Tresorit gets Common Criteria EAL4+ certification

Tresorit gets Common Criteria EAL4+ certification

Building Digital Trust: The Crucial Role of Common Criteria Certification

In an era dominated by data breaches and cybersecurity threats, ensuring a secure environment for sensitive data is paramount. Tresorit proudly announces a significant milestone in this pursuit: the achievement of the Common Criteria EAL4+ certification. This certification not only sets new standards in digital security but also plays a key role in establishing digital trust.

While very few security companies have obtained this highest certification level for their products, to our knowledge, no cloud storage encryption company has achieved the EAL4+ certification, highlighting the exceptional nature of this security achievement within the encryption industry.

What was validated?

Tresorit guarantees with the use of its end-to-end encrypted software service only the customer has access to their data. Not even Tresorit or any other cloud provider has access to the data. This particular claim stands out as one of the pivotal assertions substantiated in the validation process.

Understanding Digital Trust:

Digital trust is the foundation upon which modern businesses operate and flourish. It is the confidence that users, whether they are customers, employees, or partners, have in the security, reliability, and integrity of digital systems and the data they handle. This trust is not granted lightly but is earned through transparent practices, robust security measures, and a commitment to protecting user privacy.

Why EAL4+ Matters for Digital Trust:

EAL4+ (Evaluation Assurance Level 4 with augmentation) is more than just a certification; it is a clear demonstration of Tresorit's commitment to providing state-of-the-art security measures. The certification assures businesses that Tresorit's security features are not only securely designed but also implemented as advertised. It serves as a gold standard, building confidence in users that their data is protected at the highest industry level.

Digital trust isn't just a theoretical concept; it actively contributes to a company's success. As per IDC Research forecasts, more than a third of companies will have replaced Net Promoter scores and other similar indicators with digital trust indices by 2025. Customers and markets will demand a unified approach to measuring trust, using quantitative metrics to assess security, privacy, compliance, and customer experience.

Key Benefits

1. Reliability:

Tresorit's EAL4+ certification is not just a logo; it's a declaration of reliability. This certification signifies that our security measures have undergone meticulous examination, assuring businesses of our constant commitment to their data's safety.

2. Compliance:

Navigating the complex landscape of regulatory compliance can pose challenges for businesses. Tresorit's EAL4+ certification simplifies this process. It provides businesses with a powerful reference for internal compliance reviews.

3. Digital Trust:

Tresorit's EAL4+ certification delivers confidence sensitive data is housed within a platform that adheres to globally recognized security standards.

4. Decision-Making:

The choice of a security solution is a critical decision for any business. Tresorit's EAL4+ certification simplifies this decision-making process.

The EAL4+ Certification Process:

The Common Criteria certification process is a complex evaluation conducted by an accredited laboratory — in Tresorit's case, by CCLab. This cybersecurity laboratory, founded in 2013, specializes in Common Criteria evaluations and consultations. It has been accredited by OCSI, Certification Body of the Italian Scheme since 2015 and by BSI, the German CB since 2022. 

The process involves a comprehensive assessment of various security aspects, including design, implementation, and testing.

Key Components of EAL4+ Certification:

1. Thorough Design Evaluation:

The certification evaluated the overall design of Tresorit's security features. This includes an in-depth analysis of how our platform is architected to ensure the highest level of security.

2. Implementation Scrutiny:

EAL4+ certification goes beyond theory - it ensures that the security features designed are effectively implemented. The evaluation assessed the practical application of these features to guarantee their real-world effectiveness.

3. Stringent Testing Procedures:

Rigorous testing is a cornerstone of the certification process. Tresorit's security features were subjected to meticulous testing to identify vulnerabilities and ensure that they can withstand potential attacks.


In conclusion, the attainment of the Common Criteria EAL4+ certification by Tresorit is not just a certification; it's a commitment to digital trust. The core principles of E2EE, zero trust, and the stringent evaluation process of Common Criteria converge to create a security ecosystem that goes beyond industry standards.

Tresorit's EAL4+ certification isn't just a milestone for us; it's a testament to our dedication to providing businesses with a secure, reliable, and trustworthy platform for their most sensitive data. In the world of digital trust, Tresorit stands as a beacon, guiding businesses towards a future where security is not just a measure but a philosophy.