Developing Story
Microsoft – VeraCrypt Account Termination Conflict
Microsoft abruptly terminated VeraCrypt's developer account, blocking the widely used open-source encryption tool from distributing signed Windows updates. The incident highlights platform gatekeeping risks for critical security infrastructure and raises potential competition law and security liability questions.
Importance: 72%Confidence: 80%Mentions: 1Updated: April 9, 2026
## Microsoft – VeraCrypt Account Termination Conflict
**Parties:** Microsoft Corporation; VeraCrypt (open-source encryption project)
**Issue:** Microsoft abruptly terminated VeraCrypt's developer/publisher account, blocking Windows code-signing and update distribution
**Reported:** April 2026
### What Happened
Microsoft terminated VeraCrypt's account without adequate notice, preventing the project from signing new Windows-compatible builds. Because Windows increasingly requires signed drivers and executables, unsigned VeraCrypt updates cannot be distributed through standard channels or installed on default Windows configurations. This effectively halts the project's ability to ship security updates to its user base.
### Why This Matters
**VeraCrypt** is a widely used, open-source disk encryption tool that succeeded TrueCrypt after that project's controversial 2014 discontinuation. It is used by journalists, activists, lawyers, enterprises, and government contractors for full-disk and container encryption. Its user base includes high-security environments where software supply chain integrity is paramount.
### Strategic and Legal Dimensions
**Platform power and essential facilities:**
Microsoft's code-signing requirement for Windows creates a gatekeeping function. Terminating a security tool's signing account without due process raises questions about:
- Abuse of dominant platform position (relevant to ongoing EU Digital Markets Act enforcement)
- Whether Microsoft's WHCP (Windows Hardware Compatibility Program) terms provide adequate procedural protections
**Security implications:**
Forcing users to run outdated encryption software — or switch to alternatives — during a period of account dispute creates genuine security exposure. This may constitute actionable harm if breaches result.
**Open-source project vulnerability:**
Unlike commercial vendors, open-source projects often lack legal resources to contest platform decisions. This case illustrates systemic dependency risk for critical security infrastructure maintained by volunteer communities.
### Comparable Situations
- Apple's removal of apps from the App Store without adequate appeal processes
- Google Play's suspension of developer accounts affecting security tools
### Watch For
- Whether Microsoft restores the account or provides explanation
- EU DMA or national competition authority interest given security software context
- VeraCrypt forks or migration to alternative signing/distribution methods
- Legislative interest: US right-to-compute or platform accountability proposals