It’s not totally clear yet. My role is fully remote, so the info I have is second-hand from memos and word of mouth. The company has apparently been using an automated system to send scary emails to people not badging in (with their manager CCed), but I don’t know what happens if you just ignore those. Memos have made vague threats of implications for performance reviews, but those haven’t happened yet since they announced they would be tracking badge data.
Note that Mullvad no longer allows port forwarding, which can make it harder to torrent effectively