V-DIG Audit — ExpressVPN

Audit Phase: V-DIG Domain Audit Target Company: ExpressVPN (owned by Kape Technologies PLC) Prepared from: Research memo evidence only. No new research conducted.

Enterprise Technology Stack & Vendor Relationships

Corporate Ownership & Israeli Corporate Lineage

ExpressVPN is wholly owned by Kape Technologies PLC, an AIM-listed company incorporated in the Isle of Man and listed on the London Stock Exchange.¹ Kape was founded in Israel in 2012 under the name Crossrider by Roi Carthy and Teddy Sagi, before rebranding to Kape Technologies in 2018.²³⁴ Teddy Sagi, an Israeli billionaire, has been identified in financial press as a significant ownership stakeholder in Kape across the 2019–2023 period.² Shlomo Rodav, Kape’s chairman, has been reported to hold a background as a former senior Mossad official.⁵ The corporate lineage of ExpressVPN’s parent is therefore Israeli in origin, though operational and legal domicile is outside Israel.

Kape acquired ExpressVPN in September 2021 for approximately $936 million.⁶⁷ The acquisition placed ExpressVPN within a portfolio that also includes CyberGhost VPN (Romanian-origin, acquired 2017), Private Internet Access or PIA (US-origin, acquired 2019), and Zenmate, all managed under Kape’s corporate umbrella.⁸

Security Audits & Named Technology Partners

ExpressVPN has published the results of multiple independent security audits. These name the following external parties:

• KPMG — audited the TrustedServer infrastructure in 2022.⁹
• PwC — audited the no-logs policy in 2020.¹⁰
• Cure53 — audited no-logs policy and broader security posture in 2022–2023.¹¹

No Israeli-origin audit firm or security vendor is named in any of these published audit disclosures. Source classes checked include corporate annual reports, Kape investor relations filings, and all ExpressVPN official documentation.

Named Enterprise Vendor Relationships

No public evidence has been identified of ExpressVPN or Kape Technologies holding verified licensing, subscription, or direct integration relationships with any of the following Israeli-origin enterprise technology vendors: Check Point, Wiz, SentinelOne, CyberArk, NICE, Verint, Claroty, or Palo Alto Networks.⁸ Source classes checked: corporate annual reports for 2022–2023, Kape investor relations filings, ExpressVPN official product documentation, and technology press.

Proprietary Protocol Development

ExpressVPN’s proprietary Lightway VPN protocol is developed entirely in-house and has been open-sourced on GitHub.¹² No third-party Israeli-origin technology vendor is identified as contributing to or supplying components of this protocol in any public disclosure.

Procurement & Integrator Relationships

No public evidence has been identified of systems integrators, IT consultancies, or digital transformation partners engaged by ExpressVPN or Kape Technologies that have mandated or deployed Israeli-origin technology as part of any engagement programme. Source classes checked: Kape annual reports (2022–2023), press releases, and technology press.

Evidence Gap

Kape Technologies and ExpressVPN do not publish detailed vendor lists or granular technology stack disclosures beyond named audit partners. It is not possible from public sources alone to verify or exclude the use of specific Israeli-origin enterprise software — such as endpoint security platforms, SIEM tooling, or cloud monitoring solutions — at the operational level. Corporate filings at Companies House and AIM disclosures do not itemise technology vendor relationships.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometric Technologies

No public evidence has been identified of ExpressVPN or Kape Technologies using facial recognition, biometric identification, behavioural analytics, or gait analysis technologies from Israeli-origin vendors, including but not limited to Trigo, BriefCam, AnyVision/Oosto, or Trax. Source classes checked: corporate disclosures, technology press, and NGO reports.

Predictive Analytics & Workforce Monitoring

No public evidence has been identified of use of Israeli-origin predictive policing, sentiment analysis, social media monitoring, or workforce surveillance tools by ExpressVPN or Kape Technologies. Source classes checked: corporate filings, privacy advocacy press, and NGO reports.

Third-Party Indirect Deployment

No public evidence has been identified of indirect deployment of Israeli-origin surveillance or biometric technologies reaching ExpressVPN via third-party managed services, bundled enterprise suites, or platform providers. Source classes checked: as above.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Global Server Network & Israeli Nodes

ExpressVPN operates a global VPN server network spanning 160 locations across 94 countries.¹³ Israel is listed as one of the available VPN server locations on the ExpressVPN network, meaning the company operates or leases VPN endpoint infrastructure within Israel for the purpose of providing Israeli IP addresses to VPN subscribers globally.¹³ This is consistent with ExpressVPN’s standard colocation model used across all markets; no Israeli-specific data centre ownership or separately disclosed large-scale colocation agreement has been identified in public records.¹⁴¹⁵

ExpressVPN does not publicly name the Israeli data centre or colocation provider(s) used for its Israeli VPN nodes. The identity of those colocation partners — and any downstream infrastructure relationships they may entail — represents an unresolved evidence gap.

TrustedServer RAM-Only Architecture

ExpressVPN’s TrustedServer technology, as documented officially, runs servers entirely on RAM with no hard disk writes, meaning no persistent data is stored at any server location, including Israeli nodes.¹⁵ This architecture materially limits the data residency risk associated with any individual server location.

Government & Sovereign Cloud Participation

No public evidence has been identified of ExpressVPN or Kape Technologies participating in Project Nimbus or any Israeli state-backed cloud infrastructure programme. Publicly reported Project Nimbus contractors are Google and Amazon; Kape/ExpressVPN do not appear in any reported contractor list. Source classes checked: Project Nimbus publicly reported participant lists, Israeli government procurement disclosures, and Kape/ExpressVPN corporate filings.

No public evidence has been identified of ExpressVPN or Kape Technologies providing services explicitly marketed or contracted for Israeli state institutions or military bodies for data sovereignty or infrastructure resilience purposes. Source classes checked: corporate filings, Israeli government procurement records (public portions), and technology press.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence has been identified of verified contracts or service agreements between ExpressVPN or Kape Technologies and the Israeli Ministry of Defence, the Israel Defense Forces (IDF), or any Israeli intelligence agency. Source classes checked: corporate filings, Israeli defence procurement disclosures, technology press, and NGO reports.

Daniel Gericke / UAE State Intelligence — Adjacent Finding

The most significant intelligence-sector finding identified in this audit concerns a UAE state intelligence operation, not an Israeli state entity, and is documented here for completeness.

In September 2021, ExpressVPN’s then-Chief Information Security Officer (CISO), Daniel Gericke, was publicly identified as having previously worked for “Project Raven,” a UAE-government offensive hacking operation managed through the intelligence firm DarkMatter, prior to his joining ExpressVPN.¹⁶¹⁷ Gericke, alongside two other former US intelligence operatives, entered into a deferred prosecution agreement with the US Department of Justice.¹⁸ ExpressVPN issued a public statement acknowledging it had been aware of aspects of Gericke’s background prior to his hiring.¹⁹ Gericke’s continuing employment status at ExpressVPN following the DOJ disclosure was not confirmed in public records reviewed. This incident has no identified connection to Israeli state entities but is material to any assessment of ExpressVPN’s intelligence-sector adjacencies.

Dual-Use Technology Provision

No public evidence has been identified of ExpressVPN’s commercially available technology being reported, confirmed, or documented as deployed for military, intelligence, or law enforcement surveillance applications within Israel or occupied territories. Source classes checked: technology press, NGO reports, academic literature, and Israeli press.

Offensive Cyber & Weapons Technology

No public evidence has been identified of development, sale, licensing, or maintenance of offensive cyber capabilities, zero-day exploit tools, or digital weapons systems by ExpressVPN or Kape Technologies. Source classes checked: as above.

AI, Algorithmic & Autonomous Systems

AI/ML Provision to State or Military Bodies

No public evidence has been identified of ExpressVPN or Kape Technologies providing artificial intelligence, machine learning, computer vision, or autonomous decision-support systems to Israeli state, military, or security bodies. Source classes checked: corporate filings, technology press, and NGO reports.

Training Data & Model Development

No public evidence has been identified of ExpressVPN’s or Kape’s AI models or platforms being trained on, or provided access to, civilian population data, intercepted communications, or surveillance-derived datasets from Israel or occupied territories. Source classes checked: corporate disclosures, academic literature, and privacy advocacy press.

Autonomous Systems & Lethality

No public evidence has been identified of provision of autonomous target generation, automated threat detection, or autonomous tracking systems by ExpressVPN or Kape Technologies to Israeli military or security forces. Source classes checked: as above.

Technology Ecosystem & R&D Footprint

Israeli R&D Presence

Kape Technologies maintains engineering and R&D personnel in Israel, consistent with its founding history as an Israeli company (established as Crossrider in Tel Aviv, 2012).²³ Job listings reviewed on LinkedIn for Kape Technologies show ongoing Israeli engineering roles across 2022–2024, primarily in software development and product functions.⁸ No dedicated Israeli R&D facility focused on defence, intelligence tooling, or dual-use systems has been publicly identified; the specific R&D focus areas are general consumer privacy software encompassing VPN, antivirus, and password management products.

Kape’s broader product portfolio is managed across offices including Tel Aviv (R&D/engineering), Bucharest (CyberGhost operations), and London (group headquarters).⁸

Acquisition Portfolio

Kape Technologies has completed the following publicly documented acquisitions relevant to its technology ecosystem:

• ExpressVPN — acquired September 2021 for approximately $936 million.⁶⁷ Founded in the British Virgin Islands; primary technology is consumer VPN software. No reported Israeli state connections specific to ExpressVPN pre-acquisition.
• Private Internet Access (PIA) — acquired by Kape in 2019. US-origin VPN provider.⁸
• CyberGhost VPN — acquired by Kape (then Crossrider) in 2017. Romanian-origin VPN provider.⁸
• Webselenese (vpnMentor, WizCase) — acquired January 2021.²⁰ Israeli-founded VPN review and affiliate media platform. This is a media and affiliate marketing asset rather than a technology infrastructure company. Webselenese’s Israeli operational footprint and any local contractual relationships are not publicly documented beyond the acquisition announcement; this constitutes an evidence gap. An identified conflict-of-interest concern regarding Kape-owned platforms reviewing Kape-owned VPN products has been reported in technology media.²¹
• No acquisitions of Israeli defence-technology, offensive cybersecurity, biometrics, or AI-targeting companies have been identified in public records. Source classes checked: Kape investor relations, CrunchBase, Israeli tech press, and TechCrunch.

Patent & Intellectual Property

No public evidence has been identified of significant patent portfolios, licensing agreements, or co-development arrangements between ExpressVPN or Kape Technologies and Israeli-domiciled entities or Israeli research institutions such as the Technion, Hebrew University, or the Weizmann Institute. Source classes checked: USPTO patent database, EPO patent database, Israeli patent office public records, and academic partnership announcements.

Corporate Governance & Going-Private

Kape Technologies announced a going-private transaction in 2023.⁸ If completed, this would materially reduce future public disclosure obligations across all Kape subsidiaries including ExpressVPN, limiting the visibility of future technology procurement, R&D investment, and corporate relationship data. Post-privatisation, Israeli entity-level corporate registry filings for any Kape or Crossrider Israeli subsidiary would also become less accessible through English-language public databases.

Civil Society Scrutiny & Regulatory History

NGO & Academic Reporting

No published NGO investigation, academic study, or UN report specifically addressing ExpressVPN’s or Kape Technologies’ technology relationships with the Israeli state or operations in occupied territories has been identified. Source classes checked: BDS National Committee publications,²² Access Now reports, Electronic Frontier Foundation publications, Privacy International reports, Amnesty International Tech team publications, and 7amleh (Arab Center for the Advancement of Social Media) publications.

The most prominent civil society reporting on Kape/ExpressVPN addresses two distinct matters: (a) Kape’s origins as Crossrider, which distributed adware and user-tracking software,³ and (b) the Daniel Gericke/UAE hacking affair.^16171819 Neither body of reporting addresses Israeli state technology relationships.

The RestorePrivacy review platform has published a detailed ownership analysis identifying Kape’s Israeli corporate origins and Teddy Sagi’s background, though this is journalistic/consumer analysis rather than a civil society investigation.²¹

Boycott & Divestment Campaigns

No public evidence has been identified of organised BDS or divestment campaigns specifically targeting ExpressVPN or Kape Technologies on grounds of technology provision to the Israeli state or military.²² The Who Profits Research Center (Israeli NGO tracking corporate activity in occupied territories) public database has not been identified as listing Kape Technologies or ExpressVPN in its published company profiles as of available records. Source classes checked: BDS National Committee target lists, SumOfUs campaigns, and Who Profits public company profiles.

Regulatory & Legal Actions

No regulatory inquiries, legal challenges, export control actions, or sanctions-related investigations involving ExpressVPN’s or Kape Technologies’ technology sales or services to Israeli state entities have been identified. Source classes checked: US Bureau of Industry and Security (BIS) enforcement actions, EU regulatory filings, UK FCA/CMA records, and Israeli regulatory press.

The only major regulatory and legal matter publicly associated with ExpressVPN is the Daniel Gericke DOJ deferred prosecution agreement of September 2021,¹⁸ which relates entirely to UAE state operations and has no identified connection to Israeli state entities.

ExpressVPN’s privacy policy¹⁴ and terms of service²³ have not been the subject of identified enforcement action in any jurisdiction as of the evidence reviewed.

End Notes