Meta has confirmed it will permanently discontinue end-to-end encryption for Instagram direct messages from May 8, 2026. The change was disclosed without fanfare on the company's support pages earlier this month, prompting scrutiny from privacy researchers who spotted the buried announcement.
TLDR
Meta confirmed it will remove end-to-end encryption from Instagram direct messages on May 8, 2026. The company cited low user adoption as the reason, though privacy advocates argue the move reopens user conversations to corporate and government access. WhatsApp and Messenger will retain encryption.
KEY TAKEAWAYS
A Meta spokesperson attributed the decision to user behaviour. According to the company, very few Instagram users enabled encrypted messaging, making the feature unnecessary to maintain. The spokesperson suggested users who want encrypted conversations should use WhatsApp instead.
The technical and legal implications
End-to-end encryption ensures that only the sender and recipient can read a message's contents. Neither the platform operator nor any third party can access the plaintext data while it travels between devices. When Meta removes this feature, Instagram will regain the technical capability to read, scan, and act on the content of user messages.
The distinction has regulatory implications under Australian law, where the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 grants agencies certain powers to compel access to communications. Where encryption exists, technical assistance notices may require workarounds. Where encryption does not exist, the barriers are considerably lower.
Tom Sulston, head of policy at Digital Rights Watch, offered an alternative reading of Meta's motivation. Rather than simply following low uptake numbers, the decision may reflect Meta's abandonment of its earlier plan to unify messaging across WhatsApp, Instagram, and Messenger on a single encrypted platform. That project, announced in 2019 under Mark Zuckerberg's privacy-focused pivot, appears to have stalled.
Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram in the coming months. Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp.
โ Meta spokesperson
A history of encryption delays
Meta's approach to encryption has varied across its platforms over the past decade, with WhatsApp adopting default end-to-end encryption in 2016, well before Meta completed the platform's integration into its corporate structure. Facebook Messenger and Instagram lagged several years behind in implementing similar protections.
In 2019, Zuckerberg outlined a privacy-focused vision for the company, stating that implementing end-to-end encryption for all private communications was the right thing to do. Two years later, Antigone Davis, Meta's head of safety, announced the company was delaying its encryption rollout until 2023 to build stronger safety features first.
When Instagram encryption finally arrived in 2023, it came as an opt-in feature rather than a default setting. Users had to actively enable it for each conversation, and the friction likely contributed to the low adoption Meta now cites as justification for removal.
Messenger followed a different path: the company began turning on default encryption for that platform in late 2023 and states it remains in the process of securing personal messages with end-to-end encryption by default, while Instagram will move in the opposite direction.
The broader policy context
Instagram's encryption reversal arrives at an unusual moment for platform privacy policy. TikTok recently confirmed to the BBC that it has no plans to implement end-to-end encryption for direct messages, arguing the technology could make it harder for safety teams and law enforcement to investigate harmful activity.
The parallel between Meta and TikTok's positions on encryption raises questions about industry direction, as two of the most popular social platforms among younger users have now positioned themselves against encrypted messaging. Both cite safety considerations, though critics argue the effect is to expose user communications to greater corporate and government scrutiny.
The move also sidesteps ongoing debates about age verification and child safety. Several governments, including Australia and the United Kingdom, have pressured platforms to implement measures that encrypted messaging makes technically difficult. By removing encryption from Instagram, Meta may be signalling compliance with regulatory expectations in key markets.
What users lose
For the Instagram users who enabled encrypted messaging, the May 8 deadline presents concrete consequences. Conversations that were previously shielded from corporate access will become visible to Meta's systems. Any photos, documents, or sensitive information shared in those threads will be subject to Meta's content moderation and data practices.
Without encryption, Meta could scan message content for advertising purposes, though the company has not confirmed whether it intends to do so. It could also train AI models on private conversations, share data with law enforcement without technical barriers, or deploy automated systems to flag content that triggers policy violations.
The Proton blog, published by the encrypted email provider, noted the decision raises questions about how Instagram chats will be handled going forward. Private messages containing photos and other sensitive information could become accessible to Meta and analysed for advertising, AI training, or shared with third parties.
The corporate calculation
Meta's explanation focuses on adoption rates, but the commercial logic runs deeper. Encrypted messages are invisible to the company's advertising infrastructure. They cannot be scanned for interest signals, mined for behavioural patterns, or used to refine targeting algorithms.
Instagram generates the bulk of Meta's advertising revenue from the family of apps. Any feature that limits data access potentially limits monetisation. By framing the removal as a response to user indifference rather than a business decision, Meta avoids the harder conversation about privacy versus profit.
The company continues to face regulatory pressure in multiple jurisdictions. The European Union's Digital Services Act imposes transparency and accountability requirements on large platforms. Australia's proposed social media age verification legislation could intersect with messaging privacy in ways not yet tested. Meta may be positioning Instagram's messaging infrastructure for compliance flexibility.
What happens next
Users who want encrypted messaging will need to migrate to WhatsApp or third-party services like Signal. Meta's suggestion to move conversations to WhatsApp assumes users have phone numbers for their Instagram contacts, which is not always the case for connections made through the platform itself.
The change takes effect on May 8, 2026. After that date, no Instagram direct messages will carry end-to-end encryption, regardless of prior settings.
SOURCES & CITATIONS
FREQUENTLY ASKED QUESTIONS
