In a watershed moment for mobile security, NATO has cleared standard iPhones and iPads running iOS 26 and iPadOS 26 to handle information classified up to NATO Restricted. This is not a bespoke handset or a special government-only build—it is the same hardware and software millions carry every day, now validated for use across the alliance’s secure workflows.
What NATO Actually Approved for Restricted Use
NATO’s approval authorizes Apple’s latest devices for data labeled NATO Restricted, the entry tier in the alliance’s four-level system: Restricted, Confidential, Secret, and Cosmic Top Secret. The listing appears in the NATO Information Assurance Product Catalogue, the reference used by the alliance’s 30+ members and partners to vet security products for government use.
Crucially, the ruling applies to mainstream devices configured with the current operating systems, not custom firmware or hardened one-offs. Apple says no other consumer phone or tablet has achieved this particular distinction under NATO assurance requirements.
Why This Is a Big Shift for Government Mobility
For years, the conventional wisdom inside ministries and militaries was that only specialized mobiles could be trusted with classified traffic. That created costly, niche ecosystems with limited app support. NATO’s move signals that consumer-grade hardware has matured to the point where, with proper configuration, it can meet alliance-level controls—at least at the Restricted tier.
The decision builds on momentum from national authorities. Germany’s Federal Office for Information Security (BSI) previously evaluated Apple’s platform for handling classified government data, conducting technical testing and policy analysis that aligned with NATO member requirements. Similar guidance from the UK’s National Cyber Security Centre and mobile best-practice advisories from the US National Security Agency have long favored modern iOS configurations for sensitive but controlled use cases.
The Security Architecture Behind The Green Light
Apple’s hardware and software co-design is central here. The Secure Enclave isolates cryptographic keys and biometric templates, while a hardware root of trust and a signed boot chain enforce that only verified code runs. Data at rest is protected by file-based encryption and per-file keys bound to the device and user authentication.
On the exploit-resistance front, protections such as Pointer Authentication Codes, Memory Integrity Enforcement, code signing, and sandboxing harden the platform against code execution and privilege-escalation attacks. Features like Face ID and Touch ID strengthen local access control without sacrificing usability.
Networking and management capabilities also matter. iOS and iPadOS natively support enterprise-grade VPN (including IKEv2/IPsec and per-app VPN), certificate-based authentication, and granular mobile device management policies to enforce strong passcodes, automatic updates, and app whitelisting. For high-risk targets, Apple’s Lockdown Mode reduces the attack surface against sophisticated, zero-click threats commonly associated with mercenary spyware.
“Historically, only custom-built gear reached this bar,” said Ivan Krstić, Apple’s vice president for Security Engineering and Architecture. “Our goal has been to make top-tier protections the default for everyone, and those same safeguards have now met NATO’s assurance requirements.”
What Restricted Means in Practice for NATO Use
NATO Restricted covers information that could cause disadvantage or harm if disclosed but is not at the level of damaging national interests. In practice, that often includes operational logistics, planning schedules, administrative data, and coalition coordination details—materials that matter, but are a step below the Confidential and Secret tiers.
Approval does not mean “open the box and go.” Agencies will still need to apply a validated configuration baseline via MDM:
- Strong alphanumeric passcodes
- Rapid auto-lock
- Enforced updates
- Per-app VPN
- Certificate pinning for critical apps
- Often the disabling of cloud backups and auxiliary radios where policy dictates
The device, the OS, and the configuration together meet the mark.
Implications for Allies and the Wider Security Industry
For NATO members and partner organizations, this could streamline field deployments and reduce reliance on expensive niche hardware. Diplomats, crisis responders, and uniformed personnel may carry fewer devices while gaining access to modern app ecosystems and rapid patch pipelines—key advantages when threat actors iterate quickly.
The move also resets competitive dynamics. Android vendors have earned numerous certifications (for example, Common Criteria and enterprise hardening under programs like Samsung Knox), but Apple’s claim to be the only consumer device certified for NATO Restricted raises the bar for what “secure by default” means in coalition settings. Expect a wave of vendor submissions and updated guidance from national certifiers.
The Caveats and the Road Ahead for Classified Mobility
The approval currently covers iOS 26 and iPadOS 26; older software lines and unvetted configurations are out of scope. The mercenary spyware market remains aggressive, so high-risk users should still enable Lockdown Mode and follow mission-specific restrictions. The next frontier—NATO Confidential and above—would require additional controls, assurance evidence, and likely environment-specific mitigations.
Still, the signal is unmistakable: mainstream mobile platforms can now shoulder a meaningful slice of classified work. When the same phone in your pocket can be policy-compliant on a NATO network, the line between consumer convenience and government-grade assurance is narrowing—and fast.