La NATO has taken an unprecedented step by authorizing the use of iPhones and iPads to handle classified information up to the NATO Restricted level, the basic level within its confidentiality system. The decision positions Apple's mobile phones and tablets as the first consumer devices to pass the Alliance's demanding security filters without the need for additional solutions or custom modifications.
With this certification, a Standard iPhone or iPad with iOS 26 or iPadOS 26As sold in any European store, it can participate in NATO's restricted information environments, always within the frameworks and controls established by each country. For governments and public bodies, especially in Europe, this opens the door to a more flexible use of consumer technology for sensitive tasks without compromising the required levels of protection.
First consumer devices with NATO endorsement
As confirmed by Apple, iPhone and iPad are the first and only consumer devices These certifications are included in the NATO Information Assurance Product Catalogue, the official catalog listing products that meet the Alliance's security standards. Until now, this type of certification was typically reserved for specific, expensive, and unattractive devices for the average user.
The scope of the approval is limited to the level NATO Restricted, the lowest level of classified information within NATO. Even so, this is data whose unauthorized disclosure could harm the organization's interests, which is why its processing has been subject to very strict procedures and infrastructures almost exclusively used by the military and government sectors for decades.
What's striking is that this time No special software installation or external security configurations are required. to the system. NATO agencies have deemed the measures already integrated into iOS 26 and iPadOS 26 sufficient, provided that the management profiles and policies defined by each administration are applied. In the case of Europe, this is implemented through mobile device management solutions and national cybersecurity frameworks.
Apple emphasizes that the certification is based on its approach to security by designThe protection is built in from the very beginning of the hardware, chip, and operating system development, rather than being added later as a patch. This approach was one of the key elements valued by NATO evaluators.
The decisive role of Germany and the BSI
The journey towards this approval begins in Europe. Germany has served as a gateway to the NATO environment thanks to the work of its Federal Office for Information Security, the well-known BSI (Bundesamt für Sicherheit in der Informationstechnik). This agency had already authorized the use of iPhones and iPads with classified German government information, and subsequently extended the analysis to the context of the Atlantic Alliance.
For that expansion, the BSI conducted comprehensive technical assessments, stress tests, and in-depth security analyses. on the iOS and iPadOS platforms and on the devices themselves. The goal was to test whether Apple's architecture could withstand the same levels of rigor applied to dedicated military and government systems, both in hardware management and software protection.
As a result of that research, the devices with iOS 26 and iPadOS 26 passed the German government's criteria And, based on that, the recommendation was extended to the rest of the NATO member states. In this way, the initial national validation became the cornerstone of multinational approval, reinforcing the influence of European cybersecurity agencies in the Alliance's decisions.
In Germany, reference is also made to a specific configuration defined by the BSI itself, known as “Indigo Configuration”This document details how security policies and mobile device management should be handled to meet NATO requirements. It does not involve installing additional applications, but rather precisely adjusting management parameters, restrictions, and remote controls on official terminals.
Claudia Plattner, president of the BSI, has reiterated that a “Secure digital transformation only works if information security is integrated from the beginning” in mobile products. Their statements emphasize that the decision is based on lengthy audits, and not a simple document review, which lends more weight to the German agency's approval among the other allied countries.
Apple's security architecture under scrutiny
One of the most valued elements in the evaluations is the default encryption offered by iOSData stored on the device and information transmitted over the network are protected using advanced cryptography without requiring the user to activate any special settings. This protection, combined with hardware-based key management, greatly complicates unauthorized access to the information.
Another fundamental pillar is the Biometric authentication via Face ID and Touch IDThis restricts access to the terminal to the legitimate user. By combining facial or fingerprint recognition with unlock codes and other factors, it raises the barrier against intrusion attempts, which is especially relevant when working with sensitive documents on the go, whether in diplomatic missions, military bases, or European institutions.
The evaluators also highlighted the presence of advanced memory integrity mechanisms, such as Memory Integrity Enforcement, integrated into Apple Silicon chips. These features are designed to make it more difficult to exploit vulnerabilities and install malware. sophisticated spyware that attempts to exploit low-level vulnerabilities, a common concern in defense and national security environments.
All these components are part of the Apple's integrated security platform, which combines hardware, operating system, and servicesBy controlling the entire chain—from chip design to the development of iOS and iPadOS—the company can implement coordinated countermeasures and rapidly distribute security updates globally, something that governments particularly value when responding to security breaches.
Apple insists that these features are not a special version for governmentsbut rather the same ones used by millions of people in their daily lives. This convergence between the consumer market and government needs has been one of the arguments the company has put forward, and it is now backed up by NATO certification.
What exactly does the NATO Restricted level allow?
The authorization is concentrated at the level NATO Restricted, the initial level of classified informationIt does not cover, at least for the moment, higher categories such as Confidential, Secret or Top Secret, where the technical requirements and custody procedures are even stricter and usually require highly specialized solutions.
At this level, certification allows that military units, diplomats and personnel from the administrations of allied countries They may use iPhones and iPads to connect to classified networks, access documents marked as restricted, or communicate in specific operational contexts. However, this is always subject to the additional policies established by each Member State regarding encryption, identity management, or network segmentation.
The inclusion of these devices in the NATO Information Assurance Product Catalog This is the formal step that enables their integration into official Alliance infrastructures. In practice, this means that security officials in each country can consider deploying iPhones and iPads within their own architectures without having to start the certification process from scratch.
Since it is an intermediate classification level, Administrations can gain flexibility in daily workFrom managing files that do not reach the highest level of confidentiality to coordinating teams on the ground, including meetings and communications in which sensitive but not critical data for the survival of the organization is handled.
In this context, consumer terminals with systems familiar to users They offer a much shorter adaptation curve than traditional dedicated equipment, which is often impractical, with complex interfaces and limited functions for everyday use.
Impact on Europe, Spain and the safe mobility market
For European countries, including Spain, the decision means an additional tool to promote secure digitization of their administrations. Being able to use widely available devices such as the iPhone and iPad makes it easier to consolidate mobility projects in ministries, armed forces, diplomatic corps and other organizations without having to rely solely on niche hardware.
In the specific case of Spain, this certification fits with the Administration modernization strategy and cybersecurity efforts These efforts are being carried out in coordination with European partners and NATO itself. Although each country maintains its own national security frameworks, the Alliance's validation simplifies the task for technical experts when selecting mobile platforms for sensitive operations.
At the same time, NATO's decision sends a clear message to the industry: Consumer devices can compete in historically reserved environments Proprietary and highly closed solutions are preferred, provided they can demonstrate sufficient levels of protection. Other manufacturers offer specific services for governments, but these often require different phones or configurations than those used by the general public, adding costs and complexity.
The fact that no other consumer mobile phone has yet achieved this certification puts Apple in a position to compete. advantageous position in the government and defense marketThis applies both in Europe and in other allied countries. The company is thus reinforcing its message that the same technology that protects the personal data of the average user is prepared to withstand the highest level of threats, including those of state origin.
For the average citizen, this movement also has its own interpretation: the layers of security that convince a military alliance Accustomed to evaluating complex attacks are the same ones who daily protect photos, conversations, documents and bank accounts on their personal devices, without the need for extra steps or advanced technical knowledge.
The agreement between Apple and NATO marks a turning point in how consumer mobile phones and tablets are understood in the institutional sphere: for the first time, a device that anyone can buy in a European store It joins the club of authorized tools for handling classified information, a change that is expected to boost new safe mobility initiatives in Spain, the rest of Europe and throughout the allied space.