MEGA Transparency Report

MEGA is committed to maintaining industry-leading levels of security and confidentiality of user information and data.

Table of contents
What is transparency?
About Mega
Industry cooperation
Regulatory background
Mega policies
Copyright matters
Counter-notices
Repeat infringers
Illegal content
Identification of illegal content
Signal sharing via Lantern
Accounts closed for other reasons
Appeals
Response to International Law Enforcement Agencies
Legal orders
Other requests for personal information
GDPR
Definition of terms
References
Download Reports
Please select

Period ending 30 June 2025

Report issued on 22 October 2025

What is transparency?

Transparency reports provide public information on compliance programmes and achievements. They demonstrate accountability and play a critical role in building trust with users, suppliers, regulators, employees, investors and the general public.

Mega periodically publishes statistics on takedown requests, subscriber information disclosure and related issues. This is intended to provide transparency to Mega’s operating processes relating to privacy and to statutory compliance. Mega’s report confirms its zero tolerance for illegal activity.

This is the fourteenth transparency report published by Mega since it commenced operations in January 2013. This report contains new data for the six-month period from 1 January 2025 to 30 June 2025.

About Mega

As at 30 June 2025, Mega had over 328 million registered user accounts in more than 215 countries and territories. In total, as at 30 June 2025, Mega’s users had uploaded more than 194 billion distinct files.

In 2013, Mega pioneered user-controlled end-to-end encryption through the web browser. Today, it provides the same zero-knowledge privacy and security across its cloud storage and chat applications, whether accessed via a web browser, mobile app, desktop app or command line tool. Mega The Privacy Company provides Privacy by Design based on the uncompromising use of zero-knowledge user-controlled end-to-end encryption, commonly known as E2EE.

All chat messages and files are fully encrypted on the user’s device before being sent to Mega, using random keys that are encrypted with the user’s password before the encrypted keys, chat messages and files get submitted to and stored on Mega. The password remains on the user’s device and is never sent to Mega, so chats and file contents can’t be read or accessed in any manner by Mega. Files can only be decrypted by the original uploader through a logged-in account or by other parties to whom the account holder has consciously provided the required file/folder keys by way of URL or otherwise.

Mega’s encryption is described in a Whitepaper[1] and is open to independent scrutiny because all client-side source code is published,[2] allowing its correctness and integrity to be verified by researchers.

The privacy provided by Mega is a valued service, necessary for personal, professional, business and government use. It is consistent with the Universal Declaration of Human Rights, Article 12:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence […].
Everyone has the right to the protection of the law against such interference […].

However, Mega has zero tolerance for illegal activity. While fiercely guarding the privacy of legitimate users, Mega will not be a haven for illegal activity.

Mega has developed a range of new products, including MEGA VPN, MEGA Pass, MEGA S4, and other services currently in early development. Throughout the product development cycle, we ensure that all products comply with the same internal policies and compliance requirements. These policies are applied consistently to all users, regardless of which MEGA products they use or subscribe to. All these products are tied to the same MEGA account, and therefore the statistics in this report include all user counts.

Industry cooperation

Mega is an active member of leading industry bodies which seek to promote best practice for compliance activity and to assist with communications between platforms and with regulatory and law enforcement agencies. Mega is a member of:

Mega actively participates in the Lantern programme, managed by the Tech Coalition. Through this program, participating companies can securely and responsibly share signals about accounts and behaviours associated with online child sexual exploitation and abuse (OCSEA), including the storage or distribution of Child Exploitation Material (CEM), also known as Child Sexual Abuse Material (CSAM).

Mega is a member of the Christchurch Call, a community of governments, online service providers, and civil society organisations acting together to eliminate terrorist and violent extremist content online, with underlying commitments to human rights and fundamental freedoms, transparency, collaboration, research, and an effective appeals process. See https://www.christchurchcall.org/the-christchurch-call-commitments/.

Mega is also a strong supporter of the ‘Principles to Counter Online Child Sexual Exploitation and Abuse’ issued in March 2020.[3] The Principles were produced by a working group of officials from New Zealand, Australia, the United Kingdom, the United States and Canada. Mega was one of the technology companies that provided supportive comment on the draft Principles during the consultation process.

Regulatory background

Mega was designed, and is operated, to ensure that it achieves the highest levels of compliance with regulatory requirements.

Mega maintains market-leading processes for dealing with users who upload and share copyright-infringing material or breach any other legal requirements. Mega cannot view or determine the contents of files stored on its system as files are encrypted by users before they reach Mega. However, if a user voluntarily shares a link (with its decryption key) to a folder or file that they have stored on Mega, then anyone with that link can decrypt and view/download the folder/file contents. The same applies to chat links. A member of a group chat with the appropriate access right can create a chat link, allowing anyone with that link to join, view, post and download the materials shared within the group chat.

Mega policies

Mega’s Terms of Service expressly prohibit our users from using our services to infringe copyright or any other intellectual property rights. Copyright holders who become aware of public links to their copyright material can contact Mega to have access to the offending files disabled. Similarly, copyright holders with information indicating that MEGA VPN has been used to access infringing content can provide relevant details to us for actioning.

By complying with applicable copyright laws, Mega is provided with a safe harbour, shielding it from liability for the material that its users upload and share using Mega’s services. Although not technically bound by US or EU law, Mega also complies with the conditions for safe harbour under the US Digital Millennium Copyright Act (DMCA) process and relevant European Union Directives.

Mega does this by allowing any person to submit a notice that their copyright material is being stored and/or shared through the Mega platform or accessed via MEGA VPN without authorisation. When Mega receives such notices, it promptly processes them as detailed below, pursuant to Mega’s Terms of Service agreed to by every registered user. File takedowns continue to target a very small portion of the files stored on Mega, indicating that the vast majority of users appreciate the speed, flexibility and privacy of Mega’s systems for legitimate business and personal use.

The safe harbours in various jurisdictions require material to be removed and links disabled expeditiously. Some cloud storage providers target takedown within 24 hours. Mega targets takedown within 4 hours, with most takedowns being actioned faster.

Illegal content –
Child Exploitation Material, Violent Extremism, Bestiality, Zoophilia, Gore, Malware, Hacked/Stolen Data, Passwords

Mega does not condone, authorise, support or facilitate[4] Child Sexual Exploitation[5] or the storage or sharing of CEM/CSAM, other illegal content or harmful material. Mega has zero tolerance for users who store or share such material. Users, law enforcement, or members of the public can report links to illegal material to [email protected].

Any reports of such content result in immediate deactivation of the folder/file links and closure of the user’s account. We routinely provide details to New Zealand Government Authorities, and other relevant international authorities, for investigation and prosecution.

The illegal content shared by Mega users generally consists of historic still images and videos that were created elsewhere and later uploaded to the platform. It continues to include self-generated imagery, much of which appears to have resulted from online grooming, coercion, or bribery by adults.

Requests for removal of copyright content

Mega’s approach to dealing with requests for the takedown of content uploaded by its users (as well as requests for the disclosure of user information and data) is set out in its Takedown Guidance Policy.

Mega accepts copyright takedown notices via a dedicated web page[6] or by email to [email protected].
Requests are promptly processed without reviewing their validity.[7] Four companies have executed agreements with Mega whereby they can directly enter takedown notices, without requiring further action by Mega staff. These companies are effectively ‘trusted flaggers’ for copyright reports.

The rights holder is able to specify one of three outcomes for file links:

  1. Removal of just a specified link to the file: – the file will remain in the user’s account;
  2. Removal of all links to the file: – the file will remain in the user’s account;
  3. Removal of all links to and all instances of the file/byte sequence: – there is no user permitted to store the identified file under any circumstance worldwide.

Folder links often refer to a large number of files, of which only some may be claimed to be infringing files. If the person requesting the takedown doesn’t provide identification of the infringing file or files within the folder, Mega will disable the reported folder link only as folder contents can change. This means that the folder and its files will remain accessible in the user’s account. This would be the same as option (1) above in respect of file link takedown requests.

The number of unique takedown requests submitted represents a very small percentage of the total number of files stored on Mega.

 Year QuarterCopyright takedown requestsLinks taken down
/ Total files		Total files (Billion)
2022Q11,187,6460.0010%117.6
Q2262,8880.0002%122.7
Q3276,9010.0002%127.9
Q4377,5740.0003%132.9
2023Q1342,6680.0002%138.2
Q2435,0860.0003%144.0
Q3430,6740.0003%149.9
Q4402,4140.0003%155.6
2024Q1846,4630.0003%161.6
Q2561,7720.0003%167.5
Q3577,4700.0003%173.7
Q4311,0930.0002%180.6
2025Q11,072,4460.0006%187.4
Q2729,9110.0004%194.1
Table 1 – Copyright takedowns

Counter-notices

Mega receives counter-notices from some users who dispute the validity of a copyright takedown. These counter-notices are processed in accordance with safe harbour requirements, whereby the link will be reinstated unless the complainant gives notice of legal proceedings. Unfortunately, some content owners and agents trawl the Internet using robots which generate incorrect notices on behalf of copyright owners, and some fail to review the specific link content or to determine whether it is actually a live link.

There are also cases where some parties deliberately issue false copyright takedown notices, for commercial competition or other reasons.