UK Gives Apple and Google 3 Months on Child Nude Images

Prime Minister Keir Starmer has issued a formal three-month ultimatum to Apple, Google, and other device makers to ensure children in the UK cannot take, send, or view nude imagery on their smartphones and tablets — warning that legislation with potential criminal liability will follow if they refuse.

Self-Generated Content Has Reshaped the Threat Landscape

The announcement, made at London Tech Week on June 8, 2026, draws on a specific and significant shift in how child sexual abuse material originates. According to figures cited by the government, 91% of online child sexual abuse reports recorded in 2024 involved self-generated content — images and video created by children themselves, typically under coercion or following online grooming. The scale of the problem has moved policy focus away from external predators distributing content and toward the devices children carry.

A separate figure cited alongside the policy announcement places the average age at which a child in the UK first encounters pornography at 13. Together, the two numbers underpin the government's case that passive or opt-in parental controls are insufficient and that device-level defaults need to change.

The following two figures, drawn from the source material supporting this announcement, illustrate why the policy is framed as a device-default problem rather than a content-moderation problem.

The Three-Month Window and What Compliance Requires

The government's ask is deliberately structured to prefer industry cooperation over legislation, while making the legislative path explicit. Apple, Google, and other operating system and device providers have three months to either activate existing built-in protections or update their software to ensure that nude imagery is blocked for all users identified as under 18. Crucially, the protections must be switched on by default — not available as a parental opt-in.

Apple already operates a feature called Communication Safety, which blurs nude images received via Messages, AirDrop, and FaceTime on accounts set up as Child Accounts. The company highlighted this in response to the announcement. The government's standard, however, applies to every child regardless of whether a parent has registered them under a supervised account, which is a meaningfully higher bar. Google described itself as "deeply committed" and working on "privacy-preserving solutions" with UK partners — language that implies active development rather than the activation of an existing feature.

If companies do not comply voluntarily, the government has said it will introduce primary legislation. The legislation would cover operating system providers and potentially retailers in the supply chain. As a last resort, criminal liability for companies is on the table alongside heavy fines. Home Secretary Shabana Mahmood said tech companies "have a moral duty to act by making it impossible for children to take, share or view nude images. If they don't, we will legislate."

The compliance or legislation decision tree below maps the formal structure of the ultimatum.

Civil Liberties Groups Warn the Mechanism Creates Surveillance Infrastructure

The announcement has drawn an immediate split between child safety advocates and digital rights organisations. The NSPCC welcomed the policy, with Chief Executive Chris Sherwood saying "time is up for big tech." The Molly Rose Foundation also offered qualified support, though its representative Andy Burrows warned against "hurried announcements for short-term expediency that will quickly unravel" — a signal that the policy's implementation detail has yet to satisfy those who have worked on the problem longest.

The sharper criticism has come from civil liberties groups focused on the technical implications of what the government is asking. Big Brother Watch called the plans "outrageous," with director Silkie Carlo warning they amount to "ID checks for the internet" and arguing that "no-one in a democracy should need to show their passport just to get online." The Open Rights Group went further, warning that the mandate "would turn every phone into a surveillance device."

The concern embedded in both statements is architectural: for device-level protections to identify all users under 18 by default, devices need a reliable method of determining user age. The only technically robust version of that mechanism is age verification — whether via a linked ID document, a parental account registration, or a government-connected identity system. Each of these options represents a form of persistent identity layer on everyday device use, which the civil liberties groups argue goes well beyond child protection.

The government has stated the policy will not affect users over 18, provided they undergo age verification — but that framing concedes the core concern rather than addressing it. The policy is explicitly contingent on an age verification infrastructure that does not yet fully exist at the OS level in the UK.

The timeline below places the announcement within the political sequence that produced it.

The announcement explicitly precedes a broader government crackdown on children's access to social media, with further policy announcements expected the following week. Whether the three-month window produces genuine technical compliance or a legislative confrontation with the world's two largest mobile operating system providers will depend on whether Apple and Google can satisfy not just the spirit of the request but the specific standard the government has set: default-on, for every child, on every existing and newly-sold device in the UK.