What is ProtonVPN's public transparency report on law enforcement requests and how often is it updated?
Executive summary
ProtonVPN’s public transparency report is a company-published summary explaining how it handles law-enforcement and government requests, emphasizing a strict no-logs policy and the legal limits on what it can be forced to produce under Swiss law (Proton’s Transparency page; Proton blog)[1][2]. The report is not a running daily feed but is updated “whenever there is a notable new legal request,” with Proton also publishing periodic tallies and contextual commentary about requests and denials in its transparency materials and blog (Proton blog; Proton legal page)[2][3].
1. What ProtonVPN’s transparency report says it is — a policy-and-request ledger, not raw logs
Proton frames the transparency report as a public ledger of interactions with law enforcement and courts that explains what kinds of requests it can and cannot comply with, repeatedly stressing it does not retain the connection logs that would be needed to associate individual users with VPN servers and therefore typically cannot produce the user-identifying data requested by third parties (Proton Transparency; Proton blog)[1][2]. The report and accompanying pages also point to related materials — a warrant canary statement and privacy policy — that together form Proton’s public account of legal process and how the company responds (Proton privacy page; Proton blog)[4][2].
2. What the report publishes and what it omits
Proton’s public materials list counts and descriptions of legal orders and government inquiries and explain the outcomes when they occur, but they do not disclose customer data — by design and by policy — because Proton says it does not log the connection metadata that would be required to satisfy many law-enforcement demands (Proton Transparency; Proton blog)[1][2]. The transparency report typically focuses on the existence and disposition of legal requests and Proton’s legal rationale rather than granular case-level evidence, and the privacy policy points readers to the transparency report and warrant canary for further detail (Proton privacy page; Proton blog)[4][2].
3. The Swiss legal context that shapes the report
Proton repeatedly cites Swiss law as the structural constraint on how it responds to foreign and domestic requests: only Swiss authorities’ requests are directly binding under Swiss rules, and Proton says it cannot comply with foreign requests that lack Swiss court support; Swiss procedure also generally requires that a target be notified so they can challenge orders, which Proton uses to explain why a warrant canary is legally of limited effect in Switzerland (Proton Transparency; Proton blog; Proton law-enforcement guidance)[1][2][3]. Proton’s law-enforcement guidance further explains how requests should be submitted under Swiss processes and that Swiss authorities may assist foreign counterparts through formal international legal assistance where appropriate (Proton law-enforcement guidance)[3].
4. How often the transparency report is updated — Proton’s stated cadence
Proton’s public guidance and the transparency-blog entry state that the transparency report page is updated “whenever there is a notable new legal request,” indicating an event-driven update model rather than a fixed periodic schedule (Proton blog; Proton Transparency)[2][1]. Independent reporting and aggregator sites that track provider transparency reports treat Proton’s disclosures as intermittent updates, and third-party summaries cite Proton’s rule that noteworthy legal developments prompt updates rather than calendarized releases (PCWorld summary; Security.org review)[5][6].
5. What the public numbers show and how to interpret them
Third-party observers have compiled counts from Proton’s transparency disclosures; for example, comparative coverage noted ProtonVPN had dozens of requests in 2023 and industry reporting has cited aggregated numbers in recent years, while more recent media summaries reported 29 legal requests up to June 2025 — with Proton denying those orders according to that report — but those numbers must be read knowing Proton asserts it cannot produce connection logs and that Swiss procedure affects whether foreign requests appear in its count (PCWorld; Tom’s Guide; Proton blog)[5][7][2]. Independent reviews and Proton’s own posts emphasize that even when requests are received or routed through Swiss channels, Proton’s technical no-logs posture and legal constraints mean the company often reports “no user data disclosed” outcomes (Proton blog; Security.org)[2][6].
6. Limitations, alternative views and what the report does not resolve
The transparency report answers many high-level questions but does not provide raw subpoena content, complete case files, or independent verification of every assertion; reporting relies on Proton’s public statements and third-party audits of its no-logs posture, while outside critics sometimes press for more granular independent oversight or standardized reporting formats across VPN providers to improve comparability (Proton blog; Proton no-logs audits referenced by third parties)[2][8]. Where sources do not supply specific transactional evidence, reporting must be clear about that gap: the company’s claim that it “could not provide” IPs in particular instances is what is published, and independent outlets report counts and denials based on those published disclosures rather than on subpoena-level documentation (Proton Transparency; PCWorld; Tom’s Guide)[1][5][7].