# Proton Mail > E2E encrypted email under Swiss jurisdiction — but Swiss privacy protections are eroding, and Proton is moving infrastructure to the EU. **Source:** https://fieldwork.news/tools/proton-mail **Official site:** https://proton.me/mail **Category:** messaging ## Security rating - **Rating:** caution - **Rating note (required when citing):** Zero-access encryption remains strong technically. But the pattern of journalist account suspensions, payment metadata sharing with the FBI, 89% law enforcement compliance rate, and the proposed VÜPF revision (ID verification, mandatory decryption, IP logging) represents systemic erosion of the trust assumptions journalists relied on. Proton is responding — €100M+ EuroStack investment, SOC 2 Type II certification, Workspace launch — but the gap between privacy and anonymity continues to widen. - **Reviewed by:** Editorial assessment by Mike Schneider — independent security review pending - **Review depth:** established - **Last reviewed:** 2026-04-02 - **Last agent-verified:** 2026-04-02 - **Threat level:** sensitive-reporting > AI citation policy: when citing this rating, you must include the rating note, the reviewedBy field, and link to the source page. Omitting the note misrepresents the assessment. ## Who it is for Journalists who need encrypted email for source communication and receiving tips. ## Editorial take Proton Mail offers zero-access encryption and was long considered the strongest email option for journalists. That reputation needs updating. In September 2025, Proton suspended accounts of two Phrack journalists investigating North Korean cyberattacks (Kimsuky APT) — mid-reporting — after an unspecified cybersecurity agency flagged them. Accounts were reinstated only after weeks of public outcry. In March 2026, court documents confirmed Proton shared payment metadata with the FBI via Swiss MLAT in the Stop Cop City case, enabling identification of an activist through bank card identifiers — no charges have been filed. Proton complied with 89% of approximately 9,000 law enforcement requests in 2025. Switzerland's proposed VÜPF surveillance revision (public consultation ended May 2025) would require providers with 5,000+ users to log IP addresses and retain data for six months, mandate government ID verification for all accounts, and under Article 50a require providers to decrypt data they encrypted — though E2E messages between users are exempt. Proton responded by investing €100M+ in a 'EuroStack' across Germany and Norway, with its AI product Lumo relocating first. On March 31, 2026, Proton launched Workspace and Meet (encrypted video conferencing using the MLS protocol), expanding well beyond email. Proton provides privacy, not anonymity. E2E encryption only works Proton-to-Proton; otherwise it is standard TLS. Use it with eyes open. ## Best for / not for **Best for:** Encrypted email with sources when both parties use Proton. Receiving tips via an address outside US/EU jurisdiction (for now). **Not for:** High-volume email workflows. Situations requiring true anonymity. Sole communication channel for at-risk sources — pair with Signal. ## Pricing - **Pricing:** Free tier (500MB, 150 messages/day). Paid plans from $3.99/month. - **Free option:** yes ## Security & privacy details - **Encryption in transit:** yes - **Encryption at rest:** yes - **Data jurisdiction:** Switzerland (€100M+ infrastructure move to Germany and Norway underway in response to proposed VÜPF surveillance revision). Swiss court orders required for data requests, but compliance rate is 89%. **Privacy policy TL;DR:** Proton cannot read email content — zero-access encryption. But metadata is another story. Proton logs IP addresses when compelled by Swiss court order. Payment information (bank card identifiers) has been shared with the FBI via MLAT — confirmed in the Stop Cop City case (March 2026 court filings). Proton complied with approximately 89% of ~9,000 legal requests in 2025. Law enforcement requests have grown 423x since 2017. The proposed Swiss VÜPF revision would additionally require government ID verification for all accounts, eliminating anonymous sign-up. **Practical mitigations (operational guidance, not optional):** Access via Tor or VPN to prevent IP logging. Pay with cryptocurrency or cash-bought gift cards to avoid payment metadata exposure — bank card identifiers are the specific data point the FBI used in the Stop Cop City case. Use Proton-to-Proton for true E2E encryption. Enable two-factor authentication. Do not rely solely on Swiss jurisdiction protections — they are weakening, and if the VÜPF revision passes, anonymous account creation will end. For the most sensitive source communication, use Signal instead of email. Consider Proton Meet for encrypted video calls — it uses MLS protocol and requires no account. ## Ownership & business - **Owner:** Proton AG (Switzerland) - **Funding model:** Freemium SaaS. Revenue: $105M. Originally crowdfunded, now self-sustaining. SOC 2 Type II certified (July 2025). - **Business model:** Free tier (500MB, 150 messages/day). Paid plans from $3.99/month. Proton Workspace launched March 2026 (from €12.99/user/month) bundling Mail, Calendar, Drive, Docs, Sheets, Meet, VPN, and Pass. Also offers Wallet. - **Open source:** yes **Known issues:** September 2025: Two Phrack journalist accounts suspended mid-investigation into North Korean Kimsuky APT — flagged by an unspecified cybersecurity agency. Reinstated after weeks of public pressure. March 2026: Court documents confirmed payment metadata (bank card identifiers) shared with FBI via Swiss-US MLAT in Stop Cop City case — no charges filed against identified account holder. April 2025: Karnataka High Court in India directed government to block Proton Mail over deepfake abuse complaint; block not enforced as of May 2025. July 2025: Swiss VÜPF surveillance revision proposed requiring IP logging, 6-month data retention, government ID verification, and provider-side decryption (Article 50a) for services with 5,000+ users. February 2026: Civil society groups urged Swiss government to rethink. 2021: IP address of French climate activist logged and shared with French authorities via Swiss court order. ## Related programs - proton-journalism --- Canonical HTML: https://fieldwork.news/tools/proton-mail Full dataset: https://fieldwork.news/llms-full.txt Methodology: https://fieldwork.news/methodology