← May 8, 2026
society power

Meta Killed Instagram's Encryption. The Reason It Gave Is the Cover Story.

Meta Killed Instagram's Encryption. The Reason It Gave Is the Cover Story.
BBC News

What happened

Meta removed end-to-end encryption from Instagram's direct messages today, May 8, 2026, globally. The feature, introduced less than two years ago, had been opt-in and available to about 1 billion users. Meta's stated reason was low adoption rates; it directed privacy-sensitive users to WhatsApp instead. The change means Instagram messages are now stored on Meta's servers and can be read by Meta, scanned for content, and handed to law enforcement with a valid legal order. The removal coincides with Meta's ongoing judicial review challenge against Ofcom over fee calculations under the UK's Online Safety Act, which took effect in July 2025 and can fine companies up to 10% of global revenue.

Meta didn't remove Instagram's encryption because users didn't want it. Meta removed it because European regulators made keeping it expensive, and the company decided its legal fight was better fought without the complication.

The Hidden Bet

1

Meta's stated reason, low user adoption, is the actual reason

The timing is exact: the encryption removal lands on the same day Meta is challenging Ofcom in court over Online Safety Act fees. The Online Safety Act explicitly requires platforms to detect and remove CSAM and other harmful content, which E2EE makes technically impossible. Removing encryption resolves a compliance conflict that could otherwise result in a UK ban or nine-figure fine.

2

WhatsApp remains fully encrypted and therefore users have a safe alternative

WhatsApp is also under the UK Online Safety Act and the EU's Chat Control proposals. The same regulatory pressure Meta is responding to on Instagram will eventually reach WhatsApp. Directing users to WhatsApp may be a temporary bridge while Meta works out how to satisfy regulators there too.

3

This affects only Instagram users who opted into E2EE

Meta has not clarified what happens to message metadata, message timing patterns, and contact graphs. Even without reading message content, the platform retains surveillance capacity that opponents of E2EE consider significant.

The Real Disagreement

The genuine fork here is whether encryption is a privacy right or an obstruction. Regulators and law enforcement across the UK, EU, and US argue that absolute encryption makes platforms unaccountable for the harm that happens on them: CSAM, trafficking, terror planning. Privacy advocates argue that any back door or removal of encryption is a back door for everyone, including abusive governments and hackers. Meta's move is a concrete resolution of that conflict in favor of government access. The issue is that 'we can comply with lawful orders' sounds reasonable until you map it across the 50-plus legal jurisdictions where Meta operates, several of which would use that access for political repression. Meta has chosen not to draw that line.

What No One Is Saying

The Online Safety Act's fine structure, up to 10% of global qualifying revenue, makes encryption a financial risk at a scale Meta cannot absorb by fighting each case individually. The removal of Instagram E2EE is not a privacy policy decision. It is an accounting decision disguised as one.

Who Pays

Domestic abuse survivors, activists, and journalists in high-surveillance countries

Immediate and ongoing wherever Instagram operates in legally permissive environments

Instagram DMs were not primarily used by dissidents, but they were used. Legal requests from authoritarian governments to Meta are now more likely to succeed, and the information retrieved can be used to identify, track, or prosecute individuals.

Signal and WhatsApp's user bases

Medium-term, as the EU Chat Control debate resumes with a concrete precedent from Meta

Every platform that drops encryption under regulatory pressure increases pressure on the holdouts. Signal in particular operates with no commercial revenue and no regulatory accommodation strategy, making it the next obvious target.

Meta's users who didn't know

Already happening as of today

The removal was announced in March via a Help Center page update. No push notification, no prominent in-app warning, no campaign. Users who assumed their DMs were private are now exposed without knowing it.

Scenarios

Regulatory domino

Meta's removal gives regulators a clear success to point to. EU Chat Control proponents accelerate their push. WhatsApp faces mounting pressure to do the same. Within 18 months most major platforms have retreated from default encryption.

Signal Watch for EU Parliament to advance Chat Control vote with explicit reference to Meta's precedent.

Meta wins the Ofcom case, reinstates encryption

If the judicial review succeeds in reducing Ofcom's fee base from global to UK-only revenue, the fine risk drops dramatically. With reduced regulatory exposure, Meta could reintroduce encryption as a PR move. The reversal would be framed as a win for user privacy.

Signal Ofcom case outcome, expected by end of 2026. Watch for Meta privacy policy updates in the month after the ruling.

Targeted harm incident on Instagram DMs

A high-profile case emerges of a domestic abuse victim, activist, or journalist whose Instagram messages were shared with a government or used against them. Becomes a concrete example of the cost of removing encryption.

Signal Legal cases or journalist investigations citing Instagram DM records obtained via government legal process.

What Would Change This

If Meta published the specific regulatory demand that triggered the removal, or if the Ofcom legal filing contained explicit language about E2EE compliance conflicts, it would confirm the stated reason is a cover story. Alternatively, if user counts on WhatsApp spike measurably after today, it would suggest at least some users understood what changed.

Sources

BBC — Describes the removal as a major U-turn from Meta, which previously championed E2EE as 'the gold standard for user privacy.' Notes that law enforcement has long opposed the feature, and that Meta gave no prominent in-app warning before the change.
The Next Web — Covers Meta's simultaneous judicial review of Ofcom's fee calculation under the Online Safety Act, framing the encryption removal and the legal challenge as two sides of the same negotiation with UK regulators.
Gizmodo Tech — Technical breakdown of what changes: messages now stored on Meta's servers, readable by Meta, legally requestable by governments. Notes the removal was announced in March via a Help Center update most users never saw.
Stratnews Global — Frames the move as part of a broader platform trend away from privacy features under regulatory pressure, connecting it to similar retreats in Australia and France.

Topics

Meta Instagram encryption privacy UK Online Safety Act

Related

power

New Mexico Wants to Redesign Instagram. Meta Says It Will Leave the State First.

 power

New Mexico Wants to Redesign Instagram. Meta Wants to Leave the State Instead.

 power

Meta Threatens to Shut Down in New Mexico Rather Than Protect Kids

 power

Instagram Cracks Down on Reposts the Same Week ADL Finds It Fails to Remove 93% of Hate Content