The Proton Blog

What Microsoft 365 Copilot flex routing means for EU businesses

Alanna Alexander — Fri, 17 Apr 2026 16:31:20 GMT

Microsoft’s ‘data sovereignty’ promise for Europe comes with an asterisk. Starting April 17, 2026, the company will start sending Copilot data to foreign servers for processing.

With the introduction of flex routing for Microsoft 365 Copilot, Large Language Model (LLM) inferencing — the step where your data is actually processed — may take place in the US, Canada, or Australia when European data center capacity runs short.

These changes are being applied by default. For new customer accounts created after March 25, 2026, flex routing is already on. For everyone else, it will be enabled automatically unless you opt out. (Instructions on how to do that below.)

If your business is based in the European Union or the European Free Trade Association (EFTA), this isn’t a small technical update. Flex routing changes whether your AI workflows stay within the EU or leave it without your knowledge. And it highlights what Big Tech’s version of digital sovereignty really means for Europe: They’re still in control.

What is flex routing?

Inferencing is the moment an AI model processes your prompt to generate a response, whether that’s summarizing a document, answering a question, or drafting content. By the time this happens, your data has already been assembled. Even if your data is stored in Europe, it may now be processed elsewhere — automatically, under a non-EU jurisdiction.

EU-hosted does not mean EU-processed

Microsoft makes it clear that data will remain encrypted in transit and at rest. That might reassure some customers. But if you’re operating under frameworks like the General Data Protection Regulation (GDPR), the Network and Information Security Directive (NIS2), or the Digital Operational Resilience Act (DORA), protecting data in storage and transmission isn’t enough.

Processing (or inference) is where exposure can occur. And under flex routing, that point can now move.

For an AI model to perform inference, data must be made accessible for computation. Your prompts, emails, files, and metadata are gathered and sent to the model. With flex routing, that package can be processed outside the EU.

Where your data is processed matters — even if it’s encrypted on the way in and out.

The burden of compliance is yours

Microsoft’s decision to make flex routing a default feature is a red flag. Research shows that most people don’t bother to check their defaults or update them. If data sovereignty was something the company cared about for its European customers, it would not have implemented flex routing automatically.

It also puts your compliance department on notice that vendors may suddenly decide to change an important policy. You are now responsible for monitoring vendor updates, interpreting their implications, and adjusting settings to remain compliant. This may seem unfair if you selected a US-based vendor under the impression your data sovereignty was important to them.

What EU businesses can do now

Disable flex routing. If your policies require EU-only processing, don’t rely on defaults.
- Sign in to the Microsoft 365 admin center as an administrator assigned the AI Administrator role.
- Go to Copilot -> Settings -> Flexible inferencing during peak load periods.
- Select Do not allow flex routing
Understand cross-border implications. Your current setup may not meet your business requirements. Consider:
- Data transfer obligations under GDPR and sector-specific rules
- Internal data residency policies and contractual commitments
- Legal access and oversight in non-EU jurisdictions
Audit AI-specific data flows closely. Most businesses know where data is stored. Fewer know where it’s processed. Start questioning:
- Where your data is processed
- Whether there are laws that can compel third-party data disclosure
- Who can access data during processing and if that can change
Choose vendors that are transparent about how they process your data. Proton’s AI assistant processes data exclusively on European servers and publishes detailed description of its security model.

Flex routing reveals something deeper about data governance

If your vendors are based in the US, you’re relying on systems built for a different regulatory reality — one you don’t control, but still have to answer to.

Software updates, support, legal policies, and pricing decisions are made in Silicon Valley or Seattle. The rules your vendor follows are set in Washington. But your business is held to European standards.

That’s why more companies are starting to look at European alternatives to Big Tech. When your infrastructure, policies, and legal framework are aligned with the region you operate in, data sovereignty becomes enforceable, not conditional.

Your tech stack is an investment not a cost

Ben Wolford — Fri, 17 Apr 2026 11:10:32 GMT

Europe has found itself in a difficult and dangerous situation.

Last August, Proton’s Europe tech sovereignty report revealed that over 74% of publicly listed European companies depend on US infrastructure for their basic tech services. Whether sending emails or running critical infrastructure in the cloud, Europe places its digital destiny in the hands of a few American service providers and the government they answer to.

That report now seems prescient. Over the last few months, rifts in the North Atlantic alliance emerged over tariffs and territory, culminating in a recent threat from Washington to break apart NATO itself.

As Proton CEO Andy Yen said at a recent tech conference in France, “If Trump wants to take Greenland, he doesn’t have to use force. All he has to say is, ‘Tomorrow Google, Apple, Microsoft, and Amazon will stop working in your country if you don’t sign a contract and give me Greenland.’ And if that happens, they will sign within the hour.”

Europe’s digital sovereignty seemed irrelevant as long as the post-war order held. Now that those foundations are shaking, governments are switching over to technology and cloud services they can control. The French government is reducing its use of Microsoft Windows, and other European countries are taking similar steps. Our recent survey found that European consumers support these moves. Nearly three-fourths of them told us in a survey that their society was far too dependent on the United States for technology.

But what does this mean for business leaders?

The problem of dependency isn’t just political. When your core systems rely on foreign providers, your critical systems — email, files, infrastructure — can be disrupted by economic and political decisions far away.

That’s why we urge business leaders to treat their tech stack not as a cost, but as an investment in control, resilience, and long-term independence. Retooling your company is as much a practical challenge as it is a mindset shift.

Here are three questions to ask yourself:

Should I be investing?

Corporate managers face a strategic decision about their internal tools.

Big Tech platforms offer convenience: They’re familiar, widely adopted, and easy to justify as the safest choice. “Nobody gets fired for buying IBM,” as the saying goes. But technology isn’t a commodity. Your tech stack shapes how your business operates, who controls your data, and how resilient you are when circumstances change.

Take for instance: In the late 2000s, the Chinese government realized it was too dependent on foreign oil. So it began to invest in the creation of a new domestic electric vehicle industry. Nearly two decades later, Chinese carmakers produce about two out of every three electric vehicles sold globally.

If Chinese decision makers had viewed automobiles as a cost, they would have purchased reliable gas-fueled cars from Japan or Detroit. Instead, they decided automotive tech was an investment. It paid off in the form of a powerful homegrown industry for China and affordable high-quality cars for everyone.

Your tech procurement decisions deserve deeper reflection and long-term thinking. When weighing your options, it’s worth asking:

Do my service providers share my values and vision?
Is my business data properly secured and confidential at all times?
If geopolitical circumstances change, do I own my data?
Will my tech stack be an asset or a liability when seeking new business?

Businesses that take these questions seriously are already turning security into a competitive advantage. Our 2026 SMB Cybersecurity Report found that using secure tech was a competitive advantage for 66% of businesses. And the price you pay for those services may not be so different; indeed, it might even be cheaper to buy local.

Is it digital sovereignty washing?

First there was greenwashing. Then there was privacy washing. Now there’s digital sovereignty washing.

US tech companies know digital sovereignty is important to European businesses. That’s why Google and Microsoft both promote a “Sovereign Cloud” and a European “data boundary” that evokes the idea of local control. “Discover a sovereign cloud without compromise,” Microsoft says.

It’s dangerous marketing because it’s not quite true. And the only thing worse than bad security is a false sense of security.

You don’t gain digital sovereignty just by choosing tech that processes and stores your data locally. You earn it through control — over access, usage, and the laws that ultimately apply to your data. The reality is very different from the marketing spin.

Sovereignty vs. sovereignty washing

Here are five clues to tell the difference:

If security updates and product development decisions happen overseas, then it’s sovereignty washing.
- If those decisions are made within your region, under your legal and operational control, then it’s actually sovereign.
If the software is closed source so you can’t independently verify security claims, then it could be sovereignty washing.
- If the code is open to inspection and backed by independent audits, then it’s actually sovereign.
If suppliers are subject to foreign laws such as the CLOUD Act, which allows US government surveillance even on servers physically in Europe, then it’s sovereignty washing.
- If your data is governed solely by local laws with strong protections, then it’s actually sovereign.
If geopolitical pressures could result in downtime or changes to pricing and policies, then it’s sovereignty washing.
- If your operations aren’t exposed to external political pressure, then it’s actually sovereign.
If European capital flows into the US, where it funds further innovation and job creation for Americans, then it’s sovereignty washing.
- If it strengthens your local economy and creates a cycle of reinvestment in your market, then it’s actually sovereign.

In the worst case, US tech companies could abandon the idea of data boundaries altogether. In April 2026, Microsoft moved precisely in that direction when it announced “flex routing” would be turned on by default for European customers, enabling offshore data processing.

If your data boundary can be punctured so easily, it’s sovereignty washing.

Are there European alternatives?

Europe has just woken up to the problem of US tech dependence. But that’s not because it’s a new problem. American tech companies have dominated the global business market since the beginning of cloud computing. Until now that has left European industry at a disadvantage.

But over the past 10 years, this has started to change, especially when it comes to enterprise software. From cloud computing to network security, identity management to AI chat assistants, European providers are reaching feature parity with global competitors.

In some cases, these providers depend on US infrastructure, but not always. For example, Proton’s Lumo AI runs open source models on European servers under European legal jurisdiction. That means your data stays under European control, not just physically, but legally and economically. Ironically, thanks to the GDPR and a privacy-first encryption architecture, Americans can gain more control and data privacy by outsourcing the tech stack to Europe.

By choosing European alternatives and promoting homegrown tech, you’re investing in how much control your business has over its future. The next wave of entrepreneurs and developers might not flock to Silicon Valley and instead choose Paris, Munich, or Geneva. It becomes a virtuous cycle that stimulates European demand for its own products.

That’s how this shift happens: not through a top-down policy, but through a multitude of individual choices by businesses like yours.

Proton Drive’s strong start to 2026

Anant Vijay Singh — Tue, 14 Apr 2026 09:51:29 GMT

With the launch of Proton Sheets in late 2025 and, more recently, Proton Workspace, Proton Drive took an important step toward becoming a more complete privacy-first workspace for the files, photos, documents, and spreadsheets people use every day.

So far in 2026, we’ve focused on making that experience faster, smoother, and more practical across file storage, sharing, and collaboration. Here’s a look at the changes:

A faster Drive through a stronger foundation

Some of the most meaningful improvements to Drive this year are about speed and reliability. Uploads and downloads are now noticeably faster, whether you’re saving a file, browsing photos, downloading from a shared folder, or collaborating with others. Early this year, Proton Drive delivered up to 60% faster uploads on iOS, as well as up to 30% faster uploads and 70% faster downloads on web. Shared workflows have improved too: Downloading shared files is now 70% faster, and uploading to a shared folder is 30% faster, even for people without a Proton account.

Behind these improvements is a stronger foundation: We’ve been rebuilding some of Drive’s most performance-intensive code into a shared SDK that powers core file operations across our apps. That means improvements can roll out more consistently across platforms, helping make Drive feel faster, smoother, and more dependable overall.

More done, more easily on mobile

Some of the most meaningful user experience improvements are the ones that remove friction from everyday tasks, especially on mobile, wherever you are. We made a number of updates across the Drive mobile apps to help people get things done faster and with fewer steps:

The photo gallery has improved on iOS and Android, with quicker loading and smoother scrolling through your memories.
Saving files directly to Proton Drive is now possible on both Android and iOS, making it easier to save something for later without first downloading it and uploading it again.

Document scanning is now supported on both Android and iOS, so you can easily save important scans like passports directly in Proton Drive for safekeeping.
On Android, you can upload entire folders to Proton Drive, making it much faster to move lots of files in one go. That’s something even Google Drive doesn’t offer.

More powerful spreadsheets, still privacy-first

Spreadsheets often end up holding far more of our lives than we expect. In our survey, we found that over 70% of people use spreadsheets for budgeting and personal finance. But these files often outlive their original purpose: 67% of US respondents said they still have access to spreadsheets or shared documents they no longer need. Many are also unsure what happens to their data behind the scenes, from ad targeting and content scanning to AI training and data sharing.

That is exactly why Proton Sheets matters, and why we have kept improving our end-to-end encrypted spreadsheet editor.

Image of people collaborating in a Proton Sheets encrypted spreadsheet

Among the changes, we’ve added and improved support for workflows people expect from modern spreadsheets, including:

Import, edit, and export spreadsheets as ODS (compatible with OpenOffice, LibreOffice, and others). Currently in beta
Hidden sheets
New paste special options: formula only and link only
Custom formulas in conditional formatting and data validation
Support for the =SWITCH formula

These updates help make Sheets more practical for everyday use while preserving what matters most: Your spreadsheet data remains protected by Proton’s privacy-first design.

Strong momentum for the rest of 2026

So far in 2026, our focus has been clear: making Proton Drive faster and more reliable across all platforms for the moments that matter every day. Many of these improvements came directly from listening to our community. We’re grateful for that feedback, and for the people who keep pushing us to make Proton Drive better.

At the same time, we haven’t lost sight of our broader priorities for 2026, including the long-awaited Linux client. We’ll keep building on this foundation throughout the rest of the year.

Thank you for supporting our mission to give people everywhere a secure, private way to store and share files without their data being exploited for profit. Tell us what you would like to see next on UserVoice.

In rush for age checks, we’re putting kids’ security at risk

Edward Komenda — Fri, 10 Apr 2026 19:30:52 GMT

As governments across the world charge ahead with age-verification laws, a well-intentioned rush to protect children is actually putting them at risk.

The goal is to shield children from harmful materials, but these laws lack sufficient safeguards to protect privacy. All it takes is a single data breach, and a law intended to protect children could end up exposing their sensitive personal information to the world.

To be sure, children deserve an internet that they can navigate safely. But explicit content and predatory social media are not the only dangers online. Privacy violations, especially for the young, can also do serious harm. Especially since, as the old warning goes, “The internet is forever.”

We should not accept simply trading one risk for another.

How the risks could affect kids

To verify their ages online, users are often asked to submit government IDs, credit card numbers, selfies, or unique biometric information. When breaches happen — and they do, with depressing regularity — that sensitive data is exposed.

What’s more, many companies outsource their age-verification services to a handful of third-party vendors. Those suppliers, as storehouses of the data, become all-too-tempting targets for hackers and criminals. Without sufficient policies on data minimization, usage, storage, and privacy, user data remains deeply vulnerable.

In September, a cyberattack compromised a third-party vendor for Discord, a video game chat platform, granting the attacker access to at least 70,000 images of government-issued IDs, including passports and licenses.

Discord had been collecting photos of IDs in compliance with the UK’s age-verification law, which took effect in July.

Since the implementation of the law, the UK’s Office of Communications reported that “many records were not consistent” with record-keeping and review guidance. Many companies also failed to show how they were taking responsibility for online safety risks.

This breach highlights the real-life consequences of online attacks. As age-verification laws gain traction on a larger scale, an emphasis should be placed on privacy. Protecting sensitive personal information makes the internet a safer place for everyone, including children.

The need for balance

The rush to prioritize age checks for minors without prioritizing secure methods of verification create additional cybersecurity risks that can put children in harm’s way. As governments make premature decisions about these technologies, they are opening a Pandora’s box for hackers and cybercriminals to mine at their leisure.

Moving forward, governments and legislatures must be thoughtful about the technologies they employ and the risks they come with. Policymakers should prioritize decentralized solutions that protect minors against the real threat of cyberattacks, without compromising users’ anonymity and right to privacy.

What are the alternatives to age verification?

Edward Komenda — Fri, 10 Apr 2026 19:19:39 GMT

With age-check systems, there isn’t a one-size-fits-all solution.

Research suggests that no single method effectively protects children while also balancing concerns about privacy and access to information, but there is a way forward. Applying a broad array of common-sense measures, including parental controls and digital literacy education, can go a long way in helping guard children against potentially harmful content while remaining mindful of privacy rights and the nuanced ways young people use the internet.

Attribute-based verification

It’s not exactly an alternative to age verification, but proponents of attribute-based verification argue that it provides a more secure and private method of verifying a user’s age. That’s because it verifies only what’s necessary, such as requiring a self-declared age range rather than a government ID. But it has its limitations. Notably, any method that relies on self-declaration can be easily circumvented. It also fails to address the issue of personal data privacy, as it does not prevent websites from collecting additional information, such as users’ IP addresses.

Attribute-based age checks, however, store data on the user’s device. This limits the number of people with access to a user’s private data and reduces the cyberattack risks posed by other age-check methods.

Zero Knowledge Proofs

Like attribute-based verification, a zero knowledge proof (ZKP) provides a way for websites and apps to verify a user’s age without the user having to explicitly share personal data about their identity. But ZKP isn’t an alternative to age verification, rather, it’s a cryptographic tool that allows websites and apps to verify information about the user in question without gaining any additional information about the user.

In 2025, Google announced ZKP integration within Google Wallet to provide age verification across multiple apps. The tech company said it would continue to use ZKP with existing partners, like Bumble, to verify users’ ages without revealing their identities.

Age-Appropriate Design Code

The Electronic Privacy Information Center’s model bill for Age-Appropriate Design Code (AACD) was designed as an alternative to the rise in age verification legislation. The AACD gives children agency over their online experiences while requiring tech companies to evaluate their programs for features that put children at risk for compulsive use.

Additionally, the AACD would prohibit these companies from implementing programs with high-risk features, and would provide transparency into addictive design practices.

Unlike age verification legislation, the AACD places responsibility on the manufacturers of these technological platforms, rather than the users they exploit, circumventing issues around privacy and personal security.

Device- and OS-level parental controls

Parents and children can work together on a solution that best meets their needs. Device- and OS-level parental controls offer a more personalized approach to gatekeeping what kids see online.

Parents can set up their children’s devices to restrict or limit certain content. OS-level controls can be set up to limit daily screen time, require approval to install apps, and use web content filters, but the internet’s ever-changing nature means web filters can’t always keep up.

Used in conjunction with other protective measures, however, these restrictions can act as guardrails that reduce children’s exposure to harmful content without universal age verification.

Research suggests children who report less screen time are also the most likely to have parental controls on their devices. Yet parental controls are underutilized, according to the nonprofit Family Online Safety Institute.

Use of parental controls varies widely across device types, and they are hardly a perfect solution. Children may have access to more than one device, making time limits and content filters harder to enforce.

Education and digital literacy

Talking with kids about online safety can make parental controls more effective.

In households that reported six or more conversations about online safety annually, both parents and children were more likely to say that parental controls effectively keep children safe online, research found.

And those offline lessons can be valuable tools in protecting children when they are online.

Research from the World Health Organization suggests educational programs and cyberbullying prevention can work to reduce violence against children online. Programs that discuss online dangers and offline violence prevention, as well as healthy relationship skills, can help address children’s vulnerabilities to sexual abuse, harassment, and bullying, a WHO study found.

Parental guidance, support, and the ability to engage critically with online content all affect how a child might feel about what they see on the internet, research suggests.

The way forward

Protecting children doesn’t require turning the entire internet into an ID checkpoint. The widespread deployment of online age checks struggles to balance legitimate child protection concerns against users’ data privacy rights. Until that balance is struck, existing measures can help kids navigate the internet confidently without surrendering sensitive personal information at every turn.

What small businesses still get wrong about password managers

Risa Tang — Fri, 10 Apr 2026 10:57:18 GMT

The way small and medium businesses work has changed for good — but so has the way they get attacked. Teams are distributed, SaaS tools handle everything from payroll to project management, and contractors and vendors rotate in and out of systems regularly. With each new tool or employee with access, the number of potential entry points increases.

That expanding attack surface matters because credential-based attacks, including phishing, account takeovers, and password theft, have become one of the most common ways businesses get breached. They work precisely because access has sprawled, which makes it difficult to track. All an attacker has to do now is find one valid set of credentials to bypass your business’s defenses.

In this context, it should be encouraging that over half of small businesses now use a business password manager. But Proton’s SMB Cybersecurity Report 2026 — a global study of 3,000 SMB decision makers — found that one in four still experienced a breach last year.

All this points to a gap between how tools are adopted and how they’re actually used.

How SMBs use password managers today

Most password managers are designed to do one thing well: help you remember your password. In practice, that means creating complex and unique passwords and managing them in an encrypted vault. That’s meaningfully better than the norm of reusing the same credentials across accounts and platforms.

But with passwords being an attacker’s easiest point of entry, SMBs need password managers to do much more than just solve memory and convenience problems. They need it to secure access.

Access is a far broader question. Do the right people have the right credentials — and would you know what they unlock or if they fell into the wrong hands? And as teams grow, subscriptions stack up, and contractors cycle in and out, your organization’s considerations need to shift from merely strengthening passwords to accounting for real-world security threats.

That’s the change most businesses don’t make until something goes wrong.

Where password manager implementations go wrong

The key insight of our report was that businesses adopting password managers don’t consistently use them.

Unsafe credential sharing still persists at surprisingly high rates:

33% share them in shared documents or spreadsheets
30% share credentials via email
27% share them via messaging apps
25% write them down
24% share them verbally

That’s a picture of busy people taking the fastest route available at that moment. Instead of toggling over to the password manager app and sharing a new credential in its proper vault, they might paste it into Slack or an email.

Workarounds feel harmless in isolation. But over time, credentials end up scattered across inboxes, chat histories, and shared documents in ways that are hard to untangle. When an employee leaves, you can’t later revoke access. And updating passwords on a moment’s notice after a data breach becomes impossible unless it’s stored in a centralized secure location.

Training to enforce security policies can help, but our research revealed even that isn’t quite enough…

Why security awareness training isn’t enough

Our report found that 39% of SMBs have experienced a security incident caused by human error. That statistic is easy to misread; the natural response is to assume that more careful employees means fewer incidents.

But this framing misses something important: Security systems that depend on perfect behavior under everyday pressure will always be let down by reality. Mistakes happen not because people don’t care — they happen because the secure option often demands more effort and time than the typical SMB can afford. Even well-intentioned teams will find workarounds when they’re resource-stretched.

The lasting fix isn’t more training. It’s designing systems where the secure option is also the easy one.

When sharing access safely takes no more effort than dropping a password into a chat message, people will use it.

When the access problem gets out of control

The credential problem compounds as teams grow.

Eighty-six percent of SMBs now rely on cloud-based services for day-to-day operations. That typically means credentials sprawl across project management tools, finance platforms, marketing software, file storage, and customer systems, each with its own permissions and access history.

Access doesn’t just scatter across systems; it spreads across the organization, flowing between teams, external partners, contractors, and former employees who may still retain a way in.

This means that in reality, credentials accumulate, old access continues to linger, and the number of people who have — or have had — the keys to your most sensitive systems scales beyond easy tracking.

Having tools isn’t the same as being protected

The SMBs that experienced breaches last year weren’t cutting corners: 92% were actively investing in security tools. They had password managers, encrypted email, training programs, and written policies in place. In other words, their setups looked solid on paper.

What many lacked was consistent enforcement. Multi-factor authentication (MFA) was switched on but not required, password managers were deployed but not embedded into daily habits, and onboarding and offboarding processes were handled informally rather than systematically. We suspect, given the popularity of browser password managers, that many were not even using a centralized team platform at all — instead relying on a patchwork of less-safe options on an individual basis.

Each of these is a small gap that stays invisible right up until it isn’t.

The real measure of a security setup isn’t what tools are on the list, but whether those tools hold up under the everyday pressure of how people actually work.

Here are some practices to help bring this reality closer for your business:

Use a password manager built for teams. Browser password managers are not only less secure, they don’t have the admin tools managers need to maintain full control of your accounts. Unless you have an enterprise password manager that’s easy to use, it’s not going to cut it.
Audit who currently has access to what. Check the user lists on your most sensitive tools and if any names on there come as a surprise.
Replace shared logins with individual accounts. While it’s easy to share logins in a password manager, it’s not a best practice: Shared logins reduce visibility at the account level, making it harder to identify and react to a breach.
Make multi-factor authentication a requirement. MFA is one of the most effective protections available — but only when it’s enforced by default, not left as an optional setting.
Make offboarding systematic. Every departure, whether it’s an employee, contractor, or vendor, should trigger an access review immediately rather than as an afterthought.

Want to know what else you could learn from our survey of 3,000 business leaders across six key markets? Read more in our SMB Cybersecurity Report 2026. You’ll learn what causes breaches and what they actually cost, where human error shows up most often, how cloud and AI adoption are creating new blind spots. It also includes practical steps for beefing up protection that hold up in real-world conditions.

Get the full report

Proton Calendar now includes secure appointment scheduling

Anant Vijay Singh — Thu, 09 Apr 2026 11:53:31 GMT

In the 12 years since Proton began, millions of people have joined our mission to make the internet safer and more private, including over 100,000 businesses and nonprofits. They rely on Proton’s encrypted suite to protect their customers and teams, and we’ve continued to add more services and plans to support them — most recently with the launch of Proton Workspace.

Today we’re excited to announce the next addition to Proton Workspace with our secure appointment scheduling tool in Proton Calendar.

Whether you work with teams, run a side hustle, or take appointments from customers, you can now easily create public booking pages that show when you’re available, and your clients and colleagues can book an appointment in seconds. It automatically creates a new event on your calendar and generates a private Proton Meet link where you can have a secure video call. New events are zero-access encrypted, so all the details stay between you and your contact. Not even we have access.

For people dependent on platforms like Calendly, this means you no longer have to pay an extra subscription or give away calendar data to third-party services where it can be leaked or spied on. It’s a perfect tool if your business is based on appointments or if you want to save time finding an available slot to meet with colleagues or friends.

And it’s available in our new Proton Workspace plan, which combines all our business productivity tools into a single plan for complete data protection.

Try scheduling for teams

Explore plans for individuals

Part of a seamless encrypted workspace

The new appointment scheduling tool is fully integrated with Proton Calendar and Proton Meet to protect your business data end to end.

That’s important because your team calendar contains a trove of information about you and your business activities: your location, your priorities, and your contacts. It’s critical to keep that information protected from Big Tech platforms that could monetize or leak it, and from hackers who could use it against you for fraud or phishing attacks. Using a third-party booking platform spreads your information across the internet and increases your risk of a data breach, especially when those tools don’t use strong encryption.

Appointment scheduling bridges two fundamental business tools: Proton Calendar and the all-new Proton Meet for encrypted video calls. It’s not enough for a business to be able to plan and host a secure video conference — they also need to be able to schedule it. Our appointment scheduling tool fills this gap.

How appointment scheduling works

Appointment scheduling is simple to set up, and it’s available on all paid Proton Mail plans, Proton bundles, Meet Professional, and Proton Workspace. Teams with Workspace can create up to 25 booking pages to support multiple meeting purposes and durations.

In your Proton Calendar, just add a new booking page, give it a name, and specify the times you’re available. Your booking page will have a link that you can share publicly, such as on your website, email signature, or social media profile.

Whenever someone books a meeting with you, the event will instantly sync directly to your calendar (so it’s not possible to double book). And your contact will receive a confirmation email. If you’ve selected Proton Meet as the location for the meeting, the confirmation will include a secure meeting link.

The time, description, and participants on every event are zero-access encrypted, meaning it’s locked with your private encryption key and can’t be accessed by Proton or anyone else.

Learn more about how to use appointment scheduling

Power your growth with Proton Calendar

With appointment scheduling, Proton Calendar becomes more than just a way to track your schedule — it’s a way to grow your business or side project. If you’re a professional service provider, letting clients book meetings is a core part of your business model. But even if your business doesn’t run on external meetings, the appointment scheduling tool can help you save time or be more available to your team.

Appointment scheduling is perfect for:

Privacy-first providers like therapists, health clinics, law firms, and financial advisers
Managers or executives looking to save time when setting up meetings
Tutors scheduling time with students or professors hosting office hours
People who work for themselves, like content creators, indie hackers, or marketplace sellers
Anyone with a side project
And many more business professionals…

Securing your meetings isn’t just about protecting your own business, it’s also about protecting the people you do business with. When it comes to fields like healthcare, data protection is even an ethical and legal obligation. Appointment scheduling in Proton Calendar helps you meet those obligations while signaling to your customers that your business takes security seriously.

Explore Proton Workspace

Age checks and child safety: Online age verification systems fail to protect children

Edward Komenda — Wed, 08 Apr 2026 21:03:03 GMT

Online age checks are intended to keep violent, sexually explicit or other age-inappropriate content away from children. But do they?

Under-age social media users are often able to circumvent age restrictions, especially at the account-creation stage, research shows. In other cases, age checks have blocked children from accessing content that was later determined to pose no risk.

When faced with obvious harms, the desire to “do something” is understandable. But we need a higher standard. When it comes to children, we need to do something that works. And age verification as it is currently practiced often falls short of that basic goal.

Age checks are rooted in real concerns

Most parents of adolescents in the United States worry about social media’s effects on mental health, among other issues, according to the US surgeon general. At the same time, parents are concerned about the scope of age checks. In a study by the nonpartisan Center for Democracy & Technology, parents and teenagers voiced concerns about the checks’ effectiveness, data privacy, and user agency.

At their core, age-verification systems aim to prevent young people from accessing harmful or adult-geared content, but many critics have warned that even well-intentioned policies could create risks to free speech and data privacy for all internet users, not just children.

What’s considered harmful depends on whom you ask. Industry regulations, state laws, and national policies can all dictate which content is deemed harmful to young people, but some language is more vague than others.

The United Kingdom’s Online Safety Act, for example, lays out categories of content that children must be shielded from online. They include:

Pornography
Content that encourages, promotes, or provides instructions for:
- Self-harm,
- Eating disorders, or
- Suicide
Bullying
Abusive or hateful content
Content which depicts or encourages serious violence or injury
Content which encourages dangerous stunts and challenges
Content which encourages the ingestion, inhalation or exposure to harmful substances

In Australia, the move to ban social media accounts belonging to people younger than 16 more broadly cites concerns about screen time and mental health.

Whether these measures effectively shield young people from harm is debated.

Content restrictions don’t always get it right

Some researchers have warned that age checks could impede access to medically accurate sexual information and other educational content.

After the U.K. Online Safety Act took effect, the government noted “instances of over-moderation” in which children were blocked from viewing content that didn’t pose a risk.

Even with age-check systems in place, potentially harmful and age-inappropriate content remains accessible to kids. In some cases, childhood deaths have been linked to suicide- and self-harm-related content and risk-taking social media challenges, according to the surgeon general’s advisory.

The same advisory, however, noted that social media can be a source of positive community, connection, self-expression, and important information.

Age-gating access to those corners of the internet stands to disproportionately affect young people who rely on online communities for support and information.

Measures put in place to label content and guard children from age-inappropriate material have also been flawed.

In September, Disney agreed to pay $10 million to settle allegations by the Federal Trade Commission, which accused the company of failing to label its children’s videos on YouTube as “Made for Kids.”

Failing to correctly label the videos meant Disney collected children’s personal information when they watched the unlabeled content and autoplayed “Not Made for Kids” videos when they finished. Children also became targets of online advertisements geared toward older viewers.

Disney didn’t admit any wrongdoing as part of the settlement.

Are age verification systems effective? More research is needed

The effectiveness of age checks remains to be seen.

In the weeks after Australia’s policy took effect, social media companies revoked access to about 4.7 million accounts belonging to children.

Findings from a 2024 study suggest that the widespread global deployment of age verification has resulted in privacy-invasive or ineffective methods.

Research from the U.K.’s independent online safety regulator, the Office of Communications, pointed to some measurable changes in internet behavior, but it’s still too soon to evaluate effectiveness.

The number of visitors to pornography sites in the U.K. declined by one-third since the Online Safety Act took effect in July, the office noted in a December online safety report. The office is assessing how much the decline may have reduced children’s exposure to pornography.

“While it is too soon to assess the long-term impact of these changes, the widespread adoption of age checks means that children of all ages are now less likely to encounter pornography accidentally, which research has shown to be the way most children encounter porn,” the report said.

The office is expected to publish its initial data and analysis on children’s online experiences by May.

What happens after age-verification laws take effect

Edward Komenda — Wed, 08 Apr 2026 16:42:31 GMT

Governments around the world are adopting laws intended to protect young people online. Age verification has emerged as a shared policy response, but in practice it produces very different internets shaped by unique legal, technical, and social conditions.

These case studies show what happens after age-verification laws take effect, focusing on three distinct models: decentralized legal experimentation, direct regulatory enforcement, and platform duty-of-care obligations. Together, they demonstrate how a single policy idea evolves when it moves into the real world.

United States

The US exemplifies how age verification can spread without a national law. State legislation, court challenges, and platform responses have collectively reshaped online access, creating diverse outcomes across the country.

What was proposed

Federal lawmakers tried long ago to age-gate adult content on the internet. The Child Online Protection Act, passed by Congress in 1998, required commercial websites hosting material deemed harmful to minors to restrict access, often through age-verification mechanisms. Courts blocked the law repeatedly on First Amendment grounds, and it was ultimately struck down after years of litigation. The rulings reinforced protections for lawful online speech, including concerns about overbroad restrictions and the impact on anonymous access, shaping how later policymakers approached age-verification proposals.

Beginning in 2022, states began introducing legislation requiring adult-content sites to verify age, with early efforts in Louisiana and Utah helping establish a template that other jurisdictions soon followed. Lawmakers framed these measures as child-protection policies inspired by international proposals.

In lieu of a centralized system, these laws typically made platforms responsible for preventing underage access. Sites could face civil penalties—including fines, private lawsuits, or court-ordered restrictions—if minors accessed restricted content without “reasonable” safeguards in place.

What was implemented

States rolled out age-verification requirements aimed primarily at porn sites and other explicit content.

Texas quickly became the bellwether legal test case. Challenges to Texas HB 1181 moved through federal courts and ultimately reached the US Supreme Court, where justices allowed the law to take effect in the midst of legal challenges. The decision signaled that state-level mandates could proceed without definitive resolution.

That opened the door for other states to advance similar laws alongside ongoing litigation. Because each state set different standards and timelines—and because legal language left a lot of room for interpretation—there was no uniform technical solution, leaving platforms to navigate a rapidly expanding patchwork of regulatory demands.

What changed

Rather than uniformly changing how age is treated and proven online, policy pressure changed the internet itself.

Compliance became a risk calculation for platforms, as they weighed verification costs, liability, and privacy issues. Some—ranging from adult-content sites to social media—chose to restrict or withdraw services in affected states. Access began to depend on geographic location, producing a fragmented online experience.

Proposals and laws have increasingly targeted app stores and other digital intermediaries, shifting responsibility from individual sites to infrastructure providers. This lets policymakers gauge whether age gating can work at the ecosystem level.

Public reaction

Americans are sharply divided. Supporters argue that state laws finally imposed accountability on large platforms after years of failed federal legislation, reflecting a growing view among policymakers that voluntary safeguards are not enough to protect minors online. Critics, including civil-liberties organizations and digital-rights advocates, warn that mandatory age verification chills lawful speech and weakens protections for anonymous expression.

Litigation is the central arena for resolving these tensions, and state attorneys general are the front-line enforcers. As challenges move through the courts, judges continue to grapple with whether mandates constitute permissible regulation or unconstitutional restriction.

As a result, America’s internet is an experiment moving further from legal clarity, even as age verification spreads.

Age verification in the US – litigation model

States enact age-verification laws
Courts determine what survives legal challenge
Platforms adapt to evolving rulings

Focus: Legal viability
Outcome: Policy is shaped by litigation outcomes

United Kingdom

After decades of global debate over online safety for minors, the UK became the first country to enforce modern age assurance on a national scale.

What was proposed

Early UK media regulation, particularly the Communications Act 2003, established content protections for minors in broadcast and on-demand services, but it didn’t address open internet access to pornography.

Under the Digital Economy Act 2017, the original plan was to mandate age checks for access to adult content, requiring age-verification technology specifically. That plan was repeatedly delayed and finally abandoned in 2019 amid privacy concerns and the practical challenges of enforcing rules against services operating outside the UK.

Instead of prescribing how content is gated, the Online Safety Act 2023 regulates outcomes, requiring services to deploy “highly effective” age-assurance measures and demonstrate how effectively they protect minors.

This created a broader safety framework, enforcing platform responsibility through performance standards that extend beyond sites offering adult content.

What was implemented

Implementation fell to UK communications regulator Ofcom. It outlined expectations for platforms, requiring age-assurance systems capable of reliably distinguishing adults from minors, with enforcement backed by investigation and financial penalties.

Ofcom didn’t specify a method. Companies could use identity-document checks, biometric estimation, third-party verification vendors, or alternative approaches—provided they met Ofcom’s effectiveness thresholds. This flexibility led to a rapid, albeit uneven, rollout of age verification.

What changed

The UK’s internet transitioned from an open-access model moderated after the fact to one requiring proof of eligibility to enter certain spaces.

When enforcement timelines arrived in 2025, major platforms began modifying access flows, and users began encountering checkpoints where none had existed before. These age checks were embedded in account creation, browsing activity, and content discovery, and that affected anonymity, friction, and participation online.

For platforms, age assurance became a continuous compliance obligation subject to interpretation, audit, and penalty; and it proved hard to define. Ofcom opened investigations into dozens of porn sites and issued penalties against operators whose age-assurance measures didn’t meet the standard. In this way, acceptable gates evolved through strict enforcement actions.

Public reaction

Public response has been mixed as to whether the system represents overdue protection or risky overreach.

Among the concerns raised by privacy advocates are assertions that mandatory age-assurance normalizes identity checks for lawful activity, expands collection of sensitive data, and threatens anonymity for users who rely on it for freedom to explore and express themselves.

Spikes in VPN use have been reported, suggesting that some UK users prefer workarounds to participation in verification systems. Others question the effectiveness of age gates, including some young users who’ve argued that they limit access without resolving underlying harms. Still others say critics should give these protections time to prove out, framing the law as a necessary adaptation to a changed digital environment.

The UK’s experience shows how age-verification policy alters the internet through cumulative shifts in access, accountability, and user behavior—changes that remain contested.

Age verification in the UK – enforcement model

Parliament sets safety outcomes
Regulator enforces platform compliance
Age verification operates as an access gate

Focus: Access control
Outcome: Users must demonstrate eligibility to enter restricted spaces

Australia

Australia has drawn international attention for its online youth-safety agenda, where age checks emerge from platform duty-of-care obligations instead of a standalone age-verification law.

What was proposed

Australia’s Online Safety Act 2021 built on earlier regulatory frameworks (1992, 2015, and 2018) that relied largely on complaint-based takedowns of harmful content. Policymakers concluded that reactive removals were insufficient and shifted toward requiring large platforms to reduce risks up front.

The Act significantly expanded the authority of the e Safety Commissioner, turning the regulator from a complaint handler into a proactive supervisor of online safety. Rather than prescribing specific verification methods, the law made platforms responsible for preventing foreseeable harms to minors.

This shift laid the groundwork for age assurance by binding platform compliance to the ability to distinguish between adult and underage users.

What was implemented

Implementation centered on regulatory guidance and enforcement powers exercised by the eSafety Commissioner. Platforms were required to show how their services reduced risks to underage users, guided by regulator-approved safety standards and ongoing oversight.

In practice, this meant strengthening moderation systems, activating parental controls, restricting features for younger users and developing mechanisms capable of identifying them. So platforms deployed age-assurance measures such as age estimation, behavioral-detection systems, and layered verification approaches combining multiple signals to assess a user’s age, often trialed through government-supported technology testing programs. Age assurance therefore functioned less as a single checkpoint and more as an ongoing compliance capability embedded in everyday service operation.

In December 2025, Australia extended this duty-of-care strategy through a world-first social media ban for users under 16, explicitly conditioning access to major platforms on the ability to determine a user’s age.

What changed

For platforms, safety obligations became continuous and adaptive. Meeting regulatory expectations increasingly required systems capable of reliably distinguishing minors from adults, turning age assurance from an optional safeguard into a prerequisite for enforcing youth-access restrictions.

For users, changes ranged from stricter defaults and safety features to large-scale deactivation of accounts identified as belonging to underage users.

The result was deeper regulatory influence without universal identity-based age verification, reflecting a research-driven model that evaluates safety outcomes and emerging age-assurance tools instead of defaulting to biometric or document-based checks.

Public reaction

Australia’s approach has generated praise and concern, both inside and outside the country.

Proponents argue that platform design shapes online risk more than individual behavior alone, and that regulating platforms offers governments a more practical point of intervention. Critics believe that expanding safety mandates fails to adequately protect children and offers a quick fix to complex social and political problems.

As debate intensifies over whether enforcement will ultimately require more invasive age checks, this case shows that when governments regulate platform responsibility first, age verification can be a practical consequence.

Age verification in Australia – governance model

Platforms continuously manage risks to minors
Regulator supervises platform safety systems
Age verification operates as one of many embedded compliance tools

Focus: System design and ongoing oversight
Outcome: Platforms must demonstrate their environments are safe for minors

What age verification actually means (and why the term is misleading)

Edward Komenda — Wed, 08 Apr 2026 16:05:22 GMT

The days of the checkbox honor system are ending as efforts to age-gate the internet spread worldwide. The goal of protecting children is widely embraced: Age should be checked for access to certain content or sometimes entire platforms, as young people are exposed to legitimate risks when left to explore and engage without guardrails.

But the methods of checking age—both the existing ways and those forming under intense regulatory pressure—vary significantly in effectiveness and intrusiveness. From one approach to the next, there are stark differences in how much data is collected and who controls it. Regardless of the method, the most consequential moment is the point where age is actually checked. The mechanics of that interaction, and how its outcomes are handled, drive real-world implications for privacy, security, and free expression.

Yet the distinctions are often blurred, stemming from the terminology around age checks. Age gating, age assurance, age estimation, and age verification can get collapsed into a single idea. Understanding why that matters starts with breaking down the language.

Standards versus methods

Age gating and age assurance are standards—policy goals that describe intent and confidence, not mechanism. Age gating tells you that an age-based restriction exists. Age assurance signals that some effort is being made to enforce that restriction. These terms don’t specify how, or how effectively, age is determined.

Age estimation and age verification are methods — technical categories for how age is checked. And the contrast is central to the debate over how age checks should happen online.

Age estimation versus age verification

As lawmakers, courts, tech companies, and advocacy groups address both the complexities and conflicts of age gating, the terms “age estimation” and “age verification” are sometimes treated as interchangeable. That shorthand obscures meaningful differences in accuracy, accountability, and data exposure.

Age estimation

Age estimation, also known as age assurance, is exactly what it sounds like—an inference, not a confirmation. These systems draw on data already available within a platform, such as profile photos, videos, audio, declared information (like a birth date), and account metadata (like how long an account has existed). Using biometric techniques like voice or facial analysis, combined with account history and behavioral patterns, the system generates a probability that someone falls within a given age range.

Because this doesn’t require identity documents, age estimation is often framed as “privacy-preserving.” But data exposure depends on the individual system: Is age estimated once or continually? What signals are used? How secure is the system itself? And if age is misread, what happens?

Inference-based systems are inexact and can be fooled, such that a user’s age may be misclassified in either direction, with access allowed or denied where it shouldn’t be. On the gaming platform Roblox, which rolled out mandatory age checks for access to certain features, young users tricked the system with fake mustaches and other disguises, underscoring the risk of relying on inference alone.

Other concerns have been raised about accuracy and bias, as results depend heavily on image quality, vary from algorithm to algorithm, and are affected by unique intersections of personal attributes, with disproportionate misreads on under-represented groups. Data from Australia’s age-assurance technology trial—tied to a nationwide ban on social media for teenagers—showed that age estimation produced higher error rates for people with darker skin tones and for some demographic groups, including those from Indigenous and Southeast Asian backgrounds.

If eligible users are denied, recourse is limited. They generally aren’t told why, and the default solution is to upload identity documents—the exact thing age estimation is meant to avoid.

Age verification

Age verification aims to confirm age as a fact, using proof from a trusted source. Today, that usually means a government-issued ID like a driver’s license or passport, either uploaded directly to a platform or filtered through a third-party service that verifies age and sends back a yes-or-no result.

The risk of document uploads is intuitive: Scans can be stolen or misused, particularly as age checks spread across more services. What’s easier to miss is that even when documents are deleted from a platform, the outcome of the age check often persists—stored alongside an account or session and linking back to an identifiable user.

Identity-linked systems versus anonymous or token-based claims

Age-verification systems fall into two categories: those that bind age checks to identity and those that try not to.

Identity-linked systems

Identity-linked systems are the dominant model today, employing the familiar ID upload flow. Platforms may not retain copies of documents, but the verification outcome is almost always stored, linking lawful content access to a real person who may not want that association recorded.

Adult-content sites illustrate the conflict. In states where age-verification laws have been enacted, compliance has largely meant identity-linked checks, requiring users to upload IDs through third-party vendors. As a result, industry giant Pornhub pulled out of 23 states, pointing to privacy risks. The company has said it supports age verification “when it is done right,” advocating for device-level age checks rather than site-based age checks.

Similar dynamics appear in app-store ecosystems, with age verification prompted at download, signup, or the account level. When the outcome of that check is tied to an account, it stops being a one-time gate and becomes an attribute, shaping how the platform understands and manages the user. That can include:

Reuse across time and contexts (future logins, enforcement actions, compliance audits)
A reusable verification result can be used long after the original check for enforcement, monitoring, or regulatory review, often without the user’s awareness or renewed consent.
Integration with other account data (access logs, platform activity, moderation records)
When age status is combined with behavioral or moderation data, it becomes part of a broader profile that can influence account treatment and content access in ways unrelated to age alone.

Users typically aren’t told how long their verification status persists, where it is stored, or how it may be reused, leaving them with little ability to contest errors, revoke consent, or gauge long-term implications.

Anonymous or token-based claims

Other age-verification systems attempt to avoid or reduce identity linkage. These approaches rely on credentialed or token-based claims, both of which perform an age check once and then reuse the result to grant access later.

Credentialed claims: Verifiable digital credentials (VDCs) rely on identity checks already performed by trusted institutions (think DMVs and banks), allowing users to confirm age online with a digitally signed cryptographic proof—aka the issuer vouching for the age claim. Most VDCs employ selective disclosure, revealing only what’s necessary to meet an age threshold (e.g., confirming that someone is “over 18”), though more advanced zero-knowledge proofs aim to verify eligibility without sharing any personal data at all.

Both reduce exposure at the point of access. But the privacy and security benefits depend on who issues the credential and how it’s stored, as well as which platforms accept it inside the emerging digital-ID model (which carries its own impacts to privacy and access).

Token-based claims: Tokens are like hand stamps at a concert; short-lived, site-specific proofs that allow repeat access without rechecking age every time.They are typically issued after an initial verification and used internally by a platform to streamline access.While that reduces repeated data exposure within a single service, tokens don’t eliminate identity linkage at the point of issuance and offer users scant visibility into how access is remembered or reused. Users typically can’t examine, limit, or revoke these claims, which turn a one-time access decision into an ongoing state. Tokens are a platform optimization, not a rights-protecting feature.

Whatever the verification pathway, the highest risk sits at the point where age is checked—and system design and implementation make all the difference.

Government-mandated versus platform-run systems

Laws define the obligation to keep young people safe online, but they are carried out by regulators, platforms, vendors, app stores, and OS providers that must interpret vague requirements under real operational pressure.

Whether a law calls for “effective age assurance” or “privacy-preserving age verification,” it rarely specifies exactly how the requirement should be met in terms of:

What data must (or must not) be collected
Whether a government-issued ID is required
Whether age can be inferred or must be verified
Whether identity must be linked to an account
Whether checks happen once or continually
Who stores the data and for how long
Whether third-party verification is allowed
What counts as “effective” or “privacy-preserving”
What recourse users have when systems fail

Such decisions are left to downstream authorities, which is why the same legal language can produce radically different outcomes. These authorities are simply optimizing for different things: Regulators are optimizing for governance, platforms for liability, vendors for marketability, and infrastructure providers for uniformity. Beyond these institutional priorities, the primary concern is not democratic legitimacy or proportionality, but defensibility to show that sufficient steps were taken to prevent underage access. In that environment, ambiguity is seen as risk, and risk is minimized through standardization and overcompliance—or through platforms pulling out of states where compliance raises both ideological and financial concerns.

Social network Bluesky chose to block access entirely in Mississippi rather than comply with a state law that would have forced it to verify age for all users and collect sensitive personal data. The platform said the requirements went beyond child safety goals and would “limit free speech and disproportionately harm smaller platforms.”

The most restrictive option becomes the baseline not because of public input or legislative intent, but because of operational risk management. The consequence is an abstraction of policy that narrows the practical scope of all users’ rights online.

What is ultimately at stake

Advocacy groups warn that age gating threatens a free and open internet. They argue that adults misclassified as minors can be blocked from lawful information. That users unwilling or unable to submit identity documents can be excluded entirely. That communities relying on anonymity for reasons of safety, stigma, or self-exploration may find that essential information and connection now come with conditions they can’t meet. And that exclusion of children from the internet that isn’t “necessary and proportionate” violates their fundamental rights.

While the spirit of these laws is child safety, industry analysts worry that the legal language could be applied to any site offering content with “adult themes,” whether that means information about sexual health, creative image boards, or social forums.

These concerns have crystallized into ongoing legal opposition to age gating at both state and federal levels, despite widespread agreement that the internet should be safer for young users.

Understanding what “age verification” actually means helps clarify the challenges of finding that balance.