[neom]

It's only if you back it up to iCloud, the signatures of the CP used as references are rotated, and they're also not public. The chances of you randomly triggering the system is effectively 0 unless you're uploading CP to your iCloud.

[Alupis]

Wait, wasn't all the hullabaloo over this scanning not requiring an upload to iCloud anymore?

They're scanning anything you upload to iCloud (and have been for some time) but now also scan everything on your device too.

[JimDabell]

No. They calculate a hash on the device, but they only do it as part of the iCloud upload. So whether the hashing happens on the device or on the server, the same images get hashed either way.