Authored by Steve Watson via Modernity,

New measures would compel client-side inspection of every photo, video and message on devices, escalating the digital ID lockdown already plotted for British smartphones in coordination with major technology firms.

Privacy advocates warn the "child safety" framing masks a broader drive to turn personal phones into mandatory surveillance endpoints, with criminal penalties aimed at any executive who resists.

Reclaim The Net, an organization dedicated to countering online censorship and digital surveillance, flagged the draft legislation in recent updates.

The group described how UK authorities are preparing to imprison tech executives for up to five years under the Online Safety Act if companies refuse to build and deploy scanners capable of reviewing every piece of content on user devices.

The push targets expanded "client-side scanning" features, requiring devices to inspect material before it is sent or received.

Existing tools from Apple and Google, such as nudity detection in Messages or sensitive content warnings, would be broadened into comprehensive, always-active systems. Non-compliance would trigger direct penalties against company leadership rather than the firms alone.

Former Home Office safeguarding minister Jess Phillips, who resigned in May, had publicly pressed for faster action. She stated it had taken a year to secure agreement even to threaten legislation in this space and expressed frustration that promised timelines kept slipping, questioning how many children had gone without protections while focus remained on tech company objections.

This scanning requirement advances the same agenda detailed in earlier reporting on UK government plans to tie smartphone access to digital identification. Under those proposals, full device functionality would depend on users submitting verified government ID during setup or ongoing use, often through biometric checks such as video selfies paired with document scans.

Without compliance, devices would default to restricted child-locked modes, limiting core features like unrestricted messaging, streaming and browsing. The approach effectively creates a chokehold on software and internet access for anyone unwilling to submit to centralized identity verification.

Google has already begun rolling out digital ID support in the UK via Google Wallet on Android devices. Users can add verified copies of passports or other documents after completing a short video selfie and ID scan.

The feature aligns with Online Safety Act age checks and is being explored for wider certification under the government's digital identity trust framework, including potential use for age-restricted purchases.

Apple has implemented parallel restrictions on iOS in Britain, forcing age confirmation steps that previously caused major disruptions for millions of users.

Silkie Carlo of Big Brother Watch condemned the direction. "Protecting children online is vital, but these are outrageous plans that will fail to address the underlying causes of online harm," she said. "This will only result in population-wide ID checks for all of us to use our phones, tablets and laptops."

Carlo added: "Put simply, the Labour Government is introducing ID checks for the internet. No one in a democracy should need to show their passport just to get online."

She noted that the measures substitute performative government control for genuine parental responsibility, with children easily circumventing restrictions by using adult-registered devices. For adults, the backdoor digital ID requirement would mark "the death of anonymity and internet privacy."

GrapheneOS, the open-source privacy and security hardened mobile operating system, has laid bare how Apple and Google are weaponizing hardware-based attestation to eliminate competition and lock users into their approved devices and operating systems.

Governments are actively accelerating this lock-in. The EU and other authorities are mandating Apple and Google attestation for digital payments, government ID systems, age verification and banking apps, forcing citizens onto approved hardware and OSes just to access essential services.

The new jail threat for non-compliant executives directly operationalizes long-standing intelligence priorities. Client-side scanning has been a GCHQ ambition for years. Once embedded through regulatory compulsion, the technology sits inside every device and can analyze content before encryption takes effect.

Proponents present it as narrowly focused on blocking child sexual abuse material or grooming. The underlying code, however, supports expansion to any content category authorities later designate as prohibited, with updates pushed remotely and without fresh legislation or user consent.

This fits the wider digital ID infrastructure already under construction. The government's One Login platform and planned GOV.UK Wallet aim to centralize identity verification across services, incorporating biometric data, comprehensive audit trails and permission frameworks that can deny access to jobs, purchases or other functions based on compliance status.

Private discussions have included assigning digital IDs to newborns alongside health records, modeled on systems like Estonia's, creating cradle-to-grave profiles from the moment of birth registration.

Officials repeatedly frame these steps as essential child protection. Yet the architecture prioritizes mass data collection and device-level access over precise interventions.

Real exploitation concerns persist, but the chosen tools create permanent surveillance capacity that can be repurposed far beyond the initial justification.

The same political class overseeing high migration levels and repeated institutional failures around grooming scandals now demands ever-deeper monitoring tools.

International parallels reinforce the pattern: global digital identity blueprints promoted through bodies such as the World Health Organization, with backing tied to entities like the Gates Foundation, outline interoperable systems for lifelong tracking from birth, integrating personal data with socioeconomic details and enabling AI-driven behavioral conditioning around services, information and compliance.

In Britain, phone-based digital ID combined with mandatory scanning forms interlocking pieces of this apparatus. What begins as age verification or content filtering quickly becomes the technical foundation for conditioning everyday access to communication and information.

Reclaim The Net has tracked these developments closely, cutting through official language to highlight how incremental demands on technology providers accumulate into fundamental losses of individual control over personal devices.

Privacy-first messaging technology company Signal has issued a direct rebuke of the UK government's scanning demands, charging that the UK government plans on "using a dystopian combination of age verification and content scanning," that "will not safeguard children," adding that "It endangers us all."

The company makes clear that forcing client-side scanning across every device, paired with the age verification and digital ID mechanisms already in motion, creates a system that cannot be limited to its stated purpose. Once the technical capability exists to inspect all photos, videos and messages on phones before encryption, the architecture stands ready for expansion far beyond nudity detection.

This position from Signal carries particular weight. The app's entire model rests on unbreakable encryption that keeps even the company itself from accessing user communications. Mandatory device-level scanning directly undermines that foundation, turning every smartphone into a potential informant regardless of which secure app a user chooses.

While ministers insist the measures target predators, Signal and other privacy advocates recognize the inevitable outcome: a surveillance apparatus that endangers the privacy and security of the entire population.

Companies that refuse to weaken their products face the newly proposed criminal penalties against executives, while those that comply hand the state a backdoor into every device.

Threatening prison time for executives who refuse to weaken device security or encryption sends a clear signal. Global technology companies operating in the UK face direct coercion to embed features that compromise user privacy for everyone, not merely targeted suspects.

Britain edges closer to pioneering one of the most restrictive internet regimes among democratic nations, where routine phone use requires submission to centralized identity systems and preemptive content inspection. History shows such infrastructures rarely remain limited to their stated initial purposes.

Genuine protection of the vulnerable rests on strong families, community standards and focused law enforcement, not universal device spying sold as safety. The current trajectory constructs the mechanisms for expansive state oversight while eroding the private sphere that has long defined free societies.

As draft laws move from discussion to enforcement with criminal penalties attached, the opportunity to halt this digital chokehold narrows. Defending the principle that individuals retain sovereignty over their own phones and communications is now central to preserving liberty in an age of accelerating technological control.