Dear Sectigo Customer, Last year, the CA Browser (CA/B) Forum announced changes to its regulations for Code Signing certificates and services, requiring all Certificate Authorities to ensure that the Subscriber’s Private Key is generated, stored, and used in a suitable FIPS-compliant hardware. This change from the CA/B Forum aims to improve security and help reduce risk of compromise. The deadline for implementation of the new regulations is June 1, 2023. In future, Sectigo OV code signing certificates will be either: - Installed on a Sectigo token and shipped securely to the customer - Available as a download to be installed on the customer’s own HSM. The hardware devices (e.g. tokens, HSMs, etc.) must be FIPS-compliant and support externally verifiable key attestation. Starting April 24, 2023, you will no longer be able to purchase or issue standard OV Code Signing certificates. What should you do next? Issue any already purchased OV Code Signing certificates, or purchase and issue new OV Code Signing certificates with a validity of up to 3 years, prior to April 24, 2023. If you fail to do so, you will have to use your own FIPS-compliant hardware, or pay extra for receiving a Sectigo-issued token.