2026: What’s changing (and what actually matters)

Higher fees, same protection

If there is one area in 2026 where timing really does matter, this is it.

From 1 April 2026, the UK Intellectual Property Office is increasing its fees across trade marks, designs and patents. Nothing about the protection itself changes. What changes is the price of getting it and keeping it.

In practical terms, filing new trade marks and designs will cost more, renewals will be more expensive, and businesses that delay may find themselves paying higher fees for protection they could have secured earlier. We often see organisations operating quite happily under unregistered names or logos, with the intention of “sorting IP later”. In 2026, that approach simply becomes more expensive.

If you are launching a new brand, refreshing your identity, expanding product lines, or trading under names or logos that are not yet registered, Q1 2026 is a sensible moment to act. It is one of the few areas this year where acting earlier genuinely reduces cost and friction, without any downside.

Less noise, more accountability

Data protection and AI regulation continue to evolve, but the tone for 2026 is not about dramatic new rules. We’re gunning for clarity and less rigidness.

UK developments

Early 2026 is expected to see the main reforms under Part 5 of the Data (Use and Access) Act 2025 come into force. These changes adjust the UK GDPR rather than replace it.

They include new “recognised legitimate interests” to make it easier to rely on legitimate interests in certain scenarios, a modest relaxation of the strict rules on automated decision-making, an expansion of the soft opt-in for charities, and new exceptions around cookies and similar tracking technologies.

Later in the year, the focus shifts from legal bases to process. Those business’s responsible for determining the why and how of handling personal data (also known as ‘controllers’) will be required to have clear, formal mechanisms for handling data protection complaints. That means giving individuals a clear route to complain, acknowledging complaints within 30 days, and investigating them without undue delay.

This is not just about updating a privacy notice. Organisations will need to be clear internally on who owns complaints, how they are triaged, how outcomes are recorded, and how decisions are justified if challenged.

Alongside this and a couple of other updated guidance notes expected to come through this year, the ICO will formally transition into the Information Commission, with a new strategic plan and a revised approach to enforcement. The direction of travel is away from box-ticking compliance and toward whether organisations can demonstrate responsible data use in practice.

EU developments

At EU level, the European Commission published its Digital Omnibus package at the end of 2025. While the proposals are not law yet, they matter.

The Omnibus is an attempt to reduce friction between the GDPR, the AI Act and other digital legislation, simplify overlapping obligations, and ensure that AI development is not unintentionally hampered by conflicting rules.

The EU AI Act, adopted in 2024, remains central. Its requirements phase in between 2025 and 2027 and will have wide extraterritorial impact. For UK businesses operating into the EU, the interaction between AI regulation, data protection and contractual risk allocation will only become more important.

For many businesses, 2026 is the right year to get confident on how to use data and AI. We can help to make sense of it all one step at a time because lets be honest, it’s certainly overwhelming and your business cannot afford to get left behind.

Laying the foundations for major reform

This is a biggy as the Employment Rights Act 2025 sets the direction of hiring and retaining for the next few years. While many of its headline reforms will not fully bite until 2027 or later, 2026 is a key transition year.

Some changes do come into force this year. Others will be shaped through consultation, guidance and early enforcement activity.

From April 2026, employers will see a number of immediate changes, including statutory sick pay becoming payable from day one, the removal of the lower earnings limit, new day-one rights to paternity leave and unpaid parental leave, and enhanced whistleblowing protection, including disclosures relating to sexual harassment. The Fair Work Agency will also be established, with powers to investigate and take action where employment law is not being followed. At the same time, protective awards for failures in collective redundancy consultation will increase, and trade union recognition processes will be simplified.

From October 2026, the focus shifts again. Employers will be expected to take “all reasonable steps” to prevent harassment at work, including harassment by third parties, with potential uplifts in compensation for failures. New restrictions will apply to “fire and rehire” practices affecting core contractual terms, trade unions will gain greater access rights, and most Employment Tribunal limitation periods will double from three to six months.

Alongside these changes, 2026 will see ongoing consultations on zero-hours contracts, worker status, flexible working and post-termination non-compete clauses, annual increases to statutory rates, and the expected publication of the draft Equality (Race and Disability) Bill.

HR teams don’t need to act yet, but they do need to start thinking ahead. Ethnicity and disability pay gap reporting is very likely in the next few years, and the smoothest way to handle it is early planning rather than a last-minute scramble. That means getting leadership on board, setting aside budget, and checking whether your current HR and payroll systems can actually capture and report the right data. It’s also a good moment to sense-check job categories so the data tells a useful story, not just a technical one.

Just as important is how this is handled with employees. Be open about why the data is being collected, how it will be used, and what’s meant by terms like “ethnicity” and “disability.” Clear, plain explanations and strong data privacy messaging go a long way in building trust and encouraging people to share information. If done well, this isn’t only about future compliance. It’s a chance to show commitment to fairness, strengthen your employer brand, and attract a more diverse talent pool.

Simplification in theory, complexity in practice

In financial services, regulators continue to talk the language of growth and proportionality. In 2026 this is expected to translate into some simplification of regulatory obligations, a more graduated regime for smaller firms, changes to how private fund managers are categorised to avoid “cliff-edge” regulation, adjustments to capital requirements, and a review of the Senior Managers and Certification Regime.

While many firms will welcome reduced prescription, the reality is that working out which rules apply to you may become more complex, not less.

Pensions 

Pensions will also be a busy area. 2026 is expected to bring progress on the Pension Schemes Bill, consultation on defined benefit surplus extraction and superfunds, refinement of value-for-money frameworks for defined contribution schemes, continued development of collective defined contribution models, and early signals from phase two of the government’s pensions review.

For employers and trustees, governance and forward planning will remain key.

From uncertainty to formal regulation

The UK is moving towards a comprehensive crypto framework by bringing cryptoassets within existing financial services regulation.

From 2026, businesses carrying out cryptoasset activities connected to the UK should expect FCA authorisation requirements to apply to activities such as operating trading platforms, custody, lending, staking and issuing stablecoins. There will also be clearer treatment of tokenised real-world assets.

For crypto and Web3 businesses, this represents a shift away from regulatory grey areas and towards predictability, accountability and clearer risk allocation. The FCA has published information on how the gateway for firms that want to undertake the new cryptoasset regulated activities will operate.

Scaled back, not switched off

Several ESG timelines have shifted, but obligations have not disappeared.

In 2026, the UK focus is firmly on better, more comparable sustainability reporting. The UK Sustainability Reporting Standards (UK SRS) will begin to replace older frameworks such as Streamlined Energy and Carbon Reporting (SECR) and the Task Force on Climate-related Financial Disclosures (TCFD). UK SRS will introduce more structured and forward-looking climate and sustainability disclosures. Alongside this, the Sustainability Disclosure Requirements (SDR) framework will increase scrutiny of how ESG information is presented to investors, particularly for listed organisations. Energy reporting will also become more visible under Energy Savings Opportunity Scheme Phase 4 (ESOS Phase 4), where energy performance data will be published publicly, adding a reputational dimension to compliance. While voluntary, the UK Stewardship Code 2026 signals rising expectations from investors around governance and responsible investment. The Financial Conduct Authority (FCA) is also consulting on regulating environmental, social, and governance ratings providers, pointing to tighter oversight of the data and methodologies businesses rely on.

Enforcement is no longer theoretical

In the UK, Ofcom has already begun enforcing the Online Safety Act, issuing fines and making it clear that protecting children online is a non-negotiable priority.

Throughout 2026, regulators will continue to focus on age assurance, child safety measures, removal of illegal and harmful content, and transparency around safety systems.

Separately, the Digital Markets, Competition and Consumers Act introduces new consumer protection rules around subscriptions, pricing and fake reviews, alongside much stronger enforcement powers for the CMA. In the EU, further simplification initiatives are expected, along with proposals addressing dark patterns, addictive design and unfair personalisation.

Identity verification becomes business-critical

To improve transparency and crack down on financial crime, the UK Government is rolling out a new requirement for company directors to verify their identity with Companies House (this is being phased in under the Economic Crime and Corporate Transparency Act). 

Most directors should already have heard about this in 2025. The rule applies not only to directors, but also to company secretaries and partners in limited liability partnerships (LLPs), as well as newly appointed individuals. More roles will be added over time. The key date to note was 18 November 2025. From then on, only verified individuals will be able to make filings or be appointed to these roles.

So why does this matter? In short, it is about making the UK companies register more reliable and harder to misuse. Identity verification helps ensure that the people listed as directors are real, traceable individuals, reducing fraud and boosting confidence in company records. From a practical point of view, only verified directors will be able to file confirmation statements, submit changes or accounts, or be formally registered as a director. While we can still help to make filings on a company’s behalf, the individuals behind the company still need to verify their own identity. Failing to do so can lead to penalties and, in serious cases, criminal consequences.

The requirement also extends beyond directors to People with Significant Control, often called Persons with Significant Control (PSCs). These are individuals who own or control more than 25 % of shares or voting rights, can appoint or remove most of the board, or otherwise exercise significant influence over the company. Where a PSC is also a director, one verification usually covers both roles. However, where a PSC is not a director, they will still need to complete their own verification.

The good news is that the process itself is simple, quick, and free. 

• Verification is done online through the Companies House service. 

• You will need a government-issued ID, such as a passport or driving licence, and to create a .gov.uk account if you do not already have one. 

• You will be asked to enter basic personal details, upload a photo of your ID, and in some cases take a selfie or short video. 

• Most verifications are completed within minutes, after which you will receive a personal ID number that can be used for all your Companies House appointments going forward. 

Increased Fees at Companies House

Companies House will also increase certain filing fees from 1 February 2026, including incorporation and confirmation statements.

Reform, scrutiny and rising standards

A few changes are expected across property and construction sector in 2026. These include potential bans on upwards-only rent reviews in new commercial leases, phased implementation of the Renters’ Rights Act and the end of “no-fault” evictions, continued disruption arising from building safety reforms, possible reform or restriction of cash retentions, and wide-ranging planning reform affecting infrastructure, housing and environmental obligations.

The UK Government have published a handy Guide to the Renters’ Rights Act at the end od 2025.

Structural change rather than headline rates

2026 will bring reform of international tax rules on transfer pricing and permanent establishments, preparation for new cross-border transaction reporting, fundamental changes to the taxation of carried interest, new rules targeting non-compliant umbrella companies, and increased HMRC enforcement activity.

Many businesses will not face immediate action points, but 2026 is very much a preparation year.

AI, data and liability converge

For life sciences and healthcare businesses, 2026 will be shaped by the phased application of the EU AI Act, expanded liability exposure under the new Product Liability Directive, a new UK clinical trials regime with faster approvals, reform of medical device regulation in both the UK and EU, and increased emphasis on digital health, AI adoption and access to data.

Innovation and compliance will increasingly need to move together and if you are a UK business operating across borders you might need to consider EU frameworks.

Regulation by evolution, not revolution

Artificial intelligence continues to be move faster than the law, but 2026 is an important year for how governments respond to that gap.

In the UK, one of the biggest unresolved issues remains how copyright law applies to AI training. The government has yet to publish its formal response to the AI and copyright consultation, but under the Data (Use and Access) Act 2025 it must publish a report on the use of copyright works in AI systems, together with an economic impact assessment, by 18 March 2026.

The consultation explored whether AI developers should be required to obtain licences in all cases, alongside questions of transparency, technical measures, enforcement and the treatment of AI developed outside the UK. An initial summary of responses published in December 2025 suggested that a majority of respondents favoured a licensing-based approach, but the government is still considering all options.

For businesses developing or deploying AI systems, particularly those trained on large datasets, the outcome could have real implications for cost models, risk allocation and contractual protections around training data and outputs.

A dedicated UK AI Bill did not materialise in 2025 and currently looks unlikely in 2026. Instead, the government has continued to rely on existing legal frameworks and sector regulators, alongside initiatives such as AI Growth Zones and AI Growth Labs. In practice, this means AI risk in the UK is still managed through familiar tools: contracts, governance, data protection, competition and equality law.