Decoding the world of cybersecurity

UK pushes device-level safety controls

The UK government has given Apple and Google three months to implement device-level nudity blocking for children, raising wider questions about endpoint controls, privacy, and platform accountability.

UK pushes device-level safety controls
Summary
  • The UK government says Apple and Google must activate or implement device-level protections to detect and block nude images for children.
  • Ministers have threatened legislation, fines, and possible criminal liability if companies do not act within three months.
  • The proposal raises platform-security, privacy, age-assurance, and product-governance questions across smartphones, operating systems, and device supply chains.

The UK government has told Apple and Google to implement device-level protections that detect and block nude images for children on smartphones and tablets, opening a new regulatory front around endpoint safety, platform accountability, and age-assurance technology.

The Home Office set out the plan on 8 June, giving major technology companies three months to act before the government brings forward legislation. The measures would apply to UK devices, including existing and newly sold smartphones and tablets. Future legislation could cover operating system providers and other parts of the supply chain, including retailers.

Ministers are presenting the proposal as a way to prevent children from taking, sharing, or viewing nude images on their devices. Adults would still be able to access adult content through an age verification process. The government said companies must introduce these measures without threatening privacy or collecting data, with blocking controls operating across apps and services.

The proposal builds on existing industry controls and earlier UK online safety work. The government said Apple has already introduced age checks for iPhone users in the UK and activated some safety features by default for users not verified as over 18. Ministers argue those measures remain too narrow because nudity detection is not applied across the camera, wider apps, third-party messaging services, or search functions.

Under the government’s preferred model, protections would be switched on by default for every child on every device. If companies do not act, ministers say legislation will follow, including fines. The Home Office also said criminal liability for technology executives is being explored as a last resort.

The proposal moves online safety obligations closer to the operating system and device layer, rather than leaving them mainly with social media platforms or messaging services. That changes the control point and creates harder technical questions about how devices classify content, how age status is established, how decisions are audited, and how privacy claims are verified.

Client-side detection remains a contested area because it can sit uneasily beside encryption, device autonomy, and concerns about function creep. The government’s statement says companies must not collect data and must not threaten privacy, but the enforcement detail will shape how those safeguards are tested. A narrow child-protection control and a broader precedent for mandated on-device scanning could look similar at the architecture layer unless oversight is precise.

The supply chain dimension also deserves close attention. If legislation reaches operating system providers, retailers, and others involved in device availability, compliance may not rest only with Apple and Google. Manufacturers, distributors, mobile operators, app developers, identity providers, and age-assurance vendors could all be drawn into the operating model. Responsibility for failures, false positives, bypasses, and appeals would need to be clearly assigned.

Large employers and regulated organisations may see limited immediate operational impact, although the policy direction is relevant to wider technology governance. Governments are increasingly willing to impose design-level duties on technology providers where platform behaviour has social, safety, or security consequences. The UK’s Online Safety Act has already moved responsibility up the digital services stack. This proposal pushes responsibility down into the device itself.

The government said it will publish its response to the consultation on children’s use of social media after receiving more than 100,000 responses. That response should clarify whether the device-level proposal remains a targeted child-safety intervention, or becomes part of a broader UK model for age assurance, endpoint control, and technology executive accountability.

×