VPN Jurisdiction and the 14 Eyes
Where a VPN company is legally incorporated determines which government's laws it must comply with - Including demands to hand over user data. Intelligence-sharing alliances like the 5 Eyes, 9 Eyes, and 14 Eyes extend this reach across national borders.
The Intelligence-Sharing Alliances
| Alliance | Member Countries | Risk for VPN Users |
|---|---|---|
| 5 Eyes | USA, UK, Canada, Australia, New Zealand | Highest - Most comprehensive SIGINT sharing; legal compulsion orders common |
| 9 Eyes | 5 Eyes + France, Denmark, Netherlands, Norway | High - Extended sharing agreements |
| 14 Eyes | 9 Eyes + Germany, Belgium, Italy, Sweden, Spain | Elevated - Broader cooperation, varies by country |
| Outside alliances | Panama, BVI, Switzerland, Romania, Seychelles, Iceland | Lower - No treaty obligation to share; still subject to mutual legal assistance requests |
Jurisdiction of Popular VPN Providers
| Provider | Jurisdiction | Alliance | Notable Legal Events |
|---|---|---|---|
| NordVPN | Panama | Outside | Server seized in Finland (2018) - No logs recovered |
| ExpressVPN | British Virgin Islands | Outside | Turkish authorities sought data (2017) - Nothing recoverable |
| Mullvad | Sweden | 14 Eyes | Office raided (2023) - Police left empty-handed; no logs existed |
| ProtonVPN | Switzerland | Outside | MLAT requests received; Switzerland requires court order |
| Surfshark | Netherlands | 9 Eyes | No reported incidents |
| Private Internet Access | United States | 5 Eyes | Subpoenaed twice - Logs confirmed non-existent in court |
| CyberGhost | Romania | Outside | No reported government data requests fulfilled |
| IPVanish | United States | 5 Eyes | Handed user logs to DHS in 2016 under previous ownership |
Does Jurisdiction Really Matter?
Jurisdiction matters, but it is not the only factor. A provider in Panama with terrible operational security is more dangerous than one in a 14 Eyes country with a fully audited, technically enforced no-logs policy. Consider both:
- Legal jurisdiction - What laws apply and what courts can compel
- Technical implementation - Does the infrastructure make logging impossible, not just disallowed?
- Independent audit - Has a third party verified the no-logs claim?
- Ownership - Is the company owned by a larger group with entities in 5 Eyes countries?
For logging policy details, see VPN Logging Policies Explained. For the full comparison, see VPN Comparison 2026.
How We Evaluate VPNs
Every recommendation in our VPN guides is weighed against the same five criteria:
- No-logs policy and audits - We prioritise providers whose no-logs claims have been verified by independent auditing firms, and we note real-world events (subpoenas, server seizures) that tested those claims.
- Leak-test results - A VPN must not expose your real IP, DNS servers, or WebRTC addresses. You can run the same checks we use with our free VPN Leak Test.
- Speed impact - We favour providers supporting modern protocols (WireGuard, or equivalents like NordLynx and Lightway) that keep overhead low.
- Jurisdiction - Where a provider is incorporated determines which governments can compel it to hand over data.
- Price transparency - Clear renewal pricing and honest refund terms. We avoid quoting specific prices in guides because promotions change frequently - Always check current pricing on the provider's site.
Our assessments are based on published third-party audits, vendor documentation, and our own leak-testing tooling - We do not have insider access to any provider's infrastructure. These pages are reviewed periodically and updated when audits, ownership, or features change.
Once you have picked a provider, two practical checks matter more than any review: if your connection fails, see how to fix a VPN that won't connect; and to confirm you are actually protected, learn how to test if your VPN is working.
ⓘ Affiliate disclosure: Some links to VPN providers in these guides are affiliate links - We may earn a commission at no extra cost to you. This never affects rankings or evaluations.
Last updated: June 2026