A defence supplier holding a freshly issued AQAP-2110 certificate from a major commercial certification body could be forgiven for treating the document as a passport into NATO procurement. The certificate carries the body's logo, the supplier's name, the cited AQAP edition, the audit scope and the validity period. It looks exactly like the ISO 9001:2015 certificate hanging on the wall beside it.
The two documents are not equivalent. One is a globally recognised quality credential issued through the International Accreditation Forum chain. The other is a commercial product, valid only as far as the issuing body's national accreditation reaches, formally unrecognised by NATO itself, and useful for some purposes, but not for the one most suppliers assume it covers.
The market for commercial AQAP-2110 audits has grown substantially over the past decade as European procurement has flowed through more sub-tier suppliers and prime contractors have looked for pre-audited supplier-development routes. Most of the major certification bodies (BSI, DNV, TÜV SÜD, TÜV Rheinland, SGS, Bureau Veritas, Lloyd's Register Quality Assurance, RINA, Intertek and several specialist defence auditors) offer an AQAP-2110 audit service, usually bundled with the supplier's ISO 9001:2015 surveillance audit. Suppliers buy them. Primes accept them as supplier-qualification evidence. Some national authorities recognise them as part of national supplier-assessment processes. None of that activity rests on NATO recognition, because NATO does not provide it.
The headline finding in NATO's own words
The authoritative statement sits in AQAP-2000 Edition D, the NATO Standardization Office's strategic policy publication on the integrated systems approach to quality through the life cycle. Paragraph 6 of section 2.6 (Quality Management System Certification) is direct:
The primary AQAPs are published by NATO for use as contractual requirements. They are not formally recognised as the basis of quality management system certification. NATO does not publish a sector scheme, nor does it have arrangements in place to award certification. NATO does not recognize AQAP certification.
The clause is unambiguous and nothing elsewhere in the AQAP-2000 series softens it. There is no NATO-accredited register of AQAP auditors. There is no AQAP equivalent of the International Aerospace Quality Group's OASIS database that authenticates AS9100 auditors. There is no Multilateral Recognition Arrangement that gives an AQAP-2110 certificate cross-border standing across the alliance. The publication's footnote 14 reinforces the position: supplier assessment is defined as "the formal examination by a national quality assurance authority to determine the ability of a supplier or potential supplier to meet Allied quality assurance publication requirements." The formal examiner is the NQAA, not a CB.
Why ISO 9001 sits in a different place
The same AQAP-2000 paragraph deals with ISO 9001 in completely opposite terms. Paragraph 4 of section 2.6:
QMS Certification to ISO 9001 or AS EN 9100 is widely used throughout the global supply chain to provide a level of confidence in the organisation and so is often used in the selection of suppliers. This certification shall be from certification bodies that are accredited as competent by an International Accreditation Forum recognised National Accreditation Body.
So the two standards live on opposite sides of the certification market. ISO 9001 certification, where used, must come from an IAF-accredited CB working under a national accreditation body: UKAS in the United Kingdom, ANAB in the United States, DAkkS in Germany, COFRAC in France, ACCREDIA in Italy, RvA in the Netherlands and equivalents across the alliance. The accreditation infrastructure is mature, mutually recognised through the IAF Multilateral Recognition Arrangement, and treated by NATO as a legitimate input. AQAP-2110 certification sits outside that infrastructure entirely. NATO neither runs it, accredits it, recognises it nor refuses it: the publication's position is that it has no view.
The national exit door
NATO does not run a certification scheme but it does leave the door open for nations to do so as part of their own acquisition risk management. AQAP-2000 §2.6 paragraphs 7 and 8 say:
NATO nations' National Quality Assurance Authorities are free to use AQAPs for their own national purposes. NATO encourages nations to harmonize their approaches.
The NQAA will decide how AQAP certification is to be used within their nation. Some nations offer AQAP certification or confirmation as part of their approach to supplier assessment. This is part of their national acquisition risk management strategy. The merit of such certification as a source of confidence is directly related to the accreditation status of the certification body. Some NQAAs might allow their National Accreditation Body to accredit third party certification bodies for AQAP. This is also part of their national acquisition risk management strategy.
So the framework permits two national approaches. Either the NQAA is the sole assessor (and a CB-issued AQAP certificate carries no contractual weight beyond what the NQAA chooses to accept as risk information) or the NQAA delegates accreditation of AQAP-auditing CBs to the National Accreditation Body, and the CB then issues AQAP certificates under that national accreditation. The first approach dominates the major buyer nations.
How the major nations handle it
| Nation | NQAA | National accreditation route? | Position on CB-issued AQAP certificates |
|---|---|---|---|
| United States | OUSD(A&S) DPCAP, executing through DCMA International | No. ANAB does not accredit to AQAP. | No formal recognition. DCMA conducts all AQAP-2110 surveillance under DCMA-MAN 2501-11 (26 June 2025). A CB certificate is informally a positive risk indicator at most. |
| United Kingdom | National Quality Assurance Authority (DE&S, Abbey Wood); QA Field Force in the field | No. UKAS does not accredit to AQAP. | No formal recognition. The UK relies on the ISO 9001 IAF chain plus contractual AQAP-2110 (DEFCON 602, Def Stan 05-061) audited by the Field Force as GQA, per JSP 940. |
| Germany | BAAINBw ZtQ-BLst | No. | No formal recognition. BAAINBw imposes AQAP-2110 contractually and verifies it through Government Quality Assurance. |
| France | DGA Service de la Performance et de la Qualité Industrielles (SPQI) | Yes. COFRAC accredits CBs (CERT CEPE REF 14). | Dual model. SPQI performs GQA directly, while COFRAC accredits certification bodies to certify AQAP-2110/2310 under a DGA-linked technical reference. |
| Denmark | Forsvarsministeriets Materiel- og Indkøbsstyrelse (FMI) | Yes. DANAK (AB22, AMC 47). | Accredited national route. FMI has authorised DANAK to accredit certification bodies to certify against AQAP-2110. |
| Spain | DGAM / CMDIN | Yes. ENAC. | Accredited national route. ENAC accredits certification bodies to issue PECAL/AQAP 2000-series certificates recognised by DGAM/CMDIN. |
| Poland | Ministry of National Defence, via PCA | Yes, state-centric. | National military register. PCA accredits AQAP certification bodies, principally CCJ WAT (Military University of Technology) and PCBC. |
| Italy | Segretariato Generale della Difesa / DNA (SGD-DNA) | No, for AQAP. | MoD-direct. AQAP qualification is issued by SGD-DNA; ACCREDIA's RT-18 scheme covers EN 9100, not AQAP. |
The split is visible in the table. Denmark, France and Spain operate accredited national routes, through DANAK, COFRAC and ENAC respectively; the United States, the United Kingdom and Germany do not, relying on direct Government Quality Assurance. Poland runs a state-centric accredited register through PCA. None of these national arrangements is recognised by NATO, and none transfers automatically to another nation.
There is no harmonisation across these positions. A supplier holding a CB-issued AQAP-2110 certificate accepted by, say, the Polish NQAA cannot wave that certificate at DCMA and expect it to displace DCMA's surveillance. The certificate's reach is national.
What CBs actually sell
Setting aside the recognition question, what does the commercial AQAP-2110 audit actually consist of? In typical practice the engagement is structured as follows.
The CB conducts an ISO 9001:2015 surveillance audit at the supplier's premises. This is the supplier's normal annual cycle under its existing ISO 9001 certification. On top of that, the auditor adds a supplementary day or days devoted to the AQAP-2110 augmentations: the configuration management process, the deliverable quality plan provisions, the government property handling regime, the counterfeit-parts prevention regime (where AQAP-2110 SRD.3 is in scope), the subcontractor flow-down requirements, the GQAR access provisions, and the AQAP-specific competence and records-retention provisions. The auditor samples evidence in each area, raises observations and findings, and produces a report.
At the close of the audit, the CB issues two related documents: the ISO 9001:2015 certificate (subject to the rolling three-year cycle under the IAF chain), and a separate AQAP-2110 certificate or compliance statement, valid for the same period and contingent on continued ISO 9001 certification. The audit fee for the AQAP supplement is modest relative to the ISO 9001 fee (typically one to three additional auditor-days) which is one reason the practice has become widespread among SME suppliers seeking entry to NATO supply chains.
The augmentations map onto recognised standards. Configuration management aligns with ACMP-2100 and ISO 10007; deliverable quality plans with AQAP-2105; software quality with the AQAP-2210 supplement. For a supplier already certified to EN 9100, EN 9137 gives guidance on applying AQAP-2110 within that aerospace and defence quality management system.
What the certificate is worth
The certificate is useful for five things, none of which displace the GQAR's contractual role.
Supplier marketing and visibility. A current AQAP-2110 certificate from a reputable CB makes a supplier discoverable to prime contractors who run AQAP-aware procurement processes and need second- or third-tier suppliers who can absorb AQAP flow-down without significant remediation.
Pre-award qualification by primes. A first-tier prime contractor, faced with the obligation to flow AQAP-2110 down to its sub-tier suppliers, will accept a CB-issued AQAP-2110 certificate as evidence of QMS maturity before commencing its own supplier-development work. The certificate accelerates the supplier-onboarding process.
Risk information at GQAR planning. AQAP-2070 Annex C section 3 sets out the risk-information catalogue used to populate the RIAC, the Risk Identification, Assessment and Communication form that drives GQA planning. One of the categories of risk input is explicitly: "System or Process Certification – Risk information associated with 2nd or 3rd party certifications, product or process certification, use of product testing laboratories etc." A current CB certificate from a properly accredited body is a positive risk indicator and may justify the GQAR planning lower-intensity surveillance.
National supplier-assessment processes in those nations whose NQAA accepts the route.
Internal evidence for the supplier's own management of competence, configuration management and the other AQAP-2110 augmentations: the audit findings drive internal improvement whether or not the certificate carries external weight.
What the certificate is not worth
The certificate does not do any of the following.
It does not replace GQA. The Government Quality Assurance Representative's right of access to the supplier's premises is established by the contract clause that invokes AQAP-2110, independently of any CB certification. A supplier presenting a current CB-issued AQAP-2110 certificate at the GQAR's first visit will be politely thanked and the surveillance will proceed regardless.
It does not transfer across nations automatically. A certificate accepted by one nation's NQAA is not automatically accepted by another's. The IAF Multilateral Recognition Arrangement does not extend to AQAP. Each nation decides individually.
It cannot be used as a tender discriminator. AQAP-2000 §2.6 paragraph 9 is explicit on this point:
Acquirers shall not use AQAP certification as a discriminator at supplier selection because it is not available to all potential suppliers.
A procurement officer who excludes a supplier from a tender on the grounds that the supplier does not hold a commercial AQAP-2110 certificate is in breach of the publication's policy and exposes the procurement to procedural challenge.
It does not relieve the supplier of the contractual flow-down obligations. AQAP-2110 obligations flow to sub-tier suppliers irrespective of whether the prime supplier holds a CB certificate. The supplier still has to write AQAP flow-down clauses, qualify its sub-tier suppliers, and operate its own surveillance regime.
A commercial AQAP-2110 certificate is risk information, not contractual compliance. NATO's position is unambiguous: the formal examiner of compliance is the national authority.
Where the certificate sits in the GQAR's risk picture
This last point is worth surfacing because it explains how the CB certificate does material work even though it has no formal NATO standing. The mechanism is the RIAC.
A GQAR planning surveillance under AQAP-2070 builds the risk-information picture from supplier past performance, pre-award surveys, system and process certifications, key product characteristics, special requirements, supplier inexperience and contract review. A CB-issued AQAP-2110 certificate sits in the system-or-process-certification line. If the CB is accredited by an IAF-recognised National Accreditation Body, if the scope of the certificate covers the deliverable, if the certificate is current, and if recent surveillance audit findings are clean, the GQAR may downgrade the likelihood rating of QMS-related risk causes on the RIAC and plan a less intensive surveillance regime. Where the CB is not properly accredited, or the scope of the certificate does not cover the deliverable, or the supplier's recent surveillance findings are concerning, the certificate has correspondingly less weight.
This is how the certificate earns its keep in practice. It does not certify compliance (the GQAR does that) but it can shape the surveillance regime the supplier sees over the life of the contract.
Practical guidance
For suppliers
Hold a current ISO 9001:2015 certificate from a CB accredited by an IAF-recognised National Accreditation Body. This is the foundation. Where the deliverable is aviation, space or defence, hold AS EN 9100 instead. Where the deliverable involves software, hold the equivalent software-process certification.
If the AQAP-2110 audit is offered as a supplement to the ISO 9001 audit at modest additional cost, accept it. It generates internal evidence, drives surveillance findings into corrective action, and produces a certificate useful as risk information at GQAR planning, in supplier marketing, and in prime-contractor flow-down acceptance. Treat the certificate as evidence of QMS maturity, not as compliance with the contract.
Do not present the certificate to the GQAR as a basis for reducing surveillance. The right of access is the customer government's, established by contract; the certificate sits alongside, not above, that right.
Where the deliverable is munitions, energetic materials or any work where the AC/327 to AC/326 boundary matters, do not treat the CB certificate as evidence of ammunition-safety competence. AQAP quality assurance sits in the AC/327 lane; ammunition safety sits in the AC/326 lane, governed by the AASTP series and STANAGs such as 4440 and 4442. The AQAP suite does not bridge that boundary and CBs do not normally audit it.
For procurement officers
Cite AQAP-2110 in the contract clause regardless of whether the supplier holds a CB certificate. The contract is what creates the contractual quality obligation; the CB certificate is risk information, not compliance.
Where a CB certificate is presented at bid stage, treat it as positive risk information in the supplier-assessment scorecard, but do not use it as a tender discriminator. AQAP-2000 §2.6 paragraph 9 is explicit.
When briefing the GQAR or completing the RIAC for a Mutual GQA request, record the existence and accreditation status of any CB certificate. This is what the AQAP-2070 risk-information catalogue is designed to capture. The GQAR will calibrate surveillance accordingly.
Where the supplier's nation has an NQAA that recognises CB-issued AQAP certificates as part of national supplier assessment, ascertain that fact early. It may shape the form of the Mutual GQA tasking.
References
- NATO Standardization Office, AQAP-2000 Edition D Version 1 – NATO Policy on an Integrated Systems Approach to Quality through the Life Cycle. Sections 2.5 (Mutual GQA), 2.6 (Quality Management System Certification), footnote 14. (NATO, A–1)
- NATO Standardization Office, AQAP-2070 Edition C Version 1 – NATO Mutual Government Quality Assurance (GQA) Process. Annex C section 3 (risk-information catalogue). (NATO, A–1)
- NATO Standardization Office, AQAP-2110 Edition D Version 1 – NATO Quality Assurance Requirements for Design, Development and Production. (NATO, A–1)
- NATO Standardization Office, AQAP-4107 Edition B Version 1 – Implementation Guidance for STANAG 4107. (NATO, A–1)
- International Organization for Standardization, ISO 9001:2015 – Quality Management Systems – Requirements. (ISO, A–1)
- International Accreditation Forum, IAF Multilateral Recognition Arrangement, signatories and scopes register. www.iaf.nu (IAF, A–1)
- Defense Contract Management Agency, DCMA-MAN 2501-11 – International Requests for Contract Administration Services, 26 June 2025. (DCMA, A–1)
- NATO Standardization Office, AQAP-2105 – NATO Requirements for Deliverable Quality Plans; AQAP-2210 – NATO Supplementary Software Quality Assurance Requirements to AQAP-2110. (NATO, A–1)
- NATO, ACMP-2100 – Allied Configuration Management Publication, with ISO 10007 (configuration management guidance). (NATO / ISO, A–1)
- ASD-STAN for IAQG, EN 9137:2012 – Guidance for the Application of AQAP 2110 within an EN 9100 Quality Management System. iaqg.org (B–2)
- DANAK (Danish national accreditation body), AB22 – Accreditation to AQAP certification and AMC 47, recognised by the Danish MoD procurement authority FMI. danak.org (A–1)
- COFRAC (French national accreditation body), CERT CEPE REF 14 – AQAP-2110/2310 certification, incorporating a DGA technical reference. cofrac.fr (A–1)
- Spanish Ministry of Defence, DGAM / CMDIN industrial quality assurance (PECAL/AQAP 2000-series), accredited via ENAC. defensa.gob.es (A–1)
- UK Ministry of Defence, JSP 940 – MOD Policy for Quality, Part 2 Guidance. gov.uk (UK MOD, A–1)
- BAAINBw, AQAP Quality Assurance Requirements. bundeswehr.de (DEU MoD, A–1)
Source ratings under NATO STANAG 2022 (reliability A–F, accuracy 1–6). This analysis is AI-assisted and based on open-source materials. It does not constitute legal or procurement advice. ISC Defence Intelligence is the analysis brand of Integrated Synergy Consulting / Sawyers Global Solutions.
ISC Commentary
The AQAP suite is a contractual instrument, not a marketable credential. NATO's deliberate decision not to run a certification scheme keeps the system anchored on the inter-state recognition mechanism that is its genuine load-bearing structure: STANAG 4107 ratification and the Mutual GQA process operated by national authorities. Adding a NATO-run certification layer would create two routes to AQAP compliance with all the policy difficulty that implies. The publication's position is internally consistent.
That position pushes the certification market into national hands and onto the commercial CB infrastructure. The result is workable but variable. Suppliers who buy a commercial AQAP-2110 certificate without understanding what they are buying invite disappointment when the GQAR arrives and the surveillance regime is the same as it would have been without the certificate. Suppliers who understand the certificate's role (as risk information, as supplier-development evidence, as a marketing asset) use it constructively and earn its keep over the contract.
The question for the wider system is whether the variability of national approaches to CB-issued AQAP certificates is a feature or a bug. The IAF route on ISO 9001 has delivered global mutual recognition; the AQAP system, by NATO's own design, has not. That is the trade-off the publication has chosen to make.