What is the Five Eyes Alliance (and Why It Matters for VPNs)?
The Five Eyes Alliance is an intelligence-sharing agreement between the US, UK, Canada, Australia, and New Zealand that allows member nations to collect and share surveillance data on each other's citizens — a key consideration when choosing a VPN's country of jurisdiction.
The Five Eyes Alliance is a multilateral signals intelligence (SIGINT) sharing agreement between five English-speaking democracies: the United States, United Kingdom, Canada, Australia, and New Zealand. Under this agreement, member nations collect surveillance data on each other's citizens and share it — functioning as a legal workaround to domestic restrictions on governments spying on their own people.
For VPN users, the Five Eyes matter because a VPN provider headquartered or operating servers in a Five Eyes country can be compelled by law to hand over data — and due to gag orders, may not be able to disclose that they did so.
The Alliance Tiers
The surveillance sharing network has expanded over the decades:
- Five Eyes — US, UK, Canada, Australia, New Zealand
- Nine Eyes — Adds Denmark, France, Netherlands, Norway
- 14 Eyes — Adds Germany, Belgium, Italy, Spain, Sweden
Each expansion adds more legal frameworks for data sharing. For VPN purposes, especially for high-risk users, being outside the 14 Eyes is generally considered more favorable.
What This Means for VPNs
A VPN's jurisdiction — where it's legally incorporated — determines which government can serve it with legal demands. A VPN based in the US (Five Eyes) is subject to National Security Letters, FISA court orders, and gag orders. A VPN based in Switzerland or Panama operates under entirely different legal frameworks.
However, jurisdiction alone isn't the whole story:
- A no-log policy meaningfully reduces what any government can compel the provider to hand over — if no data exists, there's nothing to produce
- Multiple providers based in Five Eyes countries have demonstrated genuine privacy through real-world legal challenges
- Physical server locations in non-Five Eyes countries add another layer
Notable VPN Jurisdictions
| Provider | Headquarters | Alliance |
|---|---|---|
| ProtonVPN | Switzerland | Outside 14 Eyes |
| ExpressVPN | British Virgin Islands | Outside 14 Eyes |
| Mullvad | Sweden | 14 Eyes |
| NordVPN | Panama | Outside 14 Eyes |
| Surfshark | Netherlands | 9 Eyes |
| Private Internet Access | USA | Five Eyes |
Note: PIA (Five Eyes) has been subpoenaed multiple times and produced nothing — because they genuinely retain no logs.
Threat Model Context
For most users — people who want privacy from advertisers, ISP throttling protection, or access to streaming content — Five Eyes jurisdiction is largely irrelevant. A verified no-log policy matters far more.
Five Eyes jurisdiction becomes a serious concern for journalists, activists, dissidents, and anyone whose threat model involves governments as adversaries. In those cases, pair a non-14-Eyes provider with a Double VPN arrangement for maximum protection.