GlobalPlatform Takes on Governance of PSA Certified APIs, Expanding Standardized Security Across Connected Devices

June 23, 2026 — GlobalPlatform will provide a new industry-led home for the PSA Certified API specifications, giving developers a standardised way to access cryptography, secure storage, attestation, and firmware update services across silicon, software, and cloud platforms.

The move follows the transfer of the PSA Certified security evaluation scheme to GlobalPlatform in September 2025 and further reinforces PSA Certified as a fully open, community-owned standard. Under GlobalPlatform’s stewardship, the APIs will benefit from broader industry participation and contribution, ensuring they continue to evolve in step with the needs of an expanding ecosystem.

Originally developed by Arm to address the fragmentation problem in IoT and embedded security, the PSA Certified APIs provide a standardised approach to security services that previously varied between chip vendors, leaving developers to navigate a range of proprietary interfaces.

By providing a standardised, hardware- and architecture-agnostic set of interfaces for cryptography, Trusted Execution Environments (TEEs), secure storage and attestation services, the APIs support security implementations ranging from constrained IoT devices to cloud and confidential computing environments. The APIs allow OEMs to integrate security services from any vendor — or combination of vendors — via a single, consistent approach. Full API documentation, reference header files, and a compliance test suite are included.

The APIs have been adopted across the embedded technology stack. Semiconductor companies including Infineon, Nordic Semiconductor, Nuvoton, NXP, Renesas, Silicon Labs and STMicroelectronics use PSA Certified APIs within their software development environments. Cryptographic software providers, operating systems and TEE vendors have also adopted the standard. Implementations can be found in open-source projects such as Trusted Firmware-M (TF-M), Zephyr, RIOT OS and Matter, enabling developers to access security services through a common interface across diverse hardware and software platforms.

“The transfer of the PSA Certified scheme to GlobalPlatform last year was about establishing a rigorous, independent framework for security evaluation. This next step is about making that security easy to implement — giving developers across the industry a common, standardised way to access the hardware security functions their products depend on,” said Ana Tavares Lattibeaudiere, Executive Director of GlobalPlatform. “By bringing the PSA Certified APIs under community ownership, we can ensure they remain architecture-neutral, transparent, and responsive to the needs of an expanding range of industries and deployment models — from IoT and embedded systems to automotive, cloud and confidential computing environments.”

As part of GlobalPlatform, the PSA Certified APIs will be managed as a new Working Group within the Trusted Environments and Services (TES) Committee, providing an open forum where stakeholders can collaborate on the future direction of the technologies.

The existing PSA C API GitHub repository will migrate to a GlobalPlatform open-source project under the same licences, ensuring continuity for the large ecosystem of developers already using the APIs. Arm will chair the new Working Group and will continue to contribute actively to the project. A new Task Force will also be established to enable structured engagement with external standards bodies, industry stakeholders, and open-source projects.