Thinking about it, another client side solution would be to also scan images when downloading from iCloud. That way pedos will have difficulty using iCloud, since the hash will be rescanned when downloading and the hash might be up to date this time. Would this allow Apple to not store the deleted image data on the client? This would still catch significantly less perpetrators than the server-side approach, would NCMEC etc. agree to this, or would pressure force Apple to go even further?

Either way, a workable client-side solution has to end up more encompassing than what Apple has done.