MENLO PARK: Meta is removing end-to-end encryption from Instagram direct messages. The feature will no longer be supported after May 8, 2026. Users with affected chats are being prompted to download their messages and media before that date. Those on older versions of the app will need to update first to access their data.
Meta cited low adoption as the reason for the decision. “Very few people were opting in to end-to-end encrypted messaging in DMs, so we’re removing this option from Instagram in the coming months,” a Meta spokesperson said. “Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp.”
The move is a notable reversal. Meta CEO Mark Zuckerberg spent years promoting encryption as central to his privacy vision for social networking. Instagram first began testing optional end-to-end encrypted DMs in 2021.
The feature was never a default setting on the platform. Unlike WhatsApp, where encryption is on by default for all users, Instagram only offered it as an opt-in for select regions on a per-chat basis. Messenger, meanwhile, had encryption turned on as a default in 2023 and appears unaffected by this change.
The decision arrives amid sustained regulatory pressure. Governments across the US, UK, and EU have pushed platforms to enable scanning of private messages for child sexual abuse material. The EU’s proposed Chat Control regulation would require platforms to scan encrypted communications.
The UK’s Online Safety Act gives regulator Ofcom powers to direct platforms to do the same. Reuters previously reported that Meta proceeded with encryption plans in 2019 despite internal warnings that it would hinder detection of illegal content.
Privacy advocates are raising fresh concerns. Without encryption, Meta can technically access the content of Instagram DMs. In December 2025, Meta confirmed that interactions with its AI tools inside private conversations may be used for targeted advertising. The removal of encryption widens that access.
India is one of Instagram’s largest markets, faces particular implications, as the DPDP Act classifies Meta as a data fiduciary with strict consent requirements for processing personal data.
Previous
