In an impressive and unique industry first that reflects the work Apple has done on mobile device security since the first iPhone arrived almost 20 years ago, the North Atlantic Treaty Organization (NATO) says iPhones and iPads running iOS 26 are secure enough to handle classified information in NATO-restricted environments — pretty much out-of-the-box. That’s going to mean a great deal to military planners at the organization, who will now be much happier to use Apple’s devices to handle classified information up to NATO restricted level without any additional software or settings. This means the iPhone and iPad are the first (and only) consumer devices to have met the agency’s compliance standards. It also means that, in general terms, the iPhone in our pocket is now seen as being sufficiently secure to handle some of the most classified information you can get — and if you regularly use your device to handle anything of greater importance, you can use Lockdown Mode. NATO’s approval extends to handling that kind of information using standard Apple apps, including Mail, Calendar, and Contacts data. What Apple said “This achievement recognizes that Apple has transformed how security is traditionally delivered,” said Ivan Krstić, Apple’s vice president of security engineering and architecture. “Prior to iPhone, secure devices were only available to sophisticated government and enterprise organizations after a massive investment in bespoke security solutions. “Instead, Apple has built the most secure devices in the world for all its users, and those same protections are now uniquely certified under assurance requirements for NATO nations — unlike any other device in the industry.” There are two caveats to recognize. The first is that NATO does require that devices handling this sort of data in these environments be managed devices implementing relevant policy controls on use; the second is that you absolutely need to have your devices protected by passcodes and/or biometric (Face/Touch) ID. The ramifications for enterprise users is significant. It implies that so long as you have effective policies in place (so no one uses an iPhone to take pictures of the confidential blueprints they then share with a competitor, for example), the device you get out the box is likely secure. Security is in Apple’s DNA The NATO approval builds on an earlier security success for the company: the devices were approved to handle classified German government data on hardware using native iOS and iPadOS security measures after an extensive evaluation by the Federal Office for Information Security (the Bundesamt für Sicherheit in der Informationstechnik , or BSI). As part of that effort, BSI conducted a comprehensive series of assessments and tests, including deep security analysis, to make sure that the security capabilities Apple has already put in place were secure enough. This also led to the approval of these systems by NATO’s 32-member states. “Secure digital transformation is only successful if information security is considered from the beginning in the development of mobile products,” said Claudia Plattner, BSI’s president. “Expanding on BSI’s rigorous audit of iOS and iPadOS platform and device security for use in classified German information environments, we are pleased to confirm the compliance under NATO nations’ assurance requirements.” Security is, of course, in Apple’s DNA, which is why it designs it in at the core of its products. As proof, Apple can point to years of work on security, during which it has been led by the idea that security protections should be focused on users, deeply integrated, and available across its ecosystem. That work led, for example, to the invention of the Secure Enclave on Apple processors, which does a much to ensure device security. (That’s also why everyone using one of these devices should ensure they use a super-tough password and enable biometric ID.) In truth, Apple device security rests on a complex web of layered, integrated protections, from Secure Boot to Memory Integrity Enforcement (now also on M5 Macs ) and beyond. In more general terms, this means that any user, even those who aren’t relying on managed devices and don’t work for NATO, can expect high security for the data on their device. That’s the case as long as they only use apps distributed by the App Store, refuse to use random configuration profiles downloaded for whatever reason from the ‘net, have device protection enabled, and use a tough-to-guess passcode. More details about Apple’s security protections are available in the Apple Platform Security guide . Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe. Also, now on Mastodon .