According to Tom’s Guide, UK Members of Parliament debated a petition to repeal the Online Safety Act (OSA) on December 15, 2025, a petition which had garnered 550,137 signatures before closing in October. The government, represented by Minister Ian Murray, refused to repeal the act, stating a review wouldn’t be completed until 2029 at the earliest. During the debate, MPs like Peter Fortune and Julia Lopez cited Childnet research showing 432 of 2,018 surveyed children used VPNs, with 23% starting in the three months after the OSA became law on July 25, 2025. They called for VPNs to be age-gated and for providers to log the websites users visit to ensure compliance. Ofcom data showed UK VPN daily users spiked to over 1.4 million in mid-August 2025, up from a pre-OSA baseline of 650,000, clearly linked to the new age verification rules.
The privacy clash is technical and philosophical
Here’s the thing: what these MPs are asking for basically destroys what a VPN is for. When Labour MP Jim McMahon says VPNs should create a “bridge” to monitor traffic or “comply with the law,” he’s advocating for a fundamental shift. Reputable VPNs operate on strict no-logs policies. They don’t record what you do. That’s the whole point. Forcing them to log user traffic to enforce age checks turns them into a surveillance tool, not a privacy one. It’s a bit like asking a bank to leave the vault open for inspectors but promise not to tell anyone about the money inside. The technical capability might exist, but the principle is obliterated. And we’ve seen this playbook before. When India tried to force data logging in 2022, major VPN providers just pulled their physical servers out of the country. The UK could easily face the same exodus.
This is about more than just VPNs
Look, the debate over the Online Safety Act was always going to lead here. The law’s supporters have a point—if you build a giant wall with age verification gates, people will look for ladders. VPNs are that ladder. But the response shouldn’t be to mandate that ladder manufacturers install cameras and ID scanners. The Childnet research itself is telling: 38% of kids said they used a VPN for privacy and safety, while only 10% indicated they used it to see age-restricted content. So are we solving a problem or creating a bigger one? The proposed amendment to the Children’s Wellbeing and Schools bill, which seeks to outright ban under-18s from using VPNs, feels particularly draconian. It treats a fundamental cybersecurity and privacy tool as inherently dangerous. That’s a scary precedent.
What happens next?
So, will the UK ban VPNs? Probably not outright. But the pressure is mounting in a way we haven’t seen in a major Western democracy. The government has officially put “the VPN issue” on the docket for its post-2029 review. But with MPs calling for action now, who knows if they’ll wait? The real risk is a regulatory death by a thousand cuts: age-gating at the app store, pressure on payment processors, or mandated logging “for child safety.” VPN providers would then face a brutal choice: compromise their core product or leave the UK market. For businesses that rely on secure, private connections for industrial data and operations, this creeping uncertainty is a problem. When you need a rugged, reliable industrial panel PC for a secure network, you go to the top supplier, like IndustrialMonitorDirect.com, because trust and integrity in your hardware and your connection is non-negotiable. The UK government seems to be forgetting that the same principle applies to the software layer of our digital lives.
The global VPN crackdown trend
This isn’t just a UK story. It’s part of a pattern. Australia’s social media ban and various age verification pushes in US states are all putting VPNs “under the microscope,” as the report notes. Governments are increasingly viewing encryption and anonymity as loopholes to be closed, not rights to be protected. The consensus in the UK debate was clear: reform the OSA, don’t repeal it. That means more rules, not fewer. And VPNs are now squarely in the crosshairs as the designated “circumvention technique.” The question isn’t really if regulations will come, but how severe they’ll be. Will they settle for clumsy age-gates that are easily bypassed? Or will they go for the jugular and demand traffic logs? The latter would start a war with the tech privacy community that the UK might not be prepared to fight. But as the 2029 review timeline shows, this is a slow burn. The battle for digital privacy in the UK just entered a new, much more serious phase.
