How to send encrypted e-mails

If you would like to email sensitive information to FI, there are two methods you can use to send encrypted emails: PGP and TLS.

In brief, PGP encrypts the email from one person to another, and TLS encrypts communication between two email servers. An email that is not encrypted is sent as normal text over the Internet and can be easily intercepted.

PGP encryption

An email encrypted with PGP can only be read by recipients that have the private key that fits the public key used to encrypt the email. Encrypt the entire email, not only the attached files.

A PGP app must be downloaded to the computer to use PGP encryption. FI recommends the commercial PGP app from Symantec.
To send encrypted emails to FI's official email address, you need to download FI's key: Finansinspektionen_Registrator_111025.zip

TLS encryption

FI also supports TLS encryption, which is established via a secure channel between two email servers. FI offers TLS as a standard on all email servers that send emails to Finansinspektionen. This means that all email servers that can and want to communicate with TLS may do so without any extra configuration from Finansinspektionen. Unfortunately, this also means that if an email server cannot or does not want to send encrypted emails, it does not need to. The email will arrive at the recipient, but unencrypted.

Finansinspektionen therefore recommends enforced TLS communication for more secure and more controlled communication. However, this requires some configuration and verification on the part of both FI and the counterparty. More information about how your organisation can prepare to send TLS encrypted communication to FI is available here: Secure Email TLS.

Finansinspektionen has enforced TLS with several of the companies under its supervision. Contact your organisation's IT or security department for questions related to your organisation's TLS support or configuration.


Last reviewed: 2024-01-09