A reasonable point about the discussion, but I doubt it is a meaningful one. The intention of these international agreements is that they circumvent the laws by moving data out of jurisdiction and have someone else do the surveillance, right? I have to assume that the EU is doing metadata analysis. All the talking is just about bringing it in house.

On another topic, I don't know how mullvad intends to avoid compliance.

"If VPNs are included, and if Going Dark becomes law, we will never spy on our customers no matter what."

Saying "we can't give you logs because we don't have them" just means that they need to start logging or gtfo of the EU.

They'll probably take it to court in the regions within the EU where this would be illegal, for example Germany. This is kind of what I meant by this law would be ignored/repealed as it goes against member nations own laws. I would expect there would be a lot of civic push back too. This law hasn't passed before, I'm not confident it will pass this time either. The real issue here is that the EU is not good at handling band faith actors - the same law in different wrapping should not be allowed to persist.