Which EU countries have passed laws affecting anonymity networks or data-retention since 2015?

1. National moves to re‑introduce or tweak data‑retention (Belgium, Finland, Germany)

Belgium enacted a new data‑retention law that entered into force in July 2016, an explicit national decision in the wake of the CJEU invalidation of the EU Directive ^[1]. Finland made legislative amendments in 2015 specifying retention periods for different types of communications data, adding case‑by‑case reviews of access requests and giving operators more flexibility in technical implementation ^[1]. Germany passed national provisions in 2015 to reintroduce certain metadata retention measures; those provisions were challenged in the courts and prompted multiple constitutional challenges by affected professions and associations ^[1].

2. Legal pushback and court rulings that reshaped national laws (Germany, Czech Republic, Netherlands, Sweden, broader EU context)

Judicial interventions have played a decisive role: Germany’s Federal Constitutional Court and administrative judges repeatedly reviewed retention measures introduced after 2014, leading to injunctions and suspensions ^{[1] [3]}. The Czech Constitutional Court had earlier found national retention legislation unconstitutional, underscoring that parliamentary enactments can be undone by courts ^[3]. The Netherlands’ data‑protection regulator and courts effectively shut down proposals for blanket retention around 2015, with authorities ruling such laws illegal ^[4]. Sweden’s Tele2 litigation, merged with UK cases at the CJEU, exemplified how service‑provider and civil‑society challenges forced EU‑level scrutiny of national implementations ^{[3] [5]}. Privacy International’s review documents that member states have been left to reinterpret retention rules after the Tele2/Watson judgment, producing widely varying national outcomes ^[2].

3. Countries expanding scope beyond traditional metadata (France, reports of social‑media/chat retention debates)

Several member states considered or planned to extend retention beyond call and billing metadata to include chats and social media records; Germany’s intelligence agency had reported work on technical standards for such extensions, and parliamentary answers in 2012 already flagged plans in countries including France to broaden retention scope—efforts that continued to surface in debates after 2015 ^[3]. Open‑ended political pushes to capture broader “over‑the‑top” communications intersect with evolving EU law on what constitutes electronic communications subject to retention ^{[3] [6]}.

4. Anonymity networks and the EU legal frame: regulation by proxy via retention, ePrivacy and GDPR

There is little evidence in the supplied reporting of EU states passing laws explicitly banning anonymity networks such as Tor since 2015; instead, most interventions operate indirectly—by regulating retention of metadata, access procedures, or by tightening ePrivacy/GDPR‑area rules that affect how operators manage identifiers and pseudonymous data ^{[2] [6] [7]}. The GDPR and efforts to update the ePrivacy framework set the legal context that shapes national choices on anonymization standards, data minimization and what retained data can be lawfully accessed ^{[8] [6] [7]}.

5. The ongoing fragmentation and practical consequences

Taken together, the reporting paints an EU fragmented state: some countries (Belgium, Finland, parts of Germany) enacted or amended retention laws since 2015, others saw courts or regulators block or narrow proposals (Netherlands, Czech Republic, Germany in parts), and many debates continue over scope, proportionality and what counts as “anonymous” vs. personal data—leaving anonymity‑network policy to be driven more by police/intelligence needs and courts than by a uniform EU statute ^{[1] [2] [3] [7]}. This fragmentation means that the practical effect on anonymity tools depends on national rules and judicial review rather than a single post‑2015 EU policy.

Exactly which national laws exist, how they were drafted and whether they survived legal challenge varies by country; the sources consulted document notable enactments (Belgium, Finland, Germany) and notable judicial pushback (Germany, Czech Republic, Netherlands, Sweden), but do not provide a single, definitive catalogue of every post‑2015 change across all member states ^{[1] [2] [3]}.