"Protecting children online is a parental responsibility, not a regulatory one" — the VPN industry reacts to Government VPN spending amid discussions on restricting child VPN use

We recently uncovered that the UK Government is spending millions on VPNs despite ongoing discussions around VPN bans for children.

While much of that spending relates to corporate VPNs – used mostly to allow access to internal intranets and secure resources while working from home – many instances relate to consumer VPNs too.

VPNs focus mainly on privacy. They hide internet traffic data from internet service providers and snoopers alike. But their use has now been associated with getting around geo-restricted content blocks, including material that has now been age-restricted within the UK.

This week, I contacted some of companies behind the best VPNs to see just how big an impact the UK Government's attitude could have on the industry, and what needs to be rectified.

As Yegor Sak, Co-founder and CEO of Windscribe, put it:

“The core contradiction your research highlights is hard to ignore. The UK government spends millions on VPN technology to protect its own data while exploring policies that would restrict the same technology for everyone else."

The comparison problem

"It’s encouraging to see the Government and regulators like Ofsted and Ofcom endorsing the use of VPNs," began David Peterson, General Manager of Proton VPN.

"Their investment highlights the role of VPNs as essential cybersecurity and privacy tools."

But, as was highlighted by Pete Membrey, Chief Research Officer at ExpressVPN, "Consumer VPNs use the same underlying technology [as corporate VPNs] for the same purpose."

"If VPNs are trusted to protect government systems and sensitive data, it is difficult to justify denying individuals access to the same protection."

So why limit the availability of these tools for consumers if they're trusted at the highest levels?

As Membrey notes, "secure network access is not a special entitlement reserved for institutions."

The Government's biggest problem

The Government's primary concern remains circumventing age verification. But, as Windscribe's Sak put it, "kids are resourceful" and "will find workarounds for any technical restriction".

VPN adoption rose in the wake of the arrival of UK age verification measures. Proton VPN recorded spikes of over 1400%, while several untrustworthy free VPNs also shot to the top of app stores.

These untrustworthy providers are notoriously capable of slipping through nets intended to catch them. They’re often circulated via social media links on forums, without any formal verification of their safety.

As Sak suggests, if VPN restrictions do come into place, it’s more than likely that children would remain exposed to them. However, instead of being directed towards trustworthy solutions, they’d directed to more harmful products, with safer VPNs of better repute adhere to the new regulations.

This problem would also expand beyond children. As Proton's David Peterson explains:

“Restricting reputable VPN providers could backfire, pushing privacy-conscious users toward less transparent alternatives, some linked to authoritarian regimes which are known to exploit user and corporate data through intrusive surveillance."

In our research, it became clear that despite the corporate solutions available, many top individuals, including Labour MPs, were using consumer VPNs instead.

These same solutions are those that would be restricted for children should the discussions be successful.

VPNs would be required to break their no-logs policies to identify and separate user activity and ID, a move no provider would support. This would also compromise the security capabilities these tools are built to achieve.

The VPN industry's response

Fixing the problem may require different means outside of restrictions because, as Sak notes, “children face real threats online that VPNs actively protect against.”

Removing VPN protection leaves huge potential for children to be exposed to tracking, data harvesting, and malicious content — all of which could have huge ramifications on their wellbeing.

“The government's energy would be better spent helping parents understand and use the tools already available to them” Sak continued.

"Protecting children is a parental responsibility, not a regulatory one."

According to Sak, solutions being considered, such as locking VPNs behind age checks, would have an inverse effect — “asking privacy tools to become surveillance tools”.

For the moment, there’s little more that VPNs themselves can do to tackle these issues. Providers such as NordVPN and ExpressVPN have introduced parental control functionalities to offer secure limitations for families.

The technology is also yet to exist to allow for safe age verification within VPNs themselves, and, even if it were, Membrey notes, “Limiting access does not remove risk - it shifts it onto users, leaving them more exposed online without addressing the underlying harms.”