Compliance Update Hub

2026 updates that affect certificate issuance, validation, and renewals

Industry standards are moving to shorter certificate terms and more frequent validation. This hub is the single place to track what’s changing in 2026, key milestones, and what to do to avoid issuance disruptions.

View FAQ Talk to an Expert

What's driving these changes

Across the industry, standards bodies and browser vendors are responding to:

Increasing automation and scale of certificate issuance
Greater reliance on certificates for identity, access, and software trust
The risk posed by long-lived validations and credentials
The need for stronger, verifiable domain and organizational controls

The result is a shift toward:

Shorter certificate term
More frequent validation
Stronger, auditable verification
Automation-first operational models

Overview of key compliance changes

Industry Compliance Changes LP assets v3

Multi-year TLS subscriptions still work the same

Essentially you can still purchase a 1-5 year TLS subscription.

Your subscription has an end date, and you need to re-issue certificates as needed up to that date.

What's changing is ithe issued certificate term. After March 12, 2026, each issued certificate is valid for up to 199 days, so what is changing is that you'll be required to re-issue those certificates within your subscription more frequently.

The updates

What's changing

Beginning March 12, 2026, Domain Control Validation reuse will be limited to approximately 6 months (198 days).

DCV records older than this limit must be revalidated before certificate issuance

Applies to both existing and newly created DCV records

Although the Certification Authority Browser Forum (CA/Browser Forum) has set this mandate for March 15, 2026, Sectigo’s operational enforcement begins March 12, 2026

Why this change is happening

DCV confirms that a requester controls a domain. Historically, DCV could be reused for longer periods, which increased risk if domain ownership or control changed over time.

Reducing DCV reuse:

Limits the impact of stale validations
Reduces attack windows by limiting how long a “one-time” validation could be reused and therefore, reducing the chance of ongoing misuse
Improves overall trust in the certificate ecosystem

What customers should know

Existing certificates remain valid until expiration
No new certificate may be issued after March 12th relying on the DCV that was completed more than 198 days ago
Validation will need to happen more frequently going forward

The updates

How Sectigo helps customers stay ahead

Sectigo’s platform and services are designed for continuous compliance. Not one-off changes.

Key principles:

Early adoption of standards
Automation-first design
Clear visibility into validation and lifecycle status
Continuous alignment with browser and industry requirements

As standards continue to evolve, Sectigo customers benefit from a platform built to adapt.

What you should do now

The most important thing is to assess your needs and start planning by leveraging automation.

We recommend:

Confirm your approach

Identify how you are currently managing your certificate inventory. If you rely on manual renewals, plan for more frequent certificate replacement in 2026.

Stay informed and internally set the right expectations

Remain vigilant on the ever-evolving mandates and changes. While reselling partners, must keep their customers educated.

TLS certificates can still be purchased in multi-year products, but issuance is up to 199 days per certificate.
DCV reuse is up to 198 days, older validations must be redone.
Sectigo-provisioned Code Signing certificates can only be purchased as a 1-year product after February 15th.
Ensure DNSSEC signing is correctly configured (if enabled), as CAs will no longer be permitted to proceed when DNSSEC validation fails.

Get automation-ready

With certificate durations shrinking, automation becomes essential to reduce operational overhead and outage risk.

Future Proof with Automation

Partners, Explore CaaS

Need more help or have questions?

View our FAQ Talk to your Sectigo representative Contact Sectigo Support