This. Apple did this against its own interests as a privacy first company as a way to reduce a real world problem. Personal privacy has always been at odds with law enforcement and Apple is one company that has taken real steps to restrict the unimpeded flow of personal information into governments. The way the CSAM database and checking was implemented was still in a privacy preserving way that made every effort to restrict that same flow while not enabling child sexual exploitation.

Is there any law that required Apple to do this? On a global scale even?

While I’m unsure of laws on a global scale, I do know that law enforcement has repeatedly and publicly pressured Apple for keys-to-the-kingdom style access to customer devices. The justification is often a case that seems unredeemable to the average Joe. I know this from articles that have previously hit HN’s front page.