Visa gateway under scrutiny: Investigation flags laxity, data errors, & slot selling at VFS Global India

Internal monitoring reports obtained by the non-profit investigative newsroom Lighthouse Reports have placed outsourcing giant VFS Global under intense scrutiny, exposing widespread irregularities, data vulnerabilities, and systemic processing failures across its visa application centres in India.   

The cross-border investigation, detailing assessments spanning multiple EU nations, reveals critical gaps in how the gateway manages personal applicant data, financial transparency, and appointment bookings. A 20-member EU delegation recently visited India to address these persistent shortcomings with VFS management, following extensive field assessments and questionnaires filled out by 11 member states. 

According to the internal EU documents, member states flagged "laxity in following instructions, documents not arranged in proper sequence, scanning-related issues, and IT infrastructure and bandwidth problems." The reports highlight that a majority of member states identified New Delhi as the visa application centre with the highest concentration of processing errors. 

The documents, secured through more than 40 Freedom of Information (FOI) requests — a legal transparency framework similar to India's Right to Information (RTI) Act — were filed with the European Commission, the United Kingdom, and individual European Union member states. The findings were collaboratively investigated by media partners across 11 countries, including The Indian Express in India, Der Spiegel in Germany, and Le Monde in France. 

The investigations uncovered serious vulnerabilities in data handling. Inspectors found that applicants' personal and biometric data were frequently stored on unencrypted discs during transport and handling. Furthermore, a 2025 report from the Hungarian consulate noted that applicant data older than one month remained accessible within the VFS system in New Delhi, directly violating the Schengen visa code, which mandates data deletion within seven days of transmission.

In addition to technical lapses, the reports detailed widespread procedural inconsistencies and allegations of corruption. Multiple member states noted complaints regarding the black-marketing of online appointment slots. 

Auditors also targeted the company's aggressive financial practices, specifically regarding its highly profitable value-added services (VAS) — such as premium lounges, courier delivery, and SMS alerts. In India, VFS’s value-added services business reportedly commands pre-tax margins of up to 70 percent. A 2025 inspection by a Swedish mission in Mumbai revealed that VFS failed to clearly display that these extra fees were strictly optional. Furthermore, fee reimbursements for incorrectly charged applicants were found to be heavily mishandled.

Every EU nation that raised these structural deficiencies with VFS reported a recurring pattern: a temporary improvement in operations followed by a rapid relapse into administrative laxity. Monitors attributed part of the systemic failure to "middle management" being either severely under-equipped or entirely absent, suggesting a critical lack of on-the-job supervision.

Responding to the findings of the global investigation, VFS Global insisted that its services are transparent, tightly audited and “subject to rigorous and continuous government oversight”.

The company maintained that it operates under exceptional levels of compliance, undergoing “more than 10,000 audits and assessments annually, conducted by internal and external auditors, including those assigned by client governments”. VFS Global further stated that wherever operational problems are identified, “structured remediation plans are implemented”.

The European Commission, however, indicated a shift toward tighter regulations. In its recently adopted EU Visa Policy Strategy, the Commission noted that the “growing reliance by Member States on ESPs (External Service Providers) to handle parts of the visa process calls for improved quality control and monitoring.”