I don’t believe any non-matching hashes are uploaded (that’s part of the crypto work that has been done) but the device will periodically rescan previously ingested content, as I understand it.
All are uploaded but only when the secret sharing threshold is met are any of them decryptable, and then it’s only the ones that were a match that can be decrypted.
Do you have a source for that? I was under the impression that content is checked against the database locally, i.e. Apple never sees a hash that doesn’t match.
It's true that Apple never _sees_ a hash that doesn't match, but the encrypted hash is included in the safety voucher. That is to say, all hashes are uploaded, but only the matches can ever be decrypted, and that's only if there are enough matches.
From the technical summary [0]:
The device creates a cryptographic safety voucher that encodes the match result. It also encrypts the image’s NeuralHash and a visual derivative. This voucher is uploaded to iCloud Photos along with the image.
