The Council of the European Union has formally approved the cryptographic product PGAI 9411, developed by Sweden, for protecting EU classified information at the RESTREINT UE level. The decision, taken on 2 October 2026, authorises the use of this product within EU institutions, subject to the incorporation of the evaluator's recommendations into security procedures. This approval is based on Article 10(6) of the Council Security Rules, as established by Council Decision 2013/488/EU.
Document Details and Legal Basis The information note, issued by the Council, specifies that the PGAI 9411 product has undergone evaluation and meets the required security standards for RESTREINT UE classified information. The legal framework is provided by Council Decision 2013/488/EU, which sets out the security rules for protecting EU classified information. The approval is conditional, requiring that the evaluator's recommendations be integrated into the security procedures governing the product's use.
Policy Orientation and Trade-offs This decision reflects the EU's ongoing commitment to maintaining robust information security within its institutions. By approving a specific cryptographic product, the Council ensures a standardised level of protection for classified information. The trade-off involves balancing the need for security with the operational flexibility of using a national product. The conditional nature of the approval allows for adjustments to address any identified vulnerabilities, thereby enhancing overall security without imposing undue restrictions.
Impact on Stakeholders - EU institutions: They will benefit from a certified cryptographic solution for protecting RESTREINT UE information, enhancing their security posture. However, they must implement the evaluator's recommendations, which may require procedural adjustments. - Swedish authorities: The approval of their product strengthens their role in EU security infrastructure and may facilitate further collaboration. They must ensure that the product's security procedures are updated as required. - Other EU member states: They may view this as a precedent for approving national cryptographic products, potentially leading to a more diverse set of approved solutions. However, they might also face pressure to have their own products evaluated and approved. - EU security personnel: They will need to adapt to the new product and follow updated security procedures, which could involve additional training.
Institutional Follow-up The Council's decision is final and does not require further approval from other EU institutions. The implementation of the evaluator's recommendations will be monitored by the relevant security bodies within the EU. Future updates or modifications to the product's approval may be considered based on evolving security needs.
← Atlas › News › EU affairs & Institutions