- Proton VPN received 47 legally binding data requests in the first half of 2026
- The company could turn down every single one
- Proton’s no-logs policy means the data authorities want does not exist
When a government comes knocking for user data, most companies face a simple choice: comply or fight. Proton VPN‘s latest transparency report points to a third option, which is having nothing to give in the first place.
The Swiss provider, regularly ranked among the best VPN services, updated its transparency report on July 14. It revealed 47 legally binding orders in the first six months of 2026 — more than the total number received in 2019 and 2020 — each one trying to identify a user connected to a specific server at a specific time.
All 47 were denied. “Proton VPN had no user data to hand over because our strict no-logs policy means we don’t store the information in the first place,” a Proton spokesperson told TechRadar, adding that all 47 requests came from Swiss authorities.
That brings Proton VPN’s running total to 458 orders since 2019, with not a single one fulfilled.
The requests Proton VPN cannot answer
Every order in the report followed the same path. Authorities handed over a server IP address alongside a timestamp and asked Proton to name the person behind it.
The company says it cannot make that link because it never records it.
Under its no-logs policy, Proton VPN does not store the browsing activity, DNS queries, or connection metadata that would tie a user to a session. So, a binding order leaves nothing to produce.
We are pleased to announce that Proton VPN has passed its 5th annual 3rd-party audit, confirming our strict no-logs policy.Unlike some providers, we openly publish full no-logs reports for anyone to read.Claims should be investigated & verified, including our own.1/2 👇June 16, 2026
A no-logs promise is only as good as the proof behind it.
In June, Proton VPN passed its fifth consecutive annual audit. European security firm Securitum inspected server configurations and interviewed staff on-site in Zurich.
The auditors found no records that could link a user to activity on a reviewed server. Because Proton’s apps are open source and the full reports are public, users do not have to take the claim on trust.
The audits are point-in-time snapshots of sampled servers rather than blanket guarantees, but that level of regular, published scrutiny remains rare among consumer VPNs.
The Swiss factor, and its expiry date

VPN jurisdiction is the other half of the story. Swiss law does not force VPNs to keep connection logs, and Article 271 of the Swiss Criminal Code bars Proton from handing data to foreign authorities directly. Only a Swiss court order is binding, and Switzerland sits outside the 5, 9, and 14 Eyes intelligence-sharing alliances.
That edge, however, may not last.
A proposed revision to Swiss surveillance rules — currently halted and under revision after backlash — could require services with more than 5,000 users to identify customers and retain data for six months. Proton has already begun moving infrastructure abroad in response and has warned it could leave the country entirely if the law passes.
For now, it remains Swiss, and the 47 rejections show what that still buys.
