VPN
VPN services encrypt the connection between your device and a server run by the provider, replacing your visible IP address with the server's. For EU buyers, the deciding question is the operating company's country of incorporation and the evidence behind its no-logs claim. Top European options on EU Vetted include Mullvad VPN (Sweden, EU-owned, CLOUD Act exposure: None, independently audited), Proton VPN (Switzerland, CLOUD Act exposure: None, independently audited), IVPN (Gibraltar, CLOUD Act exposure: None, transparency report published), and OVPN (Sweden, EU-owned, CLOUD Act exposure: None).
About this category
About VPN
VPN (Virtual Private Network) services are tools designed to encrypt the connection between your device and a server operated by the VPN provider, and to present that server's IP address to the wider internet rather than yours. The practical effect is that your internet service provider, network operator, or anyone monitoring traffic at the network level sees a connection to the VPN server rather than to the sites and services you are actually reaching. The category covered here is consumer and business VPN services, not enterprise SD-WAN or remote-access infrastructure.
A VPN sits in the path of every byte you route through it, which is why the operating company's country of incorporation carries more weight here than in most categories. The laws of the country where the operator is incorporated set the baseline for what it can be compelled to retain or disclose, regardless of what its marketing says. Some jurisdictions impose mandatory data-retention obligations or broad lawful-access powers; others have narrower regimes. If the operator is a US-incorporated company, the CLOUD Act applies to the consolidated group, which can compel data production regardless of where servers are located. European-incorporated operators such as Mullvad (Sweden, EU-owned, CLOUD Act exposure: None) and OVPN (Sweden, EU-owned, CLOUD Act exposure: None) have no US parent company that can be compelled this way. Swiss operators such as Proton VPN (CLOUD Act exposure: None) operate under Swiss law, which has comparable or stronger privacy protections in practice.
No-logs claims are where VPN marketing and evidence most often diverge. Every VPN says it keeps no logs; the question is what evidence supports that claim. Independent technical audits of server infrastructure, published transparency reports, and documented records of legal requests that produced no usable data all strengthen the claim. Mullvad and Proton VPN have both published third-party infrastructure audits; IVPN maintains a transparency report. When comparing providers, weigh the assertion against the evidence offered for it rather than the wording of the policy page itself.
-
Proton VPNEU-SOVEREIGN
CERN-founded Swiss VPN (Proton AG, Geneva), owned by non-profit Proton Foundation; 15,000+ servers, audited no-logs, open-source apps, free tier.
CH Public DPA Sub-processors Open source 7 sub-procs · 4 US €5 /mo -
AirVPNEU-SOVEREIGN
Italian hacktivist-founded VPN (Perugia, 2010), no-logs, port forwarding, but no longer serves Italian residents (Piracy Shield).
Public DPA Sub-processors Open source 0 sub-procs €7 /mo -
IVPNEU-BASED
Gibraltar-incorporated VPN (IVPN Limited / ex-Privatus, founded 2009), Cure53-audited no-logs, open-source apps, independent ownership.
Public DPA Sub-processors Open source 0 sub-procs €6 /mo -
Mullvad VPNEU-SOVEREIGN
Swedish founder-owned VPN (Mullvad VPN AB / Amagicom AB, Gothenburg, 2009), anonymous numbered accounts, Cure53-audited, flat €5/month.
Public DPA Sub-processors Open source 3 sub-procs · 2 US €5 /mo -
OVPNEU-SOVEREIGN
Swedish founder-owned VPN (OVPN Integrität AB, est. 2014), fully owns hardware, diskless RAM-only, court-proven no-logs, legal-fees insurance.
Public DPA Sub-processors Open source 0 sub-procs €4 /mo -
SurfsharkEU-BASED
NL-incorporated VPN (Surfshark B.V., Amsterdam, KvK 81967985): moved from BVI to NL Oct 2021, merged with Nord Security 2022, RAM-only, Deloitte-audited.
Public DPA Sub-processors Open source 0 sub-procs €3 /mo -
AzireVPNEU-HOSTED
Swedish privacy VPN (Stockholm, est. 2012): Blind Operator, RAM-only, audited no-logs; acquired by Malwarebytes (US) 7 Nov 2024.
Public DPA Sub-processors Open source 0 sub-procs -
CyberGhostEU-BASED
Romanian-operated VPN (CyberGhost S.R.L., 2011) under Kape Technologies (UK; ex-Crossrider) → Unikmind/Teddy Sagi (IM) since 2023; listed as a warning.
Public DPA Sub-processors Open source 0 sub-procs €2 /mo -
NordVPNEU-BASED
Panama-incorporated VPN (NordVPN S.A.) under NL holding Nord Security, LT operations; Deloitte + PwC no-logs audits, RAM-only diskless servers, ISO 27001.
Public DPA Sub-processors Open source 0 sub-procs €4 /mo -
Opera VPNEU-HOSTED
Oslo-heritage browser VPN (Opera Norway AS): Deloitte-audited free browser proxy + paid VPN Pro, but ultimately Chinese-controlled via Kunlun Tech (Opera Limited, Cayman/NASDAQ). Listed as a warning.
Public DPA Sub-processors Open source 0 sub-procs €4 /mo
| Compare | Sovereignty | Cert. | Pricing | Signals | Open | ||
|---|---|---|---|---|---|---|---|
|
CERN-founded Swiss VPN (Proton AG, Geneva), owned by non-profit Proton Foundation; 15,000+ servers, audited no-logs, open-source apps, free tier.
|
GENEVA · CH
Switzerland
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Freemium
€5 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Italian hacktivist-founded VPN (Perugia, 2010), no-logs, port forwarding, but no longer serves Italian residents (Piracy Shield).
|
—
Italy
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Paid
€7 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Gibraltar-incorporated VPN (IVPN Limited / ex-Privatus, founded 2009), Cure53-audited no-logs, open-source apps, independent ownership.
|
—
Gibraltar
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Paid
€6 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Swedish founder-owned VPN (Mullvad VPN AB / Amagicom AB, Gothenburg, 2009), anonymous numbered accounts, Cure53-audited, flat €5/month.
|
—
Sweden
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Paid
€5 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Swedish founder-owned VPN (OVPN Integrität AB, est. 2014), fully owns hardware, diskless RAM-only, court-proven no-logs, legal-fees insurance.
|
—
Sweden
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Paid
€4 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
NL-incorporated VPN (Surfshark B.V., Amsterdam, KvK 81967985): moved from BVI to NL Oct 2021, merged with Nord Security 2022, RAM-only, Deloitte-audited.
|
—
Netherlands
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Paid
€3 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Swedish privacy VPN (Stockholm, est. 2012): Blind Operator, RAM-only, audited no-logs; acquired by Malwarebytes (US) 7 Nov 2024.
|
—
Sweden
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Paid |
Public DPA
Sub-processors
Open source
|
→ | |
|
Romanian-operated VPN (CyberGhost S.R.L., 2011) under Kape Technologies (UK; ex-Crossrider) → Unikmind/Teddy Sagi (IM) since 2023; listed as a warning.
|
BUCHAREST
Romania
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Paid
€2 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Panama-incorporated VPN (NordVPN S.A.) under NL holding Nord Security, LT operations; Deloitte + PwC no-logs audits, RAM-only diskless servers, ISO 27001.
|
—
Lithuania
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid
€4 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Oslo-heritage browser VPN (Opera Norway AS): Deloitte-audited free browser proxy + paid VPN Pro, but ultimately Chinese-controlled via Kunlun Tech (Opera Limited, Cayman/NASDAQ). Listed as a warning.
|
—
Norway
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— |
Freemium
€4 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
Feature comparison
Beyond compliance: how these alternatives compare on the capabilities you actually use day to day.
| Feature | Proton VPN | AirVPN | IVPN | Mullvad VPN | OVPN | Surfshark | AzireVPN | CyberGhost | NordVPN | Opera VPN |
|---|---|---|---|---|---|---|---|---|---|---|
| Servers | 20000 servers | 514 servers | 548 servers | 4500 servers | 153 servers | |||||
| Countries | 140 countries | 23 countries | 50 countries | 100 countries | 62 countries | 100 countries | 125 countries | |||
| Simultaneous devices | 10 devices | 5 devices | 2 devices | 5 devices | 4 devices | Unlimited | 5 devices | 7 devices | 10 devices | 6 devices |
| Protocols | WireGuard OpenVPN IKEv2 | WireGuard OpenVPN | WireGuard OpenVPN IKEv2 | WireGuard | WireGuard OpenVPN | WireGuard OpenVPN IKEv2 | WireGuard | WireGuard OpenVPN IKEv2 | WireGuard OpenVPN IKEv2 | |
| Kill switch | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Audited no-logs | Yes | No | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| Port forwarding | Yes | Yes | No | No | Yes | No | Yes | No | No | No |
| Platforms | iOS macOS Windows Android Linux | iOS macOS Windows Android Linux | iOS macOS Windows Android Linux | iOS macOS Windows Android Linux | iOS macOS Windows Android Linux | iOS macOS Windows Android Linux | iOS macOS Windows Android Linux | iOS macOS Windows Android Linux | iOS macOS Windows Android Linux | Windows macOS Android |
Switching from US vpn?
Side-by-side European alternatives (same hosting, ownership and CLOUD Act checks) for the US tools most often replaced in this category.
- Alternatives to ExpressVPN 10 European alternatives compared
- Alternatives to Mozilla VPN 6 European alternatives compared
- Alternatives to Mullvad VPN 5 European alternatives compared
- Alternatives to NordVPN 9 European alternatives compared
- Alternatives to Proton VPN 5 European alternatives compared
- Alternatives to Surfshark 6 European alternatives compared