E26 compliance · Class survey · All IACS members

Maritime cyber class notations
compared — all five societies.

DNV, Lloyd’s Register, Bureau Veritas, ABS, and ClassNK each publish their own cyber security class notation. They all implement IACS UR E26 — but with different tier names, security profile structures, and audit approaches. This guide tells you exactly what each one requires and which applies to your vessel.

5
Major Class societies
covered
3
Notation tiers across
most societies
IEC 62443
Underlying standard
all notations use
Jul 2024
Mandatory for new
vessel contracts
Quick answer — notation name by Class society
DNV — Cyber Secure / Essential / Advanced
Lloyd’s Register — Cyber Resilience
Bureau Veritas — CYBER MANAGED / CYBER RESILIENT / CYBER SECURE
ABS — Cyber Resilience (CR)
ClassNK — Part X / CMID
Maritime cyber class notation comparison — DNV Cyber Secure Essential, Lloyd's Register Cyber Resilience, Bureau Veritas CYBER RESILIENT, ABS Cyber Resilience CR, and ClassNK Part X all implementing mandatory IACS UR E26 and E27 from 1 July 2024

Every major Class society implements IACS UR E26 and E27 — but each uses different notation names, different tier structures, and different audit procedures. The diagram shows all five side by side so you can see immediately what applies to your vessel and your Class society.

The mandatory tier name varies — DNV calls it Cyber Secure Essential, LR calls it Cyber Resilience, BV calls it CYBER RESILIENT, ABS calls it Cyber Resilience (CR), and ClassNK implements it through Part X. Despite the different names, all five require the same underlying compliance: full CSDD, zone and conduit architecture, and CBS security capability verification against IACS UR E26 and E27.

The practical differences that matter when preparing for survey are in the published guidance available and the submission format expected — DNV and ClassNK publish the most accessible guidance, while LR’s rules are the primary reference for LR-classed vessels.

<< Click the diagram to expand at full resolution.

Before you compare

What a cyber class notation actually means

A Class cyber notation is a voluntary certificate (for existing vessels) or mandatory requirement (for E26 newbuilds) that an independent Class surveyor has verified your vessel’s cyber security programme against a defined standard. It is not a one-time test — it must be maintained through annual surveys.

For vessels contracted from 1 July 2024, IACS UR E26 makes the essential tier of each Class society’s notation effectively mandatory. For existing vessels, the notation remains voluntary — but increasingly influences insurance premiums, chartering requirements, and vetting scores under TMSA 3 and SIRE 2.

All five notations share a common baseline: every one of them implements IACS UR E26 and E27 as the minimum requirement for newbuilds, and uses IEC 62443 security levels as the technical benchmark. The differences are in tier structure, naming, and the depth of audit documentation required.
Society 1 of 5

DNV — Cyber Secure

DNV
Cyber Secure
Det Norske Veritas — Norway
Most detailed public guidance

DNV’s Cyber Secure notation is the most widely adopted and has the most extensive published guidance of any Class society. It uses Security Profiles (SP0–SP4) loosely aligned with IEC 62443 Security Levels. The notation covers 10 essential vessel functions by default, with additional systems possible via the (+) qualifier.

Standard basis
IEC 62443-3-3 Security Profiles SP0–SP4
Systems in scope
10 essential functions + (+) for additional
Non-DNV vessels
Yes — available as verification service
Cyber Secure
Baseline (SP0) — existing vessels
Aligns with IMO Resolution MSC.428(98) and MSC-FAL.1/Circ.3. Security Profile 0 is a subset of IEC 62443 SL1. Primarily intended for existing ships implementing the IMO SMS cyber requirement. Does not require full E26 architecture compliance.
Cyber Secure Essential
SP1 — mandatory E26 tier for newbuilds
Aligns with IACS UR E26 and E27. Security Profile 1 corresponds to IEC 62443-3-3 SL1. This is the mandatory tier for vessels contracted after 1 July 2024. Covers full CSDD, zone and conduit architecture, and CBS security capability verification. The most commonly contracted notation for newbuilds.
Cyber Secure Advanced
SP3 — voluntary enhanced tier
Security Profile 3 corresponds to IEC 62443-3-3 SL3. Designed for complex newbuilds requiring protection against intentional violations using sophisticated means. Voluntary — not required by E26.
Cyber Secure (+)
Additive qualifier — additional systems
Covers systems not included in the default 10 essential functions scope. Can be combined with any of the three main tiers. Requires a separate risk assessment for the additional systems.
TAGSIA note: DNV publishes the most detailed publicly available interpretation of E26 requirements and is widely referenced even for vessels classed by other societies. See our E27 guide →
Society 2 of 5

Lloyd’s Register — Cyber Resilience

LR
Cyber Resilience
Lloyd’s Register — United Kingdom
Active on E26 newbuilds

Lloyd’s Register applies E26/E27 through their rules and issues the Cyber Resilience descriptive note — verified through the ShipRight assessment procedure. LR has explicitly stated they have not published standalone E26/E27 interpretation documents, but their current rules are closely aligned. LR is actively certifying E26 newbuilds including the first offshore wind CSOVs to achieve the notation globally.

Standard basis
IACS UR E26/E27 + LR Rules
Assessment procedure
ShipRight Cyber procedure
Non-LR vessels
Advisory services available
Cyber Resilience
E26 / E27 compliance — newbuilds from 1 July 2024
The single Cyber Resilience descriptive note covers full IACS UR E26 and E27 compliance. Mandatory for LR-classed vessels contracted after 1 July 2024. Assessed through the ShipRight procedure — covering CSDD submission, zone and conduit architecture, and CBS security capability verification against E27. LR does not currently publish a separate IMO-baseline-only notation for existing vessels under this framework.
TAGSIA note: LR awarded the Cyber Resilience notation to the Grampian Kestrel and Grampian Eagle CSOVs — the first offshore wind vessels in the world to achieve E26/E27 LR certification. LR does not publish separate E26/E27 guidance documents — their rules are the reference. CSDD guide →
Society 3 of 5

Bureau Veritas — CYBER MANAGED / CYBER RESILIENT / CYBER SECURE

BV
CYBER MANAGED / CYBER RESILIENT / CYBER SECURE
Bureau Veritas — France
Three-tier notation system

Bureau Veritas uses three named notations covering the full range from IMO baseline to beyond E26. BV is particularly active in the French and Mediterranean shipbuilding market and certifies equipment under their NR 659 rules framework through type approval.

Rules basis
NR 659 — BV Rules on Cyber Security
Notation system
CYBER MANAGED / RESILIENT / SECURE
Type approval
E27 equipment certification via NR 659
CYBER MANAGED
IMO baseline — in-service vessels
For in-service vessels. Confirms that the shipowner has developed a complete map of IT and OT systems, undertaken a risk assessment, implemented mitigation measures, incorporated high-level management principles, and developed detailed onboard procedures. Aligns with IMO Resolution MSC.428(98).
CYBER RESILIENT
E26 compliance — mandatory for newbuilds
Guarantees compliance with IACS UR E26 requirements for contracts signed after 1 July 2024. This is the mandatory tier for BV-classed newbuilds. Covers the full CSDD, zone and conduit architecture, and E27 CBS security capability verification through NR 659.
CYBER SECURE
Enhanced tier — voluntary
Adds extra stringent requirements beyond E26 minimum. Intended for hyper-connected, autonomous, or military vessels, or owners requiring a higher level of assurance than the IACS baseline.
TAGSIA note: BV’s three-tier naming is clear — MANAGED for the IMO floor, RESILIENT for the E26 mandatory tier, SECURE for beyond E26. For OEMs supplying equipment to BV-classed vessels, type approval is issued under NR 659 aligned with E27. E27 guide →
Society 4 of 5

ABS — Cyber Resilience (CR)

ABS
Cyber Resilience (CR)
American Bureau of Shipping — USA
Most active in US market

ABS has incorporated IACS UR E26 and E27 into their 2024 Marine Vessel Rules (MVR) and issues the Cyber Resilience (CR) notation for compliance. ABS also offers the older optional CyberSafety CS1/CS2/CS3 notation series under a separate framework — these are distinct from the mandatory E26/E27 CR notation. ABS has published a detailed FAQ covering E26/E27 scope and is particularly active in the US and offshore market.

Rules basis
ABS MVR 4-9-13 / 4-9-14
E26/E27 notation
Cyber Resilience (CR)
Type approval
Cyber Resilience Program
Cyber Resilience (CR)
IACS E26 / E27 — mandatory for newbuilds
Vessels complying with ABS MVR Section 4-9-13 are assigned the CR notation. Mandatory for ABS-classed vessels contracted after 1 July 2024. Covers full E26 vessel-level requirements and E27 CBS security capabilities. Also available voluntarily for vessels outside the mandatory scope. ABS also awarded the first CR-Ex (Cyber Resilience-Existing) notation in 2025 for retrofitted offshore units.
CyberSafety CS1 / CS2 / CS3
Optional series — separate from E26/E27
An older optional notation series under ABS CyberSafety Volume 2. Available for all ISM-classed vessels. Not the E26/E27 notation — these are separate frameworks operating in parallel. Relevant for existing vessels seeking a voluntary ABS cyber notation outside the mandatory E26 scope.
TAGSIA note: ABS has published the most detailed FAQ on E27 scope questions — including the third-party component responsibility question and the service engineer laptop exclusion. Useful reference even for vessels classed by other societies. E27 guide →
Society 5 of 5

ClassNK — Part X / CMID

NK
Part X / CMID
ClassNK — Japan
Most accessible public guidance

ClassNK has incorporated E26/E27 into Part X of their Rules for Classification. They publish the most accessible public interpretation guidelines and explanatory videos of any Class society, including a specific type approval application form (Form-7-10) for E27 equipment. Widely active in the Japanese and Asian shipbuilding market.

Standard basis
IACS UR E26/E27 — Part X Rules
Notation system
CMID notation + Part X rules
Type approval
Form-7-10 for E27 equipment
CMID
Cyber Management and Implementation Document
The ClassNK cyber management notation covering IMO baseline cyber risk management requirements. Verifies that the vessel’s SMS incorporates the functional elements of cyber risk management required by MSC-FAL.1/Circ.3.
Part X — E26 / E27
Full E26 / E27 compliance — newbuilds
IACS UR E26 and E27 requirements incorporated into ClassNK’s Part X Rules. Required for NK-classed vessels contracted after 1 July 2024. For E27 equipment type approval, suppliers submit the Form-7-10 application — the most clearly documented equipment approval process of any IACS society.
TAGSIA note: ClassNK’s public interpretation guidelines and explanatory videos make their E26/E27 guidance the easiest to access. Strongly recommended as a starting reference even for vessels classed by other societies. Start with Identify →
Side-by-side

All five notations compared

The table below compares all five societies across the dimensions that matter most when selecting or preparing for a Class cyber notation.

Criterion DNV Lloyd’s Register Bureau Veritas ABS ClassNK
E26/E27 notation name Cyber Secure Essential Cyber Resilience CYBER RESILIENT Cyber Resilience (CR) Part X
IMO baseline tier Cyber Secure (SP0) No separate tier CYBER MANAGED CyberSafety CS series CMID
Enhanced voluntary tier Cyber Secure Advanced (SP3) CYBER SECURE
Underlying security standard IEC 62443-3-3 SP0–SP4 IACS UR E26/E27 + LR Rules NR 659 + IEC 62443 ABS MVR + IEC 62443 IACS UR E26/E27 Part X
E27 equipment type approval Cyber TA program Partial via ShipRight NR 659 type approval Cyber Resilience Program Form-7-10
Available for non-classed vessels Verification service Advisory only Advisory only Advisory only
Public interpretation guidance Extensive — most detailed None — LR have explicitly stated no public E26/E27 documents Moderate — NR 659 guidance available Good — detailed FAQ and MVR documents Good — videos and guides
Annual survey required
Primary market strength Global / European European / UK / Offshore French / Mediterranean US / Offshore Japanese / Asian
Decision guide

Which notation is right for your vessel?

The most important factor is which Class society currently classes your vessel — you cannot simply choose a notation from a different society. For newbuilds, the notation follows the Class society appointed at contract. For existing vessels, you choose the notation tier within your existing Class.

You have a newbuild contracted after 1 July 2024

The E26-aligned notation of your Class society is mandatory — Cyber Secure Essential (DNV), Cyber Resilience (LR), CYBER RESILIENT (BV), Cyber Resilience CR (ABS), or Part X (ClassNK). You do not choose — the notation follows the contract and Class appointment. Focus your effort on CSDD preparation and E27 equipment sourcing.

You have an existing vessel wanting voluntary notation

Choose the IMO baseline tier within your existing Class society. For DNV vessels: Cyber Secure (SP0). For BV: CYBER MANAGED. For ABS: CyberSafety CS series. For ClassNK: CMID. LR does not currently offer a separate IMO-baseline notation outside the full Cyber Resilience framework.

You are an OEM or system integrator

You need E27 type approval from the Class society certifying the vessels your equipment will go on. DNV’s Cyber TA program, ClassNK’s Form-7-10, BV’s NR 659 type approval, and ABS’s Cyber Resilience Program are all equivalent pathways — choose the one matching your primary customer’s Class society.

You want notation regardless of your current Class

DNV is the only society that offers cyber notation as a verification service for vessels classed by other societies. If you want a DNV Cyber Secure notation on an LR-classed vessel, this is possible — but discuss with both societies first. This is rare but useful for charter requirements.

Common questions

Frequently asked questions

For vessels contracted for construction on or after 1 July 2024, the E26-aligned notation of your Class society is effectively mandatory — it is the mechanism through which Class verifies E26 compliance. For existing vessels contracted before July 2024, the notation is voluntary. However, IMO MSC-FAL.1/Circ.3 still applies to all ISM vessels since January 2021.
At the E26 level, yes — all IACS member societies implement UR E26 and E27 as a unified requirement. The technical baseline is identical. What differs is the naming, the tier structure, and the depth of published guidance. A vessel with DNV Cyber Secure Essential and a vessel with BV CYBER RESILIENT have both passed equivalent E26/E27 compliance verification.
For newbuilds, the notation is obtained at vessel delivery as part of the overall class certification process. For existing vessels seeking a voluntary notation, a vessel with no cyber programme in place typically takes 6–12 months to prepare documentation, implement technical controls, and pass the initial survey. A vessel with an existing IMO-compliant SMS cyber annex may complete the process in 3–6 months.
Yes — any tier of any Class cyber notation provides evidence of cyber risk management that satisfies the IMO MSC-FAL.1/Circ.3 requirement. The notation demonstrates to Port State Control that a recognised third party has verified your cyber programme. However, the notation is not required to be IMO compliant — you can satisfy MSC-FAL.1/Circ.3 through your SMS alone without obtaining a Class notation.
Increasingly significantly. P&I clubs review cyber programmes when assessing incident liability. Some charterers and oil majors are beginning to specify cyber notation as a vetting requirement alongside TMSA 3 scores. DNV estimates the Cyber Secure notation has been contracted by around 200 vessels, with 300–400 newbuild contracts annually expected from 2024 onwards. The commercial pressure is building rapidly.

Ready to prepare for your notation?

TAGSIA’s playbooks cover every requirement that Class surveyors audit — across all five societies. Start with Identify and work through all five phases.

Start with Identify → All playbooks
Login
Login
Scroll to Top