February 2026 - Newsletter
Welcome to our news that you can use
Welcome to our newsletter, specially designed to keep small and medium-sized organisations informed and up-to-date on all the latest IT regulations and cyber security changes. Whether these changes have just happened or are about to take effect, we provide timely, clear, and practical updates to help your organisation stay compliant and secure in an ever-evolving digital landscape.
IT Services for Small Businesses
Changes to the Cyber Essentials scheme: April 2026 Update
The government-backed Cyber Essentials scheme helps organisations defend against common cyber threats through five key technical controls. To keep pace with evolving risks, the National Cyber Security Centre (NCSC) and IASME Consortium review and update the requirements annually. The next update, Cyber Essentials Requirements for IT Infrastructure v3.3, will take effect on 27 April 2026 and apply to all new assessment accounts created after that date. Existing accounts opened before then will continue under the current version, and applicants will have six months to complete their assessment once an account is created.
Implications for solicitors: There will be different questions asked in the self-assessment, which will imply that further modifications to a company’s processes and procedures will have to be considered. JDI-UK will evaluate any changes and let you know our understanding once we get more information.
More info at: https://iasme.co.uk/articles/upcoming-changes-to-the-cyber-essentials-scheme-april-2026-update/
Windows Lifecycle & Security Updates
Windows 10 End of Life
- Official Support Ended: 14 October 2025. No free security updates unless enrolled in Extended Security Updates (ESU) program (available until Oct 2026).
Implications for organisations: Organisations still running Windows 10 risk compliance breaches under SRA cybersecurity guidance. ESU costs start at £50/device/year for enterprises from October 2026 (Initial 12 months free to UK companies)
- Bug Alert: Some systems incorrectly show “End of Support” even if ESU is active. Microsoft has issued a Known Issue Rollback fix.
Implications for Organisations: IT teams should verify ESU enrolment and apply KIR policies to avoid confusion.
Windows 11 Version Deadlines
- 23H2 (Home/Pro): Support ended 11 November 2025.
- 22H2 (Enterprise/Education): Support ended 14 October 2025.
- 24H2: Supported until Oct 2026 (Home/Pro) and Oct 2027 (Enterprise/Education).
Impact: Organisations must plan upgrades to avoid unsupported OS versions, which could breach GDPR Article 32 (security of processing).
More info at: https://jdi-uk.com/windows-10-remediation
Microsoft Office 2016, 2019, and 2021 – End of Life and Compliance Risks
Microsoft ended support for Office 2016 and Office 2019 on 14 October 2025, and Office 2021 will reach end of support on 13 October 2026. After these dates, no security updates or technical fixes will be provided, leaving organisations exposed to vulnerabilities.
Under Cyber Essentials and GDPR, using unsupported software breaches compliance requirements and increases data protection risks.
Implications for organisations: Organisations must take remedial action now for Office 2016 / 2019: upgrade to Microsoft 365 or Office 2024 LTSC, and ensure all devices are patched, and update your asset registers. Failure to act could result in loss of Cyber Essentials certification, regulatory non-compliance, and heightened cyber risk.
More info at: https://support.microsoft.com/en-us/office/end-of-support-for-office-2016-and-office-2019-818c68bc-d5e5-47e5-b52f-ddf636cf8e16
Data Protection Law Changes
The Data (Use and Access) Act 2025 (“DUAA”) received Royal Assent in June 2025 and is now being rolled out in stages through 2025–2026. It does not replace UK GDPR, the Data Protection Act 2018 or PECR; instead, it amends and supplements them in targeted areas such as automated decision‑making, subject access, recognised legitimate interests, international transfers, and the use of cookies and similar technologies. For many SMEs, the biggest shift is not a brand‑new regime, but subtle changes to how existing obligations are interpreted and enforced.
Data (Use and Access) Act 2025 (DUAA) – Key Updates
- Automated Decision-Making (ADM): Broader scope for decisions based solely on automated processing, provided safeguards (human intervention, challenge rights) are in place.
Impact: Solicitors using AI-driven tools for client screening or risk assessments must review compliance processes. - Recognised Legitimate Interests: New lawful basis for processing activities like fraud prevention and IT security without a full Legitimate Interests Assessment.
Impact: Easier compliance for firms handling sensitive data for anti-money laundering checks. - Cookie & Marketing Rules: Certain analytics cookies and charity marketing emails now allowed without consent under new PECR provisions (charitable soft opt-in effective Jan 2026).
Impact: Firms running charity-linked campaigns can simplify consent workflows. - Subject Access Requests (SARs): Codified “reasonable and proportionate” search standard for responding to SARs.
Impact: Reduces administrative burden for firms handling large volumes of client data. - Mandatory Complaints Procedure: Organisations must implement a formal data protection complaints process.
Impact: Solicitor firms need to update internal policies and client-facing documentation.
More Info at: https://jdi-uk.com/duaa-2025
