← All posts

ISO 9001:2026 Revision: What Changed and What UK Businesses Must Do

Published 1 February 2026

The ISO 9001:2026 revision is the first major rewrite of the world's most widely adopted quality management standard since 2015. If your UK business holds ISO 9001 certification — or plans to get certified — this affects you directly. The Draft International Standard (DIS) was published in August 2025, and the final standard is projected for September 2026. That gives you roughly three years to transition before the old version expires.

This post covers exactly what changed, what stayed the same, and what you need to do — clause by clause — to stay compliant.

Background: Why ISO 9001 Is Being Revised

ISO standards follow a systematic review cycle. ISO Technical Committee 176, Sub-Committee 2 (ISO/TC 176/SC 2) — the group responsible for ISO 9001 — conducts a formal review every five years. The 2015 edition was reviewed in 2020, and the committee voted to begin a revision rather than simply reconfirm the existing text.

That decision wasn't arbitrary. Feedback from over 80 national standards bodies highlighted several issues:

  • The 2015 edition's "risk-based thinking" concept was too vague for many organisations to implement consistently.
  • The standard didn't adequately address digital transformation, remote working, or data-driven decision-making — all of which have accelerated since 2020.
  • Clause structure needed alignment with the updated Annex SL (the high-level structure shared by all ISO management system standards), which was itself revised in 2023.
  • Auditors and certified organisations reported confusion around documented information requirements — specifically, what needed to be documented versus what was optional.

The revision process followed ISO's standard stages: working drafts through 2023–2024, a Committee Draft (CD) in early 2025, and the DIS in August 2025. The Final Draft International Standard (FDIS) is expected in mid-2026, with publication projected for September 2026.

What the ISO 9001:2026 Revision Actually Changes

New Clause Structure

The 2015 edition has 10 clauses. The 2026 DIS restructures these into a revised arrangement that aligns with the updated Annex SL harmonised structure. The core management system clauses (4 through 10) remain, but their internal organisation has shifted.

Key structural changes:

  • Clause 4 (Context of the organisation) now explicitly requires you to document how external and internal issues connect to specific QMS processes. In 2015, you could argue this was implicit. In 2026, it's stated outright.
  • Clause 5 (Leadership) expands the requirements around organisational knowledge and competence at the leadership level. Top management must demonstrate they understand the QMS — not just sign a quality policy and delegate everything.
  • Clause 6 (Planning) merges the old risk-and-opportunity planning with quality objectives into a more integrated framework. You now plan for risks, objectives, and changes within a single planning process rather than treating them as separate activities.
  • Clause 7 (Support) includes new sub-clauses on technological resources and information management. If you use software tools, cloud systems, or digital workflows as part of your QMS, you now need to address how you manage and maintain those tools.
  • Clause 8 (Operation) tightens requirements around outsourced processes and supply chain oversight. Post-pandemic supply chain disruptions clearly influenced TC 176's thinking here. You need to show how you evaluate, monitor, and control externally provided processes — not just products and services.
  • Clause 9 (Performance evaluation) now requires more specific criteria for internal audit programmes and management review inputs. The 2015 wording gave you flexibility; the 2026 wording expects defined frequencies, methods, and documented outcomes.
  • Clause 10 (Improvement) introduces a stronger link between corrective action and organisational learning. You're expected to show that corrections don't just fix problems — they feed back into the system to prevent recurrence across related processes.

Annex A: 15 Pages of Supplementary Guidance

This is unprecedented for ISO 9001. Previous editions included a brief annex or referred you to ISO 9004 for guidance. The 2026 revision includes a 15-page Annex A with detailed guidance on interpreting and applying the requirements.

Annex A is non-normative — meaning it's guidance, not additional requirements. But auditors will read it. Certification bodies will reference it. If your implementation contradicts the guidance in Annex A without good reason, expect questions during your audit.

The annex covers:

  • How to apply risk-based thinking proportionately (with examples for different organisation sizes)
  • Guidance on documented information — what to retain, what to maintain, and what's genuinely optional
  • How to interpret "externally provided processes" in different industry contexts
  • Examples of how organisational knowledge can be managed without building a formal knowledge management system

For UK SMBs, Annex A may actually reduce confusion. One of the biggest complaints about ISO 9001:2015 was its vagueness — particularly around documented information. Annex A gives you something concrete to point to when deciding what your QMS actually needs.

You can compare the old and new clause structures side by side using our ISO 9001:2026 clause comparison tool.

The Transition Timeline

ISO and the International Accreditation Forum (IAF) will set the formal transition period once the standard is published. Based on every previous ISO management system standard transition (ISO 9001:2008 to 2015, ISO 14001:2004 to 2015, ISO 27001:2013 to 2022), the pattern is consistent: three years from publication date.

If the final standard publishes in September 2026, the transition deadline falls around September 2029.

Here's what that means in practice:

Milestone Projected Date
DIS published August 2025
FDIS ballot Mid-2026
Final publication September 2026
Transition period opens September 2026
Certification bodies begin offering 2026 audits Late 2026 / Early 2027
Last date for initial certification to 2015 edition Approximately September 2028 (varies by CB)
All certificates must reference 2026 edition Approximately September 2029

UKAS (the UK's national accreditation body — ukas.com) will publish specific UK transition guidance once the standard is finalised. They did the same for the ISO 27001:2022 transition, issuing Technical Bulletin TBxx series documents that clarified timelines for UK-accredited certification bodies.

BSI (the British Standards Institution — bsigroup.com) will publish the UK national adoption as BS EN ISO 9001:2026. BSI typically adopts the standard within weeks of ISO publication.

What Happens If You Miss the Deadline?

Your ISO 9001:2015 certificate becomes invalid. It won't be "downgraded" or extended — it simply ceases to be a valid certification. If you need ISO 9001 for contract requirements (common in UK public sector procurement under PPN 01/13 and related procurement policy notes), losing certification means losing eligibility.

ISO 9001:2026 Changes: Impact on Currently Certified UK Businesses

If you already hold ISO 9001:2015 certification, you need a transition plan. Here's the practical breakdown.

1. Conduct a Gap Analysis

Map your current QMS documentation against the 2026 clause structure. Identify where your existing processes already meet the new requirements and where gaps exist. Most organisations will find that 60–70% of their existing system carries over — the core principles of quality management haven't changed. But the structural changes mean your documentation almost certainly needs reorganising, even where the underlying requirements are similar.

A structured gap analysis is the best starting point — work through each clause systematically and score your compliance.

2. Update Documentation

The biggest documentation changes will likely be in:

  • Context of the organisation (Clause 4): You'll need documented links between your context analysis and your QMS processes.
  • Support — technological resources (Clause 7): If you don't currently document your technology infrastructure as part of the QMS, you'll need to start.
  • Performance evaluation (Clause 9): Internal audit programmes and management review records will need more specific content.

3. Train Your Team

Anyone involved in maintaining the QMS — quality managers, process owners, internal auditors — needs to understand the new structure. This doesn't require expensive courses. BSI, UKAS-accredited training providers, and professional bodies like the Chartered Quality Institute (CQI) will all offer transition training. Budget for at least one person to attend formal transition training; that person can then cascade the knowledge internally.

4. Plan Your Transition Audit

Contact your certification body early. During the ISO 27001:2022 transition, popular audit slots filled up 6–12 months in advance, particularly with UKAS-accredited bodies. You can transition during a surveillance audit or a recertification audit, depending on your certification cycle.

Most certification bodies won't charge significantly more for a transition audit than a standard surveillance or recertification audit — but check. Some add a surcharge for the additional time needed to assess against the new standard.

ISO 9001:2026 Changes: Impact on Businesses Pursuing First-Time Certification

If you haven't started the certification journey yet, the revision actually works in your favour. (If you're weighing up whether to do it yourself or hire a consultant, the answer depends on your team's experience with management systems.)

Certify Directly to the 2026 Edition

Once the standard is published and certification bodies begin offering assessments against it (expected late 2026 or early 2027), you can certify directly to ISO 9001:2026. This means:

  • No transition audit later.
  • Your QMS is built to the current standard from day one.
  • You avoid the cost and disruption of re-mapping documentation during a transition.

Timing Considerations

If you're planning to start certification now (early 2026), you have two options:

  1. Start now against ISO 9001:2015 and transition later. This makes sense if you need certification urgently — for example, to meet a tender deadline.
  2. Wait until late 2026 and certify directly against the 2026 edition. This makes sense if you don't have an immediate deadline and want to avoid doing the work twice.

There's a middle path, too: start building your QMS now using the DIS as a guide (the DIS is publicly available for purchase from BSI and ISO), then finalise against the published standard. The DIS is close to the final version — historically, fewer than 10% of DIS requirements change between DIS and publication.

If you're weighing the costs of either approach, our ISO 9001 cost estimator can help you model the numbers.

What Stayed the Same

Not everything changed. The revision is significant, but it's an evolution — not a replacement. Core principles that remain:

  • Process approach. You still need to manage your organisation as a system of interrelated processes.
  • Customer focus. Clause 5 still requires top management to ensure customer requirements are determined and met.
  • PDCA cycle. Plan-Do-Check-Act remains the underlying framework.
  • Risk-based thinking. This was introduced in 2015 and remains central — but with better-defined expectations in 2026.
  • Continual improvement. Still a fundamental requirement, now with a stronger emphasis on organisational learning.

If your 2015 QMS is well-implemented (not just a set of documents gathering dust), you're in a stronger starting position than you might think.

UK-Specific Considerations

Public Sector Procurement

UK government procurement regularly references ISO 9001. Procurement Policy Note PPN 01/13 and subsequent guidance allow contracting authorities to require quality management system certification. If you supply to the public sector, maintaining valid certification through the transition is non-negotiable.

Check gov.uk/government/collections/procurement-policy-notes for current procurement policy notes relevant to your sector.

Regulatory Overlap

If you operate in a regulated sector — construction (Building Safety Act 2022), medical devices (UK MDR 2002, as amended), food (Food Safety Act 1990) — your QMS likely serves double duty. Changes to ISO 9001 clause structure may require corresponding updates to how you demonstrate regulatory compliance through your management system.

Brexit and Standards Adoption

The UK continues to adopt ISO standards through BSI. There's no divergence between the ISO publication and the UK adoption of ISO 9001. BS EN ISO 9001:2026 will be identical in requirements to ISO 9001:2026. The "EN" prefix confirms the European standard adoption route, which the UK continues to follow for management system standards.

Practical Next Steps

Here's a concrete timeline for UK businesses:

Now (Early 2026)

  • Read the DIS if you haven't already (available from the BSI Shop or directly from ISO).
  • Run a preliminary gap analysis against your current QMS. Our ISO 9001:2026 clause comparison tool maps the 2015 clauses to the 2026 DIS structure.
  • Identify your biggest gaps and start planning how to address them.

Mid-2026

  • Watch for the FDIS publication and any changes from the DIS.
  • Begin updating documentation for areas where the DIS requirements are clearly stable.
  • Book transition training for your quality manager or lead internal auditor.

Late 2026 / Early 2027

  • Once the standard publishes, finalise your documentation updates.
  • Contact your certification body to schedule your transition audit.
  • Conduct at least one internal audit against the new standard before your certification body arrives.

2027–2028

  • Complete your transition audit.
  • Address any nonconformities identified during the transition.
  • Update your certificate.

2029

  • Deadline. All ISO 9001 certificates must reference the 2026 edition.

Key Takeaways

  1. The ISO 9001:2026 DIS was published in August 2025. The final standard is projected for September 2026, with a three-year transition period ending around September 2029.
  2. Every clause has been restructured. Even where requirements are substantively similar, your documentation structure will need updating.
  3. Annex A (15 pages of supplementary guidance) is new and gives you concrete direction on implementation — particularly useful for SMBs who found the 2015 edition too vague.
  4. If you're already certified, start your gap analysis now. Use the ISO 9001:2026 clause comparison tool to map what's changed.
  5. If you're pursuing first-time certification, consider waiting to certify directly against the 2026 edition — unless you need the certificate before late 2026.
  6. Contact your certification body early to secure audit slots. Transition periods create bottlenecks.
  7. Don't panic. The core principles of quality management haven't changed. This is an update, not a reinvention.

This article is for general informational purposes only and does not constitute legal, regulatory, or professional compliance advice. ISO certification requirements vary by scope, sector, and certification body. Always verify requirements with your UKAS-accredited certification body or a qualified consultant before making compliance decisions.

ClauseWise is coming soon

Generate your ISO 9001 and ISO 27001 documentation without consultant fees.

Related articles

ISO 9001 vs ISO 27001: Which Does Your Business Need?ISO 27001 Certification Cost UK: What Small Businesses Actually PayISO 9001 for Small Business: A Proportionate Guide to Certification