[jonathanstrange]

It is true because a cryptosystem is by definition not end-to-end encrypted if a third party can read the plaintext, and that's exactly what UK law mandates.

> "I very much doubt it can be GDPR compliant" The GDPR is retained in domestic law, it's literally the exact same situation as before brexit.

That's not the stance of legal scholars and judges in the EU, for the same reasons as there are doubts that US companies can be GDPR compliant. Let's just say that the alleged GDPR compliance hasn't been tested in court yet and is a legal gamble. Whether a EU company is willing to take that gamble or not depends on many factors and is up to them, of course.