PrivadoVPN has finalized its legal departure from Switzerland, updating its Terms of Service to establish Privado Networks ehf. as an Icelandic entity headquartered in Garðabær, near Reykjavík. The move, long signaled by the company, converts a stated intention into a binding legal reality - and it carries significant implications for the millions of users who rely on the service to keep their internet activity private.
Why Switzerland Lost Its Privacy Crown
For years, Swiss jurisdiction was the benchmark for privacy-conscious digital services. The country's strict data protection laws, political neutrality, and independence from EU legal frameworks made it a preferred home for VPN providers and encrypted messaging platforms alike. That reputation, however, began eroding in earnest in March 2025, when the Swiss government proposed sweeping amendments to its surveillance legislation.
The proposed changes targeted what regulators termed "derived service providers" - a broad classification that grouped VPN services alongside social media platforms and messaging applications. Under the draft amendments, all such providers would face mandatory monitoring and data collection obligations. For a VPN whose core product promise is that no such data exists, compliance would have been a fundamental contradiction. The business model and the legal requirement were simply incompatible.
PrivadoVPN read the situation clearly and began its exit well before the updated Terms were published. The Swiss chapter is now formally closed.
What Iceland Offers That Switzerland No Longer Can
Iceland's appeal to privacy-oriented technology companies is not accidental. The country operates outside the European Union, meaning it is not bound by EU directives that increasingly push member states toward broader digital surveillance frameworks. At the same time, Iceland participates in the European Economic Area, giving its businesses access to European markets without absorbing the full weight of EU regulatory obligations.
The critical legal distinction, however, lies in how Iceland classifies VPN providers. Under Icelandic law, VPNs are treated as application-layer service providers - a technical and legal category that sits well below the threshold of telecommunications companies. That classification matters enormously. Telecommunications providers in most jurisdictions are subject to mandatory data retention laws, requiring them to log user connection data and make it available to authorities on request. Application-layer providers carry no such obligation.
As PrivadoVPN stated to TechRadar earlier this year: "Iceland treats VPNs as application layer service providers and not Telcos that require data retention and logging." That single legal distinction removes the structural mechanism through which user data could be compelled from the company, regardless of what any foreign government or court might request.
A More Detailed Legal Document - and One New Limit
The revised Terms of Service are substantially longer and more specific than the August 2023 version they replace. The old Swiss-era document was comparatively brief; the new Icelandic ToS provides detailed guidance on the boundaries of the service, the obligations of both provider and user, and the legal framework governing the relationship between them. Less ambiguity in a legal document of this kind generally favors the user - it reduces the interpretive latitude that could otherwise be exploited in adversarial legal proceedings.
One notable addition is explicit: the 30-day money-back guarantee "may only be utilized once per user." This closes a loophole that some users had reportedly used to cycle through refund requests, and it brings the policy in line with standard practice across the industry.
What This Means for Users and for the VPN Industry
PrivadoVPN's legal transition reflects a broader pressure point affecting the entire VPN sector. As European governments expand their surveillance ambitions - often justified by counterterrorism and child protection arguments - providers face an increasingly difficult choice: adapt, relocate, or compromise on their core promises. Several major VPN operators have already removed servers from countries that introduced mandatory logging requirements, treating physical infrastructure the way PrivadoVPN has now treated its legal domicile.
For PrivadoVPN's user base, the practical implications are reassuring rather than disruptive. The service continues to offer a free tier with 10GB of monthly data, a kill switch, and unthrottled speeds - a combination that most competitors restrict to paid plans. Premium subscribers retain access to unlimited data, up to ten simultaneous connections, and servers spread across more than 60 countries, with reliable unblocking of major streaming platforms.
What changes is the legal architecture underpinning those features. PrivadoVPN is no longer a Swiss company navigating an increasingly hostile regulatory environment. It is now an Icelandic one operating under a framework specifically suited to the service it provides. That alignment between legal structure and product promise is precisely what privacy-focused users should look for - and what, until recently, Switzerland appeared to offer.
