The UK Government Commercial Agency (GCA) will replace the current DIPS framework with DIPS 2, an eight‑year digital‑services contract worth up to £2.88 billion. The new framework will be open to a broader set of public‑sector customers and will actively seek participation from small‑ and medium‑sized enterprises (SMEs). The agency plans to finalise supplier engagement by year‑end 2026 and issue the formal call‑for‑tenders in 2027.
Regulatory action
The Government Commercial Agency (GCA) has announced the next iteration of its Digital and IT Professional Services (DIPS) framework, to be called DIPS 2. The framework will be governed by the Public Contracts Regulations 2015 (PCR 2015) and the Defence and Security Public Contracts Regulations 2022, both of which implement EU procurement rules in UK law. Under these regulations, any framework exceeding the EU‑wide threshold (£33 million for central government) must be advertised on the Find a Tender Service (FTS) and must comply with the non‑discrimination, transparency and proportionality principles set out in Regulation (EU) 2014/24.
What it requires
| Requirement | Detail |
|---|---|
| Scope of buyers | DIPS 2 will be available to any public‑sector customer with defence or security needs, not only the Ministry of Defence (MoD). Potential additional customers include the Home Office, Foreign, Commonwealth & Development Office, and other "defence‑related" departments. |
| Supplier eligibility | The framework will explicitly encourage SMEs (fewer than 250 employees, turnover ≤ £50 million, balance‑sheet total ≤ £43 million). Larger suppliers may still participate, but the GCA intends to allocate a dedicated lot for contracts under £5 million to lower the entry barrier for smaller firms. |
| Lot structure | The current DIPS 1 uses six lots. DIPS 2 may reduce the number of lots, or restructure them, to simplify bidding and to create a micro‑lot for sub‑£5 million projects. |
| Contract length | The framework will run for eight years, from September 2027 to August 2035. Individual call‑offs may range from a few months to several years, depending on project size. |
| Value | Total estimated spend, including VAT, is £2.88 billion over the life of the framework. |
| Compliance obligations | Suppliers must demonstrate compliance with Cyber Essentials Plus, the UK GDPR, and the Defence Cyber Security Policy. They must also provide evidence of financial standing and technical capability as defined in the tender documents. |
| Engagement timeline | • Supplier engagement sessions – completed by 31 December 2026. • Publication of the formal Invitation to Tender (ITT) – early 2027 (exact date to be announced on FTS). • Framework award – mid‑2027, with contracts callable from September 2027. |
Compliance timeline
- Now – 31 Dec 2026 – Review the GCA’s supplier‑engagement material (published on 18 May 2026) and submit any pre‑qualification questions. SMEs should prepare the required financial statements, certified cyber‑security attestations, and capability statements now, because the ITT will require full documentation.
- Early 2027 – When the ITT is posted on the Find a Tender Service, register your organisation on the GCA supplier portal. The ITT will include a mandatory compliance checklist covering PCR 2015 clauses (e.g., Article 32 on subcontracting, Article 44 on award criteria).
- Mid‑2027 – Anticipate a pre‑award de‑brief period. Successful bidders will receive a framework agreement that incorporates the Defence and Security Public Contracts Regulations 2022 obligations, such as reporting on supply‑chain security and conflict‑of‑interest disclosures.
- September 2027 onward – Begin responding to call‑offs. Each call‑off will have its own performance milestones, payment schedules, and audit rights for the MoD or other defence‑related customers.
- Ongoing – Maintain annual compliance attestations (Cyber Essentials Plus renewal, GDPR data‑protection impact assessments, and financial health checks) to stay eligible throughout the eight‑year term.
Why it matters
The shift from a MoD‑only framework to a multi‑departmental, SME‑friendly structure reflects the UK government’s strategic aim to accelerate digital transformation across defence and security. By lowering the contract‑size threshold and simplifying lot structures, the GCA hopes to capture innovative solutions from smaller firms that might otherwise be excluded from large‑scale procurement.
For suppliers, the key take‑away is the need to align early with the GCA’s compliance expectations—particularly around cyber‑security certifications and financial thresholds—so that the pre‑qualification stage is passed without delay. For public‑sector buyers, DIPS 2 promises a broader market of capable providers, potentially reducing costs and increasing the speed of technology adoption in critical defence‑related programmes.
For the full procurement notice and supporting documents, see the GCA’s announcement on the Find a Tender Service (FTS) and the accompanying supplier‑engagement brief linked in the original notice.
Comments
Please log in or register to join the discussion