The EU Council has authorised the use of the Swedish cryptographic product "PGAI 9441 version 7.6.x" for protecting EU classified information at the RESTREINT UE/EU RESTRICTED level, according to an information note published on 2 October 2026. The approval is conditional on incorporating the evaluator's recommendations into the relevant Security Operating Procedures.
Document details The decision was taken under Article 10(6) of the Council Security Rules, established by Council Decision 2013/488/EU. The document is an information note, not a formal legislative act, and it specifies a concrete product approval rather than setting general policy.
Policy orientation and trade-offs The approval balances security needs with operational efficiency. By endorsing a specific product, the Council ensures a uniform security standard across EU institutions, reducing fragmentation. However, the conditional nature—requiring updates to Security Operating Procedures—may impose administrative burdens on institutions that must adapt their processes. The decision also favours interoperability by selecting a single product, but it limits flexibility for institutions that might prefer alternative solutions.
Impact on stakeholders - EU institutions and bodies: They must update their Security Operating Procedures to incorporate the evaluator's recommendations, incurring administrative costs but gaining a certified tool for handling restricted data. - Swedish manufacturer (PGAI): The approval opens a market within EU institutions, potentially boosting sales and reputation, but the product must meet ongoing compliance requirements. - National security authorities of EU member states: They may need to align their own cryptographic policies with the Council's choice, especially if they use different products for similar classification levels. - EU taxpayers: Indirectly benefit from enhanced security of classified information, though the costs of implementation are borne by institutions.
Expected institutional follow-up The Council's decision is final for the approval of this product. Next steps involve EU institutions and bodies implementing the required updates to their Security Operating Procedures. No further legislative action is anticipated from other EU institutions, as the Council has sole authority under the Security Rules.
← Atlas › News › Budget & Administration