Good news for VPN users in the UK
Key Points
- The Government has rejected a Foreign Affairs Committee recommendation to require social media companies to disclose user location and VPN use under the Online Safety Act.
- The Committee wanted platforms to publish where an account was created, where it is based, and whether it connected via a VPN, plus an opt-out for users facing transnational repression.
- The Government marked the recommendation "Disagree", saying there are legitimate reasons to use VPNs and that VPN use does not automatically indicate malicious activity.
- It said the Online Safety Act already requires platforms to tackle illegal content and behaviours linked to transnational repression, and that any intervention must be proportionate and evidence-based.
- Committee Chair Dame Emily Thornberry MP said Government and Parliament agree disinformation is a serious threat but do not agree on what to do or how urgently.
The Government has rejected a recommendation from the Foreign Affairs Committee that would have required social media companies to disclose where users are based and whether they are connecting through a virtual private network (VPN).
The recommendation was set out in the Committee’s report “Disinformation diplomacy: How malign actors are seeking to undermine democracy”, published on 27 March 2026. The Government’s response was published on 8 June 2026.
The Committee had called for the Online Safety Act to be amended to oblige social media companies to provide transparency of user location.
This would have included publicly available information on the region an account was created in, the region an account is based in, and whether the connection to the platform was made via a VPN.
The Committee also recommended that platforms be obliged to provide an opt-out function to safeguard users under the threat of transnational repression.
In its response, the Government marked the recommendation as “Disagree”.
The Government said the Online Safety Act provides one of the strongest online safety frameworks in the world, placing duties on platforms to tackle illegal content, including electoral offences, harassment and abuse, and related harms, including where content is AI-generated.
On VPNs, the Government said there are legitimate reasons for people to use them, including protecting their privacy and keeping personal data secure.
It stated that the use of a VPN does not automatically indicate malicious activity, and that the lack of a VPN connection does not guarantee confidence in an account’s declared location.
The Government said it continues to monitor the use of VPNs in relation to the effectiveness of the Online Safety Act and will consider other options if necessary, adding that any intervention must be proportionate and evidence-based.
On transnational repression, the Government said it recognises and is concerned about the threat online, but is confident the Online Safety Act strikes the right balance in requiring platforms to mitigate behaviours commonly associated with it.
These include threats to kill, harassment and stalking, controlling or coercive behaviour, and threatening or false communications. The Government said it would continue to keep the Online Safety Act under review to ensure it is fit for purpose.
The rejection was one of several positions set out in the Government’s response. The Government disagreed with two of the Committee’s recommendations and partially agreed with a number of others, including a call to establish a statutory National Counter Disinformation Centre, which it said it would consider alongside the conclusions of the Rycroft Review.
Chair of the Foreign Affairs Committee, Dame Emily Thornberry MP, said the response showed that Government and Parliament agree disinformation is a serious threat to democracy, but said: “What we don’t seem to agree on is what to do, or how urgently to do it.”
