Proton

No matter where you live in the world, whether you’re living under an authoritarian government or looking to break away from Big Tech surveillance, using Proton puts your data under the protection of Swiss privacy laws. We are often asked why Proton(new window) is based in Switzerland and whether there are real advantages to being a Swiss company.

This article explains the main privacy advantages of being a Swiss company, including these key benefits: 

  • Outside of US and EU jurisdiction: Swiss companies are not allowed to share information with foreign law enforcement under criminal penalty.
  • Politically neutral: Switzerland has a long history of neutrality, which shields us from pressure of foreign governments.
  • Strong privacy protections: Switzerland has a constitutional right to privacy and strict data protection laws. Unlike companies in other countries, Proton cannot be compelled by foreign or Swiss authorities to engage in bulk surveillance.
  • Advanced infrastructure: Many other countries with strong privacy laws lack the IT infrastructure and talent pool required to reliably operate a major tech company like Proton. Switzerland has the best of privacy protections, infrastructure, and world-class human resources.

Switzerland is where the web and Proton were born

Proton’s roots(new window) are in Proton Mail(new window), which began at the European Organization for Nuclear Research (CERN) in Geneva, Switzerland, where many of our early team members worked together on particle physics experiments. CERN was also the research center where Sir Tim Berners-Lee invented the World Wide Web in 1991, which led to the internet as we know it (Sir Tim is now a member of Proton’s advisory board).

To benefit from Swiss jurisdiction, it is not sufficient to just have a mailbox there, as the government that has effective jurisdiction over a company is the one where an organization’s center of activity is. Switzerland is not just where we are incorporated, it is also the location of our headquarters, the majority of Proton’s leadership and board members, our main datacenter, and the country where we have the greatest number of employees. This is important because if a company was legally incorporated in Switzerland but has the majority of staff in the US, the US government would still effectively control that company. For Proton, Switzerland is not just the legal jurisdiction, but also the place of effective jurisdiction. 

Culture of neutrality and strong individual rights

Switzerland’s political culture of neutrality, discretion, and personal freedom is well-suited for privacy. 

Unless you host your servers on a boat in international waters, you must be under some legal jurisdiction. Choosing one is particularly important because, as the Lavabit example(new window) shows, local laws can have an existential impact on the service. In Lavabit’s case, their US jurisdiction proved to be fatal.

Given that we serve people with highly sensitive privacy and security requirements from around the world, Switzerland has the advantage of being a neutral location outside of US, EU, and NATO jurisdiction. Swiss neutrality means that Switzerland is not a party to any binding intelligence-sharing agreement, such as the Five Eyes, Nine Eyes, or Fourteen Eyes agreements(new window) or the NATO intelligence programs(new window).

Legal differences between Switzerland and other countries

Switzerland has strong legal protections for individual rights, and in fact the Swiss Federal Constitution(new window) explicitly establishes a constitutional right to privacy. (In the US, this right is merely implied.) Specifically, Article 13 safeguards privacy in personal or family life and within one’s home, and the Swiss Civil Code(new window) translates this right into statutory law in Article 28.

In the US and EU, authorities can issue gag orders to prevent an individual from knowing they are being investigated or under surveillance. While this type of order also exists in Switzerland, the prosecutors have an obligation to notify the target of surveillance, and the target has an opportunity to appeal in court. In Switzerland, there are no such things as national security letters(new window), and all surveillance requests must go through the courts. Warrantless surveillance, like that practiced in the US where the FBI conducts 3.4 million searches per year(new window) with little oversight, is illegal and not permitted in Switzerland.

Switzerland also benefits from a unique legal provision with Article 271 of the Swiss Criminal Code(new window), which forbids any Swiss company from assisting foreign law enforcement, under threat of criminal penalty. While Switzerland is party to certain international legal assistance agreements, all requests under such agreements must hold up under Swiss law, which has much stricter privacy provisions. All foreign requests are assessed by the Swiss government, which generally does not assist requests from countries with poor rule of law or lack an independent judiciary.

Swiss law has several more unique points. First, it preserves end-to-end encryption, and unlike in the US, UK, or EU, there is no legislation that has been introduced or considered to limit the right to encryption. Second, Swiss law protects no-logs VPN(new window) meaning that Proton VPN does not have logging obligations. While numerous VPNs claim no-logs, these claims generally do not stand up legally because in most jurisdictions, governments can request that the VPN in question starts logging. So the VPN is only no-logs until the government asks. However, in Switzerland, the law does not allow the government to compel Proton VPN to start logging.

Recent court rulings enhance Swiss privacy

We’ve also fought to ensure that Switzerland remains a legal jurisdiction that respects and protects privacy. 

Nearly every country in the world has laws governing lawful interception of electronic communications for law enforcement purposes. In Switzerland, these regulations are set out in the Swiss Federal Act on the Surveillance of Post and Telecommunications (SPTA), which was last revised on March 18, 2018. In May 2020, we challenged a decision of the Swiss government over what we believed was an improper attempt to use telecommunications laws to undermine privacy. 

In October 2021, The Swiss Federal Administrative Court ultimately agreed with us and ruled that email companies cannot be considered telecommunication providers(new window). This means Proton isn’t required to follow any of the SPTA’s mandatory data retention rules, nor are we bound by a full obligation to identify Proton Mail users. Moreover, as a Swiss company, Proton Mail cannot be compelled to engage in bulk surveillance on behalf of US or Swiss intelligence agencies(new window).

Additional privacy through encryption

While Proton benefits from strong legal protections within Switzerland, we have also built in technological safeguards against surveillance, such as utilizing end-to-end encryption(new window).

We do not possess the keys required to decrypt users’ emails, calendar events, files, photos, login details, and many kinds of metadata. Even emails between non-Proton Mail accounts cannot be decrypted on our servers thanks to our use of zero-access encryption(new window). As a result, even if Proton were forced to turn over all our computer systems, your email contents, items in cloud storage, calendar events, and other data would continue to be encrypted.

These technical safeguards are the strongest privacy protections because unlike national laws, the laws of mathematics cannot be changed or altered.

Multi-layered privacy protection

Neither legal protections nor technical protections on their own are sufficient to protect privacy. Even the strongest technical protection can fail because technology is developed by people who are subject to the laws of the country in which they reside. 

We believe comprehensive security can only be achieved through a combination of technology and legal protections, and Switzerland provides the optimal combination of both. Because of Switzerland’s advanced IT infrastructure and its unique legal environment, Proton can deliver a service that is both reliable and secure.

For more information about requests for information made to Proton from Swiss authorities, please view our Transparency Report(new window).

Related articles

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.