Loading page content…
Loading page content…
Cyber Essentials is mandatory for many UK government ICT contracts, particularly those involving personal data handling or IT services, though requirements vary by department and contract value.
Cyber Essentials certification is mandatory for numerous UK government tenders, especially those involving information technology services, data processing, or handling of personal information. The Cabinet Office mandated in 2014 that all central government contracts involving the handling of personal information or provision of certain ICT services must require suppliers to achieve Cyber Essentials certification.
The requirement typically applies to contracts where suppliers will: - Handle personal data on behalf of government - Provide IT services or software development - Have access to government networks or systems - Process sensitive information
Different government departments may have varying thresholds and interpretations. For example, some departments require Cyber Essentials for all ICT-related contracts above £5 million annually, while others apply it more broadly to smaller contracts involving data handling.
When bidding for affected tenders, you must typically provide: - Valid Cyber Essentials certificate (basic level) - Cyber Essentials Plus for higher-risk contracts - Evidence of annual renewal and maintenance
The certification must be current throughout the contract period, not just at the point of bidding. Some procuring authorities require Cyber Essentials Plus (which includes on-site testing) for particularly sensitive contracts.
To ensure compliance, review tender documentation carefully for specific cyber security requirements. The requirement is usually stated clearly in the Selection Questionnaire (SQ) or equivalent pre-qualification documentation. If uncertain about whether your contract falls within scope, contact the procuring authority directly during the clarification period.
For detailed guidance on meeting government cyber security requirements, visit our supplier qualification requirements page.