I picked up Hogwarts Legacy when Epic Games gave it away for free in 2025. Free. As in, zero dollars. And honestly? My first thought wasn’t excitement. It was: did they strip the DRM?
It’s a reasonable question. When a studio gives away a game outright, removing Denuvo, the controversial anti-tamper software that’s long been a headache for PC players, seems like a logical step. Why would they bother protecting something they’re handing out? I checked the Epic store page. Nothing mentioned Denuvo. No disclosure. No asterisk. Just the game, offered freely, with a clean-looking product page.
So I grabbed it.
The Silence That Misleads
Here’s what I didn’t know until I played the game months later: Hogwarts Legacy on the Epic Games Store still includes Denuvo. It has the same DRM as the Steam version. The Epic page doesn’t tell you that. This is not a mistake. Epic, by design, has no standard field for disclosing third-party DRM.
Steam has one. It’s right there on the store page; a dedicated “3rd-party DRM” line. You see it, you know, you decide. Epic hasn’t built an equivalent. Publishers aren’t required to label it. You can install a DRM-protected game and have no idea until you start hitting unexplained performance issues or do a deep dive into forums at midnight.
This isn’t a minor UX oversight. It’s a structural choice that transfers the burden of research entirely onto the consumer. Most people won’t dig through EULAs or Reddit threads before claiming a free game. Epic knows this.
“But Epic Is DRM-Free”
I know what some of you are thinking, because I thought it too. I’ve seen Epic staff quoted saying the platform is “DRM-free.” I clung to that for a while. It sounds reassuring.
Here’s the catch, and it took real digging to untangle: those statements mean Epic doesn’t force developers to use DRM. They won’t require it as a platform condition. That’s genuinely different from Steam, which mandates Steamworks integration.
That policy, which sounds pro-consumer, actually creates a transparency vacuum. Because Epic won’t mandate DRM, they also apparently feel no obligation to disclose it. The result is a platform where you can’t assume games are DRM-free and you can’t verify they aren’t from the store page alone. You’re in a strange middle ground. One that sounds like freedom but functions more like ambiguity.
What It Actually Means When DRM Is “Baked In”
For those playing on Linux through Heroic or similar launchers, here’s the part that really matters. Denuvo isn’t sitting in a tidy, labeled folder you can inspect. It’s woven into the game’s executable and DLL files inside your Wine prefix. It runs as user-space code, meaning it’s not installing kernel-level drivers the way some Windows anti-cheat software does. That’s something.
It still runs with the same permissions as any program you execute under your user account. It can read files, make network connections, and dip into your home directory. Not a rootkit. Not nothing, either.
The lack of disclosure doesn’t just affect your feelings. It affects your ability to make practical security decisions. If I’d known Denuvo was present, I would have set up a sandboxed user account, isolated my home directory, kept my SSH keys and browser profiles out of reach. Standard harm-reduction stuff for software you’re choosing to trust with some skepticism. I didn’t do any of that. Because I didn’t know I needed to.
I want to be very clear: I did read the small print. They mentioned third parties in their terms of service but not Denuvo. My experience: there wasn’t a pop-up like Easy Anti-Cheat to let you know it was there. Since this is not Warner Bros. or Epic Games software, the consumer should be able to read the terms of service for Denuvo (or any third party software). What else is being put on our computers that they refuse to inform us about?
Informed Consent Shouldn’t Be a Research Project
I’m not saying Hogwarts Legacy is malware. Nor am I saying that companies shouldn’t protect their software. What I’m saying is simpler and, I think, harder to dismiss: a consumer has the right to know what third-party software is being installed on their machine. It’s a basic expectation of honesty.
When you buy food, ingredients are listed. When you sign a contract, third-party clauses are disclosed. When a store gives you something for free, you still deserve to know what comes with it. Hogwarts Legacy is a single-player game. I was playing it offline. The DRM wasn’t protecting anything in those sessions. It was just there, undisclosed, quietly doing whatever it does.
Epic has the infrastructure to add a DRM disclosure field. GOG has built an entire brand identity around DRM-free guarantees. Steam, for all its faults, at least tells you. Epic’s silence is a policy gap that benefits publishers at the expense of players.
Why This Resonates Beyond One Game
This isn’t really about Hogwarts Legacy or Denuvo specifically. It’s about something older and more familiar: the feeling of discovering, after the fact, that you agreed to something you didn’t understand. That the terms were always there, buried or absent, and the assumption was that you either wouldn’t look or wouldn’t care.
Most of us have felt that.
- A contract with fine print.
- A product that changed after you bought it.
- A service that quietly updated its data practices.
The specifics vary. The feeling doesn’t.
When a platform chooses not to disclose something, even when disclosure is easy and precedent exists, it’s making a statement about how much it respects your agency.
They don’t.
