Switzerland long sold itself as the neutral home for privacy tech. That image is under pressure. Proton has begun relocating parts of its physical infrastructure because a new Swiss surveillance plan would force private services to identify users and keep data. The first move is live. Proton’s new AI assistant Lumo runs on servers in Germany, not Switzerland. Proton says it is not abandoning Switzerland, but legal uncertainty makes new investment there risky. Other privacy providers are preparing exit plans as well.
If the plan passes, everyday users will feel it. VPNs and secure messengers could face identity checks, new logging, and pressure to weaken product guarantees. Some firms will move. Others will comply or shut features down. The EU looks safer on paper because courts have struck down blanket data retention. Yet proposals like Chat Control still loom. The trend is clear. Privacy havens are shrinking. Plan accordingly.
The Swiss Privacy Shift: What We Know
Proton confirmed it has started moving some physical infrastructure out of Switzerland due to legal uncertainty around proposed changes to the Ordinance on the Surveillance of Correspondence by Post and Telecommunications. The draft would impose new duties on services with at least 5,000 users, including VPNs, messaging apps, and social networks. Providers would need to identify users and retain data for up to six months. Authorities could compel decryption when a provider controls the keys. Proton’s position and early moves were first detailed in TechRadar’s coverage of the plan and industry reaction.
Proton launched its AI chatbot Lumo in July 2025 and placed its servers in Germany. A company blog post by Proton’s Head of Anti Abuse and Account Security cited the legal risk in Switzerland as the reason to invest elsewhere. CEO Andy Yen told a Swiss outlet that Lumo’s hosting choice reflects the surveillance proposal. Proton also said it is building facilities in Norway. The company stated that investing in Europe does not mean it is leaving Switzerland.
Proton noted that EU courts have repeatedly ruled mandatory data retention illegal. The company said it will monitor EU policy proposals such as ProtectEU and Chat Control. Other privacy firms have reacted. NymVPN said it would leave Switzerland if the new rules take effect and has a relocation strategy outside Switzerland and the EU. Session said its decentralized design and lack of provider held keys reduce its exposure to the proposed decryption requirement.
Jurisdiction Now Decides Your Privacy
The proposal targets the pieces of privacy that matter most to regular users. Mandatory identification for VPNs and messengers would end anonymous signups and create new datasets that link accounts to real people. Six month retention means those links live long enough to be requested, leaked, or misused. Decryption on demand applies wherever a provider controls keys, so services with server side access will face pressure to comply. Designs that keep keys with users or avoid central control reduce that pressure.
Proton moving Lumo out of Switzerland shows how fast providers will shift compute to friendlier courts. That shift changes which government can knock and which rules apply to your data, without you changing apps. If you use privacy tools for sensitive searches, travel, or work, the legal venue behind them now matters as much as the brand.
Expect more fragmentation. EU courts have struck down blanket retention, which looks safer for now, but scanning and retention proposals remain active. Companies will respond with regional hosting, product splits, and in some cases identity checks tied to phone numbers, credit cards, or IDs. Some firms will move. Others will water down features or turn logs on to stay legal. Users feel this as new onboarding hurdles, fewer anonymous options, and a higher chance that routine metadata becomes evidence in unrelated cases.
You may also see availability shocks. Courts have already pushed blocks against encrypted tools when they cannot identify users, as India’s fight with Proton Mail showed in the Karnataka High Court case reported by Scroll.in. If you depend on privacy services for daily life, plan for sudden changes in jurisdiction, features, and legal process exposure.
The overlooked risk sits in the glue around these tools. Payment details, app store receipts, and phone number based recovery already link accounts to you. Identity rules would formalize those links and bundle them with retention clocks. Location also affects what a service can demand from you. Providers often enforce compliance by user country. That means a VPN endpoint, a work trip, or a roaming SIM can shift your risk profile. Privacy is moving from a product promise to a jurisdiction outcome. Your choices should follow that shift.
What You Can Do
You cannot change the law, but you can lower what any provider can learn or hand over about you. Focus on designs that keep keys with you, reduce identity links, and give you fast exits when jurisdictions shift.
- Favor services where you hold the keys. Pick apps that use end to end encryption with client side keys and no server decryption path. Turn off cloud backups that upload keys for your chats and files, and prefer storage that keeps encryption keys on your devices.
- Reduce identity footprints at signup and payment. Use email aliases or separate accounts for VPNs, messengers, and AI tools, and avoid linking a phone number unless you need it for two factor. Pay with privacy preserving options like virtual cards to avoid tying your main card to privacy products that may face retention orders.
- Control your jurisdiction exposure. In VPN apps, save non Swiss and non high retention endpoints as favorites so you can switch fast if rules change. Avoid creating new accounts or completing verification while on a travel SIM or roaming IP to prevent being bucketed into a stricter policy region. If you are comparing VPN providers, our breakdown of secure options can help you choose a service with a strong no logs record and transparent governance in safer jurisdictions.
- Treat AI assistants as cross border data services. Keep sensitive prompts out, and disable chat history or training if the product offers those switches. Prefer assistants that document zero access or local processing modes, and turn off web search integrations when you do not need them.
- Build an exit plan for each privacy tool you rely on. Export data you may need, remove stored phone numbers, and prune recovery emails that identify you. Set alerts for provider policy changes, and keep a secondary VPN or Tor Browser ready so a sudden regional block or new identity check does not strand you.
Privacy now tracks where a company hosts and which court can knock, not only what a landing page promises. Assume providers will move, split products, or add identity steps under pressure, and plan your setup around that. Choose designs that keep decryption out of provider hands, separate your identity from your tools, and maintain a backup path for core tasks. If a rule flips in your country or at your endpoint, you should be able to switch regions, switch transports, or switch products in minutes. That keeps your risk low while lawmakers argue about the next surveillance plan