Cyber Essentials renewal window changes from June 2026 — what SMBs need to know
IASME has tightened the renewal grace period for Cyber Essentials. If your certificate lapses by more than 30 days, you'll need a fresh assessment. Here's how to stay ahead of it.
The IASME consortium has updated its renewal policy for Cyber Essentials, effective from 1 June 2026. Certificates that lapse by more than 30 days will no longer be eligible for the standard renewal path — businesses will need to complete a full re-assessment.
For Manchester SMBs that rely on Cyber Essentials for tender qualification, public-sector contracts, or insurance discounts, this means renewal calendars need to be tighter than ever.
What's actually changing
Previously, IASME allowed a longer informal grace period between certificate expiry and renewal. From June, that drops to a strict 30 days.
How we're handling it for clients
Every Inology client on Compliance Protect now gets a 90-day renewal warning, a 60-day technical pre-check, and a 30-day final reminder. We're moving the entire client base to staggered renewal months to avoid bottlenecks.
If you're not on Compliance Protect and want a hand getting renewal sorted before the new rules kick in, drop us a line.
Want to talk to a human about this?
We're a Manchester-based MSP serving small businesses across Greater Manchester. Genuinely happy to give straight answers, even if we're not the right fit.
Talk to a human