- Proton has announced its successful completion of a SOC2 Type II audit
- The rigorous audit verifies the proper implementation of security controls
- It’s further proof that Proton can help businesses meet compliance
Proton AG has announced its completion of another independent audit, further demonstrating the seriousness with which it takes data security and user privacy.
Completed in July 2025, it’s the first time that the provider behind Proton’s privacy tools, which include one of the best VPN and encrypted email services on the market, has achieved the SOC2 Type II attestation. This, however, adds to the growing number of third-party audits the Swiss company has undergone.
The external audit, conducted by Schellman, included interviews and document checks to determine that Proton’s internal security controls are implemented correctly.
What is the SOC2 Type II and why does it matter?
SOC2 Type II is a recognized compliance standard that evaluates how a company handles customer data.
More than checking that a company has specific security controls in place, it assesses their effectiveness over an extended period of time, typically several months.
The independent third-party audit was conducted by Schellman, an auditing firm that specializes in attestation and certification services.
Proton has completed a SOC 2 Type II attestation.It adds to our ISO 27001 certification and compliance with GDPR and the Swiss DPA.What does that mean, and why should you care?Let’s break it down 👇🧵1/6July 22, 2025
Completing the SOC2 Type II audit demonstrates that Proton not only has strong security measures in place, but consistently follows them.
“Proton’s SOC 2 Type II attestation proves that our security isn’t just technical – it’s operational,” said Head of Security at Proton, Patricia Egger, in a statement on Proton’s website.
The news signals to businesses that Proton has strong internal controls for data security. It also helps them meet their own compliance requirements, such as GDPR, and trust that sensitive data is handled responsibly.
A growing body of evidence of Proton’s security
An increasing number of technology companies are submitting their systems to independent audits to provide transparency and foster trust.
With the SOC2 Type II audit, Proton has gone a step further than most. It joins Nord Security, the company behind NordVPN, whose NordPass and NordLayer products have passed the same audit.
Proton’s latest audit adds to a growing body of evidence of its commitment to data security and the privacy of its users. It follows Proton receiving its ISO 27001 certification in May 2024, an international standard for managing information security.
Proton VPN also had its no-logs policy independently audited by Securitum in July 2024. Independent audits of no-logs policies are more commonplace, with the likes of Surfshark and ExpressVPN both recently having their no-logging claims verified, too.
