Instagram removed end-to-end encryption for DMs. What should users do?

Instagram removes direct messages (DM) end-to-end encryption May 8, 2026, letting Meta access chats. Users should download backups amid privacy concerns and U.S. law pressure.

Starting May 8, 2026, Instagram users who previously enabled end-to-end encryption in direct messages will lose that protection, marking a significant shift in how private conversations are handled on the platform.

“End-to-end encrypted messaging on Instagram is no longer supported as of 8 May 2026.” reads the announcement.

• If you have chats that are affected by this change, you will see instructions on how you can download any media or messages that you may want to keep.
• If you’re on an older version of Instagram, you may also need to update the app before you can download your affected chats.

For Meta’s other end-to-end encrypted chat options, take a look at WhatsApp“

The change gives Meta the technical ability to access message content that was previously readable only by senders and recipients.

Users who previously used encrypted chats are being prompted to download their message history before the feature disappears, with in-app guidance provided.

However, once downloaded, those backups lose protection if uploaded to cloud services such as Google Drive or iCloud, since they would then exist in unencrypted form.

End-to-end encryption (E2EE) ensures only the sender and recipient can read messages or data. Even the service provider hosting the communication cannot access the content because it is encrypted on the sender’s device and only decrypted on the recipient’s device.

Instagram introduced optional encrypted messaging in 2023.

Meta has justified the decision by pointing to low usage and the complexity of maintaining separate messaging systems. Users who previously used encrypted chats are being prompted to download their message history before the feature disappears, with in-app guidance provided.

“In a statement to The Verge, Meta spokesperson Dina El-Kassaby Luce says the platform is discontinuing the feature because “very few people” were using E2EE in their DMs.” reported The Verge.

Experts are unsure what will happen to old encrypted Instagram chats after the change. They may become regular chats or become inaccessible, so users are advised to export and store backups locally instead of in the cloud.

The timing of the change has drawn attention because it comes just days before the final compliance phase of the U.S. Take It Down Act, a law signed in 2025 requiring platforms to remove non-consensual intimate images, including AI-generated deepfakes, within 48 hours of notification.

“Platforms cannot remove harmful content they cannot see. The Take It Down Act, signed by President Donald Trump in May 2025, requires companies to remove non-consensual deepfake images within 48 hours of a victim’s report. Enforcing that law requires platforms to have access to content. End-to-end encryption makes that access impossible.” reported Fox32 Chicago. “By removing the feature, Instagram positions itself to comply ahead of the May 19 deadline.”

The law requires companies to build enforcement systems by May 19, 2026. While Meta has not explicitly linked the two developments, analysts note that removing encryption makes it easier for platforms to detect and moderate harmful content at scale.

For Instagram users affected by the change, the immediate recommendation is simple: download any encrypted chat history before May 8. After that date, the option may disappear entirely.

Security experts also emphasize avoiding cloud backups for exported messages if privacy is the goal. Local storage is considered safer, though still dependent on device security.

More broadly, the shift highlights a recurring tension in large social platforms: balancing regulatory compliance, safety moderation, and user privacy. As governments push for faster removal of harmful content online, encryption continues to be a central point of conflict.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Instagram)