Q&A: How can the EU help startups go global?

Get comfortable with failure, create a local startup ecosystem and build regulation to support business success, says Lithuanian entrepreneur Tomas Okmanas of NordVPN.

Despite having access to an abundance of talent, European tech companies often struggle to achieve the global scale enjoyed by competitors in the U.S. and China. Kicking against the trend is Tomas Okmanas, co-founder of several highly successful international businesses in his native Lithuania. These include cybersecurity group Nord Security, valued at more than $3 billion and best known for virtual private network provider NordVPN. His latest venture, nexos.ai, is a secure, all-in-one AI platform for enterprises and governments.

Okmanas tells POLITICO Studio how the EU can help startup founders compete on the world stage — and why institutions and enterprises in the EU should be concerned about cybersecurity vulnerabilities.

POLITICO Studio: Despite enjoying worldwide success, your companies remain firmly rooted in Lithuania. Have you ever been tempted to move them to the U.S.?

Tomas Okmanas: It’s been a long journey since we bootstrapped our first business in 2012. Those were early days for the startup scene in Lithuania, and we didn’t have the luxury of big checks from Silicon Valley VC firms. Along the way, I’ve met lots of people who told me we should open an office in the U.S., arguing that’s where the best management talent is. But all our management is based in Lithuania, and we’ve shown that global tech companies can be built out of this country and Europe. Today, Nord Security employs more than 2,000 experts across our offices in Vilnius, Kaunas, Berlin, Warsaw and Amsterdam.

All the big U.S. investment firms have now opened offices in Europe, so access to capital is here. And talent is also certainly here, which can compete and win globally, as Nord’s 400 international patents secured in fewer than four years demonstrate.

PS: When you launched NordVPN in 2012, virtual private networks were a niche market, but today you have millions of global users. What’s the secret to growth on that scale?

TO: The simple answer is that if you create products that people love and that are very effective, success comes naturally. In the early days, we were fortunate enough to spot the emerging market trends. At that time, viruses were usually spread by floppy disks or CD-ROMs or USBs, but we realized that the threat would ultimately come from the web. Today, if you use a VPN, it’s your ultimate network guardian. Over the years, we’ve blocked billions of scams and phishing and malware attacks. Just in the past three months, we’ve blocked 103 million malware attacks in the U.K., 72 million in the Netherlands and 34 million in France.

If you create products that people love and that are very effective, success comes naturally.

Today, Nord Security is a fully fledged cybersecurity company, guarding users and organizations against all kinds of threats. Our products provide network security, threat visibility, smart password management and secure data roaming with Saily, our eSIM solution.

PS: How do you perceive the current state of cybersecurity readiness in Europe?

TO: Our research shows that companies tend to be better prepared for cyber threats than governments. We analyzed publicly available data from around 400 major companies and public institutions across the EU, and the overall picture is not great.

Sectors such as aviation and oil and gas performed reasonably well, but others, including public institutions, less so. We identified multiple vulnerabilities, ranging from stolen credentials and email spoofing risks to critical system weaknesses. That’s something that needs to be addressed urgently.

PS: A new security risk has arrived in the form of generative AI. How does your latest venture, nexos.ai, aim to mitigate that risk?

TO: More and more critical data is leaving companies and other organizations, ending up with large AI companies that are mostly based in the U.S. For instance, someone in the European Parliament can upload a confidential document to ChatGPT, which would immediately be processed on OpenAI’s servers in the U.S. Essentially, nexos.ai enables an organization to harness large language models while keeping security and cost management front and center. We provide a choice of using multiple LLMs, including on-premise models for handling sensitive information. The platform can also detect and block any unauthorized sharing of sensitive documents, which further reduces security and compliance risks.

PS: GenAI is one of several new technologies in which Europe is perceived as lagging behind other parts of the world. How can Europe become more competitive in the tech sector? 

TO: In Europe, we create regulations and then try to build businesses around them. But in, say, the U.S., they first build great products and then the government creates regulations — and helps businesses to grow. If you think about the Stargate Project or any other AI infrastructure initiative in the U.S., I don’t think they’re going to be worried about getting permits to build big data centers. In Europe, you would be looking at a minimum of a year or two to get building permits. It’s the same with AI regulation — the U.S. does whatever it can to support its businesses. We need more of this mindset in Europe.

That’s why I support regulatory simplification across the board, from GDPR to the AI Act. I’m certain that we can maintain the same levels of consumer protection with far less bureaucracy. As a startup founder, you want to hire engineers, not lawyers.

PS: Do you have any specific directives or initiatives in mind?

TO: I’m in favor of establishing the 28th regime — a new European legal framework that would enable seamless online incorporation, harmonize commerce rules across Europe and introduce favorable taxation for stock options. Creating the Scaleup Europe Fund, as proposed by the European Commission, would also be a step in the right direction. Let’s think big — why not establish a European NASDAQ and give our scale-ups the opportunity to go public here in Europe?

The U.S. does whatever it can to support its businesses. We need more of this mindset in Europe.

Another factor is the way we think about failure in Europe. If an entrepreneur fails once or twice, it can be hard to get investment. But in the U.S., there’s a belief that even if you burn through eight companies, the 9^th or 10^th will be a success. We need to allow people to experiment and fail. We failed with more than 30 projects before we launched NordVPN.

PS: You’ve played a major role in establishing a thriving startup scene in Lithuania. What lessons could other European cities and countries learn from your experience?

TO: If companies in a local ecosystem are operating global businesses out of Europe, they need to support each other. There are great global companies here in Vilnius, such as Vinted, the secondhand clothes marketplace, and Hostinger, the web hosting platform. We have regular meetups and go on vacations together. And we’re angel investors in a number of local companies with global ambitions. New companies are being built all the time, which creates more jobs. If you love the place where you were born, you want it to grow, and it’s great if we can all grow together.

The same is true for Europe. Founders like me want the continent to succeed in the global race, and we’re willing to contribute our share. What we need is more public-private collaboration and dialogue that leads to real change.