Guidance

Rail rolling stock procurement: cyber-security

Outlines the cyber-security measures needed for buying new passenger trains and ensuring their digital systems are secure throughout the UK.

• From: Department for Transport
• Published: 26 March 2026

Documents

Rail rolling stock procurement: cyber-security

PDF, 457 KB, 27 pages

This file may not be suitable for users of assistive technology.

Request an accessible format.

If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email webmasterdft@dft.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Details

This guide outlines the cyber-security requirements that should be built into passenger rail rolling stock procurement. It explains:

• expectations for contracting authorities and suppliers across the whole asset lifecycle, including prevention for misuse, hacking or malfunctions
• how new trains and supporting systems are specified, designed, assured and maintained in a secure and consistent way

This guidance applies across all forms of passenger rolling stock, including:

• heavy rail
• light rail
• metro services
• open-access operations
• trams

Published 26 March 2026