Frequently Asked Questions on Kaspersky business, solutions and services

General questions

Yes. Kaspersky is a private international company with its holding company based in the UK. The company operates in more than 200 countries and territories and has more than 30 offices across the globe. About 60% of Kaspersky’s operations are international, and our local businesses are run by local entities, which gives us the opportunity to control our international and local operations effectively and independently.
Yes. Kaspersky has more than 25-years of history in developing the best-in-class cybersecurity solutions and providing cutting-edge threat analysis. Our customers can be confident in the integrity and security of Kaspersky’s solutions, its engineering practices and data services confirmed by third-party independent assessments, including the SOC 2 (Service Organization Control for Service Organizations) Type 2 audit, and ISO27001 certification. The trustworthiness of our products has been also confirmed by independent reviews.

Kaspersky is frequently ranked the best in independent ratings and has received some of the most prestigious international awards in independent tests conducted by leading organizations around the world. Our technologies are trusted by hundreds of global technology and OEM partners, and we work with the global IT security community as well as with law enforcement agencies, such as INTERPOL and Computer Emergency Response Teams (CERTs) around the world.
Kaspersky’s business operations remain stable. The company guarantees the fulfillment of its obligations to both partners and customers – this includes product delivery and support and financial transaction continuity.
The security and integrity of Kaspersky data services and engineering practices have been confirmed by independent third-party assessments. Two external independent audit organizations conducted these assessments: one through the SOC 2 Audit (Service Organization Control for Service Organizations) and the other according to ISO/IEC 27001:2013. The first confirmed the security of Kaspersky's processes for developing and releasing AV updates, ensuring protection against unauthorized changes; the second certified Kaspersky’s data services.

Moreover, we operate Transparency Centers across the globe, which serve as facilities for trusted partners and government stakeholders to review the company’s code, software updates, and threat detection rules. They enable us to provide governments and partners with information on our products and their security, such as essential and important technical documentation, for external evaluation in a secure environment. The Transparency Centers’ services are also available for remote access upon request.
Yes. Our internal tests and examinations confirm that the company’s global server infrastructure provides uninterrupted operation of Kaspersky’s core product portfolio and updates (excluding the U.S. territories and U.S. persons following ICTS Final Determination). Kaspersky is a global company and our cloud servers are distributed across the globe (e.g., in Switzerland, Germany, China, Canada, etc.), which enables faster processing of information and guarantees server availability should one of them fail for any reason.
Our customers can be confident in the integrity and security of Kaspersky’s solutions, engineering practices and data services. These have been confirmed by third-party independent assessments like the SOC 2 (Service Organization Control for Service Organizations) Type 2 audit that Kaspersky successfully passed. It demonstrates that Kaspersky has strong security controls in place to develop and release AV updates against the risk of unauthorized changes. The final report, with a description of the security controls and the whole process, can be provided to our customers and partners upon request.
As a private company, Kaspersky does not have any ties to the Russian government; moreover, Kaspersky is not obliged to provide information to the authorities under Russia's System of Operative Investigative Measures (SORM) (or other similar laws), since the company does not provide communication services. This has been confirmed by an independent legal assessment of the Russian legislation related to data-processing provided by a third party; the results are freely available online and provide an unbiased and fair legal assessment.
First and foremost, Kaspersky never provides any law enforcement or government organizations with direct or indirect access to user data or the company’s infrastructure. While we do provide information about this type of data upon request, no outside party can access our infrastructure or data directly. All requests are validated and processed by Kaspersky employees. Additionally, every request we receive undergoes legal verification to ensure our compliance with applicable laws and procedures. Our multistage process, based on five criteria, guides our decision-making in approving, rejecting, or appealing incoming requests. More details can be found here. Kaspersky publishes its Law Enforcement and Government Requests Report on a regular basis, with the latest information available here.
All data processed and/or transferred through our products is secured using encryption, digital certificates, segregated storage and strict data access policies. In processing suspicious or previously unknown malicious files, our users make a decision on sharing this data with the Kaspersky Security Network (KSN) for automated malware analysis. Kaspersky always provides information concerning data processing - in particular, the complete list of data that will undergo processing - to ensure that customers are kept in the know and can make informed decisions. Additionally, Kaspersky regularly discloses information on the number of data requests received from our users and processed in our Transparency report. The latest information is available here.
Kaspersky processes cyberthreat-related data and statistics. More information about the data processed can be found here.

To ensure the highest level of security for our users, Kaspersky's data services have been certified for IS027001, and re-certified in 2022. Both certificates are available upon request here.
Threat-related data processing includes suspicious or previously unknown malicious files that our products send to the Kaspersky Security Network (KSN) for automated malware analysis, when our users choose to accept the KSN Statement.

Kaspersky always provides information concerning data processing, such as the complete list of data that will undergo processing, to ensure that customers are fully informed and can make informed decisions. In our Transparency report, we publicly share information on the number of data requests received from our users and processed. The latest information is available here.
Within our Global Transparency Initiative (GTI), Kaspersky relocated part of its data-processing infrastructure: malicious and suspicious files shared by users of Kaspersky products in Europe, North and Latin America, the Middle East, and also several countries in Asia-Pacific are processed in two datacenters in Zurich, Switzerland, which provide world-class facilities in compliance with industry standards to ensure the highest levels of security. In addition, Switzerland is among the few countries that have an adequacy decision with the EU, meaning that it was recognized by the European Commission for providing adequate protection of personal data. Beyond our cyberthreat-related data processing facilities in Switzerland, statistics provided by users to Kaspersky can be processed on the Kaspersky Security Network’s services located in various countries around the world (Canada, Germany, Russia, etc.). A detailed list of countries where users have provided Kaspersky with personal data can be processed is here.

US ICTS Final Determination-specific questions

On June 20, 2024, the U.S. Department of Commerce announced its decision to prohibit the sales and distribution of Kaspersky software in the United States. Following the release of the Final Determination, Kaspersky has stopped the sales of its cybersecurity products in the country and started to gradually wind down its U.S. operations and eliminate U.S.-based positions. Kaspersky maintains that the Department of Commerce made its decision based on the present geopolitical climate rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services.

The ban didn’t cover Kaspersky’s informational or educational products and services such as Kaspersky Threat Intelligence and Kaspersky Cybersecurity Training, as well as Kaspersky consulting or advisory services (including SOC Consulting, Security Consulting, Ask the Analyst, and Incident Response), which continue to be available in the U.S. market.
Kaspersky is not under financial sanctions in the U.S. and is not aware of any grounds that could be used to impose such sanctions in the future. On June 21, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) placed members of the company’s executive and senior leadership team on the sanctions list. This step does not affect the company’s business operations as neither Kaspersky nor its subsidiary companies nor its CEO were designated by the OFAC.
Kaspersky believes that the ICTS process was created, and that the Department of Commerce selected Kaspersky for an ICTS review, based on the present geopolitical climate. Notwithstanding these pressures, which are outside Kaspersky’s control, Kaspersky has welcomed and fully engaged with the Department’s evaluation of the integrity of Kaspersky’s products and services. Despite proposing a system in which the security of Kaspersky products could have been independently verified by a trusted 3rd party, Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services. Kaspersky does not engage in activities which threaten U.S. national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted U.S. interests and allies.
Kaspersky does not engage in activities that threaten U.S. national security. It has, in fact, made significant contributions to US cybersecurity through its reporting and protection against a variety of threat actors targeting U.S. interests and those of its allies. Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services.
Following the ICTS Final Determination release, Kaspersky has stopped the sales and distribution of its cybersecurity products in the United States and started to gradually wind down its U.S. operations and eliminate U.S.-based positions.

The ban doesn’t cover Kaspersky’s informational or educational products and services such as Kaspersky Threat Intelligence and Kaspersky Cybersecurity Training, as well as Kaspersky consulting or advisory services (including SOC Consulting, Security Consulting, Ask the Analyst, and Incident Response), which continue to be available in the U.S. market.

The prohibition applies only to ICTS transactions involving Kaspersky products by U.S. persons and therefore has no material legal effect on the company’s business operations in other regions. Kaspersky continues fulfilling its obligations to existing customers under current agreements in other countries, and keeps delivering product and technical support. Kaspersky remains a trusted and proven partner in the global cybersecurity industry and we will continue delivering on our mission of building a safer world.
The guidance received from the U.S. Department of Commerce indicates that the sales of Kaspersky products and services to foreign, non-U.S. subsidiaries of U.S. persons are not prohibited. Therefore, Kaspersky can continue selling its solutions to subsidiaries of U.S. corporations incorporated under the law of other countries.
The prohibition will apply only to ICTS transactions involving our products by U.S. persons and therefore has no material legal effect on our business operations in other regions. We will continue fulfilling our obligations to our existing customers under current agreements in other countries, and will keep delivering products and technical support. Kaspersky remains a trusted and proven partner in the global industry and we will continue delivering on our mission to build a safer world.
Kaspersky cannot speculate on the future developments in other countries and isn’t aware of any grounds for the company’s products to be subject to restrictions. Kaspersky’s business operations remain stable, and our focus remains on those markets where we see the highest potential to develop our business.
Yes, it is. The recently-imposed prohibitions apply only to ICTS transactions involving Kaspersky products by U.S. persons and therefore have no material legal effect on our business operations in other regions. Kaspersky remains a trusted and proven partner in the global cybersecurity industry and we will continue delivering our mission of building a safer world.
The safety of customers and users remains Kaspersky’s main priority. Our defense is based on a multi-faceted approach and that takes into consideration research conducted around the world, big data, and machine learning. We will maintain the quality of our solutions at the highest levels to ensure that our products protect our customers against the full spectrum of cyberthreats.
A ban on the sales and distribution of Kaspersky products in the United States as well as the operation of the Kaspersky Security Network (KSN) in the United States or on the information technology system of any U.S. person will impact the telemetry gathered by Kaspersky solutions and the visibility of the local threat landscape. Nevertheless, telemetry is not our only source of insights into emerging threats, and Kaspersky will continue its work on all security research. We can still sell threat intelligence feeds, and provide training courses and Kaspersky consulting or advisory services in the U.S.
The excellence of Kaspersky products has been demonstrated by numerous independent tests, with Kaspersky products having participated in 100 independent tests in 2023, and ranked first in 93 of them. Kaspersky’s security products are particularly renowned for their exceptional detection rates. Independent testing organizations such as AV-TEST and AV-Comparatives consistently rank Kaspersky products among the top performers in the cybersecurity industry.

Moreover, Kaspersky’s engineering practices and data services adhere to the highest standards and regularly pass third-party independent audits. Our data services have been certified to the ISO27001 standard by an independent auditor, while our secure software development processes have been confirmed through the Service Organization Control for Service Organizations (SOC 2) audit.

Finally, Kaspersky has taken a leading role in promoting transparency by launching its Global Transparency Initiative, which enables our trusted partners and customers to verify the trustworthiness of our products. Committed to greater accountability, Kaspersky allows its stakeholders to review its source code, threat detection rules, and anti-virus updates, addressing any potential concerns they may have about the integrity of our solutions.