Recovery keys were part of iCloud Keychain end-to-end encryption when used without "two-factor authentication", which is now a deprecated setup and can't be used with new iCloud accounts anymore:

https://support.apple.com/guide/security/secure-icloud-keych... (describes how both approaches work)

https://support.apple.com/en-us/HT204915 (documents that two-factor authentication is now effectively mandatory, which makes using recovery keys impossible)

The device PIN is now exclusively used (off-device!) for iCloud end-to-end encryption key recovery: https://support.apple.com/guide/security/escrow-security-for...

Thank you for the links. In my case, I have two-factor _and_ a recovery key set up. The Account Recovery icon on Apple ID says "Your device passcodes can be used to recover end-to-end encrypted data. If you forget your passcodes, you'll need a recovery contact or recovery key."

Are you sure it's either/or? Have you gone through the process, and are you sure the PIN is required off-device, rather than ? If that's the case, I do agree that it's not good.

Also I don't quite understand the threat model where a stronger authentication to iCloud allows for weaker data encryption. Considering Apple is usually pretty spot on with these things, this would definitely stick out.