Updated at 7.10pm on 29 May 2026 to include a comment from a spokesperson from VFS Global
According to the investigation, European inspection reports between 2020 and 2025 identified issues ranging from insecure handling of applicants’ biometric data and fake visa appointments to concerns over privacy, ‘visa shopping’ practices and inadequate disclosure regarding premium services offered to applicants.
The findings come at a time when Indian travel to Europe is witnessing record growth. More than 1mn (million) Indians now apply annually for Schengen visas, which provide access to 27 European countries. The number of applications has more than doubled since the pandemic, driven by rising outbound tourism and increasing disposable incomes.
At the centre of this process is VFS Global, the Zurich- and Dubai-headquartered visa-processing company that handles a substantial share of Schengen visa applications from India.
The investigation was based on around 150 inspection reports obtained by Lighthouse Reports through more than 40 Freedom of Information (FOI) requests submitted to the European Commission, the UK and several European Union (EU) member states. Media organisations across 11 countries, including The Indian Express, Germany’s Der Spiegel and France’s Le Monde, participated in the collaborative investigation.
The Indian Express reported that it reviewed all inspection reports, analysed VFS Global’s operations and interviewed nearly 150 applicants at visa centres in Delhi and Mumbai.
According to the newspaper, the reports documented several operational concerns raised by European missions during inspections that included visits to India. One of the most serious observations related to data security practices.
Inspection findings linked to Luxembourg’s visa operations in India reportedly found that biometric identifiers of applicants were being stored on unencrypted compact discs for transfer between VFS offices and consulates. Scanned application documents were also allegedly stored separately on discs.
The report further stated that biometric information was sometimes transmitted through open, unencrypted emails when technical errors occurred during collection or transmission.
Auditors also reportedly found that compact discs containing application documents and biometric information were not being destroyed within stipulated timelines, despite shredding equipment being available.
According to The Indian Express investigation, inspection teams recovered discs containing applicant data older than 18 months.
A 2024 Schengen evaluation involving Germany and Poland reportedly concluded that aspects of VFS Global’s India operations were not fully compliant with the European Union’s General Data Protection Regulation (GDPR) which governs the protection of personal and financial data.
The investigation also highlighted the growing issue of fake visa appointments and fraudulent documentation linked to travel agents.
A Luxembourg Embassy inspection reportedly noted a significant increase in fake VFS appointments being sold by ‘unscrupulous’ travel agents during 2024. The same report also flagged fake employment-contract letters allegedly being sold to applicants seeking work visas.
The issue of ‘visa shopping’ was also highlighted in the reports. European authorities reportedly found instances where applicants used Schengen visas issued by countries with faster approval processes while intending to travel primarily to another EU member state.
According to inspection documents cited by The Indian Express, Luxembourg Embassy officials detected applications structured to present Luxembourg as the primary destination even when another country was the actual intended destination.
The reports, however, stated that VFS Global was not directly responsible for such practices, which were largely attributed to travel agents.
Concerns regarding applicant privacy were also flagged during inspections.
A Swedish mission inspection of the VFS office in Mumbai in 2023 reportedly observed that application counters were separated only by low dividers, allowing conversations between applicants and staff to be overheard.
The same inspection also found another visa-services company, Vasco, operating on the same floor as the VFS facility. Auditors reportedly directed VFS to create a clearer separation between the two businesses to avoid confusion among applicants. Vasco has since shifted out of the premises.
European inspectors also reportedly raised concerns about communication regarding VFS Global’s value-added services (VAS), including premium lounge access, courier services and SMS alerts.
A Swedish inspection in 2025 reportedly concluded that information about these services being optional was not displayed prominently enough to applicants.
According to the report, auditors recommended clearer disclaimers stating that premium services had no bearing on visa approvals.
Swiss authorities also reportedly identified operational lapses during inspections.
A 2023 inspection of VFS operations in New Delhi allegedly found passports dating back to 2020 still lying at the centre after having been returned undelivered.
Inspectors also reportedly found deficiencies in the handling of fee reimbursements to applicants.
The Indian Express investigation stated that Swiss auditors had sharply criticised the reimbursement process, remarking in one instance that ‘this does not work at all’.
Separately, a Hungarian consulate inspection referenced in the investigation reportedly found that applicant data older than one month remained accessible in VFS systems during a 2021 inspection, despite Schengen rules requiring deletion within seven days after transmission.
The report noted that the issue was later rectified with support from Hungary’s information-technology teams.
Responding to the allegations, VFS Global rejected the claims and told Lighthouse Reports that its operations are ‘subject to rigorous and continuous government oversight’.
The European Commission, responding to queries from Lighthouse Reports, acknowledged growing dependence by EU member states on external service providers for visa processing and said this required stronger monitoring and quality controls.
The Commission reportedly stated that the issue had been recognised in the EU’s recently adopted Visa Policy Strategy.
The investigation also noted that several concerns flagged during inspections were followed by remedial measures undertaken by VFS Global.
The findings are likely to intensify scrutiny of outsourced visa-processing systems as demand for travel to Europe from India continues to rise sharply.
UPDATE:
In an email statement, a spokesperson from VFS Global stated: "VFS Global is a trusted partner to governments worldwide. Given the nature of our work in visa administrative services, we operate under rigorous oversight across all markets, including for governments with some of the most stringent integrity and security requirements. For a quarter of a century, we have supported client governments in delivering secure and efficient visa services at scale, and our work is subject to regular competitive tender. We do not tolerate fraud, data misuse, or any conduct that falls below the high standards our clients and their applicants expect of us."
"Our optional value-added services are developed in consultation with, and approved and monitored by, our client governments. Whether applicants choose to use these services or not, they have no bearing on visa application decisions, which are solely a matter for governments. We are committed to ensuring that the optional nature of these services is clearly and consistently communicated at every touchpoint."
