UR E26, After the Mandate ④ — The Shipyard's View: Implementing a Mandatory Rule on the Drawing Board
The Shipyard's View — Implementing a Mandatory Rule on the Drawing Board
How do you implement this abstract mandatory rule, on a single ship, within a fixed budget and schedule?
- LinkedIn : https://www.linkedin.com/in/abysstoinfinity
The fourth installment of a six-part series — and the third stakeholder piece (the shipyard). Where Part 3 looked from the position of verifying the deliverables (the classification society), this piece looks from the position of actually producing them. The shipyard is the point where the market materializes — where abstract rules turn into concrete drawings and documents.
1. Between Verification and Production
In Part 3, we said the classification society is the one who verifies. Then who is the one who actually produces the deliverables being verified? E26 states the goal of "managing the cyber risk of the vessel as a whole," but someone has to translate that goal into an actual zone and conduit diagram (ZCD), an actual asset inventory, an actual cyber security design description, and actual test procedures. The party who bears the burden of that translation is the systems integrator — that is, the shipyard.
There is a pressure peculiar to this position. The shipyard must not only convert abstract norms into drawings that can be drafted by hand, but must do so within a fixed-price, fixed-schedule newbuilding contract. The rule states the goal, the classification society judges whether that goal has been met — and in between, it is the shipyard that absorbs the actual workload, time, and cost. If the owner in Part 2 asked "what to buy," and the class society in Part 3 asked "what to assure," the shipyard's question is the most physical of all —
How do you implement this abstract mandatory rule, on a single ship, within a fixed budget and schedule?
2. What the Shipyard Actually Produces — The Integrator's Deliverables
Let us first separate out the shipyard's share. Among the E26 deliverables, the core documents of the design & construction and commissioning stages are primarily the responsibility of the systems integrator. The four deliverables below. As industry analyses consistently point out, most of the detailed design work in the design and construction stages is performed by the shipyard and its suppliers.
The point worth noting here is that this is a new kind of work. OT security architecture design — something absent from traditional ship design — must now enter the design specification from the very beginning. Cyber is not an add-on bolted on at the end of construction — treating it that way leads to the "compliant but not secure" outcome we saw in Part 2 — but has become a design variable: network segmentation and trust boundaries must be reflected in the drawings from the start.
3. The Core Challenge of Integration — Binding E27 Boxes into an E26 Ship
The hardest part the shipyard takes on is not the drafting of individual documents but integration. And it is at this point that the most frequently cited friction since the mandate arises.
In other words, certified components do not make a certified ship. The work of tying the certified components together remains — and the party doing that work is the shipyard.
What is more, this integration is fragile. Making certified systems from different suppliers — say, one company's radar, another's engine control, yet another's alarm system — communicate securely without breaking the encrypted "handshakes" required by each system's E27 profile is by no means trivial. There are trickier cases still. Some E27-certified systems are certified on the condition that they "cannot be connected to an untrusted network," so that when data flows across trust boundaries are needed, a separate gateway design is required. These interoperability problems are hard to standardize, differ from ship to ship, and the burden of solving them falls on the integrator.
4. The Pass-Through of the Type Approval Bottleneck
The integration burden is directly coupled to the maturity of the supplier ecosystem. And in the early period of the mandate, that ecosystem was not sufficiently mature.
When few systems hold E27 type approval — as of November 2024 the numbers were very small, on the order of 4 systems at ClassNK and 20 at DNV — the shipyard must itself produce, for each uncertified system, documentation comparable in volume to a type approval package. This is because uncertified systems are, in practice, required to provide evidence at roughly type-approval level across the design, construction, and operation stages. As a result, delays in supplier-side certification are passed through to the shipyard as documentation burden. "Someone else's lack of certification" becomes the shipyard's deliverable risk.
There is an interesting paradox as well. As type-approved systems increase through 2025–2026, the per-system documentation burden shrinks — but the center of gravity of the burden shifts correspondingly toward integration. The more the individual boxes are ready, the more the work of binding those boxes together securely on a single ship — the handshake and gateway problems we saw in Section 3 — remains at the forefront. In other words, the shipyard's burden does not disappear; it changes form, from documentation to integration.
5. Multi-Class, Multi-Regime Response — One Yard, Many Interpretations
A shipyard does not take customers from only one classification society. The same yard simultaneously builds vessels classed with DNV, ABS, LR, BV, and ClassNK. The differences in guidelines and interpretations across class societies that we saw in Part 1 appear to the owner as asymmetric costs, but to the shipyard they appear in a different form: simultaneous multi-standard response. The same design platform must be varied to meet the differing expectations of multiple class societies, and which society's interpretation becomes the acceptance criteria for a given project can differ from ship to ship.
On top of the class societies comes the regulatory regime as well. Vessels flying the US flag, or vessels that will operate in US waters, must also respond to the US Coast Guard's (USCG) cyber regulations — a requirements framework separate from the IACS URs. The shipyard thus ends up in the position of having to reconcile not only multiple class societies but multiple regulatory regimes within the design of a single vessel.
In this context, the position of the Korean shipbuilding cluster is clear. HD Hyundai Heavy Industries, Samsung Heavy Industries, and Hanwha Ocean are global multi-class integrators, building to all major classification societies for owners worldwide. And they have pursued a strategy of bundling cyber with other complex technologies such as alternative fuels and electrification, responding through integrated approvals and Approvals in Principle (AiP). Indeed, in 2025 Hanwha Systems and Hanwha Ocean received the world's first Approval in Principle (AiP) for cyber resilience from ABS — verifying the technical stability to recover and keep operating without interruption under hacking, DDoS, and ransomware conditions — and the Hanwha group is pursuing joint research that includes responding to USCG cyber regulations and US-flag requirements as well as extending technology built on IACS UR E26. This is a movement in which the integrator goes beyond merely following the rules, proactively accumulating cyber capability itself in a multi-class, multi-regime environment.
6. The Position Inside Fixed Price and Fixed Schedule
The shipyard sits wedged between the owner (who wants a secure, maintainable ship), the suppliers (who deliver boxes), and the classification society (which verifies) — and must reconcile all of them within a fixed-price, fixed-schedule newbuilding contract. And here lies a pressure unique to the shipyard.
Cyber adds new lines of cost, documentation, testing, and coordination. The problem arises when that scope is not clearly allocated in the contract. The "shipyard's incentive to minimize cost" we saw in Part 2 is, from the shipyard's seat, experienced as the pressure to absorb unspecified additional work within a fixed price. When it is ambiguous who is responsible for what and up to where, that ambiguity becomes the shipyard's risk.
One thing therefore becomes clear —
When the owner provides clear, detailed specifications at the design stage, the shipyard benefits alongside the owner.
When scope is clear, the shipyard can reflect it in price and schedule; when it is ambiguous, it becomes risk to be absorbed. Part 2's "owners should specify detailed requirements at the design stage" and this piece's "shipyards need scope clarity" are two sides of the same coin. When boundaries are blurred, the shipyard is among the parties most disadvantaged — and therefore clear boundaries are in the shipyard's interest as well.
7. The Boundary as Seen from the Shipyard's Position
To summarize: the shipyard is the point of materialization of the boundary. It is where the abstract floor is converted into concrete deliverables and integration architecture — where the rule finally becomes steel, cable, and drawing.
The consistency of the documentation
The standardization of multi-class and multi-regime response
The differences in interpretation across class societies
The ambiguity of contractual scope
The shipyard's real added value lies beyond building a "compliant ship" — it lies in building a ship that is "compliant, yet robustly integrated and operable." And that is not something the shipyard can achieve alone; it becomes possible only when the owner's specifications of Part 2 and the class society's verification of Part 3 interlock. The sharper the boundary, the clearer the shipyard's work becomes; the blurrier the boundary, the greater the unspecified risk the shipyard takes on.
8. Closing
If the shipyard binds certified boxes into a single ship, there is a separate party who makes those boxes and gets them certified. At the supply-side root of the integration challenges we saw in Section 3 — the problem of broken handshakes, the problem of systems certified as "cannot connect to untrusted networks" — stands the protagonist of the next installment: the supplier.
In the next piece, we move to the smallest unit of integration — the Vendor's view.
The economics of E27 type approval, the cost of satisfying the differing profiles of multiple class societies with a single product, and the paradox in which certifying one's own system to be "secure" can actually make integration compatibility harder.
Key Evidence
This series is a general analysis of the market structure surrounding IACS UR E26/E27 and does not constitute advice on any specific shipyard, project, or contract. The concrete application of the rules and the contractual allocation of responsibility follow the latest unified requirements and guidelines of the relevant classification society and the terms of individual contracts.
Owner-side maritime cybersecurity advisor covering IACS UR E26/E27 compliance, zone and conduit design, and OT/IT security architecture for commercial vessels — working across LR, ClassNK, DNV, ABS, and BV newbuilding projects.
🌐 More Articles ↗⚓ Join the ShipPaulJobs Community
Join →
Comments
Post a Comment