Beyond the headlines: the certificate timeline that actually matters

Others deliver and disappear. We stay - to govern, harden, monitor, and evolve - turning frameworks into action, not just checklists.

28/5/26

Beyond the headlines: the dates that actually matter

Much has been written about shorter certificate validity. Less attention has been paid to the parallel reductions in DCV (Domain Control Validation) and SII/OV data reuse and these matter just as much to anyone responsible for a certificate estate. The sequence below sets out the figures as mandated.

A note on issuance: the agreed caps are 200, 100 and 47 days. Certificate authorities typically issue marginally under each limit to avoid misissuance, so in practice you may see 199, 99 and 46-day certificates. The caps themselves, and the dates below, are fixed.

  • 14 March 2026: last day a 398-day certificate can be issued; last day a CA can reuse DCV beyond 200 days.
  • 15 March 2026: maximum certificate term reduces to 200 days; DCV reuse capped at 200 days.
  • 30 September 2026: the first 200-day certificates begin to expire, earliest-issued first.
  • 14 March 2027: last day a 200-day certificate can be issued.
  • 15 March 2027: maximum certificate term reduces to 100 days; DCV reuse tightens further.
  • Mid-2027 onward: legacy one-year certificates have expired; 100-day certificates begin cycling.
  • 14 March 2029: last day a 100-day certificate can be issued.
  • 15 March 2029: maximum certificate term reduces to 47 days; DCV reuse reduces to 10 days.
  • From late April 2029: the first 47-day certificates begin to expire, locking in a monthly renewal cycle.

The practical implication is straightforward: by 2029, every publicly trusted certificate in your estate sits on a monthly cycle, with domain control re-proven every ten days. That is not a workload most teams can sustain manually, and it is why the time to act is now, while the cadence is still forgiving.

McCormickCo Security works with organisations to map this timeline against their own estate and build a controlled, auditable path to automation well ahead of the hard deadlines.

Contact McCormickCo Security

McCormickCo Security supports organisations in turning asset and endpoint data into meaningful assurance, strengthening submissions, supporting outcomes, and ultimately contributing to the safe and resilient delivery of services.

Contact | McCormickCo Security — Our team can provide further detail on the technical architecture, assurance mapping, and NHS-aligned delivery approach, and support organisations in assessing how this integration can be safely and effectively implemented within their environment.

Downloads

Similar Insights

Reinforce partnership model and support longevity
Book a Consultation
Book a Consultation