Cybersecurity for media vendor systems, software & services

EBU R 143

This Recommendation provides guidance on cybersecurity safeguards that media organizations and media vendors should apply when planning, designing or sourcing their products and services.

Open file (pdf, 0.6 MB)

Email me a link

R 143 is composed of a comprehensive and detailed list of vendor and product security requirements. Version 2.4, published in March 2024, has been updated to include the cybersecurity requirements of Saas (Software as a Service). The accompanying Excel spreadsheet (see below) has been synchronised with the latest version of the Recommendation. 

Ancillary spreadsheet

R143 Security Controls Assertation (an XLSX file) - A checklist for vendors and those engaging in tenders, to help assertain how a product or service meets the requirements set out in R 143. This list helps to identify a vendor's capabilities to respond to the security safeguards during a tendering process, and should form the basis for setting minimal system acceptance levels.

Keywords: Security, Services, Infrastructure, Broadcasting, IP, Appliance, Software, Software as a Service, SaaS, Cloud, Application, Cyber, Security Controls Assertation, Vendor, Vulnerabilities, Authentication, Password, Encryption, Certificate, PKI, Keys, Log, Incident


The following translations of this document are available. Please note the translations may not be based on the latest version; see the year mentioned in brackets. These translations are courtesy of the translaters and hosted by the EBU 'as is'. The official and definitive version is the current EBU English version.

Japanese version of EBU R 143 v2.2 [2021] - Warm thanks to EBU Associate Member NHK.

Russian version of EBU R 143 v.1 [2016] - Special thanks to EBU Member RTR.

All versions of this publication

Version 1 of this document was originally published in April 2016.

Version 2.0, a major revision, was published in November 2020.

Version 2.1 was published on 19 April 2021, containing some minor editorial changes with respect to Version 2.0.

Version 2.2 was published on 30 April 2021 to correct a slight misalignment between the Recommendation and the Excel spreadsheet - no changes of substance.

Version 2.3 was published in March 2022. Priority levels that were identified and recommended by the MCS community have been added and some of the recommendations have been clarified and rearranged to aid understanding.

Version 2.4 was published in March 2024. A new Annex C, concerning SaaS, was added. Edits to Annex B have been made to accommodate the existence of Annex C. Other small edits and clarifications were made to the text, as necessary.