For decades, “Switzerland” has been the shorthand for secrecy—banking, bunkers, and now privacy tech. In this video, I break down an exclusive clarification Proton gave me: they’re not packing up their Geneva HQ, but they are moving most of their physical server infrastructure out of Switzerland. That’s not a rumor-level “maybe”—it’s a targeted operational shift driven by legal uncertainty around a proposed Swiss surveillance ordinance (OSCPT/OCPT) that would dramatically expand what counts as a regulated “communication provider.” I explain what the ordinance could mean in practice: mandatory user identification for services over ~5,000 users, potential six-month retention requirements, and heavier real-time compliance obligations for larger providers—exactly the kind of framework that turns a “privacy haven” into a surveillance environment. I also dig into why Proton’s new AI product, Lumo, is the first to move (AI infrastructure is expensive, heavy, and risky to anchor in a jurisdiction that might later demand interception or identification). The big takeaway: strong encryption protects content, but laws can still force metadata logging and identity verification. Proton’s move is less about “saving encryption” and more about preserving the ability to legally keep no-logs/no-identification promises. The map of “safe jurisdictions” is shifting fast—and Switzerland may no longer be the default answer.