Table of Contents
NordVPN is a consumer and enterprise VPN product operated by Nord Security, a Lithuanian cybersecurity conglomerate with no documented ties to Israel’s defence sector. Across all four BDS-1000 audit domains, the company’s relationship with Israel is limited to three categories of activity: operating commercial server infrastructure in Tel Aviv as one of more than 110 global locations; selling digital subscriptions directly to Israeli consumers; and publishing editorial blog content that recommends several Israeli-founded cybersecurity tools to its own customers.
No defence contracts, no supply to the Israel Defence Forces or Israeli Ministry of Defence, no participation in Project Nimbus, no Israeli R&D presence, no ownership-level investment in Israel, and no lobbying or financial contributions to conflict-adjacent organisations have been identified. The company does not appear on the UN Human Rights Council’s database of businesses active in Israeli settlements, nor on any BDS campaign target list.
The principal findings driving the score are commercial rather than political or military. NordVPN directly operates its Israeli exit nodes under its own ASN, constituting direct-operator proximity in the V-DIG and V-ECON domains. The company is selectively silent on the Israel-Palestine conflict despite documented willingness to take public positions on Russia-Ukraine and LGBTQ+ issues. Neither finding represents a strategic or structural relationship with the Israeli state.
The BDS-1000 score of 74 (Tier E) reflects these findings accurately. The score would be sensitive to confirmation of: Israeli state or military contracts; Nord’s internal deployment of the Israeli-founded tools it recommends to customers; or any lobbying, donation, or state-honours relationship — none of which has been evidenced.
| Date | Event |
|---|---|
| 2012 | Tesonet founded in Vilnius, Lithuania; NordVPN incubated within it 1 |
| 2018 | Security breach at third-party Finnish data-centre provider (disclosed publicly 2019) 1 |
| 2019 | NordVPN issues public clarification confirming Tesonet relationship and Lithuanian corporate origin 2 |
| 2021 | Tesonet rebrands as Nord Security; Clario Tech acquired 3 |
| February 2022 | Nord Security announces withdrawal of server infrastructure from Russia and Belarus following invasion of Ukraine; extends free service access to Ukrainian users 4 |
| February 2022 | NordVPN and Surfshark announce merger, consolidated through Dutch holding vehicle Cyberspace B.V. 5 |
| May 2022 | Nord Security raises $100M Series A at $1.6B valuation led by General Atlantic 6 |
| June 2022 | Meshnet feature launched commercially, enabling encrypted peer-to-peer device linking 1 |
| September 2023 | Nord Security raises additional $100M investment led by Warburg Pincus, valuation approximately $3B 7 |
| 2023 | Deloitte third-party no-logs audit published for NordVPN 8 |
| October 2023–April 2026 | No public statement issued by NordVPN or Nord Security on Israel-Palestine conflict or Gaza military operations 4 |
| December 2025 | Nord Security products appear in Insight Public Sector manufacturer catalogue 9 |
| January 2026 | NordVPN cited in post-quantum cryptography threat landscape commentary 10 |
NordVPN is the flagship consumer product of Nord Security, a Lithuanian-origin cybersecurity group that emerged from Tesonet, a Vilnius-based technology incubator founded in 2012.1 The group’s subscriber-facing contracting entity is Tefincom S.A., incorporated in Panama — a common jurisdictional choice among consumer VPN providers seeking distance from national data-retention frameworks.2 Principal operations, engineering, and corporate governance are conducted from Vilnius, Lithuania, where the parent entity Nord Security UAB is registered with the Lithuanian Register of Legal Entities.11
The product portfolio includes NordVPN (consumer VPN), NordLayer (enterprise Zero Trust Network Access), NordPass (credential management), and NordLocker (encrypted file storage).12 Nord Security merged with Surfshark in 2022 through the Dutch holding vehicle Cyberspace B.V., and acquired consumer security tools company Clario Tech in 2021.5 Neither acquisition introduced Israeli-origin operations or assets into the group.
Capital structure is private. General Atlantic led a $100M Series A in May 2022 at a $1.6B valuation, acquiring a documented minority stake.6 Warburg Pincus led a further $100M round in September 2023, bringing the reported valuation to approximately $3B.7 No Israeli state entity, Israeli defence-affiliated investment vehicle, or confirmed Israeli beneficial owner appears in any disclosed shareholder record. Pre-IPO stock is listed on secondary markets via Forge Global.13
Product category exclusion. Nord Security is a pure-play software-as-a-service company. It manufactures no physical products, holds no defence manufacturing licences, and maintains no production facilities. The V-MIL rubric explicitly excludes commercial software from scoring except where it is embedded firmware within a specific weapon system. NordVPN and NordLayer are commercial off-the-shelf encrypted networking products; no weapon-embedded firmware application has been identified or claimed.112
Defence contracting: no evidence. No contract, tender award, framework agreement, or memorandum of understanding between Nord Security, NordVPN, NordLayer, NordPass, NordLocker, Tesonet, or Cyberspace B.V. and the Israeli Ministry of Defence, the Israel Defence Forces, Israel Prison Service, Israel Border Police, or any other Israeli state security body has been identified in any public record.114 SIBAT, the Israeli Ministry of Defence’s international defence cooperation directorate, maintains registries of approved international defence partners; no evidence places Nord Security in any SIBAT listing, the Israeli Defence and Homeland Defence Directory, or any international defence exhibition catalogue.14
Dual-use properties: generic, not purpose-built. Encrypted VPN and Zero Trust Network Access products possess inherent dual-use properties by virtue of their core function — encrypting communications, masking traffic metadata, and enabling secure remote access over untrusted networks.1 NordLayer’s ZTNA and Meshnet architecture shares characteristics with technologies used in military communications networks. However, these properties are generic to the encrypted networking software category. No military-specific variant, purpose-built tactical adaptation, mil-spec product line, or targeted military marketing has been identified.12 Third-party consumer guidance publications have listed NordVPN among VPNs suitable for use by military personnel on the basis of general security characteristics;1516 this reflects commercial product properties, not any contractual arrangement with a military end-user.
Post-quantum development: industry-standard, not military. NordVPN’s post-quantum encryption work, cited in a January 2026 threat landscape commentary,10 is consistent with industry-wide migration toward post-quantum cryptographic standards and does not constitute a military product line or a defence procurement relationship.
Supply chain with defence primes: no evidence. Nord Security does not manufacture optical systems, electronic sub-assemblies, propulsion components, structural materials, guidance systems, munitions, or any physical components that could be integrated into weapons systems.112 No supply relationship with Elbit Systems, Israel Aerospace Industries, Rafael Advanced Defense Systems, or Israel Military Industries has been identified in any public filing or corporate disclosure.17 A prior analytical inference that NordLayer’s market overlap with Check Point and Cato Networks implied a plausible defence-prime sub-contractor relationship was assessed and rejected as unsupported inference.
Logistical sustainment: not applicable. The company provides no catering, transport, fuel, facilities management, or telecommunications infrastructure services to IDF bases or military installations. Commercial server infrastructure in Tel Aviv is operated in third-party data centres available to any paying subscriber and is structurally identical to NordVPN’s operations in every other country of presence.1819
Munitions and weapons: not applicable. No involvement in the manufacture, integration, maintenance, or component supply of lethal systems — including Iron Dome, David’s Sling, Merkava tanks, F-35 programmes, or any other Israeli or other-nation military platform — has been identified.1
Export controls: no licence decisions identified. VPN and encryption software is in principle subject to cryptography export controls under the US Export Administration Regulations (EAR, Category 5 Part 2) and the EU Dual-Use Regulation. No specific export licence decision, end-user certificate requirement, or enforcement action involving Nord Security in connection with Israeli defence or security end-users has been identified in any publicly available record.1
The strongest challenge to a zero score would be an argument that NordLayer’s ZTNA architecture constitutes a dual-use product sufficiently proximate to military communications infrastructure to warrant scoring. This argument is not supported by available evidence: dual-use categorisation under the BDS-1000 rubric requires either a documented military contract, a purpose-built military variant, or a confirmed deployment within an Israeli military or security-sector context — none of which is evidenced. The inherent dual-use properties of encrypted networking software, without more, do not satisfy the rubric threshold.
A secondary challenge concerns the absence of comprehensive corporate disclosure. Nord Security is privately held and does not publish audited financial statements. Supply-chain transparency is accordingly limited. It is possible, though not evidenced, that NordLayer has enterprise customers within Israel’s defence or security sector that are not publicly disclosed. If such a relationship existed and were confirmed, it would require reconsideration of the V-DIG score rather than V-MIL, as the rubric assigns software contracts to V-DIG rather than V-MIL.
What would need to be true for the score to change: A confirmed contract with the IMOD, IDF, or any Israeli security body; a purpose-built military product variant; or confirmed embedding of Nord Security software in a weapons platform or command-and-control system. The current evidentiary record does not approach that threshold.
| Entity | Type | Relevance | Evidence status |
|---|---|---|---|
| Nord Security UAB | Parent company (Lithuania) | Operating entity for all products | Confirmed 1 |
| Tefincom S.A. | Operating entity (Panama) | Subscriber contracting entity for NordVPN | Confirmed 20 |
| Tesonet | Founding incubator (Lithuania) | Corporate origin; pre-2021 parent structure | Confirmed 1 |
| Cyberspace B.V. | Holding vehicle (Netherlands) | Surfshark merger consolidation | Confirmed 5 |
| NordLayer | Enterprise product | ZTNA/Meshnet; assessed for dual-use properties | Confirmed; no military variant 12 |
| Elbit Systems | Israeli defence prime | Assessed for supply relationship | No link identified 17 |
| SIBAT (IMOD) | Israeli defence body | Assessed for registry listing | No listing identified 14 |
| IDF / IMOD | Israeli state security | Assessed for contracts | No contract identified 14 |
| Iron Dome / David’s Sling | Israeli weapons platforms | Assessed for component supply | No involvement 1 |
Israeli server infrastructure: direct operator. NordVPN publicly lists Israel (Tel Aviv) as an available server location.18 IP intelligence data confirms a NordVPN exit node at the Tel Aviv address, associated with NordVPN’s own registered ASN (AS207137 / Tefincom S.A.), hosted in rack space leased from DataCamp (AS212238), a commercial global colocation provider.21 DataCamp is not an Israeli state or military entity. NordVPN also offers a Dedicated IP option in Israel, allowing business subscribers to maintain a static Israeli exit address.18 Nord Security directly operates these nodes under its own autonomous system number, establishing direct-operator proximity.
What this infrastructure does and does not represent. The Tel Aviv server presence is a single location within a 110+ country commercial network. Its architecture is structurally identical to NordVPN’s operations in every other market. Subscribers anywhere in the world may route their traffic through Israeli exit nodes; Israeli subscribers may use the service to exit through nodes anywhere else. No public evidence has identified these servers as contracted to, or specifically serving, Israeli military installations, West Bank settlements, Golan Heights infrastructure, or security service operations.1819
Israeli lawful intercept obligations: material evidence gap. Whether Israeli communications law imposes lawful intercept or data retention obligations on foreign-operated VPN exit nodes hosted within Israeli territory by commercial colocation providers is a legal question not resolved by available public sources. If Israeli law reaches these nodes and Nord Security has received intercept assistance orders, the character of the relationship with the Israeli state would be materially different from the current characterisation. No public regulatory guidance or confirmed case addressing VPN exit node operators in this Israeli legal context has been identified. This gap is explicitly acknowledged but does not, on its own, elevate the scoring band without confirmation.
Editorial recommendations of Israeli-founded vendors. NordVPN’s blog post titled “A list of 20 essential cybersecurity tools for 2026” explicitly names and recommends three Israeli-origin or Israeli-founded cybersecurity vendors to its business readership: Check Point Software Technologies (founded in Tel Aviv, co-founded by a veteran of the IDF’s intelligence signals unit),22 Wiz (co-founded by four Unit 8200 alumni),23 and CyberArk (Israeli-founded, dual-headquartered in Petah Tikva).24 Unit 8200 is the IDF’s primary signals intelligence and cyber unit.25 These recommendations direct Nord’s audience toward Israeli-origin technology companies.
The Customer Cap applies firmly here. Based on available public evidence, the relationship between Nord Security and these three vendors is limited to editorial content marketing — NordVPN recommending these tools to its customers in a blog post.26 No corporate procurement disclosure, technical architecture document, or press release confirming that Check Point, Wiz, or CyberArk underpin Nord Security’s own internal infrastructure has been identified. The recommendations are procurement-side editorial content; Nord is at most a buyer or recommender, not a seller of technology to Israel. Under the BDS-1000 Customer Cap, this caps I-DIG at ≤3.9 in the absence of evidence that Nord itself provides technology to Israeli state bodies.
Identity and access management integrations. NordLayer documents integrations with Okta and JumpCloud for Single Sign-On and identity federation.2728 Both are US-incorporated companies with no identified Israeli-origin provenance. The NordLayer integration pages document SAML 2.0 and SCIM provisioning, not facial recognition or biometric analytics. No Israeli-origin IAM vendor integration has been identified.2728
Project Nimbus: no participation. Project Nimbus is the ~$1.2B Israeli government cloud contract awarded to AWS and Google Cloud in 2021, providing cloud services to Israeli ministries and the IDF.29 Nord Security is not identified as a contractor, subcontractor, reseller, or participant in Project Nimbus in any public record. NordLayer’s technical documentation confirms the product can be deployed as a network security overlay within AWS and Google Cloud environments,30 but this reflects standard multi-cloud support applicable to all NordLayer customers globally. Supporting AWS or Google Cloud as platforms does not constitute participation in a specific government contract those platforms hold.
No Israeli R&D, acquisitions, or state contracts. No R&D facilities, engineering offices, innovation labs, co-development arrangements, or property in Israel have been identified. No acquisition of Israeli-origin technology companies and no strategic investment in Israeli technology startups or Israeli venture funds is documented. No contract, partnership, or service agreement between Nord Security and the Israeli Ministry of Defence, IDF, Shin Bet, Mossad, or Unit 8200 has been identified.1
AI features: consumer security, not state provision. NordVPN’s Threat Protection feature employs machine learning for malware URL detection, ad blocking, and tracker blocking.31 This is a consumer and business-facing security feature with no documented application to state surveillance, military targeting, or autonomous decision-making. No provision of AI or machine learning systems to Israeli state bodies has been identified.
The lawful intercept gap is the most significant unresolved issue in this domain. Israeli communications law may reach commercial VPN infrastructure hosted in-country. If Nord Security has received lawful intercept orders it has not disclosed, the relationship with the Israeli state would be substantively more proximate than the current characterisation. The counter-position is that (a) no evidence of such orders exists; (b) NordVPN’s no-logs policy, audited by Deloitte in 2023,8 provides partial structural mitigation; and (c) the existence of an unresolved legal question does not itself justify scoring the relationship at a higher band.
The Check Point / Wiz / CyberArk recommendations could be argued to constitute indirect facilitation of the Israeli technology sector — directing commercial traffic and enterprise attention toward Israeli-founded firms. The counter-position is that editorial recommendations to third parties are not equivalent to Nord Security itself contracting with or providing technology to Israeli state bodies, and the Customer Cap is correctly applied. The score would change if evidence emerged that these tools are deployed in Nord Security’s own infrastructure at scale.
The self-published Medium/Coinmonks analysis 32 arguing that VPN infrastructure generally is vulnerable to Unit 8200 traffic analysis is the only identified document framing Nord’s Israeli presence in an intelligence context. It is a self-published opinion piece without primary sourcing and does not identify a Nord-specific confirmed instance. It has been excluded from findings.
What would need to be true for the score to change materially: Confirmed Israeli lawful intercept orders against Nord’s Tel Aviv nodes; confirmation of Nord’s internal deployment of Check Point, Wiz, or CyberArk at scale; or any contract or service agreement with Israeli state, military, or intelligence bodies.
| Entity | Type | Relevance | Evidence status |
|---|---|---|---|
| Tefincom S.A. / AS207137 | Operating entity (Panama) | Registered ASN for Israeli exit nodes | Confirmed 21 |
| DataCamp (AS212238) | Colocation provider | Hosts Israeli server rack space | Confirmed 21 |
| Check Point Software Technologies | Israeli-origin vendor | Editorially recommended in Nord blog | Confirmed (editorial only) 2226 |
| Wiz | Israeli-origin vendor (Unit 8200 founders) | Editorially recommended in Nord blog | Confirmed (editorial only) 2326 |
| CyberArk | Israeli-origin vendor | Editorially recommended in Nord blog | Confirmed (editorial only) 2426 |
| Unit 8200 (IDF) | Israeli military intelligence unit | Founding unit of Wiz co-founders | Confirmed re founders; no Nord link 25 |
| Okta | US IAM vendor | NordLayer SSO integration | Confirmed 27 |
| JumpCloud | US IAM vendor | NordLayer SSO integration | Confirmed 28 |
| AWS / Google Cloud | Cloud platforms | NordLayer deployment support | Confirmed; no Nimbus participation 2930 |
| Project Nimbus | Israeli government cloud contract | Assessed for participation | No participation identified 29 |
| Warburg Pincus | Investor | Led 2023 funding round | Confirmed 7 |
| General Atlantic | Investor | Led 2022 Series A | Confirmed 6 |
Operational presence: leased, not owned. NordVPN operates a virtual server presence in Israel as part of its global network, with infrastructure hosted in leased rack space at third-party Israeli data centres.18 The company itself has confirmed that Israeli servers are one line item across a 110+ country network. No owned offices, sales operations, customer support centres, warehouses, or physical retail locations in Israel or the occupied Palestinian territories are documented.18 The specific Israeli data-centre operator(s) engaged by NordVPN within Israel are not publicly disclosed, which constitutes an acknowledged evidence gap.
Direct subscription sales to Israeli consumers. NordVPN sells digital subscriptions directly to Israeli consumers via Nordvpn S.A. (Panama) as the contracting entity.20 This is a direct commercial relationship — Israel is an active subscriber market, not a purely passive server-routing location. However, Israel is not characterised in any investor communication, press release, or annual disclosure as a distinct revenue market, strategic growth priority, or key territory.733 The Israeli subscriber base and associated revenue cannot be estimated from public sources. Conservative scoring at the mid-point of Band 2.1–3.0 is the highest defensible position from confirmed anchors.
No foreign direct investment. No verified direct capital investment by NordVPN or Nord Security within Israel or the occupied Palestinian territories — including factory ownership, owned data centres, real estate, logistics assets, or acquisition of Israeli-domiciled companies — has been publicly documented.111 The Israeli server presence is operated under a standard third-party data centre leasing arrangement, not a direct ownership or investment model.18 This cleanly distinguishes NordVPN from entities that have made FDI-level commitments to the Israeli economy.
No Israeli R&D, employment, or tax contribution. Nord Security’s primary R&D operations are in Vilnius, Lithuania, where the parent entity Nord Security UAB is domiciled.311 No R&D facilities, technology partnerships, innovation labs, startup investments, or accelerator programmes in Israel have been publicly documented. No publicly available data documents NordVPN or Nord Security employees based in Israel, Israeli tax registration, Israeli payroll contribution, or regulatory filing within the Israeli fiscal jurisdiction.34
Capital structure: U.S.-to-Lithuania flows, no Israeli vector. The 2022 General Atlantic investment represents a US-to-Lithuania capital inflow, with General Atlantic acquiring a minority stake in the Lithuanian-domiciled parent group.635 The 2023 Warburg Pincus round similarly represents a US-to-Lithuania capital flow.7 No documented profit repatriation channel flowing into Israel has been identified. No Israeli-domiciled parent entity, holding company layer, royalty arrangement, or IP licensing structure routing profits into Israel appears in any corporate filing, registry record, or financial disclosure reviewed.2011
Absence from NGO and UN watchlists. NordVPN is not listed in the UN Human Rights Council’s database of businesses with verified activities in Israeli settlements (A/HRC/43/71).36 The Who Profits Research Center, Corporate Occupation watchlist, and BDS National Committee’s current targeted campaigns list do not include NordVPN.373839 This absence across all four databases is consistent with the company’s operating profile as a digital-services provider with no physical goods supply chain, no settlement-linked sourcing, and no documented engagement with physical occupation infrastructure.
Product category: digital subscriptions only. NordVPN is a software-and-services company. It produces no physical goods, holds no importer-of-record status in any jurisdiction, and carries no country-of-origin labelling obligations. The entire framework of agricultural sourcing, settlement-goods labelling, and manufactured-goods supply chain analysis is structurally inapplicable to this entity.2011
The primary evidence gap is the absence of any Israeli subscriber revenue figure. NordVPN does not publish country-level revenue breakdowns. If Israeli subscriber revenue were materially larger than estimated — for instance, if Israel represented a top-ten market — the magnitude characterisation (Very Low Upper End) might be reconsidered. However, even a higher Israeli subscriber revenue figure would not change the I-ECON band, because there is no physical presence, R&D, capital investment, or employment relationship that would push the character of the economic relationship above Band 2.1–3.0 (Direct Sales, Minor Export Market).
The data-centre operator gap is the second material uncertainty. The specific Israeli colocation company hosting NordVPN’s servers is not publicly disclosed. If that operator were a settlement-linked entity, a military-adjacent facility, or a company with its own BDS profile, it would add a dimension to the V-ECON analysis. This cannot be confirmed or excluded from available public sources.
General Atlantic’s portfolio-level Israeli exposure at the fund level would require access to LP-level disclosures or SEC Form D filings not available in open sources. A theoretical argument that minority investor capital flows create indirect Israeli economic exposure exists but is not supported by any specific documented Israeli co-investment tied to Nord Security’s operational interests. The connection is too attenuated to affect the score without direct evidence.
What would need to be true for the score to change materially: Confirmation of Israeli revenue at a scale that would characterise Israel as a strategic market; discovery that the Israeli data-centre operator is settlement-linked or military-adjacent; or evidence of FDI-level capital deployment in Israel by Nord Security.
| Entity | Type | Relevance | Evidence status |
|---|---|---|---|
| Nord Security UAB | Parent company (Lithuania) | Group operational headquarters; R&D base | Confirmed 11 |
| Nordvpn S.A. / Tefincom S.A. | Operating entity (Panama) | Direct subscriber contracting entity | Confirmed 20 |
| General Atlantic | Investor (US) | Led 2022 Series A; minority stake | Confirmed 635 |
| Warburg Pincus | Investor (US) | Led 2023 round | Confirmed 7 |
| DataCamp (Israeli colocation) | Infrastructure provider | Hosts NordVPN Israeli servers | Confirmed via IP data 21 |
| Tesonet / Nord Security UAB | Founding entity (Lithuania) | Corporate heritage; R&D location | Confirmed 13 |
| UN OHCHR (A/HRC/43/71) | UN database | Settlement business activities | NordVPN not listed 36 |
| Who Profits Research Center | NGO watchlist | Technology sector coverage | NordVPN not listed 37 |
| BDS National Committee | Civil society | Targeted campaigns list | NordVPN not listed 39 |
Selective silence as a documented pattern. Nord Security has issued no public statement on the Israel-Palestine conflict, the October 7, 2023 Hamas attacks, the subsequent Israeli military operations in Gaza, or any related humanitarian developments through April 2026.4 This silence occurs against a documented background of corporate political engagement in comparable contexts. In March 2022, Nord Security publicly announced the withdrawal of server infrastructure from Russia and Belarus, explicitly framing the decision in terms of opposition to censorship and support for press freedom, and extended free service access to Ukrainian users.4 The company has also published social media content aligned with LGBTQ+ Pride Month themes.4 The Ukraine withdrawal is the most directly comparable case: a conflict involving a geopolitical actor’s military operations, a civilian population, and questions of access to information — the same categories implicated by the Gaza conflict. The absence of any equivalent response is the primary political finding.
Qualifications on the silence finding. Nord Security has also issued no public statements on Yemen, Xinjiang, or Myanmar, which limits the inference that silence on Israel-Palestine is uniquely or specifically motivated by pro-Israel political alignment. The pattern could equally reflect a corporate policy of selective engagement that extends beyond this specific conflict. The Ukraine case remains the strongest direct comparator because it involved the same categories of corporate action — server withdrawal and free subscriber access — that would be most directly replicable in the Israel-Palestine context.
No lobbying, donations, or state honours. No Foreign Agents Registration Act (FARA) or Lobbying Disclosure Act (LDA) registration in the United States, no EU Transparency Register entry, and no UK or Israeli lobbying disclosure involving Nord Security on Israel-Palestine policy, BDS legislation, or regional trade measures has been identified.33 No corporate donations to the Jewish National Fund, Friends of the IDF, or any settlement-linked organisation have been identified. No personal philanthropy by Tom Okman, Eimantas Sabaliauskas, or other identified Nord Security executives directed toward conflict-adjacent organisations has been documented, though the limits of open-source records on private individuals at private companies are acknowledged.33
UN database and BDS status. NordVPN, Nord Security, and Tefincom S.A. do not appear on the UN Human Rights Council database (A/HRC/43/71) of businesses with verified activities in Israeli settlements.36 No BDS campaign targeting has been identified; the BDS National Committee’s publicly documented target lists, as observable through April 2026, do not include NordVPN.39
Platform and content policy. NordVPN is a VPN service provider, not a content platform or publisher; it does not moderate user-generated content in the conventional sense. Its Terms of Service prohibit illegal activity but contain no Israel/Palestine-specific content moderation provisions or geographic service restrictions tied to that conflict.40 No independent investigation by the Electronic Frontier Foundation or comparable digital rights organisations into NordVPN-specific content or access restrictions related to this conflict has been identified.41
Corporate mission and governance. Nord Security’s publicly stated corporate mission is commercial: the development and sale of consumer and enterprise privacy and cybersecurity products.4 No corporate charter language or founding document tying Nord Security’s mission to advancing any state’s geopolitical goals has been identified. The company’s governance structure is that of a private, PE-backed technology group domiciled in Lithuania.635
The strongest challenge to the V-POL score is whether selective silence at Band 2.1–3.0 is too high or too low. The argument for a lower score is that corporate silence on a geopolitical conflict is a default state for most private technology companies, and the Ukraine contrast, while real, may reflect the operational relevance of Russia/Belarus as jurisdictions where Nord had active server infrastructure that could be withdrawn. Nord has not withdrawn its Israeli servers, but this parallel creates an asymmetry: server presence in Russia was operationally meaningful to the political act; server presence in Israel is not equivalent absent evidence of a comparable political intervention.
The argument for the score standing is that Nord Security demonstrably chooses to engage publicly on geopolitical and social issues — Ukraine, LGBTQ+ themes — and the absence of any equivalent engagement on Israel-Palestine, in the context of a civilian conflict of comparable or greater global salience through 2023–2026, constitutes a pattern of selective engagement that is appropriately captured at Band 2.1–3.0 under the rubric. The score accurately represents a passive, not active, political posture.
Internal governance gap. Internal HR policies, employee political speech rules, and internal communications addressing the Israel-Palestine conflict are not publicly available. The absence of public evidence reflects the limits of open-source records rather than a confirmed absence of internal activity.
What would need to be true for the score to change materially: A confirmed Nord Security lobbying registration on BDS-adjacent legislation; a documented donation to conflict-adjacent organisations; a formal state-honours relationship; or evidence of active corporate suppression of employee or subscriber speech related to this conflict.
| Entity | Type | Relevance | Evidence status |
|---|---|---|---|
| Nord Security UAB | Parent company (Lithuania) | Corporate communications decision-maker | Confirmed 4 |
| Tom Okman | Co-founder | Public political speech assessed | No conflict-adjacent statements identified 33 |
| Eimantas Sabaliauskas | Co-founder | Public political speech assessed | No conflict-adjacent statements identified 33 |
| General Atlantic | Investor (US) | Governance influence assessed | No Israeli-linked mandate identified 635 |
| Warburg Pincus | Investor (US) | Governance influence assessed | No Israeli-linked mandate identified 7 |
| BDS National Committee | Civil society | Campaign targeting assessed | NordVPN not listed 39 |
| UN OHCHR (A/HRC/43/71) | UN database | Settlement database assessed | NordVPN not listed 36 |
| Electronic Frontier Foundation | Digital rights NGO | Platform policy scrutiny assessed | No NordVPN-specific finding 41 |
The private company opacity problem. Nord Security is privately held and publishes no audited financial statements. This limits transparency across all four domains: supply-chain relationships, enterprise customer lists, internal infrastructure vendor choices, beneficial ownership chains, and country-level revenue attribution are all beyond the scope of publicly available evidence. Any scoring in this dossier is therefore conditional on the public record as it stands and would require revision if corporate disclosures, regulatory filings, or investigative journalism surfaced material new information.
The SaaS-to-defence pipeline gap. NordLayer is marketed to enterprise and public-sector customers on a Zero Trust Network Access architecture. Its customer list is not public. It is theoretically possible — though entirely unevidenced — that Israeli defence, intelligence, or security sector organisations are among NordLayer’s enterprise customers. If confirmed, this would materially affect the V-DIG score and potentially introduce V-MIL considerations. The current scoring correctly reflects the absence of evidence rather than the absence of the possibility.
The lawful intercept question. As noted in V-DIG, the legal status of Nord Security’s Israeli exit nodes under Israeli communications law is unresolved. This is a cross-domain issue: if Israeli authorities have the legal right to compel data access at infrastructure hosted within Israeli territory, the proximity and impact characterisations in V-DIG would require upward revision. No confirmation of such orders or legal determinations has been identified.
The editorial recommendations question. NordVPN’s recommendation of Check Point, Wiz, and CyberArk to customers is currently assessed as editorial content marketing. If evidence emerged that these tools are deployed in Nord Security’s own internal infrastructure — as security monitoring, endpoint protection, or network security layers — the nature of the relationship would shift from recommender to direct customer, potentially affecting V-DIG’s I and M scores and removing the Customer Cap’s limiting effect.
| Entity | Domain(s) | Type | Status |
|---|---|---|---|
| Nord Security UAB | All | Lithuanian parent company | Confirmed; all operations |
| Tefincom S.A. / Nordvpn S.A. | V-DIG, V-ECON, V-POL | Panama operating entity | Confirmed; subscriber contracts |
| Tesonet | V-MIL, V-ECON | Lithuanian founding incubator | Confirmed; pre-2021 structure |
| Cyberspace B.V. | V-MIL | Dutch holding vehicle | Confirmed; Surfshark consolidation |
| Tom Okman | V-POL | Co-founder | Confirmed; no conflict-adjacent activity |
| Eimantas Sabaliauskas | V-POL | Co-founder | Confirmed; no conflict-adjacent activity |
| General Atlantic | V-DIG, V-ECON, V-POL | Primary investor (US) | Confirmed; minority stake |
| Warburg Pincus | V-DIG, V-ECON, V-POL | Investor (US) | Confirmed; led 2023 round |
| DataCamp (AS212238) | V-DIG, V-ECON | Israeli colocation provider | Confirmed via IP intelligence |
| Check Point Software Technologies | V-DIG | Israeli-origin vendor | Editorially recommended only |
| Wiz | V-DIG | Israeli-origin vendor (Unit 8200 founders) | Editorially recommended only |
| CyberArk | V-DIG | Israeli-origin vendor | Editorially recommended only |
| Unit 8200 (IDF) | V-DIG | Israeli military intelligence unit | Wiz founders’ background only |
| Elbit Systems | V-MIL | Israeli defence prime | No supply link identified |
| SIBAT (IMOD) | V-MIL | Israeli defence directorate | No listing identified |
| Project Nimbus | V-DIG | Israeli government cloud contract | No Nord participation |
| UN OHCHR (A/HRC/43/71) | V-ECON, V-POL | UN settlement database | NordVPN not listed |
| Who Profits Research Center | V-ECON | NGO watchlist | NordVPN not listed |
| BDS National Committee | V-ECON, V-POL | Civil society campaigns | NordVPN not listed |
| NordLayer | V-MIL, V-DIG | Enterprise ZTNA product | No military contract identified |
| NordVPN (Israel/Tel Aviv nodes) | V-DIG, V-ECON | Commercial exit nodes | Confirmed; standard commercial |
| Domain | I | M | P | V-Score |
|---|---|---|---|---|
| V-MIL | 0.00 | 0.00 | 0.00 | 0.00 |
| V-DIG | 2.50 | 2.50 | 9.00 | 0.89 |
| V-ECON | 2.50 | 2.50 | 8.00 | 0.89 |
| V-POL | 2.50 | 1.50 | 8.50 | 0.54 |
Composite BRS: 74 — Tier E (0–199)
V-MIL scores zero across all three criteria: Nord Security is a pure-play SaaS company; the V-MIL rubric excludes commercial software absent weapon-embedded firmware, and no defence contracts, physical products, or kinetic supply chain relationships have been identified. V-DIG and V-ECON are tied as the highest-scoring domains (0.89 each), driven by direct-operator proximity (Nord operates Israeli nodes under its own ASN) against a backdrop of low-band impact (commercial consumer service in a minor market) and very low-upper-end magnitude (one country among 110+). V-DIG additionally carries the blog recommendations of three Israeli-origin vendors, capped at I ≤3.9 under the Customer Cap because the relationship is editorial, not procurement. V-POL scores 0.54, reflecting a passive selective-silence finding anchored by the contrast with Nord’s documented Ukraine response, with magnitude appropriately limited to Very Low Lower End because no active lobbying, donations, or state honours have been identified.
The formula caps Proximity at 1.0 where it exceeds 7 (applicable to all three non-zero domains), and takes V-DIG as V-MAX for labelling purposes given the tie with V-ECON. Sum_OTHERS = V-MIL (0.00) + V-ECON (0.89) + V-POL (0.54) = 1.43. BRS = ((0.89 + 1.43 × 0.2) / 16) × 1000 = ((0.89 + 0.286) / 16) × 1000 ≈ 74.
High-confidence findings:
– Nord Security is not a defence contractor and has no documented military supply relationships with Israeli state or security bodies.
– The company directly operates Israeli exit nodes under its own ASN.
– Nord Security has issued no public statement on the Israel-Palestine conflict while demonstrably engaging on Ukraine and LGBTQ+ issues.
– The company does not appear on the UN OHCHR settlement database, Who Profits watchlist, or any BDS campaign target list.
Moderate-confidence findings (evidence gaps acknowledged):
– Israeli subscriber revenue cannot be estimated; Very Low Upper End magnitude is the highest defensible band from confirmed anchors.
– The Check Point, Wiz, and CyberArk recommendations are assessed as editorial only; internal procurement status is unconfirmed.
– The specific Israeli colocation operator(s) engaged by NordVPN are not publicly identified.
Open questions requiring further research:
– Does Israeli communications law impose lawful intercept or data retention obligations on NordVPN’s Tel Aviv exit nodes hosted by DataCamp? A legal opinion on Israeli communications data law as applied to foreign-operated VPN infrastructure within Israeli territory would resolve or clarify this gap.
– Does Nord Security’s own internal infrastructure deploy Check Point, Wiz, or CyberArk at scale? A corporate technology stack disclosure or verified procurement record would resolve this.
– What is the precise Israeli data-centre colocation operator, and does it have settlement-linked or security-sector ties?
– Does NordLayer serve any Israeli defence, intelligence, or security sector enterprise customers?
– What is the full beneficial ownership chain of Tefincom S.A. in Panama’s Registro Público?
Monitor, do not escalate (Tier E finding). The BDS-1000 score of 74 places NordVPN firmly in Tier E. The evidence base supports routine monitoring, not active campaign targeting or institutional divestment action. No military supply, no settlement presence, no defence contracts, and no lobbying or financial contributions to conflict-adjacent organisations have been identified.
Resolve the lawful intercept gap before any policy decision. Any institution considering a policy recommendation based on NordVPN’s Israeli server presence should first seek a legal opinion on whether Israeli communications law reaches foreign-operated VPN exit nodes hosted in-country. This is a factual and legal question that can be researched; the current evidentiary vacuum should not be filled by assumption in either direction.
Request corporate transparency on Israeli infrastructure. A targeted engagement letter to Nord Security requesting disclosure of: (a) the identity of Israeli data-centre colocation operators; (b) whether the company has received any lawful intercept or data access requests from Israeli authorities; and (c) whether Check Point, Wiz, or CyberArk are deployed in Nord Security’s own internal infrastructure. The company’s existing no-logs audit infrastructure (Deloitte, 2023)8 demonstrates some openness to third-party accountability; this engagement is consistent with that posture.
Flag selective silence, not silence per se. The V-POL finding is appropriately characterised as selective engagement rather than active political alignment. Public advocacy or investor engagement directed at Nord Security on Israel-Palestine should be grounded in the Ukraine contrast specifically, not in an unsupported claim of active pro-Israel corporate positioning.
Reassess if any of the following are confirmed: Israeli state or military contracts for NordVPN or NordLayer; internal deployment of Check Point, Wiz, or CyberArk at scale; any donation, lobbying, or state-honours relationship; or confirmed lawful intercept obligations on Israeli nodes. Any one of these would require upward revision of the V-DIG or V-POL score and reconsideration of the Tier E characterisation.
NordVPN Wikipedia article — https://en.wikipedia.org/wiki/NordVPN ↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩
NordVPN–Tesonet relationship clarification — https://nordvpn.com/blog/nordvpn-tesonet/ ↩↩
Nord Security rebrand announcement — https://www.techradar.com/news/nordvpns-parent-company-tesonet-rebrands-as-nord-security ↩↩↩
NordVPN about us / corporate communications — https://nordvpn.com/about-us/ ↩↩↩↩↩↩↩
NordVPN–Surfshark merger announcement — https://techcrunch.com/2022/02/07/nordvpn-and-surfshark-announce-merger/ ↩↩↩
Nord Security Series A funding, Reuters — https://www.reuters.com/technology/nord-security-raises-100-million-16-billion-valuation-2022-05-19/ ↩↩↩↩↩↩↩
Nord Security $100M Warburg Pincus round — https://nordsecurity.com/blog/nord-security-raised-another-100m-investment-round ↩↩↩↩↩↩↩
NordVPN Deloitte no-logs audit — https://nordvpn.com/blog/nordvpn-audit/ ↩↩↩
Insight Public Sector manufacturer catalogue — https://www.omniapartners.com/suppliers-files/E-J/Insight_Public_Sector_Inc/Contract_Documents/23-6692-03/Insight_Manufacturers__Publishers_and_Suppliers_2025_12_05.pdf ↩
NordVPN 2026 cybersecurity threat landscape — https://thequantuminsider.com/2026/01/12/cybersecurity-risks-2026-nordvpn/ ↩↩
Lithuanian Register of Legal Entities — https://www.registrucentras.lt/jar/p/dok.php?kod=304846872 ↩↩↩↩↩↩
NordPass / NordLayer product overview — https://nordpass.com/nordpass-nordlayer/ ↩↩↩↩↩
Forge Global — Nord Security pre-IPO listing — https://forgeglobal.com/nord-security_stock/ ↩
SIBAT, Israeli Ministry of Defence — https://mod.gov.il/en/departments/sibat-international-defense-cooperation ↩↩↩↩
Safety Detectives — best military VPNs — https://www.safetydetectives.com/blog/best-military-vpns/ ↩
Comparitech — best VPN for Israel — https://www.comparitech.com/blog/vpn-privacy/best-vpn-for-israel/ ↩
Elbit Systems Wikipedia article — https://en.wikipedia.org/wiki/Elbit_Systems ↩↩
NordVPN Israel server page — https://nordvpn.com/servers/israel/ ↩↩↩↩↩↩↩
NordVPN Tel Aviv server page — https://nordvpn.com/servers/israel/telaviv/ ↩↩
NordVPN / Tefincom S.A. — OpenCorporates — https://opencorporates.com/companies/pa/155089 ↩↩↩↩↩
Netify IP intelligence — NordVPN Tel Aviv node — https://www.netify.ai/resources/ips/169.150.226.32 ↩↩↩↩
Check Point Software Technologies — https://www.checkpoint.com/about-us/ ↩↩
CyberArk — about — https://www.cyberark.com/company/about-cyberark/ ↩↩
Unit 8200 Wikipedia article — https://en.wikipedia.org/wiki/Unit_8200 ↩↩
NordVPN blog — cybersecurity tools 2026 — https://nordvpn.com/blog/cybersecurity-tools/ ↩↩↩↩
NordLayer–Okta integration — https://nordlayer.com/integrations/okta/ ↩↩↩
NordLayer–JumpCloud integration — https://nordlayer.com/integrations/jumpcloud/ ↩↩↩
The Intercept — Project Nimbus — https://theintercept.com/2021/10/08/google-amazon-israel-military-nimbus/ ↩↩↩
NordLayer hybrid remote work security — https://nordlayer.com/hybrid-remote-work-security/ ↩↩
NordVPN Threat Protection feature — https://nordvpn.com/features/threat-protection/ ↩
Medium/Coinmonks — Unit 8200 and VPNs opinion piece — https://medium.com/coinmonks/when-vpns-turn-into-traps-unit-8200-and-the-hidden-dangers-of-corporate-vpns-for-users-in-3b6a73f4d337 ↩
Crunchbase — Nord Security — https://www.crunchbase.com/organization/nord-security ↩↩↩↩↩
Invest Lithuania — Nord Security success story — https://investlithuania.com/success-stories/nord-security/ ↩
General Atlantic — Nord Security portfolio page — https://www.generalatlantic.com/portfolio-company/nord-security/ ↩↩↩↩
UN OHCHR settlement database report — https://www.ohchr.org/en/hr-bodies/hrc/regular-sessions/session43/list-of-reports ↩↩↩↩
Who Profits — technology sector — https://www.whoprofits.org/company/technology/ ↩↩
Corporate Occupation watchlist — https://www.corporateoccupation.org/ ↩
BDS National Committee — economic activism — https://bdsmovement.net/Act/economic-activism ↩↩↩↩
NordVPN Terms of Service — https://nordvpn.com/legal/terms-of-service/ ↩
