IN Brief:
- NATO’s Protected Business Network programme will support secure cloud-enabled services for around 29,000 users.
- Accenture is leading the seven-year contract, with Leonardo supporting Zero Trust cyber architecture.
- The work reflects a wider shift from standalone cyber tools to industrial-scale secure digital infrastructure.
NATO has awarded a seven-year contract to Accenture, working with Leonardo, to help build a protected digital enterprise for classified Alliance operations, moving secure cloud infrastructure deeper into the core of defence capability.
The Protected Business Network programme is designed to support around 29,000 users across NATO with a classified, cloud-enabled digital environment. The work includes a common cloud operating model, standardised engineering practices, and a multi-cloud platform provided through NATO communications and information structures. Leonardo’s contribution includes Zero Trust Architecture and cyber defence capabilities supported by its Global Cybersec Platform.
The contract value is approximately €200 million over seven years, although the industrial significance sits beyond the figure. NATO is building a secure digital operating layer for classified work across a complex multinational organisation, which requires integration, identity management, access control, accreditation, hosting, migration, service management, cyber monitoring, software assurance, and continuous upgrade pathways.
Cyber is no longer a bolt-on discipline for the defence supply chain. Secure digital infrastructure is becoming part of the production baseline for modern defence, because aircraft, ships, vehicles, satellites, command systems, and weapons all depend on classified data environments for design, testing, support, mission planning, and operational coordination. If the enterprise layer is weak, the platforms built on it inherit risk.
The Zero Trust element is especially relevant in a multinational defence environment. Traditional perimeter-based security struggles when users, systems, data, and missions span different countries and security domains. Zero Trust architectures require access to be continuously verified, segmented, monitored, and adapted. Identity, device posture, network behaviour, encryption, logging, and policy enforcement therefore become industrial controls rather than back-office IT settings.
A similar national-scale logic runs through the UK’s Cyber Shield programme, where automated defence, agentic AI, and sovereign cyber capability are moving from concept into procurement pressure. NATO’s Protected Business Network sits at alliance scale, but the direction is the same: cyber defence is becoming infrastructure that must be engineered, certified, and sustained like any other critical military system.
The manufacturing pressures are substantial. Secure cloud for classified defence users cannot follow the tempo of commercial IT without modification. Every platform, tool, data flow, and software update has to pass through assurance, accreditation, sovereignty, and resilience requirements. Supplier chains must be vetted, operational data must be protected across jurisdictions, and updates must be fast enough to counter threats while controlled enough to avoid creating fresh vulnerabilities.
Large integrators retain an advantage in this environment. Building a protected enterprise across NATO is not primarily a software development task; it is a systems engineering and governance problem. The supplier has to coordinate legacy migration, user requirements, security controls, service continuity, and future growth. The platform must be secure enough for classified work and flexible enough to support a changing Alliance.
The opportunity extends through the wider cyber and digital supply chain. Programmes of this scale pull demand for identity tools, endpoint security, encryption, secure hosting, monitoring, compliance automation, software development environments, data-labelling systems, and training. Specialist suppliers may find openings in discrete modules, but they will need to meet a high bar for security assurance, interoperability, and long-term support.
The PBN also expands how interoperability is understood. NATO interoperability has often been framed around radios, missiles, fuel, ammunition, and logistics. Digital interoperability is now equally important. An Alliance that cannot share classified information securely and quickly will struggle to coordinate industrial mobilisation, operational planning, logistics, cyber defence, and intelligence workflows.
The difficult part will be avoiding fragmentation. NATO has to serve different national requirements, classification practices, legacy systems, and cloud strategies. A protected network that becomes too rigid could slow users down, while one that becomes too permissive could weaken security. The engineering task is to build controlled flexibility: a common framework capable of absorbing national differences without becoming a patchwork.
For the defence market, the message is direct. Cyber infrastructure is no longer a support function. It is a production environment, an operational enabler, and a battlefield dependency. NATO’s PBN contract formalises that reality at alliance scale.



