News
5 min read
Charity Commission Serious Incident Reporting: 2025 Changes for Grant Holders
The Charity Commission has refreshed its serious incident reporting guidance. Grant-funded organisations must tighten protocols—here’s a quick briefing for your team.
TL;DR
- New 2025 guidance clarifies 24-hour notification expectations for cyber incidents and safeguarding breaches.
- Boards must evidence review of incident logs in trustee meetings and report mitigations to funders.
- Align processes with the change control playbook and oversight pack.
Key changes
The February 2025 update to the Charity Commission’s serious incident guidance adds:
- Explicit requirement to notify the Commission within 24 hours of discovering cyber incidents or major safeguarding concerns.
- Clarification on reporting grant fraud even when recovery is likely.
- Expectation that trustees review incident logs quarterly and document actions.
What to do now
- Update your incident response plan and integrate with the delivery handover checklist.
- Ensure boards review incidents via the trustee oversight pack.
- Log incidents and mitigations in Crafty so future bids can evidence robust governance.