CyberFundamentals transition 2023 to 2025

The CyberFundamentals Framework has been revised to CyberFundamentals 2025 to better align with international standards and current threats. You do not need to migrate to the new version of the framework immediately; a transition period has been established. You can find more information about this in this article.

Transition period #

• Both versions (CyberFundamentals 2023 and CyberFundamentals 2025) will be available side by side during a transition period.
• You can choose verification or certification based on CyFun 2023 or CyFun 2025 until April 18, 2027.
• Certificates and verification statements based on CyFun 2023 will remain valid until April 18, 2028.
• After the transition period, only CyFun 2025 will be accepted.

Main changes CyberFundamentals 2025 #

Stronger alignment with international standards and legislation:
CyberFundamentals 2025 better aligns with European and national regulations, including the NIS2 legislation.

Expansion and clarification of requirements:
The controls and guidelines have been revised and more clearly formulated.

Increased focus on supply chain and OT security:
The new version explicitly addresses supply chain security and operational technology (OT).

Incorporation of user feedback:
The 2025 version was developed partly based on feedback from the field, making the framework more practical and user-friendly.

Introduction of Governance Measures:
New in 2025 are the “Governance Measures,” which ensure cybersecurity assurance at the board level.

More extensive explanation and interpretation:
The explanation of the requirements has been expanded so that organizations better understand what is expected of them.

Improved structure and readability:
In addition to content changes, grammatical, editorial, and structural improvements have also been made.

Do you have any questions about the impact of these changes in CyberFundamentals 2025? Feel free to contact us by phone +32 14 48 0730 of info@brandcompliance.com.