Executive Vice-President Henna Virkkunen has ruled out any EU-wide ban, restriction, age limit or mandatory identification requirement for virtual private network (VPN) services, in a written answer to a parliamentary question from Swedish MEP Dick Erixon (ECR) on 29 June 2026. The clarification comes amid concerns that the Commission's push for online age verification could lead to restrictions on VPNs, which are widely used by businesses, journalists and citizens for cybersecurity and privacy. Virkkunen reaffirmed the Commission's commitment to a rights-based approach that balances child protection with fundamental freedoms, including freedom of expression and communication.
The answer responds to Erixon's question of 13 May 2026, which cited a Commission press conference on 29 April 2026 where Virkkunen had stated that the Commission would look at preventing circumvention of age verification tools, particularly for high-risk services. Erixon had asked whether an EU-wide ban on VPNs was being discussed, what legal basis would apply, and what safeguards would protect freedom of communication. Virkkunen's reply explicitly denies any such measures are under preparation, noting that the Commission's work on protecting minors is grounded in the Digital Services Act and targeted policies for a safer digital environment.
Virkkunen emphasised the need for effective, privacy-preserving age verification to prevent minors from accessing harmful content, especially on pornographic platforms where self-declaration systems have proven insufficient. She pointed to the Commission's EU-wide age verification system, designed to protect children while upholding data protection and privacy. The answer signals that the Commission will pursue technological solutions rather than broad restrictions on VPN services, which could have significant implications for cybersecurity and freedom of communication across the EU.