Categories
The Procurement Policy Note (PPN) on the Cyber Essentials Scheme outlines the UK government’s requirements for cyber security in public sector contracts. Updated in February 2025, it ensures that suppliers handling personal, government, or sensitive data meet Cyber Essentials or Cyber Essentials Plus certification standards (or demonstrate equivalent controls). This scheme protects against common cyber threats and mitigates supply chain risks. The PPN applies to central government departments, executive agencies, non-departmental public bodies, and NHS organisations, with recommendations for other public sector bodies. It aligns with the Procurement Act 2023 and Procurement Regulations 2024, effective from 24 February 2025. Certification is required for contracts involving sensitive data, but a proportionate approach is advised to avoid unnecessary burdens on suppliers, particularly SMEs and VCSEs.
