(INDIA) — A cross-border investigation published on May 28, 2026 flagged data security lapses, appointment slot selling allegations and aggressive upselling at VFS Global centres in India that process applications through the Schengen visa gateway.

Lighthouse Reports led the investigation with EU media partners, drawing on 150 inspection reports from 20 European Union member states covering 2020 to 2025. The records described repeated concerns around how third-party visa processing was handled for European governments in India.

Inspectors found biometric data, including fingerprints, and scanned documents saved on unencrypted compact discs for transfer to consulates. In some cases, sensitive data moved over unencrypted email when transmission errors occurred.

Auditors also found applicant data older than 18 months still accessible in systems. That ran against the Schengen Visa Code requirement to delete data within seven days of transmission.

Reports from Lithuania and Poland raised allegations that VFS staff were involved in slot selling and black marketing of online appointments. Poland reported receiving such allegations “almost daily.”

Inspectors also flagged the sale of optional “Value-Added Services” such as premium lounges and courier services. Staff were reportedly pushed to sell those services without clearly telling applicants they were optional and had no effect on visa decisions.

The European Commission said the findings pointed to weaknesses in the way governments supervise outside contractors handling visa files. “The growing reliance by Member States on External Service Providers (ESPs) to handle parts of the visa process calls for improved quality control and monitoring,” the Commission said in a statement on May 28, 2026.

VFS Global rejected the allegation of systemic failure. “VFS Global is a trusted partner to governments worldwide. our services are transparent, tightly audited and subject to rigorous and continuous government oversight. [we undergo] more than 10,000 audits and assessments annually,” the company said in an official statement on May 28, 2026.

The scrutiny landed during a week of wider pressure on visa systems in India. On May 24, 2026, during a visit to New Delhi, U.S. Secretary of State Marco Rubio addressed complaints about visa friction in India and said reforms were expected to create temporary disruption.

“Anytime you undertake a reform. there’s going to be a period of transition that’s going to create some friction points and some difficulties. ultimately our destination is going to be a better system, a more efficient system,” Rubio said at a joint press conference in New Delhi.

Hours after the VFS findings drew attention on May 28, 2026, the U.S. Department of Homeland Security and USCIS announced that the EB-2 visa limit for India had been reached for fiscal year 2026. The alert added another layer of strain for Indian applicants already dealing with delays and tighter scrutiny across multiple visa channels.

“The State Department, working in close collaboration with U.S. Citizenship and Immigration Services (USCIS), has issued all available immigrant visas in the EB-2 category for applicants chargeable to India for fiscal year 2026. embassies and consulates may not issue visas in these cases for the remainder of the fiscal year,” the official DHS/USCIS news alert said on May 28, 2026.

The investigation centered on a system that many applicants experience as the first point of contact with Europe. Governments have increasingly outsourced administrative parts of visa processing to external service providers, while keeping the formal visa decision with consulates and embassies. That arrangement has reduced direct consular handling of front-end tasks, but the inspection reports showed that it also created weak points around data handling, customer information and appointment access.

Applicants cited direct financial harm. Some reported being “coerced” into paying for premium slots costing roughly €35/₹4,000 to secure an appointment, while others faced data-entry mistakes, missing biometrics or file errors that led to rejections and lost fees.

Those complaints fit a pattern described in the inspection material: access to appointments became a market in itself, and the line between standard processing and paid add-ons blurred. The keyword that surfaced repeatedly was slot selling, a practice that turns scarce appointments into a commodity and pushes ordinary applicants toward extra charges.

Data handling failures carried a different risk. Fingerprints and identity documents sit at the center of modern visa vetting, and inspectors said unencrypted storage and transmission exposed highly sensitive records in a process built on trust between applicants, contractors and governments.

The findings also feed into a policy debate already under way in Brussels. The EU has been pushing a Visa Policy Strategy aimed at stronger digital oversight and less reliance on third-party staff for sensitive data handling, and the inspection reports are likely to sharpen that shift.

Indian applicants now face tighter scrutiny on both European and U.S. tracks, though the systems are separate. In the U.S. context, recent strengthened screening and vetting measures introduced in April 2026 require the re-submission of biometrics for many pending applications, adding time and cost for people already waiting.

That overlap has made VFS Global India a focal point beyond the Schengen visa gateway alone. The company processes visa applications for multiple governments, and allegations about lax controls in one corridor can intensify pressure elsewhere for stricter audits, more direct official supervision and sharper rules on how contractors store and move personal data.

VFS said its operations are already subject to extensive review. Its statement pointed to transparency, government oversight and more than 10,000 audits and assessments annually, a figure the company presented as evidence that controls are in place across its network.

Inspection reports covering 2020 to 2025 suggest those controls did not prevent recurring failures in India. The reports described problems that ranged from technical safeguards to customer-facing conduct, linking digital vulnerabilities with commercial pressure at the counter.

The episode also exposes a simple imbalance in outsourced visa systems: the applicant bears the cost first, while the state and the contractor sort out responsibility later. When biometric files go astray, when wrong data enters a form, or when appointments vanish into a paid back channel, the immediate loss falls on the person seeking the visa.

Official U.S. visa updates remain available through the [USCIS newsroom](https://www.uscis.gov/newsroom), while appointment and consular information for India appears on the [U.S. Embassy India visa services page](https://in.usembassy.gov/visas). Travel advisories and related notices are posted by the State Department at [travel.state.gov](https://travel.state.gov).

In India, the inspection findings left governments, contractors and applicants confronting the same question: whether outsourced visa processing can handle sensitive data and scarce appointments without turning access itself into a market.