Cyber Essentials changes 2026:
Cyber Essentials Willow to Danzell explained
From 28th April 2026, IASME is introducing significant updates to Cyber Essentials and Cyber Essentials Plus, including the transition from the Willow question set to Danzell.
These changes introduce stricter requirements and a shift toward real-time compliance at the point of certification.
Understand what’s changing and how to prepare.
What is changing in Cyber Essentials 2026?
The April 2026 updates are designed to strengthen the Cyber Essentials scheme and ensure organisations are genuinely secure - not just compliant on paper.
Key changes include:
- A move to point-in-time certification, with less flexibility during the audit process
- Mandatory MFA across all cloud services (where available)
- Stricter scoping and evidence requirements
- More rigorous Cyber Essentials Plus audits, including additional vulnerability sampling
What does Willow to Danzell mean?
The transition from Willow to Danzell represents a shift from interpretation to enforcement.
Under Danzell:
- Requirements are more clearly defined
- Tolerance for non-compliance is reduced
- Assessments are based on real, verifiable security posture
For organisations, this means:
You need to be ready before certification begins - not during it.
What does this mean for you?
For organisations
- Preparation needs to happen earlier
- Vulnerabilities must be resolved before certification
- MFA must be consistently applied across cloud services
- Certification is based on your current security posture, not planned fixes
For partners
- Customers will need more guidance before audits
- Preparation will become a key part of the certification journey
- There is greater responsibility to ensure customers are ready ahead of time
1. Enable MFA everywhere
Ensure MFA is enabled across all cloud services where available.
2. Address vulnerabilities early
Resolve high and critical vulnerabilities within required timelines, ensuring patches are applied consistently across the entire organisation.
3. Review your scope
Ensure all systems are correctly included and documented.
4. Prepare before booking an audit
Avoid scheduling Cyber Essentials Plus until you are confident you meet the requirements.
How CyberSmart can help
CyberSmart helps organisations and partners adapt to the new Cyber Essentials requirements with confidence.
Stay audit-ready with CyberSmart
- Real-time visibility of vulnerabilities
- Clear audit readiness indicators
- Guided Cyber Essentials Plus preparation journey
- Continuous monitoring to help maintain compliance
We’re also introducing new enhancements to support the move from Willow to Danzell - making it easier to prepare, track progress, and succeed under the updated scheme.
Be ready for Cyber Essentials under Danzell
The move from Willow to Danzell changes how organisations achieve certification.
CyberSmart helps you prepare earlier, stay compliant, and approach certification with confidence.