BT and Vodafone are alleged to be among companies which have been passing users' information to British spies.
The two companies have - among others - passed details of their customers' phone calls, email messages and Facebook postings to GCHQ, by giving the agency unfettered access to their undersea cables, according to Suddeutsche Zeitung. the German newspaper cited documents leaked by fugitive NSA whistleblower Edward Snowden, who was this week granted asylum in Russia.
Under the programme, codenamed Tempora - and part of the over-arching Mastering the Internet and Global Telecoms Exploitation programme to gather as much web data as possible - GCHQ could tap into fibre-optic cables and store huge volumes of data for up to 30 days.
BT was codenamed "Remedy", Verizon Business "Dacron", and Vodafone Cable was "Gerontic". The other firms include Global Crossing, Level 3, Viatel and Interoute.
The companies refused to comment on any specifics relating to Tempora, but several noted they were obliged to comply with UK and EU law.
The companies, referred to as "intercept partners", are paid for logistical and technical assistance.
Eric King, head of research for Privacy International, told The Guardian: "We urgently need clarity on how close the relationship is between companies assisting with intelligence gathering and government.
"Were the companies strong-armed, or are they voluntary intercept partners?"
A Vodafone spokesman said: "Media reports on these matters have demonstrated a misunderstanding of the basic facts of European, German and UK legislation and of the legal obligations set out within every telecommunications operator's licence … Vodafone complies with the law in all of our countries of operation."
"Vodafone does not disclose any customer data in any jurisdiction unless legally required to do so. Questions related to national security are a matter for governments not telecommunications operators."
A spokeswoman for Interoute said: "As with all communication providers in Europe we are required to comply with European and local laws including those on data protection and retention. From time to time we are presented with requests from authorities. When we receive such requests, they are processed by our legal and security teams and if valid, acted upon."
A spokeswoman for Verizon said: "Verizon continually takes steps to safeguard our customers' privacy. Verizon also complies with the law in every country in which we operate."
BT declined to comment.