Understanding VPN jurisdiction: 5 eyes, 9 eyes, 14 eyes

Disclaimer: affiliate links keep us 100% reader-supported.

A VPN is an online service specially designed to give its users full privacy and security while surfing the internet, and this is achieved simply by masking the user’s real location [IP address] and encrypting all their inbound and outbound data.

However, not many people are aware that the location where a VPN provider is based has a direct impact on the privacy level it can offer in reality. A jurisdiction is considered safe for privacy if it does not have any mandatory data retention laws that can summon tech firms [like VPNs] to hand over its users’ sensitive information at certain periods of time. Another thing that makes a jurisdiction safer is if it has strong data protection laws that protects both individuals’ and business’ data.

In this article, we will explain in details everything you need to know about the 5-Eyes, 9-Eyes, 14-Eyes nations, their agreement details, participating members, impact on users’ privacy, and lots more. We will also discuss the meaning and importance of no-logs policies, the best VPN jurisdictions, as well as the best VPNs outside 14 eyes. So, read through!

Let’s get started:


5-EYES nations

The Five Eyes (FVEY) consists of five different countries who have come together in agreement to evolve a surveillance system in their individual country. The 5-eyes nations include the US, the UK, Canada, Australia, and New Zealand. They all signed the multilateral UKUSA Agreement which serves as a unifying code for their cooperation in signals intelligence. Basically, this alliance is one of the most dreaded and troubling espionage alliance in the globe as each of the participating country maintain a significant amount of mandatory data retention, warrants, as well as gag orders.

This simply means that the government of these 5 countries can demand forcefully for users’ logs from all the tech firms operating in that region, including the VPN providers.

If you must choose a VPN that is located in any of these countries, you need to first ascertain whether they keep logs or not. Failure to do so simply means that your browsing activity can be recorded and can be submitted to third parties whenever your VPN provider is served warrants or gag orders.

Five Eyes. It consists of United States, United Kingdom, Australia, Canada, and New Zealand.

9-EYES nations

The nine eyes nation is simply an extended form of the 5-eyes with an addition of four new countries, which includes France, Denmark, the Netherlands and Norway. They all key into the signals intelligence agreement. However, the added nations are not as dreaded as the FVEY.

The 9-eyes nation are also known for maintaining some level of data retention laws that may mandate it for tech firms (like VPN providers) to hand over their users logs.

Nine Eyes. It consists of United States, United Kingdom, Australia, Canada, New Zealand, Denmark, France, Netherlands, and Norway.

14-EYES nations

This is the lastly-added extension of the FVEY surveillance treaty. The five countries include Belgium, Germany, Italy, Spain, and Sweden.

The 14-eyes nations are officially regarded as “SIGINT Seniors Europe (SSEUR)” and they are less trusted when it comes to privacy issues as they engage in some covert surveillance.

Fourteen Eyes. It consists of the United States, United Kingdom, Australia, Canada, New Zealand, Denmark, France, Netherlands, Norway, Germany, Belgium, Italy, Sweden, and Spain.


No-logs policy is simply a declaration made by a VPN company to its users that it shall keep no logs relating to their online activity and browsing behavior. Although almost all VPN providers usually promise this but it’s very unfortunate that only few keeps to it.

The importance of a strict no-logs policy is that VPN users would be able to perform their online activities without any of their information or activities being recorded during the process.

A VPN provider that keeps no-logs serves a great purpose to its users because they will have nothing to hand over to the government should in case they are served warrants or gag order. For instance, ExpressVPN, a top VPN provider was involved in a Turkish police investigation and they were compelled to hand over the users data to the investigation team. Despite all the efforts made by the authorities, they were unable to get relevant information as ExpressVPN kept no logs initially.

However, it must be noted that not all VPN providers maintain a “strict” no-logs policy as there are some providers that silently hands over their users’ data and sensitive information to third parties like the government agencies. This is very common with VPN providers that operate in the countries that belong to the Five Eyes, Nine Eyes, and Fourteen Eyes Alliances. These jurisdictions are well known for their data retention laws that may force tech firms like VPN companies to submit some of its users’ sensitive information during certain periods.


Despite the fact that we have some privacy-threatening jurisdictions, yet there are some jurisdictions that are considered privacy-friendly, and they include:

  • Hong Kong. Hong Kong has strong privacy laws, making it one of the safest locations where VPN services can be headquartered.
  • Romania. Despite being a part of European Union, Romania does not belong to the 14-EYES nations. Also, it does not have any law that mandates data retention, which makes it one of the few European countries that are safe for VPN firms.
  • Bulgaria. Bulgaria is a non-member of the 14-EYES treaty and it does not have any law that mandates data retention for tech firms like VPNs.
  • Singapore. Although Singapore is well known for its array of censorship, but it has a very strong data privacy laws for protecting individuals’ as well as business’ data.
  • Panama. On the list of the best VPN jurisdictions again is Panama, a country that is well known for not having strict laws mandating firms to retain sensitive information about their users.
  • The Netherlands. The Netherlands is considered a safe place for VPN firms to operate as it has no mandatory data retention law. In fact, this country is the home to many privacy oriented firms, including Start Page, a privacy-focused search engine.
  • Sweden. Yes. Sweden maintains some mandatory retention laws but it is still a safe abode for VPN firms as it does not enforce any of these laws against VPN providers. It is important to know that Sweden belongs to the 14-EYES nations and it perform surveillance.


Based on personal findings and online reviews by verified users, here are the leading VPN services operating outside the jurisdiction of the 14-eyes Alliance:

1 ExpressVPN British Virgin Islands
2 Perfect Privacy Switzerland
3 NordVPN Panama
4 VPNArea Bulgaria
5 VPN.ac Romania
6 VyprVPN Switzerland
7 CyberGhost Romania
Felix Olsson

Felix Olsson

Felix Olsson is a VPN and web security expert. He is a tech enthusiast who loves testing VPN services and the latest developments in the cybersecurity world. You'll often find him either reading privacy policies or testing a new service or device.

We will be happy to hear your thoughts

Leave a reply

nordvpn logo horizontal


Get 72% discount now!

Enhance your privacy with the fastest VPN on the market.