The legal headache Apple faces here (and as a result, the power lever held over them by nation-level interest groups) is the liability of storing user-generated content on servers under their control. NOT the photos on your phone, those are YOUR liability.
Their cloud offering is fully E2EE (to the best of everybodies knowledge), so doing it à la Google Drive or OneDrive is not possible. If you can not access the unencrypted content and have/will not backdoord the encryption mechanism, yet are still being forced to implement such a scheme by a legal entity, client side is pretty much your only option.
As a side-note, IMO the company does not have a strong enough moral compass to assign the required man-hours into a project of this magnitude just out of good will. I would assume they are being forced to do so.
I stand corrected, the vast majority is not E2EE'd.
Now there unfortunately is no information about the at-rest encryption "On server". Going by the iCloud encryption debate in china [1] and the alleged security modules used [2], they probably have the keys to "Photos" iCloud. Which is consistent with the Reuters claim that "backed-up [...] encrypted services remain available to Apple employees and authorities".
Allows them to add end to end encryption for non csam content in the future. Also, prevents them from having to set up a system to scan every photo added to their service.
