Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
ExpressVPN is proving why it can be trusted with your data as it receives four new ISO certifications and releases an updated transparency report.
The VPN's security and privacy credentials are one of the reasons it sits at number three on our best VPN list, and these two announcements further improve its trust framework.
More than just audits
ExpressVPN is arguably the hardest-working VPN when it comes to privacy and security audits, with over 20 being completed to date. While it's vitally important for the most secure VPNs to undertake regular independent audits, they're only a snapshot in time.
This is why ExpressVPN has widened its security framework and reinforcing its audits with International Organization for Standardization (ISO) certifications.
ExpressVPN said that audits validate its technology, and ISO certifications validate its methodology. ISO certifications are internationally recognized and cover all forms of standardization levels, not just online security.
Four ISO certifications have been issued to ExpressVPN, and its parent company, Kape Technologies:
- • ISO/IEC 27001 – Information security management
- • ISO 18295-1 & 18295-2 – Customer support operations
- • ISO 9001 – Quality management
"Security isn't just something you prove once – it's something you build into how a company operates every day," explained Shay Peretz, COO at ExpressVPN.
"These ISO certifications reflect a real shift in how we run ExpressVPN, with clear standards, stronger governance, and greater transparency at the core. It's about putting proven systems in place so privacy and quality are built into every product we ship, and giving users real confidence their data is protected for the long term."
Three more areas for standardization and recognition are being explored by ExpressVPN in 2026.
It is aiming to achieve an ISO/IEC 27701 certification to strengthen how it handles data across its systems. It's pairing this with ISO 22301 for Business Continuity, to prove its critical services remain standing even during disruptions.
By the third quarter of 2026, ExpressVPN said it aims to "demonstrate compliance with the EU’s NIS2 Directive and HIPAA security standards." Finally, it's pursuing "transparent, accountable, and strictly controlled" AI integration with ISO/IEC 42001.
155 data requests in the second half of 2025
Numerous VPNs release yearly, half-yearly, or quarterly transparency reports. These detail the requests for your data made by authorities and how much of that data is handed over. For reputable VPNs operating strict no-logs policies, the number of requests may be high, but the amount of data handed over will always be zero.
ExpressVPN has shared its transparency report for the second half of 2025, covering July to December.
155 government, law enforcement, and civil data requests were received, down significantly from the 374 received in the first half of 2025. Three government warrants were received in H2 2025, but neither these nor any other request resulted in any ExpressVPN user data being handed over.
DMCA requests related to copyright and these are increasingly automated and sent in bulk. 1.38 million DMCA requests were received by ExpressVPN in H2 2025, up from the 1.06 million in H1.
ExpressVPN said: "None of the requests received during this period resulted in the disclosure of user data. ExpressVPN’s systems are built without activity logs, so there’s nothing to retrieve when requests seek browsing or connection information."
ExpressVPN operates a strict, audited, no-logs policy, meaning no information relating to your VPN activity or browsing information is collected, stored, or shared. It also runs on RAM-only servers. This means that even if data was collected, it'd be deleted every time the server shuts down.
All ExpressVPN transparency reports, independent audits, and technical disclosures can be found in its Trust Centre.
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
