
Proton VPN has published its latest transparency report, confirming that it has denied all 458 legally binding orders approved by Swiss authorities since the service launched in 2017. The reason is simple: the company does not keep the logs that would let it identify who was connected to any given server at any given time.
The latest update covers activity through June 2026, with 47 orders received so far this year. All 47 were denied. That pattern holds across every year on record, from a single request in 2019 to a peak of 121 in 2021, and back down to the current pace.
For anyone wondering whether a VPN provider’s no-logs claims actually hold up under legal pressure, this report is about as close to a real-world stress test as you’ll find. The numbers break down like this:
- 2026 (through June): 47 orders, 47 denied
- 2025: 59 orders, 59 denied
- 2024: 53 orders, 53 denied
- 2023: 60 orders, 60 denied
- 2022: 80 orders, 80 denied
- 2021: 121 orders, 121 denied
- 2020: 37 orders, 37 denied
- 2019: 1 order, 1 denied
The reason Proton can deny all of these requests is not legal maneuvering. It genuinely has nothing to hand over. In every case, authorities were asking Proton to identify who was connected to a specific VPN server at a specific time. Because Proton does not collect or store that connection data, the answer is always the same: we don’t have it.
This matters because it addresses one of the most common criticisms of VPN services: that no-logs policies are unverifiable promises that could be quietly abandoned when law enforcement comes knocking. Proton’s transparency report shows years of real requests that resulted in zero data being provided. That’s a meaningful track record.
Proton’s legal position is also worth understanding. The company is based in Switzerland, which means it only has to comply with requests approved by the Swiss court system. Foreign requests, such as those from US or EU law enforcement, carry no legal weight unless they go through Swiss courts first. Section 271 of the Swiss Criminal Code actually prohibits Proton from complying with foreign legal requests that haven’t been approved by Swiss authorities. Switzerland’s constitutional privacy protections add another layer, meaning Proton is not legally required to save connection logs in the first place.
The company also addresses the concept of a warrant canary, a mechanism some services use to signal that they have not received secret government orders. Proton says a warrant canary is not meaningful in its case because Swiss law already requires that the target of a surveillance or data request be notified, giving them the chance to contest it. The legal system itself provides the transparency that a canary is meant to signal elsewhere.
The broader context here is that trust in VPN providers has become a real issue in the industry. Several services have faced scrutiny after logs turned up in criminal cases despite earlier no-logs claims. Independent audits help, and Proton says its no-logs policy has been validated through multiple third-party audits. But a consistent public record of denied government requests, updated regularly since 2017, adds something audits alone cannot: a history of the policy being tested in practice and holding up.
For users who rely on a VPN for genuine privacy, whether journalists, activists, or anyone who simply doesn’t want their browsing tracked, the distinction between a provider that claims to keep no logs and one with a documented record of denying law enforcement access to those logs is significant. Proton’s report makes that case with nine years of data.