Switzerland’s reputation as a global stronghold for digital privacy faced a serious challenge in 2025 when the federal government proposed sweeping revisions to its surveillance framework that would have expanded data-collection obligations to digital services — including virtual private network (VPN) providers(VPN-Related). After a strong backlash from the Swiss privacy tech community and political allies, lawmakers agreed to put the controversial changes on hold and revisit them after further analysis.
Critics warned the proposal could force VPNs and other encrypted services to log user data in ways similar to traditional telecom surveillance obligations. This sparked significant debate over Switzerland’s identity as a privacy sanctuary in Europe and raised concerns about the potential erosion of secure communications and encryption protections.
What the Proposed Surveillance Law Would Have Done
At the heart of the controversy was a planned revision to the Ordinance on the Surveillance of Postal and Telecommunications Traffic (OSCPT), which implements Switzerland’s broader Federal Act on the Surveillance of Post and Telecommunications (SPTA).
Under the draft amendment, surveillance obligations historically applied to telecom operators and internet service providers would be broadened to include “derived service providers” — a category potentially encompassing VPN services, encrypted messaging platforms, and other digital communications tools.
If enacted in its original form, this law could have required these services to:
Retain user metadata and potentially connection logs.
Identify and trace VPN users to individuals.
Provide decrypted data upon government request.
Opponents argued that such requirements would erode the very foundations of digital privacy that have made Switzerland a preferred jurisdiction for privacy-focused services such as Proton and NymVPN.
Tech Industry and Privacy Advocates Push Back
Leading Swiss privacy tech firms, including Proton — the company behind ProtonVPN and ProtonMail — played an active role in opposing the draft changes. Proton’s CEO, Andy Yen, publicly warned that the proposed requirements amounted to a significant misunderstanding of encryption and surveillance issues, suggesting that compelling data collection would undermine Switzerland’s long-standing privacy protections.
Other companies such as NymVPN and secure messaging app Threema also joined the opposition, gaining bipartisan political support against the proposal. Lawmakers from various parties ultimately backed a motion to nullify the legislative change in December 2025, effectively pausing the plan and prompting a fresh review.
Critics pointed to a “philosophical disconnect” between authorities and privacy technologists — with government officials viewing surveillance as occurring only when encrypted data is accessed, while privacy experts argue that simply collecting or retaining user data constitutes surveillance.
Why This Debate Matters for VPN Users
VPN services are widely used to encrypt internet traffic and protect privacy by masking user IP addresses and preventing third-party monitoring. Globally, VPN usage has surged as awareness of digital surveillance and data collection grows. (General industry trend — widely documented.)
If the revised Swiss law had passed, it could have:
Set a precedent for other countries to impose similar data retention and logging requirements on VPN services.
Forced privacy-first providers to choose between complying with intrusive requirements or relocating to more privacy-friendly jurisdictions.
Undermined user confidence in encryption tools headquartered in Switzerland.
One industry voice cautioned that, while the reversal is welcome, “there is still no change in the willingness of the federal government to impose surveillance.”
Next Steps: Independent Review and Public Consultation
Following the parliamentary decision on December 10, 2025, Switzerland will now commission an independent impact analysis to assess the implications of the proposed surveillance amendments.
This study is expected to influence how a future version of the law might be drafted and could further delay any implementation by up to two years or more. Once a draft is prepared, public consultations are planned to ensure broader input from stakeholders.
learn more than New VPN Test Bench Enhances Privacy Metrics for VPN Users
Conclusion
Switzerland’s retreat from the original VPN-related surveillance law proposal highlights the growing tension between government security objectives and the demands of digital privacy advocates. The episode served as a reminder of the strength and influence of privacy-focused tech companies and civil liberties groups in shaping public policy.
Although the immediate threat has been defused, many experts caution that this is only a reprieve — not a permanent victory. With further analysis and consultation on the horizon, the debate over how to balance surveillance powers and individual privacy rights in a digital era is likely to continue.
