E26 compliance · Class survey · All IACS members

Maritime cyber class notations
compared — all five societies.

DNV, Lloyd’s Register, Bureau Veritas, ABS, and ClassNK each publish their own cyber security class notation. They all implement IACS UR E26 — but with different tier names, security profile structures, and audit approaches. This guide tells you exactly what each one requires and which applies to your vessel.

5
Major Class societies
covered
3
Notation tiers across
most societies
IEC 62443
Underlying standard
all notations use
Jul 2024
Mandatory for new
vessel contracts
Quick answer — notation name by Class society
DNV — Cyber Secure / Essential / Advanced
Lloyd’s Register — ShipRight Cyber / CyberSafe
Bureau Veritas — CYBER CS1 / CS2
ABS — CyberSafety / CSQS
ClassNK — Part X / CMID
Before you compare

What a cyber class notation actually means

A Class cyber notation is a voluntary certificate (for existing vessels) or mandatory requirement (for E26 newbuilds) that an independent Class surveyor has verified your vessel’s cyber security programme against a defined standard. It is not a one-time test — it must be maintained through annual surveys.

For vessels contracted from 1 July 2024, IACS UR E26 makes the essential tier of each Class society’s notation effectively mandatory. For existing vessels, the notation remains voluntary — but increasingly influences insurance premiums, chartering requirements, and vetting scores under TMSA 3 and SIRE 2.

All five notations share a common baseline: every one of them implements IACS UR E26 and E27 as the minimum requirement for newbuilds, and uses IEC 62443 security levels as the technical benchmark. The differences are in tier structure, naming, and the depth of audit documentation required.
Society 1 of 5

DNV — Cyber Secure

DNV
Cyber Secure
Det Norske Veritas — Norway
Most detailed public guidance

DNV’s Cyber Secure notation is the most widely adopted and has the most extensive published guidance of any Class society. It uses Security Profiles (SP0–SP4) loosely aligned with IEC 62443 Security Levels. The notation covers 10 essential vessel functions by default, with additional systems possible via the (+) qualifier.

Standard basis
IEC 62443-3-3 Security Profiles SP0–SP4
Systems in scope
10 essential functions + (+) for additional
Non-DNV vessels
Yes — available as verification service
Cyber Secure
Baseline (SP0) — existing vessels
Aligns with IMO Resolution MSC.428(98) and MSC-FAL.1/Circ.3. Security Profile 0 is a subset of IEC 62443 SL1. Primarily intended for existing ships implementing the IMO SMS cyber requirement. Does not require full E26 architecture compliance.
Cyber Secure Essential
SP1 — mandatory E26 tier for newbuilds
Aligns with IACS UR E26 and E27. Security Profile 1 corresponds to IEC 62443-3-3 SL1. This is the mandatory tier for vessels contracted after 1 July 2024. Covers full CSDD, zone and conduit architecture, and CBS security capability verification. The most commonly contracted notation for newbuilds.
Cyber Secure Advanced
SP3 — voluntary enhanced tier
Security Profile 3 corresponds to IEC 62443-3-3 SL3. Designed for complex newbuilds requiring protection against intentional violations using sophisticated means. Voluntary — not required by E26 — but increasingly specified by some owners and charterers.
Cyber Secure (+)
Additive qualifier — additional systems
Covers systems not included in the default 10 essential functions scope — such as cargo systems, hotel systems, or additional OT equipment. Can be combined with any of the three main tiers. Requires a separate risk assessment for the additional systems.
TAGSIA note: DNV is currently certifying the first wave of E26/E27 newbuilds at major European shipyards. Their published Security Profile documentation is the most detailed publicly available interpretation of E26 requirements and is widely used as a reference even for vessels classed by other societies. See our E27 guide →
Society 2 of 5

Lloyd’s Register — ShipRight Cyber

LR
ShipRight Cyber / CyberSafe
Lloyd’s Register — United Kingdom
Active on E26 newbuilds

Lloyd’s Register applies E26/E27 through their ShipRight procedure and CyberSafe notation. LR does not publish as much standalone E26 interpretation documentation as DNV, but is actively certifying E26 newbuilds at major European and Asian shipyards. Their rules are closely aligned with E26/E27 requirements.

Standard basis
IACS UR E26/E27 + IEC 62443
Notation framework
ShipRight Cyber procedure
Non-LR vessels
Advisory services available
CyberSafe
IMO baseline — existing vessels
Aligns with IMO MSC.428(98) and MSC-FAL.1/Circ.3 requirements. Verifies that cyber risk management is integrated into the SMS. Equivalent to the IMO compliance baseline for existing vessels.
ShipRight Cyber Essential
E26 / E27 compliance — newbuilds
Full IACS UR E26 and E27 compliance verification through the ShipRight procedure. Required for LR-classed vessels contracted after 1 July 2024. Covers CSDD submission, zone and conduit architecture review, and CBS security capability verification against E27.
ShipRight Cyber Advanced
Enhanced security — voluntary
Enhanced security profile beyond E26 minimum requirements. Suitable for vessels with high-value cargo or complex operational profiles requiring protection above the IACS baseline.
TAGSIA note: LR is one of the two Class societies currently active on the first wave of E26 newbuilds at major European cruise shipbuilders. Their survey process for E26 CSDD submission and zone architecture approval is representative of what the broader industry should expect. CSDD guide →
Society 3 of 5

Bureau Veritas — CYBER CS1 / CS2

BV
CYBER CS1 / CS2
Bureau Veritas — France
Two-tier notation system

Bureau Veritas uses a clear two-tier system — CS1 for the IMO baseline and CS2 for full E26/E27 compliance. BV is particularly active in the French and Mediterranean shipbuilding market and publishes guidance on type approval for computer-based systems under E27.

Standard basis
IACS UR E26/E27 + IEC 62443
Notation system
CYBER with CS1 or CS2 qualifier
Type approval
E27 equipment certification available
CYBER CS1
IMO baseline — existing and all vessels
Aligns with IMO MSC.428(98) and MSC-FAL.1/Circ.3. Verifies that the vessel has integrated cyber risk management into its SMS. Suitable for existing vessels seeking formal Class verification of their IMO compliance without the full E26 architecture requirement.
CYBER CS2
IACS E26 / E27 — newbuilds
Full IACS UR E26 and E27 compliance. Required for BV-classed vessels contracted after 1 July 2024. Covers the complete CSDD, zone and conduit architecture, and E27 CBS security capability verification. BV also provides E27 type approval for equipment manufacturers through their LCIE Bureau Veritas testing laboratory.
TAGSIA note: BV’s two-tier system is the clearest to navigate — CS1 for the IMO floor, CS2 for the E26 ceiling. For OEMs supplying equipment to BV-classed vessels, BV’s LCIE laboratory provides IEC 62443-based type approval that satisfies E27. E27 guide →
Society 4 of 5

ABS — CyberSafety

ABS
CyberSafety / CSQS
American Bureau of Shipping — USA
Most active in US market

ABS offers a Cyber Resilience Program under the CyberSafety notation and CSQS qualification. ABS has published a detailed FAQ covering E26/E27 scope and is particularly active in the US and offshore market. Early adopters of E27 certification can receive ABS approval before vessel delivery.

Standard basis
IACS UR E26/E27 + IEC 62443
Notation system
CyberSafety with CSQS qualifier
Type approval
E27 Cyber Resilience Program
CyberSafety
IMO baseline — all vessels
Aligns with IMO Resolution MSC.428(98). Verifies that the vessel’s SMS adequately addresses cyber risk management. The entry-level notation available for existing vessels seeking formal ABS verification of their IMO compliance.
CyberSafety CSQS
IACS E26 / E27 — newbuilds
Full IACS UR E26 and E27 compliance verification. Required for ABS-classed vessels contracted after 1 July 2024. The Cyber Resilience Program for E27 equipment allows system suppliers to obtain ABS approval for individual CBS before vessel delivery, simplifying the project compliance process.
TAGSIA note: ABS has published the most detailed FAQ on E27 scope questions — including the third-party component responsibility question and the service engineer laptop exclusion. Useful reference even for vessels classed by other societies. E27 guide →
Society 5 of 5

ClassNK — Part X / CMID

NK
Part X / CMID
ClassNK — Japan
Most accessible public guidance

ClassNK has incorporated E26/E27 into Part X of their Rules for Classification. They publish the most accessible public interpretation guidelines and explanatory videos of any Class society, including a specific type approval application form (Form-7-10) for E27 equipment. Widely active in the Japanese and Asian shipbuilding market.

Standard basis
IACS UR E26/E27 — Part X Rules
Notation system
CMID notation + Part X rules
Type approval
Form-7-10 for E27 equipment
CMID
Cyber Management and Implementation Document
The ClassNK cyber management notation covering IMO baseline cyber risk management requirements. Verifies that the vessel’s SMS incorporates the five functional elements of cyber risk management required by MSC-FAL.1/Circ.3.
Part X — E26 / E27
Full E26 / E27 compliance — newbuilds
IACS UR E26 and E27 requirements incorporated into ClassNK’s Part X Rules for Classification. Required for NK-classed vessels contracted after 1 July 2024. For E27 equipment type approval, suppliers submit the Form-7-10 application — the most clearly documented equipment approval process of any IACS society.
TAGSIA note: ClassNK’s public interpretation guidelines and explanatory videos make their E26/E27 guidance the easiest to access and understand. Strongly recommended as a starting reference even for vessels classed by other societies — the technical requirements are identical across all IACS members. Start with Identify →
Side-by-side

All five notations compared

The table below compares all five societies across the dimensions that matter most when selecting or preparing for a Class cyber notation.

Criterion DNV Lloyd’s Register Bureau Veritas ABS ClassNK
Notation name Cyber Secure ShipRight Cyber / CyberSafe CYBER CS1 / CS2 CyberSafety / CSQS CMID / Part X
IMO baseline tier Cyber Secure SP0 CyberSafe CS1 CyberSafety CMID
E26 mandatory tier Cyber Secure Essential (SP1) ShipRight Cyber Essential CYBER CS2 CyberSafety CSQS Part X
Enhanced voluntary tier Advanced (SP3) Advanced
Underlying security standard IEC 62443-3-3 SP0–SP4 IEC 62443 + E26/E27 IEC 62443 + E26/E27 IEC 62443 + E26/E27 IACS UR E26/E27
E27 equipment type approval Cyber TA program Partial via ShipRight LCIE BV laboratory Cyber Resilience Program Form-7-10
Available for non-classed vessels Verification service Advisory only Advisory only Advisory only
Public interpretation guidance Extensive — most detailed Limited public documents Moderate Good — detailed FAQ Good — videos and guides
Annual survey required
Primary market strength Global / European European / UK French / Mediterranean US / Offshore Japanese / Asian
Decision guide

Which notation is right for your vessel?

The most important factor is which Class society currently classes your vessel — you cannot simply choose a notation from a different society. For newbuilds, the notation follows the Class society appointed at contract. For existing vessels, you choose the notation tier within your existing Class.

You have a newbuild contracted after 1 July 2024

The E26-aligned tier of your Class society is mandatory — Cyber Secure Essential (DNV), ShipRight Cyber Essential (LR), CS2 (BV), CSQS (ABS), or Part X (ClassNK). You do not choose — the notation follows the contract and Class appointment. Focus your effort on CSDD preparation and E27 equipment sourcing.

You have an existing vessel wanting voluntary notation

Choose the IMO baseline tier within your existing Class society. For DNV vessels: Cyber Secure (SP0). For LR: CyberSafe. For BV: CS1. For ABS: CyberSafety. Start by implementing TAGSIA’s five NIST phases — the notation audit will follow naturally from a completed programme.

You are an OEM or system integrator

You need E27 type approval from the Class society certifying the vessels your equipment will go on. DNV’s Cyber TA program, ClassNK’s Form-7-10, BV’s LCIE laboratory, and ABS’s Cyber Resilience Program are all equivalent pathways — choose the one matching your primary customer’s Class society.

You want notation regardless of your current Class

DNV is the only society that offers cyber notation as a verification service for vessels classed by other societies. If you want a DNV Cyber Secure notation on an LR-classed vessel, this is possible — but discuss with both societies first. This is rare but useful for charter requirements.

Common questions

Frequently asked questions

For vessels contracted for construction on or after 1 July 2024, the E26-aligned tier of your Class society’s cyber notation is effectively mandatory — it is the mechanism through which Class verifies E26 compliance. For existing vessels (contracted before July 2024), the notation is voluntary. However, IACS UR E26 not applying to your vessel does not mean cyber requirements don’t apply — IMO MSC-FAL.1/Circ.3 still applies to all ISM vessels since January 2021.
At the E26 level, yes — all IACS member societies are required to implement UR E26 and E27 as a unified requirement. The technical baseline is identical. What differs is the naming, the tier structure, the security profile methodology, and the depth of published guidance. A vessel with DNV Cyber Secure Essential and a vessel with BV CYBER CS2 have both passed equivalent E26/E27 compliance verification.
For newbuilds, the notation is obtained at vessel delivery as part of the overall class certification process — the timeline is driven by the build programme. For existing vessels seeking a voluntary notation, the preparation time depends on starting point. A vessel with no cyber programme in place typically takes 6–12 months to prepare documentation, implement technical controls, and pass the initial survey. A vessel with an existing IMO-compliant SMS cyber annex may complete the process in 3–6 months.
Yes — any tier of any Class cyber notation provides evidence of cyber risk management that satisfies the IMO MSC-FAL.1/Circ.3 requirement. The notation demonstrates to Port State Control that a recognised third party has verified your cyber programme. However, the notation is not required to be IMO compliant — you can satisfy MSC-FAL.1/Circ.3 through your SMS alone without obtaining a Class notation.
Increasingly significantly. P&I clubs review cyber programmes when assessing incident liability — a vessel with a Class notation that suffers a cyber incident may face different coverage treatment than one without. Some charterers and oil majors are beginning to specify cyber notation as a vetting requirement alongside TMSA 3 scores. DNV estimates that Cyber Secure notation is contracted by around 200 vessels currently, with 300–400 newbuild contracts annually expected from 2024 onwards. The commercial pressure is building rapidly.

Ready to prepare for your notation?

TAGSIA’s playbooks cover every requirement that Class surveyors audit — across all five societies. Start with Identify and work through all five phases.

Start with Identify → All playbooks
Login
Login
Scroll to Top