This communication was sent 03 May 2024. Notice 24-NJ | 03 May 2024 Upcoming HMRC ChangesDear Partner, On 22 May we’re updating the Sage MTD for VAT module. This update contains important security changes to the embedded browser, which is used to complete the authentication and submission to HMRC. The module is used by a number of products in our range. We wrote to you in March to let you know about upcoming HMRC changes that will affect submissions from Sage 50 Accounts and Sage 50 Payroll. The changes will begin to be implemented from 07 May 2024, so we wanted to provide you with a reminder. The changes are that certain Cipher suites will be removed from support – in this case its CBC ciphers. What does this mean?The Sage solution, the operating system and submission the customer is performing, determine the impact & action required. In broad terms older Microsoft Operating Systems - Windows 7, Windows 8, Server 2008, Server 2012 or 2012 R2, used in conjunction with the below submission types, will no longer be possible: - VAT submission (in product) - Sage 50 Accounts
- CIS submission - Sage 50 Accounts
- EC Sales submission - Sage 50 Accounts
- RTI submission - Sage 50 Payroll
What do you need to do?Customers who use the impacted combinations will need to choose one or more of the following: - Upgrade the operating system on computer being used for submissions.
- Submit using a supported operating system within their network.
- Install Sage software on a computer with supported operating system:
Sage MTD for VAT Submission moduleThe way in which the Sage MTD for VAT module works, means the changes being introduced in May don’t currently impact submissions made via the module, so long as the computer being used for the submission, has a currently supported Cipher suite installed. Ciphers in this case are part of a handshake chain that is used to encrypt data in transit, in this case between our client application, via an embedded browser, to the HMRC services. The operating system has a set of cipher suites that it supports, the client application may also define its own cipher preference and the service you are connecting to has ciphers that it supports. When the initial handshake occurs the Client Application, Operating System and Service you are connecting to all need to agree on a cipher they all support in order for the connection to work. Reminder on VAT Submissions (in product)We wanted to remind you that changes introduced by HMRC in November 2023 mean that in product VAT submissions from Sage 50 v28.0 or below, and Sage 200 Spring 2018 up to and including 2021 R1 are no longer possible as the embedded browser in use is Internet Explorer. A copy of the communication regarding this is available here. Are you communicating with customers?Yes, we’ve communicated to all customers where we’ve identified that they are doing a submission from an affected operating system. You can see a copy of the communication here. In all cases customers will be directed to their support provider for more information. |