Meta’s confirmation that end-to-end encryption will be removed from Instagram direct messages by May 8, 2026 has drawn commentary from experts across multiple fields. The change was disclosed through a quiet help page update. From cybersecurity to child safety to data protection, the expert perspective is varied but instructive.
Cybersecurity experts warn that removing encryption makes users more vulnerable to certain types of attacks. While the primary concern is Meta’s access to message content, the absence of encryption can also create opportunities for interception during data transmission in some contexts.
Child safety experts welcome the change. They argue that the inability to detect child sexual abuse material in encrypted messages was a genuine harm. The removal of encryption will improve their ability to work with Meta to identify and address exploitation.
Data protection lawyers are examining whether the change complies with privacy laws in various jurisdictions. In the EU, the General Data Protection Regulation may require Meta to demonstrate that the change is lawful. In the UK and Australia, similar questions apply under local data protection frameworks.
Digital rights advocates, including Tom Sulston of Digital Rights Watch, argue that the decision is wrong on principle. They maintain that safe and encrypted systems are achievable and that Meta chose not to pursue them. Law enforcement agencies including the FBI, Interpol, and national bodies in Australia and the UK had pushed for the change. Australia reportedly saw the feature deactivated before the global deadline.
