Warning for UK Instagram users
Key Points
- Meta removes opt-in end-to-end encryption on Instagram DMs from 8 May 2026, affecting 38.5 million UK adult users.
- Existing encrypted Instagram chats convert to standard, server-readable messages today; users must download history before cutoff.
- Meta cites low opt-in rates; the change lands 11 days before the US Take It Down Act takes effect on 19 May.
- Removal gives Meta technical access to scan DMs, respond to subpoenas, and potentially feed advertising and AI systems.
- WhatsApp, Signal, and one-to-one Facebook Messenger chats keep default end-to-end encryption for UK users wanting privacy.
Meta turns off end-to-end encryption on Instagram direct messages on Friday (8 May), ending a privacy option available to 38.5 million UK adult users since late 2023.
The change applies from today to all one-to-one Instagram DMs that previously used the opt-in encryption setting. Existing encrypted conversations convert to standard, server-readable messages on the cutoff date.
Users with active encrypted chats see an in-app prompt to download message history and shared media before the deadline, according to the help-page update Meta issued in March.
After today, every Instagram DM passes through Meta’s servers in a form the company can read.
Ofcom’s Online Nation 2025 report puts Instagram’s monthly UK reach at 38.5 million, or 78% of online adults, up 7% year on year. T
he platform skews young and female: 55% of UK users are women, and the 25 to 34 age group accounts for 29.7% of the base, Sprout Social’s UK breakdown of January 2025 data shows.
UK users average 53 minutes a day on the app, almost double the global average of 29 minutes.
What changes today
End-to-end encryption arrived on Instagram DMs in December 2023, but only as an opt-in toggle on individual chats and only in selected regions.
It was never the default and never platform-wide. A Meta spokesperson told the Guardian in March that uptake was too low to justify keeping the option, and pointed users to WhatsApp for encrypted messaging.
WhatsApp, also Meta-owned, keeps default end-to-end encryption across all chats and calls.
With the encryption off, Meta regains technical access to message text, attachments, and call metadata sent through Instagram DMs.
The company can run automated scanning for policy violations, comply with law enforcement requests for chat logs without device-level cooperation, and process message content under existing privacy policy provisions covering safety, security, and product improvement.
Meta has not confirmed plans to use Instagram DM content for advertising or AI training, but the technical capability now exists where it did not before.
UK regulatory backdrop
The change lands as Meta also fights Ofcom in the High Court over how Online Safety Act fees and fines are calculated.
The 2023 Act gives Ofcom power to direct platforms to scan for child sexual abuse material in private messages, and fines can reach 10% of qualifying global revenue.
Removing encryption from Instagram DMs makes scanning technically straightforward where it previously was not.
The encryption removal also lands 11 days before the US Take It Down Act takes effect on 19 May, requiring platforms to remove non-consensual intimate imagery, including AI-generated deepfakes, within 48 hours of a takedown notice.
A platform that cannot read message contents cannot scan them for prohibited material. Meta has not linked the two events publicly, but security researchers and legal analysts have noted the alignment.
What it means for UK users
For everyday UK Instagram users, the practical effect is that DMs now sit in the same privacy category as Facebook Messenger group chats: standard transport layer security in transit, but readable on Meta’s servers.
Anyone who treated Instagram DMs as private messaging for sensitive conversations, including freelancers, small businesses, journalists, and community organisers, faces a meaningful change in the threat model from today.
Users who want full content privacy have three main options.
WhatsApp keeps default end-to-end encryption for all messages and calls.
Signal runs as an independent, open-source service and ranks as the strongest mainstream private messenger in most expert reviews.
One-to-one Facebook Messenger chats also retain default end-to-end encryption, although group chats do not.
Anyone who used Instagram’s encrypted chat option and wants to keep that message history should follow the in-app download prompt before the day ends.
After today, those existing encrypted conversations convert to standard chats on Meta’s servers, and any new DMs travel through Meta’s infrastructure in a form the platform can scan.
