Yes, it's the next step and an evolution because it is far more of a trust less approach. With VPNs you need to trust your provider. If they "give you up" then you're well and truly fucked. For I2P there is no way for a malicious node operators to parse out who is doing what. And the source code you can vet yourself so no need to trust it. Still if you have actors working together in the nodes, the torrent provider and at the ISP level then you can most certainly find a way to break the layer of secrecy. The barrier is however vast and so far police haven't spent that much effort on piracy because it isn't a serious crime in the eyes of the law. And I don't foresee that they will for many years.

It's also far more accessible than say Usenet and VPN+private trackers. Which is a very good thing for privacy in general.