Sweden is rearming. Defence supply chains need new suppliers. Are you ready?
The largest defence build-up since the 1950s is underway. Parliament has agreed on 3.5% of GDP for defence. This means suppliers across the chain need to meet NATO's AQAP requirements and the Armed Forces' information security demands – fast.
Sweden's largest defence investment in 70 years
The security situation has changed the landscape. The defence industry needs more suppliers – but only those who meet the requirements.
of GDP for defence
Cross-party agreement to reach 3.5% of GDP in defence spending. The largest investment since the 1950s.
in civil defence
The Swedish government is investing SEK 12 billion in civil defence during 2026–2028. New suppliers are needed across the chain.
full member since 2024
Sweden's NATO membership opens up allied defence procurement and cooperation – but also sets new requirements for suppliers.
AQAP 2110 = ISO 9001 + defence requirements
NATO's quality standard AQAP 2110 builds directly on ISO 9001. This means ISO 9001 certification gives you the foundation – AQAP defines what is required beyond that.
ISO 9001 – the foundation
- Quality management system following the ISO 9001 structure
- Continual improvement processes (PDCA)
- Document control and internal audits
- Management responsibility and commitment
- Risk-based thinking across all processes
AQAP 2110 – the additions
- Configuration management of products and systems
- Government Quality Assurance (GQA) – authority inspections
- Extended risk management and traceability requirements
- Supply chain management requirements flowing downstream
- Product verification and validation (AQAP 2120/2130)
Information security for defence
Quality management is not enough. The Armed Forces also require structured information security. ISO 27001 is the standard used.
ISMS based on ISO 27001
The Swedish Armed Forces recommend an Information Security Management System (ISMS) based on ISO 27001. This gives you structured risk management, access control and incident management.
Protective Security Act
The Protective Security Act (2018:585) governs the handling of security-sensitive activities. Suppliers need security protection agreements and processes for personnel and physical security.
FMV supplier assessment
FMV (Sweden's defence procurement authority) reviews suppliers' quality and information security systems. ISO 9001 and ISO 27001 certification significantly facilitates the assessment process.
Quality + security in one management system
The defence industry requires both quality and information security management. AmpliFlow handles both – in one integrated system.
Quality management system (ISO 9001)
AQAP 2110 builds directly on ISO 9001. Without ISO 9001 certification, you lack the foundation the defence industry requires. AmpliFlow helps you build and maintain your quality management system.
Information security management (ISO 27001)
The Swedish Armed Forces require ISMS for suppliers handling sensitive information. ISO 27001 provides the framework – AmpliFlow structures risk management, asset registers and action plans.
Integrated management system
Run ISO 9001 and ISO 27001 in the same system. Shared non-conformity management, pages (wiki) for policies and internal audits – without duplication. That is exactly what AmpliFlow is built for.
Supplier register throughout the chain
Certification requirements cascade down the supply chain. You need to keep track of your sub-suppliers with contact information and link them to risk assessments.
Questions about defence, NATO and ISO
What is AQAP 2110?
AQAP 2110 (Allied Quality Assurance Publication) is NATO's quality standard for defence materiel suppliers. It builds on ISO 9001 but adds requirements for configuration management, risk management, traceability and government quality assurance (GQA). If you already have ISO 9001, you have the foundation – AQAP 2110 defines what is required beyond that.
Does Sweden require ISO certification for defence suppliers?
There is no general legal requirement for ISO certification. However, in practice, FMV and the Swedish Armed Forces frequently require quality management systems according to ISO 9001 and information security according to ISO 27001 in their procurement. Without certification, it becomes difficult to qualify as a supplier.
What is ISMS and why do we need it?
ISMS (Information Security Management System), referred to as LIS in Swedish, is based on ISO 27001. The Swedish Armed Forces require suppliers handling sensitive information to have a functioning ISMS. It covers risk assessment, security controls, incident management and continual improvement of information security.
We are a small company – is this relevant for us?
Yes, especially now. The rapid rearmament means the defence industry needs more sub-suppliers. Certification requirements are cascading down the chain. SMBs that build structured management systems early position themselves for contracts that would otherwise go to competitors. AmpliFlow is built to be manageable even for smaller organisations.
How is security-classified information handled?
The Protective Security Act (2018:585) governs the handling of security-classified information. Suppliers handling such information need a security protection agreement and processes for access control, personnel security and physical security. AmpliFlow supports document control and access management but does not handle storage of security-classified information – that requires separate, approved systems.
How does AmpliFlow support defence and NATO requirements?
AmpliFlow provides an integrated management system for ISO 9001 and ISO 27001 – the two standards the defence industry requires. You manage pages (wiki) for policies, risks, non-conformities, audits, competencies and supplier register in one system. This helps you meet the quality and information security requirements in defence procurement, but does not replace specialised systems for handling classified information.
More questions?
We are happy to answer all your questions about defence requirements and how AmpliFlow can help.
Contact usReady to join the defence supply chain?
Book a demo and we will show you how AmpliFlow helps you build an integrated management system for quality and information security – tailored for defence industry requirements.