Skip to main content
News

Transparency Report 2025: A quarter of all requests from authorities rejected

As a mail provider, mailbox regularly receives requests for information from the authorities. In our Transparency Report 2025, we disclose the nature and scope of these requests for information from the authorities over the past year.

mailbox transparency report

Number of requests for information and most frequent reason for rejection

In 2025, a total of 74 official requests for information were sent to mailbox. As in previous years, the most common reason for rejection remains the unencrypted transmission of the request: "Data protection and information security are a priority for mailbox. We also adhere to the strict requirements of the Federal Network Agency (Bundesnetzagentur) for requests for information from authorities, which stipulate that requests must be encrypted," explains Balint Gyemant, Chief Product Officer at mailbox.

Of the 63 requests sent to mailbox by email, however, 27 were unencrypted. A further six were unlawful for other reasons, and mailbox received five requests by post. "It is encouraging that we received no more enquiries by fax in 2025. This was still the case until 2024, although requests for information by fax have actually been prohibited since 2021," says Balint Gyemant.

Unlawful requests for information are consistently rejected by mailbox. In 2025, unencrypted requests were corrected by the investigating authorities in 15 cases, meaning that we responded to a total of 56 requests. 18 requests were not corrected and were rejected by us due to various deficiencies.

Who submits which requests for information?

The majority of requests for information in 2025 came from German authorities. Only three requests came from authorities in other EU countries and one request from an authority outside the EU. 72 requests for information were made in the context of criminal prosecution, two by intelligence services. Inventory data requests were the most common type of request, with only two relating to the seizure of mailboxes.

mailbox Transparency Report 2025: Rejected requests for information

Data protection developments and geopolitical conditions

We are publishing our transparency report at a time when data protection is under threat of weakening in the EU and worldwide. Twenty-five years ago, the European Data Protection Convention recognised the highest priority of protecting personal data and regulating its cross-border exchange. Today, these achievements are under attack like never before in the last 25 years: Anti-democratic forces and the EU's Digital Omnibus are threatening to weaken data protection. Chat control and data retention are being pushed forward again. In addition, the US CLOUD Act could become a gateway for data access in Europe. We are monitoring these developments closely and critically. Data protection and information security remain our priority.

In a nutshell: requests compared to the previous year

  1. The total number of requests fell again in 2025: by 10.84 % from 83 (2024) to 74.
  2. In 2025, 75.7 % of requests were ultimately submitted correctly – in some cases only at the second attempt. In 2024, the final figure was 69.9 %.
  3. As in the previous year, we received the majority of enquiries by email in 2025, encrypted with PGP.

An overview of the specific figures for 2025

Number of requests to mailbox

Total: 74
of which German authorities: 70
of which foreign EU authorities: 3
of which foreign non-EU authorities: 1

Type of authority

Criminal investigative authorities: 72
Intelligence services: 2
Customs authorities: 0

Type of request

Contact data requests: 72
Inbox confiscations: 2
Traffic data requests: 0
Telecommunications interceptions: 0

The reports from recent years can be found at Transparency reports.

FAQ

How we deal with requests

mailbox follows a standardised process when dealing with requests for information from official authorities. Each request will be comprehensively reviewed and assessed by our data protection officer and a lawyer, and then either processed or rejected accordingly. When a request gets rejected, the submitting authority may correct any errors and then resubmit for another review. Data will only be released by us if a related request is actually lawful and formally correct.

Data that authorities may be interested in
  1. Contact data: This includes the name, address and phone number of the account holder, as well as details about their contract with us.
  2. E-mail data: Access to all e-mails currently held in an account's mailbox.
  3. Traffic data: The IP addresses associated with mail server logins when fetching, reading, or sending e-mails.
  4. Telecommunications interception data: Obtained through the temporary surveillance of all ongoing e-mail communication of an account.

More transparency reports

mailbox transparency report

Transparency Report 2024: 30% of all requests from authorities rejected

Read more about Transparency Report 2024: 30% of all requests from authorities rejected
mailbox transparency report

Transparency Report 2023: 33.8% of all requests unlawful

Read more about Transparency Report 2023: 33.8% of all requests unlawful
mailbox transparency report

Transparency Report 2022

Read more about Transparency Report 2022
mailbox Mail: Übersicht des Posteingangs

At a glance: Overview of all modules

To the overview →
Mann vor Computer löst EVAC telefonisch aus

Business Continuity auf Knopfdruck: Kommunizieren im Notfall

Learn more →
mailbox
Start now ❌︎