IACS UR E26 — Mandatory Since July 2024

Cyber Resilience,
Simplified.

The definitive resource for maritime cybersecurity compliance. Understand UR E26, assess your readiness, and close the gaps — before your next classification survey.

Take Readiness Assessment Learn About E26

500+GT Threshold

Jul '24Mandatory Date

5NIST Functions

Compliance Status

July 2024

Compliance is now mandatory.

Every new vessel. Every classification survey.
No exceptions.

IACS UR E26IACS UR E27All vessels 500+ GTManned classed vessels

Check Your Readiness

The Regulation

What is
UR E26?

IACS UR E26 is the global mandatory cybersecurity standard for ships. It establishes baseline cyber resilience requirements for vessels over 500 GT, covering identification, protection, detection, response, and recovery.

Compliance is verified by your Classification Society during annual and renewal surveys — and non-compliance risks suspension or withdrawal of class.

April 2022

IACS formally adopted UR E26 & E27

January 2024

Industry preparation deadline

July 2024

Full mandatory enforcement begins

2025–2026

Ongoing survey verification required

E26.1 — Identify

Asset inventory & cyber risk assessment

E26.2 — Protect

Network segmentation & access control

E26.3 — Detect

Continuous monitoring & anomaly detection

E26.4 — Respond

Incident response planning & execution

E26.5 — Recover

System restoration & evidence generation

View Full Requirements →

NIST Framework Alignment

Five Functions
of Cyber Resilience

UR E26 aligns with the NIST Cybersecurity Framework. Click each function to explore requirements.

Identify

Assets, risks, system boundaries

Protect

Access control, segmentation, training

Detect

Monitoring, anomaly detection, logging

Respond

Incident response, containment

Recover

Restoration, evidence, resilience

Self-Assessment

How Ready Are You?

7 questions. 2 minutes. Know your E26 gaps.

1 / 7

Have you conducted a cybersecurity risk assessment for your vessel's OT and IT systems?

Dual Standards

E26 & E27

Two complementary standards. Both mandatory. Understanding the difference matters.

E26

Ship Level

Addresses the vessel as a complete system. Defines cybersecurity requirements at the ship operations level including network architecture, personnel, and procedures.

Vessel-wide cyber risk assessment

OT/IT network segmentation

Crew cybersecurity training

Incident response planning

Compliance evidence for surveys

E27

System Level

Focuses on individual onboard systems and equipment. Sets security requirements for specific equipment manufacturers and system integrators.

Equipment-level security specs

ECDIS, AIS, engine management systems

Supply chain security requirements

Software development standards

System integration security testing

Read Full FAQ →

Get Started

Ready to Comply?

Stay ahead of UR E26. Get monthly regulatory updates, compliance guides, and expert analysis — free.

I agree to receive emails in accordance with the Privacy Policy.

Download Brochure

Looking for a complete E26 compliance platform?

TGM Maritime Platform →Browse FAQ

Cyber Resilience,Simplified.