On October 14, 2025, the CA/B Forum, which sets standards for the certificate industry, voted to reduce the maximum validity period for Code Signing Certificates from 39 months to 460 days, a change effective March 1, 2026, for which GMO GlobalSign, a global Certificate Authority, is providing guidance and support to businesses.

The CA/B Forum’s decision to shorten Code Signing Certificate lifespans is part of an industry-wide effort to enhance security and streamline compliance. This reduction from 39 months to 460 days will officially take effect on March 1, 2026.

In anticipation of these new requirements, GMO GlobalSign ceased issuing 2-Year and 3-Year Code Signing Certificates on December 26, 2025, and now exclusively provides 1-year (366 days) certificates. Existing certificates with validity up to 39 months will remain functional until their expiration; however, any renewals processed after February 24, 2026, must adhere to the updated CA/B Forum guidelines.

The primary objective of this lifecycle reduction is to bolster security by minimizing the exposure window to potential vulnerabilities from outdated or compromised certificates. This change is particularly noteworthy as it precedes another significant industry shift: the implementation of 200-day SSL/TLS certificates on March 15.

Code Signing Certificates are digital credentials issued by Certificate Authorities like GMO GlobalSign that contain verifiable information identifying an entity. They are crucial for software developers across platforms such as Microsoft Windows, Apple macOS, and Java, as they digitally sign applications, drivers, and executables. This process assures the software’s integrity, confirming it originates from a legitimate vendor and has not been altered since publication, thereby helping to prevent supply chain attacks, which are becoming increasingly prevalent and complex.

The utility of Code Signing Certificates in securing the software supply chain is gaining recognition, with a Mordor Intelligence report projecting the global Code Signing market to reach $50.3 million by 2029.

Yateesh Bhardwaj, Senior Product Manager at GMO GlobalSign, commented on the industry’s evolving landscape, stating, “The certificate industry is experiencing a great deal of change to allow for quicker updates and revocations of certificates that help minimize the risks to software and users. The industry has also been working to prepare for the March 15th drop down to 200-day SSL/TLS certificates but now we must prepare for shorter code signing certificates two weeks prior to that. While all these certificate reductions will benefit security, with them happening almost in unison, preparing for them will be crucial to ensure compliance with critical industry best practices.”

GMO GlobalSign operates as a global Certificate Authority and a leading provider of identity security solutions. The company specializes in high-scale Public Key Infrastructure (PKI) and identity solutions, facilitating secure online communications, managing digital identities, and automating authentication and encryption for businesses, enterprises, cloud providers, and IoT innovators worldwide. GMO GlobalSign is a subsidiary of GMO GlobalSign Holdings, K.

K., a member of the Japan-based GMO Internet Group.