Apple has announced that iPhone and iPad are the first (and, according to the company, the only) consumer devices to meet the information assurance requirements of NATO countries, obtaining authorization for use with classified information up to the “NATO RESTRICTED” level in NATO environments.
The NATO RESTRICTED level is the lowest threshold among NATO classifications, but it is still “classified”: we are talking about information whose disclosure would be disadvantageous to the interests of the Alliance, although not reaching higher levels such as CONFIDENTIAL, SECRET, or COSMIC TOP SECRET.
In practice, the approval paves the way for the use of iPhone and iPad for sensitive documents and information flows in institutional and operational contexts where specialized devices or custom solutions were often used until now.

The key point: no “special solutions” (but a certified configuration)
Apple emphasizes that this suitability is achieved without requiring additional software or special settings beyond the integrated security capabilities of the platform.
In the NATO catalog, however, the certification is associated with an “Indigo configuration”: in other words, the recognition concerns iOS/iPadOS with a baseline configuration defined within the evaluation (typically applicable through centralized management/MDM in enterprise and governmental contexts), while without installing “extra” security components on the device.
The process originated in Germany: iPhone and iPad had already received approval to handle classified data from the German government thanks to the native measures of iOS and iPadOS, following an evaluation by the Bundesamt für Sicherheit in der Informationstechnik (BSI).
Now, with iOS 26 and iPadOS 26, the certification is extended to use in all NATO countries.
According to Apple, the BSI conducted thorough technical tests, comprehensive trials, and detailed security analyses to verify that the platform's capabilities met the operational and assurance requirements demanded by member states.
Why Apple calls it a “historic moment”
The approval brings iOS 26 and iPadOS 26 to appear in the NATO Information Assurance Product Catalogue (NIAPC), a step that — in terms of procurement and policy — counts as much as (if not more than) a marketing announcement.
Apple attributes the result to the “security-by-design” approach across the entire supply chain: encryption, biometric authentication (Face ID), and platform protections like Memory Integrity Enforcement, cited as an example of advanced defense against certain classes of attacks.

Possible impacts (and limits not to forget)
For administrations, defense, suppliers, and large organizations, the message is clear: the possibility of using consumer devices in regulated contexts is expanding, with benefits on costs, usability, and interoperability. At the same time, two firm points remain:
- The perimeter is “up to NATO RESTRICTED”, no further.
- In real-world scenarios, adoption will almost certainly occur with policy and centralized management consistent with the certified configuration (Indigo), especially for control, auditing, and compliance.
Comments
No comments yet. Be the first!