On 26 February 2026, the Medicines and Healthcare products Regulatory Agency (MHRA) announced a new initiative to strengthen supply chain cyber security by introducing enhanced cyber assurance expectations for organizations that currently supply or have previously supplied goods or services to the agency. The initiative is applicable from the publication date and targets MHRA’s full supplier base.
Details of the Update
The MHRA initiative is designed to improve visibility and oversight of supplier cyber security controls by inviting relevant suppliers to join the Risk Ledger platform and complete a standardized security profile. This approach aims to increase transparency and create a consistent cyber assurance process across the MHRA supply chain.
Under the initiative, current and former MHRA suppliers may receive an invitation to register on Risk Ledger. Invited organizations are expected to document their cyber security controls and practices through a structured security profile. The scope of the initiative applies across all product categories and service types, rather than being limited to specific sectors or technologies.
Cyber security assurance will be supported through standardized information submission via the Risk Ledger platform, enabling the MHRA to maintain a clearer and more consistent view of supplier cyber risk.
Effective Date
The MHRA supply chain cyber security initiative takes effect on 26 February 2026, the same date it was published. From this date, current and former MHRA suppliers may begin receiving invitations to participate in the Risk Ledger cyber assurance process.
Why It Matters
This initiative provides greater regulatory clarity on MHRA’s expectations for supply chain cyber security while supporting digital alignment through a centralized assurance platform. By standardizing cyber security information, the MHRA can improve operational efficiency and oversight while placing a minimal additional burden on suppliers through a single, structured reporting mechanism.
Who This Is Relevant For
This update is particularly relevant for Regulatory Affairs, Quality Assurance, Compliance, IT, and Information Security teams within organizations that currently supply or have previously supplied goods or services to the MHRA.
Next Steps
Organizations should first confirm whether they have a current or historical supplier relationship with the MHRA and actively monitor for any invitation to join Risk Ledger. If invited, regulatory or compliance teams should coordinate with IT and cyber security teams to complete the Risk Ledger security profile and ensure internal cyber security controls are accurately documented.
As regulatory authorities increasingly integrate digital assurance mechanisms into supplier oversight, RegASK supports organizations by delivering timely, actionable regulatory intelligence and workflow automation. By combining agentic AI with experts in the loop, RegASK helps teams track regulatory initiatives, assess impact, and coordinate cross-functional responses efficiently across more than 160 countries. Learn more or book a demo now.
FAQs
What is the MHRA supply chain cyber security initiative?
It is an MHRA program introduced on 26 February 2026 to enhance oversight of supplier cyber security through standardized assurance using the Risk Ledger platform.
Who needs to register on Risk Ledger under this initiative?
Organizations that currently supply or have previously supplied goods or services to the MHRA may be invited to register and complete a security profile.
When does the MHRA cyber security initiative take effect?
The initiative takes effect on 26 February 2026, the same date it was published.
How can RegASK help organizations respond to this initiative?
RegASK helps regulatory and compliance teams monitor MHRA initiatives, understand applicability to their organization, and coordinate internal actions by providing AI-driven regulatory intelligence and workflow orchestration in one platform.
Subscribe to the latest regulatory news
Curated newsletters
Relevant industry info
Access expert insights
