IACS enhances its Unified Requirements (URs) on Cyber Safety


To address the need to enhance the cyber resilience of ships in an increasingly digitalized world, last year IACS published UR E26 ‘Cyber Resilience of Ships’, and UR E27, ‘Cyber Resilience of On-Board Systems and Equipment’, which applied to new ships from 1 January 2024.

Since the publication of these requirements, and as experience of cyber security oversight in the maritime sector grows, the need for a standardized approach to survey requirements has been identified along with further enhancements resulting from industry feedback.

Additionally, and to address the challenges regarding the implementation of new cyber requirements in smaller and non-conventional vessels, the scope of applicability of these URs have been categorised as mandatory and non-mandatory compliance depending on vessel types and sizes.

These improvements have resulted in extensive changes to the two URs and so they will now supersede the originals and will be applied to new ships contracted for construction on and after 1 July 2024. To avoid confusion, the original versions, along with their previous application date of 1 Jan 2024, have been withdrawn. The revised version of URE27 is available on the IACS website (https://iacs.org.uk/resolutions/unified-requirements/ur-e). The revised version of URE26 is still being finalized and will be published before the end of the year.

IACS Secretary General, Robert Ashdown (pictured), said ‘Incorporating industry feedback to ensure IACS requirements are clear in their applicability and are capable of being consistently applied in ship surveys, is important in ensuring that measures to enhance cyber resilience have the desired impact. As a result, and given that the original requirements had not yet entered into force, IACS has decided to apply only the revised requirements from 1 July 2024. It is believed that industry will welcome the clarity that this decision brings.’