Cyber Essentials and Cyber Essentials Plus remain essential tools for protecting businesses against common cyber threats. On April 27th, 2026, the scheme will be updated to strengthen its controls and modernise requirements, ensuring they remain effective against evolving technologies, cloud platforms, and modern attack techniques.
As a managed service provider delivering both Cyber Essentials and Cyber Essentials Plus, we help businesses understand their options and plan the best approach.
What’s Changing in 2026
The 2026 update will strengthen Cyber Essentials to align with current cyber risks and working practices. Key changes include:
- Cloud and online services in scope – Platforms like Microsoft 365, Google Workspace, and other cloud systems must be included in certification.
- Mandatory Multi-Factor Authentication (MFA) – MFA must be enabled wherever supported.
- Stricter scoping rules – Any internet-connected system or device that accesses business data is now in scope unless clearly justified.
- Passwordless authentication recognised – Modern authentication methods, like passkeys or security keys, are now valid.
- Greater emphasis on resilience – Backups, recovery, and incident response are highlighted as essential controls.
What Businesses Need to Know
Businesses have two main options ahead of the April 2026 update:
- Certify before the update goes live:
If you achieve Cyber Essentials or Cyber Essentials Plus certification before April 2026, you remain compliant under the current standard. You then have up to one year before the new regulations must be applied, giving you time to plan and implement changes without pressure. - Certify after the update goes live:
Any certification started after April 2026 must meet the new requirements immediately. This ensures compliance with the updated standard but leaves less time to adjust.
Our Recommendation: Prepare Early for the 2026 Standard
While businesses can use the transitional period, our advice is to start preparing now and aim to meet the new 2026 requirements early. This approach:
- Ensures you’re already aligned with the future standard
- Avoids last-minute pressure when the update goes live
- Demonstrates proactive security to customers, partners, and regulators
How We Help
We guide businesses through every step of Cyber Essentials and Cyber Essentials Plus, including:
- Reviewing your environment against anticipated 2026 requirements
- Implementing technical controls, policies, and user practices
- Preparing for Plus-level technical testing
- Ongoing support to maintain compliance as standards evolve
Key Takeaway
Businesses can either take advantage of the transitional period or certify early against the new 2026 standard. Our advice: plan early, meet the updated requirements, and enjoy a smooth, future-ready certification. Reach out to our team at [email protected] or download our free guide to get started.
