The VPN Trust Initiative ("VTI")
The VTI Principles: The Foundation of Trust in the VPN Industry
The VTI Principles are the cornerstone of the VPN Trust Initiative—established to define what ethical, secure, and privacy-respecting VPN service should look like in practice. These principles serve as a shared code of conduct for responsible VPN providers and as a benchmark for policymakers, users, and the broader tech ecosystem to evaluate VPN services.
Originally launched in 2020 and significantly updated in 2022, the VTI Principles were developed through industry collaboration and informed by civil society experts. They outline clear expectations in five critical areas: security, privacy, advertising practices, disclosure and transparency, and social responsibility.
These aren’t just aspirational values—they are actionable standards that guide how our members operate, communicate, and earn the public’s trust. They also form the basis of the VPN Trust Seal, the accreditation that signals a provider’s commitment to meeting the highest standards in the industry.
The 5 Key VTI Principle Areas
The VTI principles focus on five key areas: security, privacy, advertising practices, disclosure and transparency and social responsibility.
These are our common best practices for VPNs used by our members:
Security
VPNs will use the necessary security measures including strong encryption and authentication protocols to appropriately address the risks. VPNs will:
- Suspend compromised authenticators in the event of a security incident
- Use token-based authentication when possible
- Never store usernames and passwords in plain text
- Help prevent keys from being shared between users
Advertising Practices
Given the complexity and different use cases for VPNs, claims must not mislead. VPNs will:
- Make accurate marketing claims that are backed up by the terms of use
- Use clear and transparent language
- Never claim VPNs guarantee anonymity - VPNs provide privacy but cannot ensure complete anonymity because user behaviour could hint at or reveal the user’s identity.
Privacy
VPNs should keep as little data as they deem necessary to provide the service, and only produce data to law enforcement when legally required. VPNs will:
- Say what they log, why they log it, and how long they keep the logs
- Notify users of a potential data breach or security incident within a reasonable timeframe
- Be transparent about any disclosure of data to third-parties
Disclosure and Transparency
To drive trust, member companies must take steps towards informing users and the public about their actions and procedures.
- Disclose how data is used, and what other business units and/or third-parties have access to data and why
- Publish annual transparency reports
- Provide user data only upon legitimate and valid court-ordered legal requests.
Social Responsibility
VPNs provide greater security and privacy - social goods that are important to those trying to make the world a better place. VPNs should:
- support public education around VPNs and with truthful information
- Contribute to VPN technology including open source initiatives
- Promote VPN technology to support freedom of expression
The non-profit i2Coalition headed an effort to draft a set of common principles to serve as a baseline for how VPN providers should operate
Launched September 29, 2020, the VTI Principles offer a comprehensive set of best practices for VPN providers that bolster consumer confidence and provider accountability and ultimately increase VPN adoption and access to the technology’s benefits.
They have been informed by input from civil society and other outside experts to protect the privacy and security of VPN users, offer practical policy guidelines for VPN providers and ensure policymakers, regulators and the wider market have access to criteria for evaluating these technologies.
We made a major update to the VTI Principles in 2022.
Read the full VTI Principles document here:
The VPN Trust Seal accreditation program provides a clear public indicator that a participating VPN provider follows established best practices for delivering service in these five areas. For more detailed information on each of these principles and how to get the VPN Trust Seal, please contact Hilary Osborne at [email protected].