Cyber Essentials grace period extended

News article

Cyber Essentials has extended the certification grace period to April 2023 to coincide with the next technical requirements refresh

In January 2022, the National Cyber Security Centre (NCSC) announced an update of the Cyber Essentials technical controls.

At the time, organisations who were looking to be assessed against the new standards were given a grace period of up to 12 months for some of the requirements. This grace period was due to end in January.

The decision has now been made to extend the grace period for a further three months until April 2023. The new deadline will coincide with the next, light touch, update to Cyber Essentials' technical requirements.

Forthcoming update to Cyber Essentials

The April 2023 update to the Cyber Essentials technical requirements will focus largely on a series of clarifications. It will, however, also include important new guidance around:

  • what falls under the scope of 'firmware'
  • third party devices
  • device unlocking
  • malware protection
  • zero trust architecture in the context of achieving Cyber Essentials
  • the importance of asset management

The NCSC aims to announce the full update of the requirements in January, ahead of the go-live in April 2023.

Find out more about Cyber Essentials.

First published 6 December 2022