The European Union’s new initiative, ProtectEU, is raising concerns about the future of privacy and encryption in the region. Launched in April 2025, this strategy aims to give law enforcement access to encrypted online data, including that from popular messaging apps and VPN services.
For years, encrypted communication platforms like WhatsApp and Signal have promised privacy for users, with secure file sharing, encrypted calls, and private messaging. However, ProtectEU could change this for people in the EU by pushing for lawful access to encrypted data.
Encryption Backdoors: A Growing Concern
ProtectEU is part of a broader EU Commission effort to strengthen security. Its goal is to allow law enforcement to access encrypted online data, which could involve creating encryption backdoors. However, cybersecurity experts have long warned that weakening encryption can expose users to greater risks. Once a backdoor is created for law enforcement, other malicious actors may exploit it as well.
Jurgita Miseviciute, Head of Public Policy at Proton, which offers Proton VPN and Proton Mail, argued that weakening encryption wouldn’t solve security challenges, but would instead make Europe more vulnerable. “It would only make European security worse,” she told TechRadar.
The EU Commission’s ProtectEU strategy follows the failed 2022 Chat Control proposal. Critics argue that ProtectEU is just a rebranding of the same controversial ideas. Proton is closely watching the developments, hoping for a solution that preserves encryption.
Could VPNs Be Targeted?
A significant concern around ProtectEU is the potential impact on VPN services. VPNs rely on end-to-end encryption to maintain user privacy, with many providers boasting strict no-log policies. However, ProtectEU could force VPNs to collect more user data or even retain logs, undermining their privacy promises.
Denis Vyazovoy, Chief Product Officer at AdGuard VPN, warned that a legal framework requiring VPNs to store user metadata could render these services useless, especially for users seeking privacy. He believes this could drive VPN providers out of the EU market.
The Impact on VPN Providers
The EU’s new strategy also brings into question whether VPN services will be forced to compromise their no-log policies. In 2022, India’s data retention laws caused an exodus of VPN companies. Similar changes in the EU could lead to the withdrawal of privacy-focused VPNs.
NordVPN expressed concerns about how more data retention could increase the risk of data misuse and security breaches. A company spokesperson explained, “Security is closely linked to privacy. More data could lead to misuse and threats to internet users.”
Privacy and Surveillance
While messaging apps have long been the focus of lawmakers, ProtectEU now explicitly identifies VPNs as “key challenges” to law enforcement, alongside encrypted devices and other communications tools. This shift has raised alarm among VPN providers.
Mullvad VPN, for example, strongly opposed the idea of scanning private chats in 2022, and now calls ProtectEU a mere rebranding of old proposals. “New name. Same old propaganda,” the company tweeted.
Vyazovoy expressed concern that forcing VPNs to share data would compromise user privacy for the sake of potentially catching a few criminals. He asked, “Is it worth compromising the privacy of tens of millions for this level of surveillance?”
Some companies, like Surfshark, are optimistic that the ProtectEU strategy will strengthen privacy-focused tools. “We believe privacy-enhancing tools like ours will become more relevant and widely adopted,” said Gytis Malinauskas, Head of Legal at Surfshark.
What’s Next for ProtectEU?
As the debate continues, it’s unclear how ProtectEU will unfold. The strategy is still in its early stages, with lawmakers working on legal frameworks and reports. It remains to be seen whether VPNs will be directly affected by these changes or whether the EU will find a balance between security and privacy.
