Want to enter the defence sector? Start with a facility security clearance | In Principle

Go to content
Find what you need in over 1,000 articles
Search form
Subscribe to newsletter
In principle newsletter subscription form

Want to enter the defence sector? Start with a facility security clearance

18.09.2025 defence

The defence sector in Poland and Europe as a whole is growing at a pace not seen for decades. Increased state budget expenditures, new financial instruments (EDF, SAFE, ReArm Europe, Poland’s Security and Defence Fund), and the openness of state-run entities to cooperation with private industry are creating genuine business opportunities for Polish and foreign firms. More and more businesses, including those in the civilian economy, are considering taking part in projects for the Polish Armed Forces or submitting bids in tenders for strategic supplies, services and infrastructure.

Notwithstanding the numerous media reports and publicly available data, the detailed action plans for defence and security are classified, and must remain so. They are the basis for development of the country’s defence capabilities and equipping the military and other relevant services. Consequently, purchases of equipment in this area which Polish and foreign companies are interested in may be classified. The lack of a facility security clearance may deprive a company of any chance of winning a contract, because the contracting authority will not provide the contractor with the tender documentation, or admit the contractor to perform the contract, without first ascertaining that the company is capable of protecting classified information.

Access to classified information—a practical threshold for entering the market

Execution of most defence projects and upgrades entails access to classified information. While it can be organisationally simpler to protect access to “restricted” [zastrzeżone] materials, the requirements increase in the case of documents classified as “confidential” (poufne), “secret” (tajne) or “top secret” (ściśle tajne). This has to do not only with authorisations for employees, but also the capacity of the organisation as a whole to systematically protect information. This is what is certified in a “facility security clearance” (FSC).

To put it in simple terms, in practice there are two regimes governing clauses on classified information:

  • “Restricted” is the less-rigorous regime, and generally does not require an FSC. In the case of a “restricted” clause, employees can be admitted to work at the facility on the basis of a written authorisation of the director of the organisational unit, following training on the protection of classified information (if the person does not hold an individual security clearance). In that case, information cannot be processed in the contractor’s facilities, but only at the contracting authority’s premises.
  • In the case of “confidential,” “secret,” or ”top secret” clauses, an FSC is required.

Facility security clearance—who, when, how

An FSC is a document confirming that an enterprise is capable of protecting classified information when executing contracts or tasks. This doesn’t just mean having a safe for storing classified items. Issues of organisation, HR, finances, physical security and cybersecurity are also investigated.

An FSC in Poland is issued by the Internal Security Agency (ABW), or in the military sphere, the Military Counterintelligence Service (SKW), based on the conduct of a facility security procedure.

An enterprise applying for an FSC must specify the degree of clearance sought, the form and location in which it will process classified information, and consequently the applicant’s ability to protect the information:

  • First degree—certifying the enterprise’s full capacity to protect such information
  • Second degree—certifying the enterprise’s capacity to protect such information, but excluding the ability to process such information in its own communication and information systems
  • Third degree—certifying the enterprise’s capacity to protect such information, but excluding the ability to process such information within facilities occupied by the applicant.

The next issue identified by the applicant seeking an FSC is the type of confidentiality clause.

Depending on the type of clause, the clearance certificate is issued for:

  • 10 years for “confidential” information
  • 7 years for “secret” information, or
  • 5 years for “top secret” information.

The application to conduct an FSC procedure is filed by the director of the enterprise, which in the case of companies could be a member of the management board designated by a resolution. This procedure includes assessment of such matters as the organisational, HR and financial situation of the enterprise, as well as the system in place for protection of classified information. It is also necessary to provide the details of the persons who are to have access to classified information in connection with performance of the contract.

Under the Act on Protection of Classified Information, the FSC procedure should last no longer than 6 months after filing of a complete set of required documents. This is only an instructive time limit, however, which is not binding on the authority but is important in terms of project planning.

Access to information under a “restricted” clause

If the contract will involve only access to information under a “restricted” clause, the act provides for a less-rigorous regime. Employees may be admitted on the basis of a written authorisation by the director of the organisational unit, following training, and the enterprise does not have to hold an FSC, so long as it does not process such information in its own facilities. This solution will be effective so long as the scope of works remains unchanged (for example, until it becomes necessary to process information at the contractor’s site, or a higher level of classification comes into play).

Access to “confidential,” “secret” or “top secret” information without an FSC—two exceptions

The act recognises two exceptional mechanisms that will sometimes save a company seeking a contract but will not take the place of an FSC during longer cooperation:

  • “Temporary” consent when the clearance procedure is already underway. If a facility security procedure has been commenced with respect to an enterprise, selected state authorities (e.g. the head of the President’s office, the Sejm, the Senate, or the Prime Minister’s office; the competent minister; the president of the National Bank of Poland; the director of a central office; or in their absence, the head of ABW or SKW) may consent in writing to provide access to confidential, secret, or top secret information. This consent is limited in time and will expire if the procedure leads to a negative result.
  • “Ad hoc” consent when a procedure has not been initiated. In particularly justified instances, the same authorities may consent to making strictly defined information available to an enterprise that does not hold an FSC and is not pursuing a proceeding to obtain one. This is an incidental solution, useful for example for carrying out individual activities but not opening up ongoing access.

Advance planning—a necessity, not an option

Managers of companies interested in entering the defence sector need to treat issues of facility security as an integral element of their strategic planning. Obtaining the required certifications is a process that can last many months and requires the collection of a range of documents. In practice it often happens that a company is already prepared technically and organisationally to take part in a project, but the lack of a security clearance prevents the company from taking part in the tender, commercial negotiations, or contract performance.

Additionally, it is essential to bear in mind the restrictions applicable to foreigners. As a rule, individuals not holding Polish citizenship cannot obtain access to information classified as “secret” or higher, subject to exceptions set forth in detail in the act. Thus, plans to hire or appoint foreign personnel, including technical experts, require advance analysis of the permissibility of this solution.

Summary

Participation in projects for the defence sector is not limited to issues of technology, finances or products. A key element is the ability to meet the requirements of state security, including obtaining and maintaining the relevant security clearances. Without them, it is simply impossible to obtain access to information essential for carrying out most projects.

Companies planning to enter the defence sector should initiate procedures—in particular to obtain a facility security clearance or relevant individual security clearances—far enough in advance that these formal requirements do not block their business plans.

Dr Anna Kulińska, State Aid & EU Internal Market Regulation practice, Wardyński & Partners

Recommended articles
Public-private partnerships for military infrastructure: The European Investment Bank’s recommendations for Poland
The European defence industry urgently needs investment