INDEX / DIRECTORY / NORDVPN

NordVPN

Cybersecurity & VPN 147 CITED SOURCES UPDATED 2026-06-17
BDS-1000 Score 130 /1000 E Tier E - Limited
Military ↗ 0.00 Digital ↗ 0.00 Economic ↗ 0.43 Political ↗ 2.00

BDS-1000 Dossier: NordVPN / Nord Security

Key Findings

  • Economic - Israeli Server Infrastructure: NordVPN operates approximately 20 physical VPN servers in Tel Aviv, colocated at Bezeq International’s Bareket Data Center via hosting provider DataPacket Ltd., generating recurring commercial revenue from Israeli subscriber traffic.12
  • Political - Selective Silence: NordVPN withdrew servers from Russia in March 2022 following the Ukraine invasion but has issued no statement on Israel and has not altered Israeli server operations after October 2023.3
  • Not found: No military procurement, Israeli ownership, defence contracts, or investment relationships with Israeli state entities identified.

Target Profile

FieldDetail
Company NameNordVPN (operating brand of Nord Security / Cyberspace B.V.)
JurisdictionOperating entity: NordVPN S.A. (Panama); Holding entities: Nord Security B.V., Cyberspace B.V. (Netherlands); NordSec Ltd. (England & Wales); Nord Security Inc. (Delaware, US); HQ and principal place of management: Lithuania (Vilnius). No public evidence identified of Israeli incorporation or tax residency.
HeadquartersVilnius, Lithuania (operational HQ); Amsterdam, Netherlands (Nord Security B.V. / Cyberspace B.V. legal domicile)
SectorConsumer cybersecurity and privacy technology - VPN services, password management, encrypted cloud storage, business network security
OwnershipPrivately held; beneficial owner: Tesonet (Lithuanian venture builder, co-founded 2008); disclosed institutional investors: Warburg Pincus (US), Novator Ventures (Iceland), General Catalyst (US), Burda Principal Investments (Germany); $200M raised (2022: $100M at $1.6B valuation; 2023: $100M at $3B valuation); no Israeli institutional investors identified
Key Executives / GovernanceTomas Okmanas (co-founder, co-CEO, Nord Security); Eimantas Sabaliauskas (co-founder, Nord Security; National Patron of Blue/Yellow, Lithuania); Jonas Karklys (director, Nord Security); Birgir Már Ragnarsson (Managing Partner, Novator; board member 2022–2023); Chandler Reedy (Managing Director, Warburg Pincus; board member since 2023). All named principals are Lithuanian or US nationals; no Israeli defence or intelligence affiliations identified
Israeli-Nexus SummaryNordVPN operates approximately 20 physical VPN servers in Tel Aviv, Israel, colocation-housed at Bezeq International’s Bareket Data Center in Petah Tiqva via UK-incorporated hosting provider DataPacket Ltd.; no registered corporate entity, office, or settlement-area infrastructure in Israel; no Israeli ownership, defence contracts, or institutional investors confirmed

Key Facts:

Executive Summary

NordVPN is a consumer cybersecurity and privacy technology company operated through a multi-jurisdiction corporate structure anchored by Panama-registered Tefincom S.A. and Netherlands/Lithuania-based Nord Security. The company provides encrypted VPN routing, password management, cloud storage, and business network security products to approximately 15 million customers across 130 countries, with an estimated 2,000 employees and annual revenues derived primarily from North American (44%) and European (37%) markets. 20

The documented Israeli-nexus of NordVPN consists of a single operational element: approximately 20 physical VPN servers physically located in Tel Aviv, Israel, housed at Bezeq International’s Bareket Data Center in Petah Tiqva. These servers are provisioned by UK-incorporated DataPacket Ltd. and route through Israeli domestic network infrastructure operated by Interhost Networks Ltd. This server presence reflects standard commercial infrastructure provisioning within Israel’s pre-1967 internationally recognized borders - no servers have been confirmed in West Bank settlements, East Jerusalem, or the Golan Heights. 21122238

The audits found no evidence of NordVPN or Nord Security holding corporate registrations, offices, warehouses, or retail presence in Israel; no Israeli ownership or controlling beneficial owners; no contracts with IDF, Israeli Ministry of Defence, Mossad, Shin Bet, or Israeli Border Police; no verified supply relationships with Israeli defence prime contractors; no documented sales to Israeli government ministries; and no financial positions in Israeli sovereign bonds, OHCHR-listed settlement companies, or Israeli arms manufacturers. NordVPN’s controlling principals (Okmanas and Sabaliauskas) are Lithuanian nationals with no identified IDF, Unit 8200, Talpiot, or Israeli intelligence affiliations. 424112526627

The economic and political vectors of concern are limited: Tesonet (Nord Security’s beneficial owner, sharing co-founders Okmanas and Sabaliauskas) holds three Israeli-domiciled venture portfolio investments (2024–2026) - but these are passive financial positions in separate entities, not Nord Security operating subsidiaries, and the companies are not publicly named. 282930 Warburg Pincus, Nord Security’s lead investor in the 2023 round, has a separate historical investment in Cyren (Israeli-domiciled cybersecurity company, wound down) predating the Nord Security investment by approximately five years; Warburg Pincus’s European Defence Investment Platform (announced April 2026) contains no Israeli defence primes among named portfolio companies. 3132

The political dimension is characterised by documented silence: NordVPN has issued no public statements on the Israel-Palestine conflict and has not been targeted by any documented BDS campaign. This silence contrasts with NordVPN’s documented public engagement on the Ukraine conflict (server withdrawal from Russia and Belarus, free service provision to Ukrainian users), establishing a pattern of selective geopolitical commentary rather than blanket neutrality. 3

The resulting BRS of 130 places NordVPN in Tier E (Minimal), driven primarily by Political score of 2.00 reflecting the company’s failure to issue statements, make clear policy distinctions, or demonstrate conflict-sensitivity comparable to its documented Ukraine response. The Economic score of 0.43 reflects marginal economic nexus through Israeli server infrastructure and Tesonet’s Israeli venture portfolio investments. Military and Digital scores are 0.00, with no documented military involvement or digital surveillance integration. 33

Timeline of Relevant Events

DateEventSource
2012NordVPN brand launched; trademark held by Tefincom S.A. (Panama)634
2018Initial server orders from DataPacket Ltd. placed; DataPacket relationship begins[^Digital-13]
2020NordVPN migrated to 10GE uplinks exclusively via DataPacket7
February 2022NordVPN withdrew server infrastructure from Russia and Belarus; extended free service access to Ukrainian users following Russia’s invasion3
April 2022Nord Security Series A: $100M raised at $1.6B valuation; led by Novator with General Catalyst and Burda Principal Investments; Birgir Ragnarsson (Novator) joins board3536
2022Surfshark merged with Nord Security under single holding company (Cyberspace B.V.)37
2023Nord Security Series B: $100M raised at $3B valuation; led by Warburg Pincus with General Catalyst and Burda Principal Investments; Chandler Reedy (Warburg Pincus) joins board383940
October 7, 2023Hamas attacks; subsequent Israeli military operations in Gaza begin -
July 19, 2024ICJ Advisory Opinion on legal consequences arising from Israel’s policies in occupied territories -
November 2024ICC arrest warrants issued -
January 2025NordVPN launched post-quantum encryption upgrade using NIST-standardised ML-KEM algorithm4142
January 2025Nexos.ai (enterprise AI orchestration platform) launched by Okmanas and Sabaliauskas as separate company; raised €30M Series A from Index Ventures4344
April 2026Warburg Pincus European Defence Investment Platform announced31
April 2026Tesonet listed three Israeli-domiciled portfolio investments (2024, 2025, 2026) on portfolio page (company names withheld)282930

Corporate Overview

NordVPN operates through a layered multi-jurisdiction corporate structure designed, in part, to provide jurisdictional distance from national data-retention and surveillance laws - a common feature among consumer VPN providers. The primary operating entity is NordVPN S.A. (Panama), which contracts with end users. Legal holding vehicles include Nord Security B.V. and Cyberspace B.V. (Netherlands), NordSec Ltd. (England & Wales), and Nord Security Inc. (Delaware, US). The ultimate beneficial owner is Tesonet, a Lithuanian technology venture builder co-founded in 2008 by Tomas Okmanas and Eimantas Sabaliauskas. The corporate structure includes Stitching Raveset (Dutch foundation) as the ultimate parent of Tefincom S.A., creating orphan entity opacity in the beneficial ownership chain. 344527

Subsidiaries and product portfolio: NordVPN (consumer VPN), NordPass (password manager), NordLocker (encrypted cloud storage), NordLayer (business network access security), NordStellar (threat exposure management), Saily (eSIM), and Coveron (MDR). The only disclosed acquisition is IronWall (US); no acquisition of Israeli-domiciled companies confirmed. 466

Israeli entities and franchise relationships: No registered corporate entity, office, or subsidiary of NordVPN or Nord Security has been confirmed in Israel. The sole Israeli operational presence is physical VPN server infrastructure colocation (approximately 20 servers) in Tel Aviv. DataPacket Ltd. (UK-incorporated) is the hosting provider; Bezeq International (state-controlled Israeli telecoms) operates the Bareket Data Center housing the servers; Interhost Networks Ltd. (Israeli-domiciled) is the sole upstream network provider. NordVPN sells direct-to-consumer online; no physical retail presence in settlements confirmed. 21471848

Parent entity and sibling investments: Tesonet (beneficial owner of Nord Security) holds three Israeli-domiciled portfolio investments listed on its public portfolio page (investment years 2024, 2025, 2026; sectors include AI Infrastructure, Cybersecurity, SaaS; company names withheld). These are venture-investment positions held personally or through Tesonet, not operating subsidiaries of Nord Security. NordVPN and Nord Security are distinct legal entities from Tesonet. 282930

Investors: Warburg Pincus ($100M+ in 2023 round at $3B valuation), Novator Partners (2022 round), General Catalyst (both rounds), Burda Principal Investments (both rounds). No Israeli institutional investors or Israeli nationals holding ≥10% stakes identified. 493538395051

Domain Summaries

Military: Military

Mechanism of Involvement

The Military audit examined five potential mechanisms of military involvement: direct defence contracting, dual-use products and tactical variants, heavy machinery and infrastructure, supply chain integration with defence primes, and logistical sustainment.

Direct defence contracting: No NordVPN or Nord Security contracts with IMOD, IDF, Israeli Prison Service, or Israeli Border Police have been publicly identified. NordVPN does not appear in the UN OHCHR A/HRC/60/19 settlement enterprise database (158 companies as of September 2025), in Francesca Albanese’s A/HRC/59/23 report (~48 corporations named including Microsoft, Alphabet, Amazon, IBM, Palantir, Elbit, Lockheed Martin, Airbnb, Booking Holdings, Caterpillar, Volvo, BP, Barclays), in PAX Companies Arming Israel and Their Financiers (June 2024), or in Who Profits, AFSC Investigate, or BankTrack databases. The publicly listed customer database (Apps Run The World) names only State Military Reservation (US National Guard, Virginia Beach, VA, 2020), Emory University Hospital (US, 2008), and Stanley Steamer (US, 2016) - all US entities. 452245311

Dual-use products: NordVPN’s NordLynx protocol (WireGuard-based, double-NAT, ~256-bit symmetric keys) qualifies as mass-market encryption under US BIS Export Administration Regulations (ECCN 5A992/5D992.c). The January 2026 post-quantum upgrade using NIST-standardised ML-KEM (FIPS 203) also qualifies under post-2021 BIS EAR reform provisions (ECCN 5D992.c) with no export licence required for most destinations including Israel. No BIS SNAP-R export licence records for NordVPN to Israeli military end-users have been publicly identified. No mil-spec, tactical, ruggedised, or government-graded product variants are manufactured or marketed. 414254

Heavy machinery, construction, infrastructure: Not applicable - NordVPN is a software subscription service that does not manufacture heavy machinery, construction equipment, or physical infrastructure products. No NordVPN equipment, vehicles, or machinery documented in NGO investigations, UN reports, or media reports as being used in construction, maintenance, or demolition in Israeli settlements, the separation barrier, military installations, or occupied territories. 11

Supply chain integration with defence primes: No verified supply relationships between NordVPN or Nord Security and Israeli defence prime contractors (Elbit Systems, Israel Aerospace Industries, Rafael Advanced Defense Systems, Israel Military Industries) have been publicly documented. NordVPN is not named in the MintPress News investigation “Exposed: How Israeli Spies Control Your VPN” (2024), which specifically names Kape Technologies (owner of ExpressVPN, CyberGhost, PIA, ZenMate) and Aura as Israeli-linked VPN companies, identifying Koby Menachemi (Unit 8200) as Kape co-founder and Ido Erlichman (Duvdevan Unit) as Kape CEO. 55111213

Logistical sustainment and base services: Not applicable - NordVPN is a software subscription service that does not provide catering, transport, fuel supply, waste management, facilities maintenance, or freight forwarding services. No NordVPN or Nord Security service contracts to IDF bases, military training facilities, detention centres, or security installations in the West Bank, Golan Heights, East Jerusalem, or the Negev have been publicly documented. 11

Munitions, weapons systems: Not applicable - NordVPN does not manufacture small arms, artillery systems, armoured vehicles, tactical drones, naval vessels, munitions, explosive ordnance, or strategic defence platforms. 11

Counter-Arguments and Evidence Limits

NordVPN’s strongest defence on the military vector is straightforward: it is a consumer privacy technology company with no documented involvement in any aspect of the Israeli defence apparatus. The company’s product portfolio - consumer VPN, password manager, encrypted cloud storage, business network security - is civilian in character and function. No defence contracts, no mil-spec products, no verified supply relationships with Israeli defence primes, and no presence in NGO tracking databases constitute a substantial exculpatory record.

The Military audit identified one potential indirect linkage: Warburg Pincus (Nord Security’s lead 2023 investor) held a 21.3% stake in Cyren, an Israeli-domiciled cybersecurity company (Herzliya, Israel; TASE/Nasdaq: CYRN), as of 2017. However, this investment predates the Nord Security investment by approximately five years, represents an independent portfolio company, and Cyren’s business has since been wound down with Warburg Pincus no longer holding an active stake. Warburg Pincus’s European Defence Investment Platform (April 2026) is Europe-focused and contains no Israeli defence primes among named portfolio companies. The audit does not attribute Cyren’s historical activities to NordVPN. 3132

An evidence limit worth noting: the audit relies on publicly available sources. The physical colocation operator (the Israeli data-center host physically housing DataPacket’s hardware in Tel Aviv) is undisclosed in public sources - creating an acknowledged gap between DataPacket and the physical facility. 4356 Whether a different hosting provider would change the Military assessment cannot be determined from open sources alone.

Named Entities and Evidence Map

EntityRoleNexusVerification Status
IMOD / IDF / IPS / Israeli Border PolicePotential customersNo contracts identifiedVerified absence
Bezeq InternationalData center operator (Bareket Data Center, Petah Tiqva)Hosts NordVPN serversUnconfirmed IDF tender award; infrastructure only
Elbit Systems / IAI / Rafael / IMIDefence primesNo supply relationshipsVerified absence
Kape TechnologiesVPN competitor (Israeli-linked)Not NordVPNNordVPN not named in MintPress investigation
Warburg PincusInvestor (Cyren historical stake)2017 investment predates Nord SecurityCyren wound down; no active stake
DataPacket Ltd.Server hosting providerUK-incorporatedNo Israeli beneficial ownership
Interhost Networks Ltd.Upstream network providerIsraeli-domiciledUpstream only; not a customer relationship

Digital: Digital

Mechanism of Involvement

The Digital audit examined five potential digital nexus vectors: enterprise technology stack and vendor relationships, surveillance and biometrics technology, cloud infrastructure and data residency, defence/intelligence sector technology relationships, and AI/autonomous systems.

Technology stack and vendor relationships: NordVPN uses DataPacket Ltd. (UK-incorporated, founded 2014, registered office 9 Coldbath Square, London EC1R 5HL, approximately $6.7M revenue, 51–200 employees) as its dedicated server provider across all global locations, providing over 2,000 servers across 67 data center locations. DataPacket’s parent entity is PacketHub S.A. (Panamanian). No Israeli beneficial ownership or investors identified for DataPacket. Searches for NordVPN combined with Palantir, Check Point (as vendor), Wiz, SentinelOne, CyberArk, NSO, Nice, or Verint returned no confirmed vendor relationships. The NordLayer + Check Point documentation describes NordLayer being configured as an IPsec peer into a Check Point customer’s environment - NordLayer is the service being integrated; Check Point is the customer. 71575826

Surveillance and biometrics: No evidence was identified of NordVPN or Nord Security using facial recognition, biometric identification, behavioural analytics, gait analysis, or retail surveillance technologies of Israeli origin. NordVPN’s commercially available VPN infrastructure is consumer-grade encrypted tunnel routing with no publicly reported or documented deployment of NordVPN technology for military, intelligence, or law enforcement surveillance applications. NordVPN’s services involve encrypted tunnel routing, threat protection (malware blocking), and dark web monitoring; no disclosed function involves collection or processing of user biometric or behavioural data beyond standard VPN connection metadata. 2159

Cloud infrastructure and data residency: NordVPN maintains approximately 20 RAM-only servers in Tel Aviv, Israel, confirmed via official server list and NordVPN server selection page. The Israeli servers are hosted at Bezeq International’s Bareket Data Center in Petah Tiqva. Bezeq International is Israel’s largest telecommunications operator and a subsidiary of Bezeq The Israeli Telecommunication Corp. Ltd. - a state-controlled telecom monopoly. Bezeq International was listed as one of seven expected bidders for the Israel Defense Ministry’s NIS 1 billion data center consolidation project in 2016, competing alongside Israel Aerospace Industries, Elbit Systems, Motorola Israel, Rad-Bynet Group, ECI Telecom, and Rafael Advanced Defense Systems - whether awarded and whether it covers the Bareket Data Center facility is unconfirmed. Traffic routes through Interhost Networks Ltd. (Israeli-domiciled, sole upstream provider for DataPacket’s Tel Aviv point-of-presence). No evidence confirms traffic transits through AWS Israel (il-central-1), Google Cloud Israel (me-west1), or Microsoft Azure Israel. No evidence of NordVPN participating in Project Nimbus or comparable Israeli government cloud initiative. 21471922238

Defence and intelligence sector relationships: No verified contracts, partnerships, or service agreements between NordVPN/Nord Security and Israeli Ministry of Defence, IDF, Mossad, Shin Bet, or other Israeli state security bodies identified. NordVPN’s commercially available VPN infrastructure is consumer-grade encrypted tunnel routing with no publicly reported or documented deployment for military, intelligence, or law enforcement surveillance applications. 716061629

AI and autonomous systems: Nexos.ai (enterprise AI orchestration platform) launched January 2025 by Tomas Okmanas and Eimantas Sabaliauskas as a separate company, raising €30M Series A from Index Ventures, Evantic Capital, Creandum, and Dig Ventures. Nexos.ai is not part of Nord Security. Ofer Ben-Noon, co-founder of Talon Cyber Security (Israeli cybersecurity firm acquired by Mozilla in 2024), is listed as a Nexos.ai angel investor - this is a personal investment by a natural person, not a corporate relationship between Nexos.ai and Talon. All public reporting describes Nexos.ai as an enterprise AI governance platform for general corporate use; no Israeli state sector, defence ministry, or IDF customer references were found. 434463

R&D footprint: No research and development facilities, engineering offices, innovation labs, or accelerator programmes operated by NordVPN or Nord Security within Israel identified. Tesonet lists three investments on its portfolio page with HQ country “Israel, Tel Aviv” (2025–2026, sectors including AI Infrastructure, Cybersecurity, SaaS) - company names withheld. These are Tesonet portfolio investments, not Nord Security operations. No acquisitions of Israeli-origin technology companies by NordVPN or Nord Security identified. 28646566

Counter-Arguments and Evidence Limits

NordVPN’s strongest defence on the digital vector centres on the civilian character of its infrastructure and the attenuated nature of the Israeli nexus. The Israeli server presence exists within Israel’s pre-1967 internationally recognized borders, not in occupied territories. The server infrastructure is consumer VPN access - a commodity service providing encrypted routing for end users - with no documented function in Israeli surveillance architecture. The upstream provider (Interhost Networks) and data center operator (Bezeq International) are infrastructure-level providers, not NordVPN customers directing or controlling its traffic.

Several evidence limits qualify the audit findings. The physical colocation operator (the Israeli data-center host physically housing DataPacket’s hardware in Tel Aviv) is undisclosed publicly. 4356 The operational status of Israeli servers post-19 July 2024 (ICJ Advisory Opinion) and post-November 2024 (ICC arrest warrants) is not addressed in any public corporate disclosure. 26768 The Tesonet Israeli portfolio investments (company names withheld) cannot be assessed for Israeli state sector end-users from public sources alone - this represents a genuine evidence gap rather than a confirmed positive finding.

On the Ofer Ben-Noon / Nexos.ai angle: the audit correctly treats this as a personal angel investment by a natural person, not a corporate relationship. The attribution is attenuated - Talon Cyber Security was acquired by Mozilla in 2024 and has no operational relationship with Nexos.ai. Treating personal investments as corporate nexus would overcount guilt by association.

Named Entities and Evidence Map

EntityRoleNexusVerification Status
DataPacket Ltd.Server hosting providerUK-incorporated; no Israeli ownershipConfirmed
Bezeq InternationalBareket Data Center operatorState-controlled Israeli telecoms; IDF tender bidder (unconfirmed award)Infrastructure only
Interhost Networks Ltd.Upstream network providerIsraeli-domiciled, sole upstream for Tel Aviv POPInfrastructure only
Ofer Ben-Noon / Talon Cyber SecurityNexos.ai angel investorPersonal investment; Talon acquired by Mozilla 2024Attenuated; no corporate relationship
TesonetBeneficial owner (parent)Holds Israeli-domiciled portfolio investmentsSeparate entity; names withheld

Economic: Economic

Mechanism of Involvement

The Economic audit examined five economic vectors: supply chain and sourcing relationships, product origin and labelling, investment and capital exposure, operational presence and market activity, and corporate structure and foundational ties.

Supply chain and sourcing: NordVPN’s Israeli server infrastructure consists of approximately 20+ physical servers located in Tel Aviv, confirmed by NordVPN’s own server listing pages and independent IP intelligence data. Netify IP intelligence confirms NordVPN’s Israeli server (IP 169.150.226.32) resolves to unn-169.150.226-32.datapacket.com, identifying DataPacket as the hosting provider. DataPacket’s Tel Aviv point-of-presence (IP 169.150.202.193) lists Interhost Networks Ltd. (AS61102/AS213391, Israeli-domiciled, founded 2005, HQ Yaldei Teheran 10, Rishon Leziyon) as its sole upstream provider. Interhost Networks describes itself as the only multihomed hosting provider in Israel connected to every ISP and holds an ISP license from the Israeli Ministry of Communications. The physical colocation operator (the Israeli data-center host physically housing DataPacket’s hardware) is undisclosed publicly. NordVPN is a digital subscription service; it does not procure physical goods from Israeli or occupied territory suppliers. No direct supplier relationships with Mehadrin, Hadiklaim, Galilee Export, Agrexco, or their successors were identified. No NordVPN servers confirmed in West Bank settlements (including Ariel or Ma’ale Adumim), East Jerusalem, or the Golan Heights. 6697026771683018

Investment and capital exposure: Nord Security raised $200M in aggregate across two external funding rounds (2022: $100M at $1.6B; 2023: $100M at $3B). Investors include Warburg Pincus (US, ~$83B AUM, 250+ portfolio companies), Novator Ventures (Iceland), General Catalyst (US), and Burda Principal Investments (Germany). No publicly disclosed positions in OHCHR-listed Israeli settlement companies or Israeli arms manufacturers were identified for these investors in the reviewed evidence. Norway’s GPFG has no NordVPN, Nord Security, Tesonet, or Tefincom entries on its NBIM exclusion or observation lists. Tesonet holds three Israeli-domiciled portfolio investments (2024–2026), but these are venture-investment positions, not Nord Security operating subsidiaries. Tomas Okmanas serves on Artea Bank’s supervisory board (ECB-approved since 2023); Artea Bank’s disclosed loan book, securities portfolio, and correspondent-banking counterparties have not been audited for Israeli settlement-linked financial instrument exposure. No evidence of NordVPN, Nord Security, or controlling principals underwriting Israeli sovereign debt, war bonds, or Israel Bonds Development Corporation instruments. 35383972737475

Operational presence: NordVPN operates approximately 20+ servers in Tel Aviv. No NordVPN offices, warehouses, or retail locations identified within Israel or occupied territories. No specific disclosure of Israeli employee headcount or Israeli tax registrations. Israel’s share of Nord Security’s $550M term loan (Fitch, October 2025) is not identified in the disclosure; the company operates in 130 countries with 44% North American and 37% European billing. NordVPN sells direct-to-consumer online; no physical retail presence in settlements confirmed. 2026848

Corporate structure and foundational ties: NordVPN was not founded in Israel; Nord Security/NordVPN was founded in Lithuania with operating entities in Panama, Netherlands, and England & Wales. No Israeli corporate domicile, tax residency, PTE status, or government awards/designations identified. No Israeli capital identified as a controlling beneficial owner. No Israeli-Nexus Floor trigger identified. The only disclosed Nord Security acquisition is IronWall (US). 6344520

Constructive notice: NordVPN’s Israeli server infrastructure in Tel Aviv continues to operate as confirmed by the most recent server listing pages and Netify intelligence. The operational status of these servers post-ICJ Advisory Opinion (July 2024) and post-ICC arrest warrants (November 2024) is not addressed in any public corporate disclosure. The occupation-economy framework of constructive notice applies with less force to digital-infrastructure services than to physical goods or settlement services. 267716830

Counter-Arguments and Evidence Limits

NordVPN’s strongest economic defence rests on three pillars. First, the Israeli server presence is confined to Tel Aviv - Israel’s pre-1967 territory - with no servers confirmed in West Bank settlements, East Jerusalem, or the Golan Heights. The UN OHCHR settlement enterprise database (158 companies) does not include NordVPN. Second, NordVPN derives no documented revenue from Israeli government customers, defence institutions, or settlement-area users. Third, the corporate structure is anchored in Lithuania and Panama with no Israeli beneficial owners, no Israeli institutional investors, and no Israeli tax residency.

The Tesonet Israeli portfolio investments represent the most substantive economic linkage, but the audit correctly distinguishes Tesonet from Nord Security - they share co-founders but are separate legal entities. Treating a venture builder’s portfolio investments as Nord Security’s economic exposure would constitute improper transitive attribution. The fact that the companies are not publicly named prevents independent verification of their end-users anyway.

An evidence limit: the physical colocation operator in Israel is undisclosed. DataPacket is the contracted provider, but who physically hosts the hardware in Petah Tiqva is not public knowledge. This gap prevents full supply chain verification. Similarly, Artea Bank’s loan book and securities portfolio have not been audited for Israeli settlement-linked exposure - this is an unverified gap rather than a confirmed positive finding.

Named Entities and Evidence Map

EntityRoleNexusVerification Status
DataPacket Ltd.Server hosting providerUK-incorporated; no Israeli ownershipConfirmed
PacketHub S.A.DataPacket parentPanamanianConfirmed
Interhost Networks Ltd.Upstream network providerIsraeli-domiciled; sole upstream for Tel AvivInfrastructure only
Bezeq InternationalData center operatorState-controlled Israeli telecomsInfrastructure only
TesonetBeneficial ownerHolds Israeli portfolio investmentsSeparate entity; names withheld
Artea BankOkmanas board positionNot audited for settlement exposureUnverified gap
Warburg Pincus / Novator / General CatalystInvestorsNo Israeli settlement/arms holdings identifiedVerified absence

Political: Political

Mechanism of Involvement

The Political audit examined five political vectors: corporate communications and public stance, operations in occupied or contested territories, internal governance and content policies, brand heritage and state partnerships, and lobbying, advocacy, financing, and logistics.

Corporate communications and public stance: NordVPN and Nord Security have issued no public statement on the Israel-Palestine conflict, October 7, 2023, subsequent Israeli military operations in Gaza, or related humanitarian developments through April 2026. This silence contrasts with documented public engagement on the Ukraine conflict: NordVPN withdrew server infrastructure from Russia and Belarus in March 2022, framed the decision explicitly in terms of opposition to censorship and support for press freedom, and extended free service access to Ukrainian users. Nord Security published social-media content aligned with LGBTQ+ Pride Month themes in 2022 and 2023. This pattern of selective engagement - taking public positions on certain geopolitical issues while remaining silent on others - is the most material political finding against NordVPN. The absence of statements across multiple unrelated conflict theatres (Yemen, Xinjiang, Myanmar) limits the inference that silence on Israel-Palestine is uniquely motivated, but the contrast with the Ukraine response is the most directly comparable case. 3

Operations in occupied or contested territories: NordVPN operates server infrastructure in Israel, listed publicly as “Israel (Tel Aviv)” on its server network page without geopolitical qualification. No public evidence has been identified of NordVPN operating servers, service contracts, dealer networks, subsidiary entities, or any form of commercial infrastructure specifically within West Bank settlements, East Jerusalem, or the Golan Heights - as distinct from operations within Israel’s pre-1967 internationally recognized borders. The precise physical location and data-center contractual arrangements underpinning the Israeli server presence cannot be independently confirmed from publicly available sources - an acknowledged evidence gap. NordVPN, Nord Security, and Tefincom S.A. do not appear on the UN Human Rights Council database (A/HRC/43/71, February 2020) of businesses with verified activities in Israeli settlements. 7677

BDS campaigns and civil society: No public evidence has been identified of NordVPN being named as a target of any organized BDS campaign. The BDS National Committee’s publicly documented target lists do not include NordVPN. No institutional investor divestment campaign citing NordVPN’s Israel-related operations has been identified. NordVPN has not been the subject of organized boycott, divestment, or exclusion campaigns specifically related to Israeli defence sector activities. Reddit discussions on BDS and NordVPN note NordVPN’s Lithuanian domicile and lack of Israeli ownership as distinguishing it from Israeli-linked VPN companies. One Reddit post in r/BoycottIsrael references an unverified allegation regarding Israeli servers and resale - not a documented campaign. 551819

Internal governance and HR: No public evidence has been identified of HR controversies, disciplinary proceedings, employee terminations, or legal actions at NordVPN or Nord Security involving employee political speech, display of political symbols, or union organizing related to the Israel-Palestine conflict. NordVPN’s Terms of Service and Acceptable Use Policy prohibit illegal activity with no Israel/Palestine-specific content moderation provisions. No independent academic study, regulatory inquiry, or NGO investigation of NordVPN’s services as a tool for suppressing or amplifying content related to the Israel-Palestine conflict has been identified. 32778

State partnerships and lobbying: No public evidence has been identified of NordVPN accepting formal state honors from any government, hosting Israeli or Palestinian government officials in a non-commercial partnership capacity, entering formal academic partnerships with Israeli state universities, sponsoring “Brand Israel” campaigns or hasbara initiatives, or sponsoring equivalent Palestinian advocacy campaigns. No evidence of NordVPN registering as a lobbyist or engaging in lobbying activity before any legislature or regulatory body on Israel-Palestine policy, BDS-related legislation, or regional trade measures. No FARA, LDA, EU Transparency Register, UK, or Israeli lobbying disclosures identified. 79

Financial contributions and crisis mobilization: No public evidence has been identified of NordVPN or Nord Security making corporate donations to Israeli parastatal organizations, settlement-linked funds, IDF welfare funds (e.g., FIDF), JNF, or equivalent Palestinian solidarity organizations. Nord Security’s disclosed investors include no investor with a documented parastatal, settlement-linked, or conflict-adjacent financial profile. NordVPN did not direct corporate resources (free VPN subscriptions, server capacity, crisis credits) to Israeli state bodies, IDF-aligned organizations, settler groups, or Palestinian organizations during or following the October 2023 escalation - contrasting with the documented Ukraine response. 379

Executive footprint: No verifiable personal donations, family foundation grants, or fundraising activities by Okmanas, Sabaliauskas, or other Nord Security executives directed toward Israeli parastatal organizations (FIDF, JNF), settlement-linked groups, or Palestinian advocacy organizations have been identified. No public statements, social media posts, op-eds, signed open letters, or conference remarks by Nord Security executives regarding the Israel-Palestine conflict identified. No board seats, advisory positions, or leadership roles in Israel-advocacy organizations, pro-Palestinian organizations, Israeli state-aligned academic or research institutions, or geopolitical lobbying bodies connected to either side of this conflict documented. 2779

Counter-Arguments and Evidence Limits

NordVPN’s strongest political defence centres on the absence of affirmative harmful conduct. The company has not been named in any UN database, NGO investigation, BDS campaign, or legal proceeding related to Israeli operations. The Israeli server presence is a standard commercial infrastructure decision within internationally recognized territory, not a political statement or settlement-adjacent activity. Nord Security’s founding narrative is Lithuanian commercial tech entrepreneurship, not state-security service. The co-founders have no identified Israeli defence or intelligence affiliations.

The silence-on-Israel/Palestine argument cuts both ways. The Political audit’s primary critique - that NordVPN took public stances on Ukraine while remaining silent on Israel/Palestine - is a reasonable inference from the evidence, but it is not equivalent to documented harmful conduct. The company has no obligation to issue statements on any conflict, and the absence of statements does not constitute affirmative support for either side. The argument that selective silence on multiple conflict theatres (Yemen, Xinjiang, Myanmar) “limits the inference” that Israel/Palestine silence is uniquely motivated is a legitimate counter-consideration.

The evidence limits on the political vector are substantial: internal HR policies, employee political speech rules, and internal communications on the Israel-Palestine conflict are not publicly available. The absence of documented controversy reflects the limits of open-source records rather than a confirmed absence of internal activity. Similarly, the beneficial ownership chain behind Stitching Raveset (Dutch foundation) is opaque - natural persons are redacted from Bloomberg LEI data. This structural opacity prevents full attribution.

Named Entities and Evidence Map

EntityRoleNexusVerification Status
Russia / BelarusJurisdiction of server withdrawalServer withdrawal March 2022 (contrast case)Documented
Blue/YellowUkraine humanitarian NGOSabaliauskas National Patron titleDocumented; no Israeli analogue
Stitching RavesetUltimate parent foundationDutch orphan entity; beneficial owners redactedOpacity gap

BDS-1000 Score (V4)

DomainIMPV-Domain Score
Military0.000.000.000.00
Digital0.500.500.500.00
Economic3.502.003.000.43
Political2.007.007.002.00

The BRS of 130 is driven primarily by Political at 2.00 (V_MAX), reflecting the company’s documented silence on the Israel-Palestine conflict against the backdrop of its documented willingness to take public positions on comparable geopolitical crises (Ukraine). Economic contributes 0.43 from the Israeli server infrastructure and Tesonet’s Israeli venture portfolio investments, both of which represent documented but attenuated economic nexus. Military and Digital score 0.00, with no documented military involvement or digital surveillance integration with Israeli state bodies. The methodology is scale-free Impact × Magnitude/Proximity, evidence-only from the four domain audits, with human vetting applied to reject unverified claims and discount divested operations.

Methodology Note

End Notes

Footnotes

  1. https://www.datapacket.com/locations/tel-aviv 2 3 4 5 6 7 8 9

  2. https://nordvpn.com/servers/israel 2 3 4 5

  3. https://nordvpn.com/about-us/ 2 3 4 5 6 7 8 9

  4. https://www.fitchratings.com/research/corporate-finance/cyberspace-b-v-financing-nord-security-06-08-2025 2 3

  5. https://www.zdnet.com/article/meet-nord-security-the-company-behind-nord-vpn/

  6. https://restoreprivacy.com/vpn/reviews/nordvpn 2 3 4 5 6 7

  7. https://www.datapacket.com 2 3 4

  8. https://www.interhost.co.il/about 2 3 4 5 6

  9. https://www.globes.co.il/en/article-bezeq-international-among-bidders-for-nis-1b-defense-ministry-project-1001142726 2 3

  10. https://restoreprivacy.com/vpn/reviews/nordvpn

  11. https://nordsecurity.com/corporate-responsibility 2 3 4 5 6 7 8

  12. https://nordsecurity.com/static/Impact_Report_2024.pdf 2

  13. https://nordsecurity.com/static/Impact_Report_2025.pdf 2

  14. https://nordsecurity.com/blog/cybersecurity-in-modern-day-warfare

  15. https://ff.co/en/tomas-okmanas-and-eimantas-sabaliauskas-awarded-national-patron-title/

  16. https://nordvpn.org/nonprofit

  17. https://nordvpn.org/blog/nonprofit-program-2025-impact

  18. https://www.reddit.com/r/BoycottIsrael 2

  19. https://bdsmovement.net/Act/economic-activism 2

  20. https://www.fitchratings.com/research/corporate-finance/cyberspace-b-v-financing-nord-security-06-08-2025 2 3

  21. https://nordvpn.com/servers/ 2 3 4 5

  22. https://www.bezeq.co.il/english/about/financialreports 2

  23. https://www.bezeq.co.il/international 2

  24. https://www.ohchr.org/en/documents/reports/ahrc5923-economy-occupation-economy-genocide-report-prepared-aremark 2

  25. https://nordsecurity.com/leadership

  26. https://www.nordlayer.com/blog/nordlayer-check-point-integration 2

  27. https://restoreprivacy.com/vpn/reviews/nordvpn/ 2 3 4

  28. https://tesonet.com/portfolio 2 3 4 5

  29. https://tesonet.com/portfolio 2 3

  30. https://tesonet.com/portfolio 2 3 4 5 6

  31. https://warburgpincus.com/2026/04/10/warburg-pincus-establishes-european-defence-investment-platform 2 3 4

  32. https://en.globes.co.il/en/article-warburg-pincus-offers-to-buy-control-of-cybersecurity-co-cyren-1001208969 2 3 4

  33. BDS-1000 Scoring Methodology - Final V4, human-vetted scores; NordVPN: BRS 130, Tier E (Minimal); Military 0.00, Digital 0.00, Economic 0.43, Political 2.00 2 3 4 5

  34. https://www.zdnet.com/article/meet-nord-security-the-company-behind-nord-vpn 2 3

  35. https://techcrunch.com/2022/07/01/nord-security-raises-100m-series-a-at-1-6b-valuation 2 3

  36. https://techcrunch.com/2022/07/01/nord-security-raises-100m-series-a-at-1-6b-valuation/

  37. https://www.datapacket.com/about

  38. https://techcrunch.com/2023/09/06/nord-security-confirms-100m-series-b-at-3b-valuation 2 3

  39. https://techfundingnews.com/nord-security-raises-100m-at-3-billion-valuation-in-series-b-round/ 2 3

  40. https://techcrunch.com/2019/11/21/nordvpn-confirms-it-was-hacked-in-2018/

  41. https://www.nordsecurity.com/press-area/nordvpn-launches-post-quantum-encryption-across-all-its-applications 2

  42. https://www.nordsecurity.com/press-area/nordvpn-launches-post-quantum-encryption-across-all-its-applications 2

  43. https://nexos.ai/about 2 3 4

  44. https://techcrunch.com/2025/01/14/nexos-ai-raises-e30m-series-a-to-help-enterprises-govern-ai-agents 2

  45. https://restoreprivacy.com/vpn/reviews/nordvpn 2

  46. https://nordlayer.com/industries/public-sector

  47. https://nordvpn.com/servers/israel 2

  48. https://nordvpn.com/blog/resellers 2

  49. https://techfundingnews.com/nord-security-raises-100m-at-1-6b-valuation/

  50. https://www.crunchbase.com/organization/nord-security

  51. https://www.linkedin.com/company/nord-security

  52. https://www.appsruntheworld.com/customers-database/products/view/nordvpn

  53. https://paxforpeace.nl/publication/companies-arming-israel-and-their-financiers/

  54. https://nordsecurity.com/blog/nordlynx-performance

  55. https://www.mintpressnews.com/exposed-how-israeli-spies-control-your-vpn/288259 2

  56. https://www.datapacket.com/privacy-policy 2

  57. https://www.datapacket.com/about

  58. https://www.datapacket.com/privacy-policy

  59. https://nordvpn.com/legal/privacy-policy 2

  60. https://nordvpn.com/transparency-report/

  61. https://nordvpn.com/blog/nordlynx-performance

  62. https://nordsecurity.com/corporate-responsibility

  63. https://techcrunch.com/2025/01/14/nexos-ai-raises-e30m-series-a-to-help-enterprises-govern-ai-agents 2

  64. https://tesonet.com/portfolio/hostinger

  65. https://nordvpn.com/blog/tesonet-startup-ecosystem

  66. https://restoreprivacy.com/vpn/reviews/nordvpn

  67. https://www.netify.com/solutions/ip-intelligence 2 3

  68. https://nordvpn.com/servers/israel 2 3 4

  69. https://www.datapacket.com/case-studies/nordvpn

  70. https://www.datapacket.com/about

  71. https://www.datapacket.com/locations/tel-aviv 2

  72. https://www.nbim.no/en/organisation/responsibility/exclusion-of-companies

  73. https://www.lb.lt/en/securities/artea-bank-ab

  74. https://www.equityzen.com/company/nordvpn

  75. https://warburgpincus.com/2026/04/10/warburg-pincus-establishes-european-defence-investment-platform

  76. https://nordvpn.com/servers/

  77. https://www.ohchr.org/en/hr-bodies/hrc/regular-sessions/session43/list-of-reports

  78. https://nordvpn.com/legal/terms-of-service/

  79. https://www.crunchbase.com/organization/nord-security 2 3