Privacy 9 min read

The Five Eyes intelligence alliance is an agreement between the UK, USA, Canada, Australia, and New Zealand to share surveillance intelligence. For privacy-conscious internet users, the jurisdiction in which a VPN provider is based matters significantly.

What Is the Five Eyes Alliance?

Originally formed after World War II as the UKUSA Agreement, the Five Eyes alliance allows member countries to share signals intelligence (SIGINT) with each other. In practice, this means that if a government in one country obtains data about your internet activity, it can share that data with the other four countries.

The alliance has since expanded. Fourteen Eyes includes Germany, France, Denmark, Spain, Italy, the Netherlands, Belgium, Sweden, and Norway in addition to the Five Eyes countries.

Why VPN Jurisdiction Matters

A VPN provider based in a Five Eyes country is potentially subject to:

  • Government data requests
  • Gag orders preventing disclosure of such requests
  • Data sharing with other alliance members

A VPN based outside these jurisdictions has fewer legal obligations to comply with intelligence requests from Five Eyes countries.

Where Are the Top VPNs Based?

Outside Five/Fourteen Eyes (generally considered more privacy-friendly):

  • NordVPN — Panama
  • ExpressVPN — British Virgin Islands (technically UK territory but separate legal system)
  • Surfshark — Netherlands (14 Eyes, but strong EU data protection)
  • ProtonVPN — Switzerland (outside both alliances)

Does Jurisdiction Really Matter?

Here is the honest answer: for most users, jurisdiction matters less than the VPN’s actual logging practices. A VPN with a verified no-logs policy cannot hand over data it does not have, regardless of jurisdiction.

Courts have tested this multiple times. NordVPN was subpoenaed after a server seizure in Finland — because they had no logs, no user data was obtained. Private Internet Access has similarly defended their no-logs policy in US courts.

Practical Recommendations

For maximum privacy:

  1. Choose a VPN with an independently audited no-logs policy
  2. Consider jurisdiction as a secondary factor
  3. Look for providers who have demonstrated their no-logs policy through legal challenges

Compare VPN privacy features to find the most privacy-respecting option for UK users.