FTC warns tech giants against foreign government pressure on privacy and censorship

US Federal Trade Commission (FTC) Chairman Andrew N Ferguson warned more than a dozen major technology companies Thursday that censoring US citizens or weakening data security protections at the behest of foreign governments could violate US law.

Ferguson sent formal letters to 13 tech giants — including Amazon, Apple, Google, Meta, and Microsoft — reminding them of their legal obligations to protect American consumers’ privacy and data security despite mounting pressure from overseas regulators, the FTC said in a statement.

“I am concerned that these actions by foreign powers to impose censorship and weaken end-to-end encryption will erode Americans’ freedoms and subject them to myriad harms, such as surveillance by foreign governments and an increased risk of identity theft and fraud,” Ferguson wrote in the letters, the statement added.

The warning shot marks a more confrontational stance toward foreign regulatory influence over American technology services.

Companies receiving the letters included Akamai, Alphabet, Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X, according to the agency.

Ferguson invited the firms to schedule meetings with his office by August 28 to discuss how they will honor their privacy commitments to US consumers while facing competing global regulatory demands.

For enterprise technology buyers, the FTC’s warning creates new questions about vendor reliability and data protection commitments. Organizations that rely on cloud services, collaboration platforms, and security tools from the targeted companies now face uncertainty about whether their providers will maintain consistent global security standards.

European laws driving compliance concerns

Ferguson specifically cited three foreign regulations that he said could pressure tech companies to compromise American users’ rights: the EU’s Digital Services Act, the UK’s Online Safety Act, and the UK’s Investigatory Powers Act.

The DSA, which applies to platforms with more than 45 million monthly EU users, requires companies to remove “illegal” and “harmful” content or face fines of up to 6% of global revenue. The UK’s Online Safety Act establishes similar content moderation requirements for platforms serving British users.

More concerning to US officials is the UK’s Investigatory Powers Act, which “can require companies to weaken their encryption measures to enable UK law enforcement to access data stored by users,” the FTC said.

Earlier this year, the British Home Office secretly ordered Apple to create backdoors in its encrypted cloud services under the Investigatory Powers Act. Apple, however, has ceased offering its Advanced Data Protection feature in Britain rather than comply with the demand.

For enterprise customers, the regulatory fragmentation creates complex compliance challenges.

Legal threat to non-compliance

Ferguson warned that companies could face FTC enforcement action if they weaken security promises to comply with foreign demands. Under the FTC Act, companies that promise consumers encrypted communications but then adopt weaker security measures could be found guilty of deceptive practices, he said.

“If a company promises consumers that it encrypts or secures online communications but then adopts weaker security in response to demands from a foreign government, such an action could be considered a deceptive practice under the FTC Act,” the agency said in the statement.

The FTC has brought dozens of cases over the past two decades against companies that failed to keep promises about consumer data protection, the agency noted.

Encryption controversy escalates tensions

The FTC’s intervention comes amid growing tensions between US officials and foreign governments over encryption policies. Director of National Intelligence Tulsi Gabbard recently called foreign demands for encryption backdoors a “clear and egregious violation of Americans’ privacy and civil liberties.”

The standoff highlights broader concerns about the extraterritorial reach of European and British regulations. Critics argue that foreign laws increasingly dictate global technology policies, potentially undermining American digital competitiveness and innovation.

While law enforcement agencies argue they need access to encrypted communications for investigations, privacy advocates and tech companies contend that backdoors inevitably weaken security for all users.

Gabbard has warned that foreign encryption demands would “open up a serious vulnerability for cyber exploitation by adversarial actors,” reflecting growing concerns within the Trump administration about foreign regulatory overreach.

Industry implications

Ferguson’s warning could embolden other US agencies to push back against what the administration views as inappropriate foreign regulatory overreach. Apple has already demonstrated this approach by withdrawing its Advanced Data Protection feature from the UK market rather than comply with encryption backdoor demands.

The intervention reflects broader concerns about regulatory fragmentation in global technology markets. Organizations operating across multiple jurisdictions must navigate conflicting requirements while maintaining consistent security standards, creating complex compliance challenges for both vendors and their enterprise customers. Google, Microsoft, Amazon, Apple, and Meta did not immediately respond to requests for comment.