Switzerland's new VPN surveillance plan: What it means for ProtonVPN and PrivadoVPN

Switzerland has long been marketed as a privacy paradise outside of the EU and the Five Eyes. A new revision of the Ordinance on the Surveillance of Postal and Telecommunications Traffic (VÜPF), now under discussion in Bern, threatens to flip that narrative on its head – especially for Swiss-based VPN providers like ProtonVPN and PrivadoVPN.

Based on the draft analyzed by encrypted email provider Tuta Mail, the update would require Swiss email and VPN services with as few as 5,000 users to log IP addresses for six months, identify customers with official documents, and be technically able to deliver data to authorities in plain text. Privacy advocates argue this could make Swiss surveillance powers harsher than in the US or EU and fundamentally undermine the value of “Swiss jurisdiction” as a privacy shield.

TL;DR – Why this matters if you use a Swiss VPN

• The proposal to update the VÜPF would classify many VPN and secure communication providers as surveillance-obligated services once they cross roughly 5,000 users.
• Those providers would have to log IP addresses and other connection data for at least six months, even if their current policies promise “no logs”.
• Providers would also be required to identify users (for example with an ID, driver’s license, or phone number), making anonymous sign‑ups difficult or impossible.
• Article 50a of the draft says providers must be able to remove the encryption they provide or that is provided on their behalf, so that authorities can receive data in plain text. End‑to‑end encrypted messages between users are formally exempt, but VPN traffic is not.
• Proton has already warned that this would make Swiss surveillance “much stricter than in the USA and the EU” and has started moving most of its infrastructure out of Switzerland, according to statements reported by Tuta Mail.
• Other Swiss VPNs, including PrivadoVPN, would face the same dilemma: either weaken their privacy guarantees to comply, or shift infrastructure and legal entities to more protective jurisdictions.

The VÜPF reform in plain English

The VÜPF (Verordnung über die Überwachung des Post- und Fernmeldeverkehrs) is the Swiss ordinance that implements technical and administrative surveillance obligations for telecom operators and online services. It sits under the broader surveillance framework updated in 2016 (BÜPF), which already introduced general data retention for many types of communication.

The new draft, which could come into force as early as 2026, is being pushed by the Federal Council and the Federal Department of Justice and Police (FDJP) as an ordinance update, not a full parliamentary reform. That means a major expansion of surveillance powers could happen without a standard legislative debate in Parliament – in a country that normally prides itself on direct democracy.

Key points from the draft, as summarized by Tuta Mail and other Swiss civil society groups:

• IP logging for small providers: Email and VPN providers with just 5,000 users would be forced to log IP addresses and retain that data for six months. This dramatically lowers the threshold at which full surveillance obligations kick in.
• Mandatory identification: Providers would need to collect an official ID, driver’s license, or at least a phone number during registration for many services, effectively banning truly anonymous use.
• Plain‑text delivery requirement: Data must be provided to authorities “in plain text”, meaning providers must be technically capable of removing the encryption they themselves provide or commission (except for end‑to‑end messages between users).
• Targeting anonymous services and VPNs: The reform explicitly aims to close previous exemptions that covered services like Proton Mail and Threema, as well as VPNs and other tools that allow anonymous communication.

Privacy organization Digitale Gesellschaft has called the plan a “frontal attack” on fundamental rights and secure communication, warning that it would soon be almost impossible to use a chat app without directly or indirectly providing an official ID.

Why VPNs are in the crosshairs

VPNs are interesting to regulators because they sit at a privileged position in the network stack. A VPN provider:

• Sees the real IP address of the user.
• Assigns or tunnels an exit IP that the rest of the internet sees.
• Controls the encryption for the tunnel between the user and the VPN server.

Even when a VPN uses strong, modern cryptography and implements a strict no‑logs policy, it could log connection metadata if forced to do so. The VÜPF update appears designed to convert that technical possibility into a legal obligation for any Swiss VPN of meaningful size.

For users, the danger is subtle but real. VPN marketing typically promises:

• “No logs” or “no activity and no connection logs”.
• Anonymous payment and sign‑up options.
• Protection from “mass surveillance” and “data retention laws”.

If the VÜPF reform passes unchanged, a Swiss‑based VPN will be expected to:

• Track which real IP used which VPN IP at which time, and store that mapping for six months.
• Know who you are, or at least have a strong identifier like a phone number connected to your account.
• Be technically capable of delivering “plain text” versions of whatever data it controls to authorities on demand.

That doesn’t mean Swiss VPNs could suddenly decrypt the end‑to‑end HTTPS traffic between you and a website they don’t control. But it does mean that both connection metadata and any content they handle (for example, inside their own apps and services) would be squarely within the scope of lawful interception.

ProtonVPN: when “Swiss privacy” stops being a free marketing boost

Proton has been one of the loudest voices warning about the new Swiss surveillance push – and one of the first to react strategically. According to reporting summarized by Tuta Mail, Proton told Swiss newspaper Der Bund that “Swiss surveillance would be much stricter than in the USA and the EU, and Switzerland would lose its competitiveness as a business location.”

Proton has reportedly already started moving most of its physical infrastructure out of Switzerland, citing “legal uncertainty around Swiss government proposals to introduce mass surveillance — proposals that have been outlawed in the EU”. That is a remarkable about‑face for a company that built much of its brand on Switzerland’s legal environment.

For ProtonVPN users, several implications follow:

• Jurisdictional diversification: Moving infrastructure (and potentially some legal entities) into the EU may actually improve legal predictability, given the EU courts’ track record of striking down generalized data retention.
• Less marketing around “Swissness”, more around audits and design: ProtonVPN has already leaned into open‑source clients, independent security audits, and advanced features (Secure Core, NetShield, etc.). Expect the company to double down on those technical assurances rather than purely jurisdictional slogans.
• Short‑term uncertainty: Until the VÜPF text is finalized and Proton publishes updated legal documentation, there will be a period where the exact surveillance exposure of Switzerland‑based vs. EU‑based Proton infrastructure is somewhat murky.

The key takeaway: if a provider like Proton is willing to walk away from the “Swiss privacy” label it helped popularize, that’s a strong signal that the new law is not a minor admin tweak – it’s a material change to the threat model.

PrivadoVPN: a Swiss zero‑logs service caught in the same net

PrivadoVPN is another VPN service headquartered in Switzerland that has built its brand around a strict no‑logs policy, Swiss jurisdiction, and strong technical security. Although the VÜPF draft doesn’t name individual VPN companies, the obligations it introduces would apply to any Swiss VPN that passes the 5,000‑user threshold – which commercial services like PrivadoVPN almost certainly do.

If the law passes as currently described, a Swiss‑based provider like PrivadoVPN would face a basic conflict:

• On the one hand, marketing promises “no logs” and anonymous usage.
• On the other hand, Swiss law would require collecting and retaining user connection data and identifiers for months.

There are only a few realistic ways to reconcile that tension:

• Relocate infrastructure and/or legal entities outside Switzerland to jurisdictions with more protective data‑retention jurisprudence.
• Re‑architect the service so that the Swiss entity never sees or controls the sensitive data the law targets, pushing that responsibility to other parts of the organization.
• Accept logging obligations and adjust the privacy policy accordingly, which would make “no‑logs” marketing essentially impossible for serious users.

Which route PrivadoVPN (or any other Swiss VPN) will ultimately choose is a business and legal decision only they can make. But from a user’s perspective, the important point is this: you can’t just assume “Swiss VPN” automatically means stronger privacy in 2025 and beyond. You need to look closely at updated transparency reports, audit results, and privacy policies as the legislative process unfolds.

Does article 50a mean backdoors in VPNs?

One of the most worrying sentences in the VÜPF draft is article 50a, which Tuta Mail cites as requiring providers to be able to remove “the encryption provided by them or on their behalf”. That line raises the specter of encryption backdoors, but it’s worth unpacking what it does – and doesn’t – mean in the VPN context.

In practice:

• VPN providers already terminate the encrypted tunnel at their own servers. They can’t see inside HTTPS connections to third‑party sites, but they do see which user IP connects to which VPN server at which time, and which destination IPs are reached.
• “Removing the encryption they provide” would likely be interpreted as an obligation to provide traffic or stored data in a form that law enforcement can process – for example, decrypted logs or captured payloads where the provider controls the keys.
• The explicit exception for end‑to‑end encrypted messages between users suggests that Switzerland is trying to avoid directly attacking E2E messaging protocols, but VPN tunnels are not covered by that carve‑out.

The technical reality is that most reputable VPNs are already designed so that large‑scale, continuous content interception would be expensive and operationally risky. But once the law requires providers to be capable of decryption wherever they hold keys, the incentive is to centralize more control and logging rather than less.

Is Switzerland really going “further than the US and EU”?

Tuta Mail argues that the VÜPF reform would give Switzerland surveillance powers “worse than the USA”. That’s a strong claim, but there are two concrete comparisons worth noting:

• Germany and EU data retention: The Court of Justice of the European Union has repeatedly struck down generalized, indiscriminate data retention obligations. Tuta notes that data retention for email providers is currently illegal in Germany. A Swiss ordinance that mandates broad retention for relatively small providers will sit uncomfortably with that case law.
• US vs. Swiss thresholds: The Swiss draft extends heavy surveillance obligations down to very small providers (5,000 users), whereas many US surveillance regimes either target large telecoms or focus on specific types of data and orders.

None of this means Switzerland instantly becomes “worse” than every other Western jurisdiction in every respect. But it does mean the old shorthand – “Switzerland = stronger privacy by default” – is no longer a safe mental model.

Practical advice if you use ProtonVPN, PrivadoVPN, or another Swiss VPN

If you’re currently using a Swiss‑based VPN, or considering switching during Black Friday and Cyber Monday 2025, here are some practical steps to keep your threat model honest:

1. Read updated privacy policies carefully. Look for explicit statements about connection logging, IP retention, and how long data is stored. If the wording gets vaguer over time, that’s usually not a good sign.
2. Check for fresh third‑party audits. Independent audits of infrastructure and no‑logs claims are one of the few ways users can gain confidence that marketing copy matches reality, especially after a legal change.
3. Prefer providers with multi‑jurisdiction infrastructure. A VPN that can move sensitive functions out of hostile jurisdictions is more resilient than one tightly coupled to a single country’s legal framework.
4. Think about how tied you are to “Swissness”. For some users, data‑protection culture and case law in parts of the EU may now be more attractive than Switzerland for certain threat models.
5. Harden the rest of your stack. No VPN is a magic cloak. Use end‑to‑end encryption wherever possible, keep software patched, and avoid accounts that require real‑world identity when your threat model doesn’t demand it.

What to watch next

At the time of writing, the VÜPF update is still a proposal under discussion in the Swiss Federal Council. The consultation process could lead to changes, clarifications, or even a political pushback if enough citizens, companies, and civil‑society groups object.

For VPN users and buyers, the key milestones to watch are:

• Whether the final text keeps the 5,000‑user threshold and six‑month retention period.
• How “plain text” and “removing encryption” are interpreted in official guidance for VPNs.
• How large providers like ProtonVPN publicly restructure their infrastructure and legal entities in response.
• How other Swiss VPNs, including PrivadoVPN, update their documentation and product positioning.

The bigger story here is not just one law in a small country. Switzerland has been a flagship example in VPN marketing for a decade. If it normalizes aggressive logging and decryption mandates, that will ripple through how privacy products are designed, audited, and sold far beyond its borders.

For now, the safest stance is cautious optimism: assume the worst‑case version of the law while hoping – and pushing – for a better one. And don’t buy any VPN, Swiss or otherwise, purely because of a flag on the homepage.