ProductGB

Early Warning

Free NCSC service that alerts organisations to potential cyber incidents affecting their networks; made mandatory for UK Cyber Resilience Pledge signatories.

Last refreshed: 29 May 2026 · Appears in 1 active topic

Key Question

How does enrolment in NCSC Early Warning reduce cyber risk for UK organisations?

Timeline for Early Warning

#51 May

Made mandatory for Cyber Resilience Pledge signatories

Cybersecurity: Threats and Defences: UK cyber sector clears 14.7bn pounds

View full timeline →

Follow Cybersecurity: Threats and Defences →

Common Questions

What is NCSC Early Warning and how do I sign up?: NCSC Early Warning is a free service that alerts UK organisations to cyber threats affecting their own IP ranges and domains. Sign up at the NCSC website; enrolment requires proof of ownership of the domain or IP address range.Source: NCSC
What does the Cyber Resilience Pledge require about Early Warning?: The May 2026 Cyber Resilience Pledge asks signatories to enrol their organisation in the NCSC's Early Warning service as one of its three core commitments.Source: DSIT Cyber Resilience Pledge
Is NCSC Early Warning suitable for small businesses?: Yes. Early Warning is free, designed for any UK-registered organisation regardless of size, and sends alerts by email — no dedicated security team is required to use it.Source: NCSC

Background

Early Warning became a mandatory commitment in the voluntary Cyber Resilience Pledge announced by DSIT in May 2026. The Pledge asks signatories to enrol in Early Warning as one of three core commitments alongside appointing a board-level cyber lead and attaining Cyber Essentials across supply chains. The Pledge launch coincided with the UK cyber sector's £14.7 billion annual revenue figures, framing it as both a growth enabler and a risk-reduction measure for the broader economy.

Early Warning is a free service run by the NCSC that alerts UK organisations to threats and vulnerabilities affecting their own IP address ranges and domains. It ingests threat-intelligence feeds, NCSC honeypot data, and partner data (including Shadowserver Foundation) to detect botnets, scanning activity, malware command-and-control traffic, and newly disclosed vulnerabilities affecting enrolled organisations' assets. Alerts are sent by email or API. Enrolment requires proof of domain or IP ownership. The service is available to any UK-registered organisation.

Early Warning sits at the base of the NCSC's proactive defence architecture, designed to extend professional-grade threat notification to organisations that cannot afford commercial threat-intelligence subscriptions. Its inclusion in the Resilience Pledge reflects the NCSC's strategy of using free services as a lever to improve national baseline cyber posture, particularly among SMEs and NHS-adjacent suppliers that are frequently targeted but under-resourced.

Source Material

NCSC Early Warning Service

How the World Sees Them

United States

CISA's ISAC model differs in being sector-based; Early Warning's free, organisation-level alerting is closer to CISA's free Vulnerability Scanning service for critical-infrastructure entities.

European Union

EU member states operate analogous national-CERT alert services; ENISA has noted Early Warning as a model for member-state baseline notification infrastructure.

United Kingdom

The NCSC positions Early Warning as a democratising tool, extending threat-intel access to SMEs and public bodies; the Resilience Pledge turned voluntary enrolment into a supply-chain expectation for large organisations' suppliers.