IACS UR E26/E27 Latest Compliance Updates and How Shipyards Should Respond
Back to News

Published on April 1, 2026

IACS UR E26/E27 Latest Compliance Updates and How Shipyards Should Respond

Background

IACS UR E26/E27 officially came into effect for newbuildings contracted on or after July 1, 2024. In Q1 2026, IACS published several clarifications that further specify certain technical requirements.

Key Changes

Clearer Network Segmentation Requirements

UR E26 now provides more specific guidance on OT/IT network segmentation, requiring shipyards to submit network topology documents during the design phase for classification society review.

Mandatory Software Bill of Materials (SBOM)

All critical system suppliers for newbuildings must provide a complete SBOM, including version details and vulnerability status of open-source components.

Cyber Incident Response Drills

The updated requirements specify the frequency and documentation standards for cybersecurity incident response drills — at least one tabletop exercise per year is recommended.

  1. Start gap analysis early — Complete a GAP Analysis within 90 days of contract signing
  2. Adopt automated compliance tools — Use digital platforms to continuously monitor compliance status
  3. Supply chain management — Establish a cybersecurity qualification process for equipment suppliers

Contact our expert team for further consultation.