The SREN bill and its threat to the digital liberty
France’s digital safety bill, known as SREN, is a collection of laws proposed to regulate digital space. The bill consists of a number of proposals that aim to reduce the level of cyberattacks, online harassment, scams, and explicit content accessible to children online. Among these proposals was the recently rejected amendment No. 915 concerning the accessibility of VPNs.
The amendment suggested restricting VPN services in France or, more precisely, prohibiting from the app stores VPN-type apps that are not subject to EU and French laws. The reasoning behind this provision was to halt online traffic from areas not bound to EU and French laws and regulations. The officials supporting the amendment argued that this action would help reduce illicit cyber activities and hateful online content in France.
Considering the cross-border nature of the internet and how VPNs operate, it is highly impractical to impose restrictions on VPN services. Putting a harsh control mechanism over VPNs may also pose additional risks to France’s internal cybersecurity, violate the principles of technological neutrality, and become a serious threat to cyber liberty, all of which undermines the Bill’s stated goals.
The risks posed by Article 22 amendment
Though the issues highlighted in the Bill deserve serious attention, restricting VPN usage in France would hardly be the cure to solve them. On the contrary, it would create a more fragmented and less safe cyber environment in France and the EU and take a step towards online censorship. Here’s our take on how this rash and ill-considered restriction over VPNs would affect the public and the digital environment.
Hindering international cooperation and cybersecurity
VPNs are crucial for secure communication over the internet. Restricting VPN services could potentially hinder international cooperation and global data exchange. It would also increase the risk of French citizens being hacked and would make them more exposed to various cyber threats. As a result, restrictions on VPN services would naturally lead to poorer cybersecurity levels in French society.
Infringing the principle of technology neutrality
Amendment No. 915 was targeting VPNs in a discriminatory manner. While it offered to restrict VPN usage, it would’ve allowed other intermediaries, such as ISPs, to continue providing access to networks that are not under the jurisdiction of the EU or France. This selective approach violated the principle of technological neutrality and would’ve set a worrying precedent.
Hindering the EU market
By diverging its national laws, France would fragment the internal digital market of the EU, which supports the principle of non-restrictive internet use. Moreover, taking into account the cross-border nature of the internet, such laws would be impractical and inefficient, and would only create more economic obstacles within the EU.
Infringing the principle of proportionality
By adapting the Digital Services Act (DSA), the EU has already taken a harmonized approach towards the liability regime for mere conduits. Excluding VPNs from app stores would simply take an unjustified step further, with France effectively disregarding European consensus and imposing additional unproportionate restrictions.
Restricting access to the open internet
The ultimate goal of the proposed amendment is to exclude users' access to websites and networks outside of the EU and France’s jurisdiction. However, by limiting and heavily controlling VPNs, French authorities would undermine the right to unrestricted access to information granted to all EU citizens by law. It could also be seen as a step towards censoring the internet.
Impossible to implement in practice
The amendment would put an obligation on app stores and VPN providers to assess which internet networks are subject to French and EU laws. However, it’s almost an impossible task given the millions of domains, networks, and access points spread over the internet, not to mention unestablished limits of national jurisdictions online. Because such measures are practically impossible to implement, the situation they’d create may lead to a complete ban on VPNs for French citizens in the future.
The Bill’s misguided approach to cybersecurity
The EU continues to work towards a safe and trustworthy online environment. However, ineffective and poorly considered restrictions can only provide bogus solutions to problems that deserve serious attention. It’s crucially important for future lawmakers to thoroughly assess both the benefits and the risks involved before proposing new provisions for cybersecurity. Moreover, discussing their ideas with IT experts would help them make more informed and effective decisions. It’s the only way to build impactful laws and regulations that would actually work and bring benefits to online users and cybersecurity.
Online security starts with a click.
Stay safe with the world’s leading VPN