Proton has confirmed the company has begun moving out of Switzerland due to "legal uncertainty" over the newly proposed surveillance law.
Proton's newly launched privacy-first AI chatbot, Lumo, has become the first product to change home yet, "investing in Europe does not equate to leaving Switzerland," a company spokesperson told TechRadar, amid rumors it's exiting the country for good.
The firm behind one of the best VPN and encrypted email services has been very critical of the Swiss government's proposed amendment of its surveillance law since the beginning, already sharing plans to quit Switzerland back in May.
If it passes, the Ordinance on the Surveillance of Correspondence by Post and Telecommunications (OSCPT) will introduce new obligations for virtual private networks (VPNs), messaging apps, and social networks. These measures include mandatory user identification and data retention of up to six months for all services with at least 5,000 users. Providers will also be required to decrypt the communication upon the authorities' request should they own encryption keys.
Lumo – the first to go
Proton launched its ChatGPT competitor, Lumo, in July 2025, to give its users an alternative to Big Tech solutions that truly protect their privacy.
In a blog post about the launch, Proton's Head of Anti-Abuse and Account Security, Eamonn Maguire, explains that the company has decided to invest outside Switzerland for fear of the looming legal changes.
He wrote: "Because of legal uncertainty around Swiss government proposals to introduce mass surveillance – proposals that have been outlawed in the EU – Proton is moving most of its physical infrastructure out of Switzerland. Lumo will be the first product to move."
Talking to a Swiss publication after the launch, Proton's CEO Andy Yen confirmed that the proposed changes to the Swiss surveillance law made the company opt for Germany instead to host Lumo's servers. Proton has also confirmed it's also developing facilities in Norway.
While the company did not specify that Germany would become the new home of the majority of its infrastructure, Proton confirmed to TechRadar that investing in Europe doesn't equate to leaving Switzerland.
It's worth noting, however, that being based in the EU could make Proton, and similar companies, vulnerable to wider data retention or scanning obligations if proposals like the so-called ProtectEU or Chat Control were to pass.
We approached Proton for clarification on this point, and a company spokesperson pointed out that mandatory data retention has already been ruled illegal multiple times by European courts.
"However, we will, of course, continue to monitor developments in the EU closely, as we do elsewhere," Proton added.
What's next for the Swiss tech privacy industry?
Proton isn't the only provider that has been vocal against what critics have deemed Switzerland's "war against online anonymity."
Another VPN provider, NymVPN, confirmed back in May its intentions to leave Switzerland if the new surveillance rules are enforced.
Talking to TechRadar, Nym's co-founder and COO, Alexis Roussel, shares support for Proton's decision to find a new home for its private AI chatbot.
He said, "Proton is in a position that they are expanding, so it totally makes sense. You cannot invest in privacy in Switzerland right now."
Roussel also confirmed to TechRadar that the company has already developed a strategy to move its VPN activities outside Switzerland and the EU. Yet, this remains the last resort.
He also explains that the fact that Nym works on a decentralised infrastructure means that it won't be affected by the encryption provision, as the company doesn't hold any encryption keys.
"Depending on how they modify things within the law, this will affect our decision to move. But we would like to resist the ordinance until the end and go to the tribunal," said Roussel.
As reported by Cyberinsider, also secure and private messaging app Session said that, "while keeping a close eye on the situation," its decentralized structure means its services are less vulnerable to the changes.
= Related: Hacker News Discussion
(Score: 1, Funny) by Anonymous Coward on Wednesday December 31, @03:19AM (2 children)
There's no safe place on the planet.
Best thing to do now is piggyback on somebody else's signal, blend in with the noise
(Score: 4, Insightful) by Bentonite on Wednesday December 31, @04:05AM
Well, there was the Principality of Sealand, but not anymore.
SMTP leaks metadata like a sieve, thus trying to blend in is not effective.
A new mail protocol that uses Tor onion's, i2pd and/or GNUnet and full encryption is needed, but that wouldn't be compatible with SMTP.
(Score: 5, Interesting) by zocalo on Wednesday December 31, @12:36PM
I think the solution to this will be multiple regional entities that are legally fully autonomous from each other and keep any retained configs and other required operating data (like user account details) within that sovereign region. Same service(s), but let people choose which legal jurisdiction they want to deal with, or jurisdictions for that matter - "Use this discount code to sign-up with any of our 'affiliates'...".
If I want to do something Country A might not be to impressed with, then I sign up through Country B that isn't amicable towards Country A, and therefore is highly unlikely to assist them with any judicial activities, let alone anything involving things like military drones, open upper-floor windows, butcher's knives, or whatever. A bit inconvenient for the company and any of their users dealing with multiple jurisdictions, but if you're having to take your OpSec and PerSec that seriously, then what's a little inconvenience compared to the alternatives? For everyone else looking to do a little light activism and/or copy right infringement, it's business as usual; just sign-up to the most appropriate regional affiliate, keep calm, and carry on.
UNIX? They're not even circumcised! Savages!
(Score: 5, Insightful) by looorg on Wednesday December 31, @11:44AM (1 child)
I do wonder where this Surveillance free Utopia is. Moving things to Germany or Norway won't help. But then clearly beyond the EU there isn't exactly free-speech or non-surveillance utopias either. So unless they somehow have money to say start their own space station or something I don't see them breaking free of prying eyes and gazes from governments and corporate entities. Perhaps it's just better to stay, or at least not move that far.
Perhaps this is just huffing and puffing to see if they can ward off current changes and ideas a little bit longer, but eventually they will all change (and not for the better).
Perhaps they should just keep spinning up new entities then? As soon as they hit say 4,995 users. They close that entity to new users and start a new one, Proton2 ... Proton3 .... It might become a bureaucratic mess but if they keep each service with less then 5000 users. No retention.
"Your service have 100,000 users ... No, we have 21 legally distinct and different companies each with slightly less then 5000 users ... no retention for us ...."
(Score: 1, Informative) by Anonymous Coward on Wednesday December 31, @08:43PM
Yeah, they call that "structuring". You probably wouldn't get away with it. We just have to keep remaking unique messaging protocols to hide better, regular cat and mouse for all eternity.