deepfakes