If everyone keeps on as if this law doesn’t exist, they’ll struggle to enforce it. Don’t cave; make the law unworkable. And if you use a VPN, choose one from a company based overseas.

I think you’d be foolish not to do so. Make sure that you also abandon any software that collapses to UK legal pressure.

I thought the legal bits were for those running the services, not those using them?

The TLDR is that when E2EE that allows the government to monitor its contents without giving up encryption for everyone else becomes technically possible, those running the services must assist the government in doing so.

I’m not based in the UK, so I can’t speak to your specific legal risk, so always do what’s best for your safety.

But if able, I would encourage you to continue to use your VPN until you can no longer do so. Support end to an encryption wherever you can, there’s a huge difference between the law as written, and the law as enforced. Normalize encryption as much as you can.

If encryption is illegal locally, probably won’t be able to pay for VPNs using standard payment methods in the future, so start using a VPN that supports anonymous payments now. Like Mullvad, airvpn etc.

Privacy is a human right

Yes, it is still OK to use those services. The law is aimed at the messaging/social media businesses, not individuals, and is vague enough that they won’t have to do anything around their E2EE until there is viable technology available to square the circle of allowing for the checking of illegal abuse content while not functionally destroying E2EE. So potentially never.