Enabling Next-Generation Secure Elements Using New Protection Profiles
By Gil Bernabeu, CTO, GlobalPlatform
We recently reached a major milestone in the delivery of the new version of the GlobalPlatform Secure Element Protection Profile (SE PP). In December 2025, Version 2.0 of this reference for Secure Element security evaluation was approved under CC:2022, the latest generation of the Common Criteria framework for IT security evaluation. The certification was issued by the Spanish national certification body, with evaluations performed by Applus.
This approval gives the GlobalPlatform ecosystem a clear and trusted reference for evaluating Secure Elements against the most up-to-date Common Criteria baseline.
Defining security expectations for today’s Secure Elements
The GlobalPlatform SE PP defines the security functions that must be considered when evaluating a Secure Element built on our specifications. It establishes a common set of expectations for how Secure Elements manage applications, protect sensitive data, perform cryptographic operations, and securely communicate with external systems and services.
GlobalPlatform Secure Element technology is being deployed across a wide range of environments. These include everything from classic cards to advanced embedded Secure Elements, fixed application sets and remotely updatable multi-application deployments, and both single-actor and multi-stakeholder ecosystems. To accommodate this diversity, the SE PP is structured as a modular set of functions that allows users to select the configuration best suited to their deployment needs.
By providing this shared reference, the SE PP also enables consistent, high-assurance evaluations of Secure Element platforms across vendors and certification bodies.
Why is this important?
The latest version of the GlobalPlatform SE PP is not just about alignment with CC:2022. It also creates a baseline for new modules added in 2026 that reflect how Secure Elements will be deployed and used in the future.
One key function currently under development is the Cryptographic Service Provider (CSP) module. This module allows sensitive cryptographic operations to be delegated to a certified cryptographic library embedded within the Secure Element. This means third-party applications—such as digital identity applets—can rely on a trusted, evaluated cryptographic service rather than implementing cryptography themselves. As a result, applications can be certified once and deployed across any certified CSP-enabled Secure Element platform, significantly simplifying certification—with no need for composite certification for each and every platform.
Another major development is support for Multi-Scope Platforms (MSPs) allowing different isolated SE environments (scopes) on the same hardware platform. This required an additional Multi-Scope Manager (MSM) for the new Protection Profile. A MSP PP certified platform will allow a single Secure Element to host multiple isolated environments, each managed independently.
This enables, for example, eSIM-based devices where one environment is used for mobile connectivity, and another supports additional secure services in the SAM Area. The MSM extends the Secure Element Protection Profile with security requirements that ensure these environments remain strongly isolated and securely managed, even though they share the same underlying hardware.
A platform for new use cases
With CC:2022 approval, Secure Element vendors can now seek certification against the GlobalPlatform SE PP at any EU Common Criteria certification body—with confidence that the profile is compatible with the latest CC framework. This provides a solid foundation for deploying advanced capabilities such as CSP-based cryptographic services and multi-scope Secure Element platforms.
For both manufacturers of Secure Elements and those that purchase them, this means greater confidence in platform security, easier comparison between products, and reduced long-term certification risk. For end users, it enables more secure and scalable support for emerging use cases—such as digital wallets and digital identity—built on Secure Elements evaluated against a modern, globally recognized security standard.
The public release of the Secure Element Protection Profile and Extensions v2.0 (GPC_SPE_174) can be accessed here
https://globalplatform.org/specs-library/secure-element-protection-profile/
