On 24 March 2026 the Department for Business and Trade published the outcomeof its 2025 consultation on tackling poor payment practices.The UK Government intends to introduce new legislation to tackle latepayment culture as soon as Parliamentary time allows. This will cover:• mandatory 60 day maximum payment terms, with limited exemptionsfor contracts between large companies where the customer is the smallerparty and the contract goods or services are being imported or exported• a statutory time limit for raising disputes on invoices, withcompensation payable to the supplier if disputes are raised outside thedeadline• making statutory interest on late payment (under the Late Payment ofCommercial Debts (Interest) Act 1998) mandatory, removing the ability forparties to use a lower interest rate and making the interest paymentautomatic• amending the Reporting on Payment Practices and Performance Regulations2017 to add reporting requirements on statutory interest both owedand paid• boards or audit committees of large companies that are continuallylate in paying their suppliers to publish commentary explaining whythis is the case and what they are doing to rectify the issue• fines for persistent late payersCommercially connectedUK and EU commercial law updates4• enhancing the powers of the Small Business Commissioner so thatthey can investigate poor payment practices, adjudicate disputes and issuefines• a ban on retention payments under construction contractsThis package of reforms is likely to have a significant impact on payment practicesand contract terms across all sectors. All businesses should monitor progress of theproposed legislation, and input into consultations and calls for evidence whenannounced.UK Fraud Strategy2026 - 2029This item first appeared in our Commercially Connected short dated 11 March 2026.On 9 March 2026 the UK Government published its fraud strategy for 2026 -2029 (Strategy), which aims to reduce crime and improve economicresilience through tackling fraud against both individuals and businesses.The Strategy is built on three pillars:• Disrupt the tech exploited by fraudsters to stop fraud at source: thisincludes setting up a new Online Crime Centre for information sharing,data analysis and collaboration against fraud by police, the intelligencecommunity and private sector partners; sponsoring the Global FraudSummit to strengthen cross-border cooperation in targeting fraud; workingwith the financial services, telecoms and online sectors to tacklecyber fraud, with a call for evidence on proportionate measures to reduceanonymity and strengthen accountability within the UK coms sector, and aconsultation by Ofcom on fraudulent advertising duties under the OnlineSafety Act 2023, planned for later this year.• Safeguard against vulnerabilities: expand the Stop! Think Fraudcampaign to include more fraud types; improve proactive policing andtargeted support to individuals who are at risk; give businesses adviceon improving their resilience.• Respond to instances of fraud: establish Report Fraud for reporting byfraud victims; set up a Fraud Victims Charter in 2027 to establishconsistent levels of victim support; enhance criminal and civil justiceincluding law enforcement investigation capabilities and international lawenforcement collaboration.At the same time the Home Office launched a call for evidence on how data isshared for detecting, preventing, investigating and disrupting economic crime suchas fraud, money laundering, corruption and asset recovery. Responses are due by 18May 2026.The Strategy has the potential to impact businesses positively, throughimproved guidance on preventative anti-fraud strategies and improvedresponses to fraud incidents. This should encourage businesses to reviewand strengthen their internal processes and staff training related to fraudprevention. In the longer term the Strategy may also lead to increasedscrutiny and possibly new regulatory requirements, particularly for those inthe financial services, telecoms and online sectors.Reform of UKProvision of ServicesRegulations 2009This item first appeared in our Commercially Connected short dated 11 March 2026.From 1 October 2026 the Provision of Services Regulations 2009 (Regulations) willbe amended. Draft amending regulations were published on 6 March 2026: TheProvision of Services (Amendment and Transitional Provisions) Regulations2026.This follows the Government’s response to a 2023 consultation on reform of theRegulations, which was published on 5 March 2026.The Regulations establish the framework for regulation of services in theUK, in particular the administration of authorisation schemes (that controllicensing of service providers) by competent authorities (local authoritiesand regulators). They also impose information provision and complaint handlingobligations on businesses. They apply to services provided for remuneration, otherthan those that are excluded (such as financial services, transport and healthcare).Commercially connectedUK and EU commercial law updates5The UK Government also relies on the Regulations as a way of ensuring compliancewith its commitments in Free Trade Agreements.The amending regulations will:• expand the scope of the Regulations so that they also apply toforeign service providers providing services in the UK, to ensure thatUK and foreign providers are subject to the same rules• make application processes under authorisation schemes consistent,easier to follow and more transparent, including by requiring competentauthorities to update applicants on their application status, to provideprocedures for resubmitting applications where practicable, not to preventapplications solely based on a previous rejection, to identify missinginformation in applications, and to provide prompt written confirmation ofapplication outcomes• clarify the rules on authorisation fees• update obligations on competent authorities to publish informationfor applicants onlineThe Government intends to publish guidance for competent authorities onthese changes, before they come into effect on 1 October 2026. Allcompetent authorities should ensure that they are ready to comply with thechanges when they come into force.GB machinery safetyregime to be alignedwith new EU regimeThis item first appeared in our Commercially Connected short dated 4 March 2026.On 26 February 2026 the Office for Product Safety & Standards (OPSS)published the outcome of its summer 2025 call for evidence on UK machinerysafety regulation.The OPSS is reviewing the Supply of Machinery (Safety) Regulations 2008, whichimplemented the EU Machinery Directive 2006 in the UK. These Regulations coverissues such as conformity assessments and they set out the legal basis forpermitting CE marked machinery products to be placed onto the GB market.From January 2027, in the EU, the EU Machinery Directive 2006 will be supersededby the Machinery Regulation 2023. Part of the OPSS call for evidence centred on theextent to which the UK’s machinery safety regime should be aligned with the new EUregime.The OPSS has confirmed that respondents to the call for evidence generallysupported continued recognition of CE marking and alignment with the EU approach.There was also support for digitalisation - such as digital product passports and QRcodes - to streamline compliance. Views on compulsory conformity assessments bythird parties were more mixed, whilst mutual recognition of conformity assessmentbodies was generally regarded as helpful.The OPSS has confirmed that the Government now intends to legislate forcontinued CE recognition for machinery products in GB and to align the GBregime with the new EU regime insofar as possible. No timeline is given.This approach will minimise trade friction between GB and the EU. It willalso mean that the rules for putting an in-scope product on the GB marketare aligned with the rules for the Northern Ireland market, as NorthernIreland has to follow certain EU product rules under the terms of theWindsor Framework.Government confirmschanges under theNational Security andInvestment Act 2021On 12 March 2026, the UK Government published its response to the consultation onthe National Security and Investment Act 2021 (Notifiable Acquisition) (Specificationof Qualifying Entities) Regulations 2021 (NARs). These regulations set out thesectors subject to mandatory notification under the National Security andInvestment Act 2021 (NSIA). The response provides early sight of planned changes,aims to reduce unnecessary filings and maintains safeguards against nationalsecurity risks.The key changes businesses should be aware of include:• the creation of a new schedule for the water sectorCommercially connectedUK and EU commercial law updates6• refinements to the AI schedule to achieve greater commercial pragmatism• the introduction of individual schedules for each of the semiconductor andcritical mineral sectorsOur team provided a comprehensive response to the Government’s consultation,drawing on our extensive experience of advising clients on multiple NSIA filingsacross various sectors. It is encouraging to see that the Government took account ofour suggestions, particularly in relation to: (i) the importance of balancing theprotection of national interests with ensuring that investment in the water sector isnot unduly impacted; (ii) acknowledging our real-world examples in support ofexcluding the use of licensed third-party AI systems; and (iii) clarifying and reducingthe scope of entities falling within the semiconductors sector.An overview of the proposed changes to the NARs is set out in: The results are in:Government confirms changes under the National Security and InvestmentAct.With thanks to James Lindop, Peter Harper, Claire Morgan and Annabel BorgCompanies HouseWebFiling - securityissues and next stepsOn 13 March 2026 Companies House was notified of a security issue in itsWebFiling platform that, in certain circumstances, allowed logged-in users (but notthe general public) to view or potentially amend non-public details relating to othercompanies. This included directors’ dates of birth, residential addresses and emailaddresses.It may also have been possible for unauthorised filings — such as accounts orchanges of director — to have been made on another company’s record. Accordingto Companies House, there is no evidence that passwords, identity-verificationinformation or existing filed documents were accessed or altered. Companies Housebelieves the flaw was introduced during a system update in October 2025.Companies House closed the WebFiling service while it investigated. Followingindependent testing, the service has now been restored.What companies should do nowCompanies House is asking all registered companies to:• Check their registered details and filing history for anything unusual.• In the event of any issues raise a complaint with Companies House if theyhave any concerns, including evidence of what appears incorrect. Companiesshould use the link here to do this: raise a complaint.Companies House has noted that, at this stage, there are no reports of data havingbeen accessed or changed without permission. Its investigation remains ongoing.If companies were unable to make a filing while the service was offline, CompaniesHouse advises filing as soon as possible and retaining screenshots of any errormessages for evidence.Companies should continue to monitor the Companies House website (Aboutour Services) for further updates.Companies House will be publishing a page with more details to answer any furtherFAQs companies may have. They will also be emailing every company’s registeredemail address to explain how to check their details and what steps to take if theyhave any concerns.With thanks to Sarah TurnerCMA response toconsultation onimproving the UKcompetition regimeOn 10 March 2026 the Competition and Markets Authority (CMA) published itsresponse to the January 2026 consultation on proposals to improve the pace,predictability, proportionality and process of the UK competition regime, stating itssupport for the majority of the proposed reforms. The CMA agrees that thelegislative framework that applies to its activities should be refined and improved.UK-EU CompetitionCooperationAgreementOn 25 February 2025 the UK and the EU signed a Competition CooperationAgreement, facilitating cooperation and coordination on competition matters suchCommercially connectedUK and EU commercial law updates7as antitrust and merger investigations. It will enter into force following ratification byeach party.Call for informationon new UK-EUSanitary andPhytosanitaryAgreementThis item first appeared in our Commercially Connected short dated 18 March 2026.On 9 March 2026 the Department for Environment, Food & Rural Affairs(DEFRA) issued a call for information on the proposed new UK-EU Sanitaryand Phytosanitary Agreement (SPS Agreement).The SPS Agreement is intended to reduce red tape at the border, making it easierand cheaper for plants, animals and their products (including food and drink) to beimported and exported and abolishing the vast majority of routine checks on animaland plant products moving between the EU and Great Britain (including betweenGreat Britain and Northern Ireland). The proposed SPS Agreement would bebeneficial for UK and EU businesses currently dealing with the costs and delayscaused by border checks and formalities. However, the SPS Agreement will alsorequire dynamic alignment with EU standards which has caused concern for many inthe agri-food sectors.The call for evidence is intended to gather information on how prepared businessesare for the SPS Agreement, how it will impact them and how the Government cansupport transition to the new regime. The Government currently intends for the SPSAgreement to take effect in mid-2027.Responses are due by 23 April 2026, and are sought from all stakeholdersacross agri-food sectors. All impacted businesses, including producers,wholesalers, retailers and logistics operators should respond to the call forinformation. Sharing insights and concerns will help the Governmentunderstand industry preparedness, the likely impact of these changes, andwhat support may be needed for a smooth transition.Inquiry and call forevidence on UKdynamic alignmentwith EUThis item first appeared in our Commercially Connected short dated 18 March 2026.As part of the UK-EU reset, the UK Government is negotiating with the EU anew Sanitary and Phytosanitary Agreement (SPS Agreement), anagreement to link the UK and EU Emissions Trading Schemes, and anagreement for the UK to participate in the EU internal electricity market.As part of these arrangements the UK will need to agree to dynamicalignment with relevant areas of EU law (with some ability for the UK to beinvolved in “decision shaping” this law), as well as a UK financial contribution tothese policy areas.The UK Government intends to bring forward a dynamic alignment/reset Billto implement the SPS Agreement by the end of this year. This may also beused to implement further agreements with the EU in the future.On 13 March 2026 the House of Lords European Affairs Committee launched a callfor evidence in relation to its new inquiry into dynamic alignment with the EU. Theinquiry is intended to help inform Parliament and the public about the impactdynamic alignment will have on the UK, as this marks a significant change in thepost-Brexit UK-EU relationship. Responses are due by 20 April 2026.All businesses likely to be affected by dynamic alignment should considerresponding to the call for evidence, as their input will help to shape futurepolicy and ensure their interests are represented.Report on UK-EUresetOn 4 March 2026 the House of Commons Foreign Affairs Committee published areport on its inquiry into the UK-EU reset.Conclusions and recommendations of particular interest to Commercial lawyersinclude:• There remains a risk of the EU imposing tariffs on British steel following June2026.• The UK and EU are urged to “go further and faster in strengthening defencecooperation and coordination”.• When delivered fully, the “Common Understanding” (which set the agendafor the UK-EU reset) should reduce trade barriers for some sectors.Commercially connectedUK and EU commercial law updates8However, its contents are somewhat disparate and it lacks a coherentroadmap for the future of UK-EU relations.• The Government is asked for further information on aspects of the proposedSanitary and Phytosanitary Agreement (SPS), including: whether exemptionswill be sought for animal welfare, genomic techniques and pesticides (toallow UK regulatory autonomy); an alleged termination clause that wouldrequire the UK to pay compensation to the EU if it terminates theagreement; temporary UK exemption from the EU Carbon BorderAdjustment Mechanism pending the SPS being entered into; and the extentof proposed UK alignment with EU laws.• A recommendation for clearer and cohesive communication on progressmade in UK-EU negotiations.• A recommendation for clarity on proposals for sectorial alignment with theEU and for reduction of barriers to trade and investment, includingregulatory non-tariff barriers to trade in goods, UK accession to the LuganoConvention for cross-border recognition of commercial judgments and closercooperation on financial services.• A recommendation that the Government publish a White Paper on the futureof the UK-EU relationship.• Implement appropriate measures for Parliamentary scrutiny.Lessons from caselaw: perpetual vsindefinite contractsIn Zaha Hadid Limited v The Zaha Hadid Foundation, the Court of Appealallowed an appeal relating to the ability to terminate a trade mark licence that wasexpressed to continue in force “indefinitely, unless terminated earlier in accordancewith this clause 12”. Clause 12 gave the licensor the right to terminate on 3 months’notice at any time, or for the licensee’s material breach or insolvency, but did notgive the licensee any right to terminate.The licensee argued that the clause should be interpreted as giving it a right toterminate on reasonable notice. At first instance it was held that the licensee did nothave this right and that, as a matter of construction, clause 12 was an exhaustivestatement of termination rights.The Court of Appeal disagreed, finding that there was a right for either party toterminate on reasonable notice - either as a matter of contract construction or as aresult of implying a term as a consequence of contract construction.This decision was reached from a review of relevant case law, whichconcluded that where a contract does not contain a right for one party (oreither party) to terminate, a two-step test should be applied. First, as amatter of construction, is the contract intended to be perpetual (i.e. to lastforever) or indefinite (i.e. to last for the time being until terminated). If acontract is perpetual then there is no right to terminate on reasonablenotice, but if it is indefinite then there is a right to terminate on reasonablenotice. The second step is to determine what constitutes reasonable noticeto terminate the indefinite contract in question, which is determined at thetime the notice is given and may be different at different points during thecontract term.In this case the contract was indefinite and not perpetual; both the language and thecommercial context of the trade mark licence supported this conclusion.This is a significant decision as it restates the law on perpetual contracts,making a clear distinction between contracts which are perpetual and thosethat are of indefinite duration. It is also a reminder that it is far better toinclude explicit contract terms dealing with the right to terminate a contractin a non-fault situation, rather than to rely on broad legal principles theapplication of which may result in a dispute.Lessons from caselaw: conditions vsinnominate termsIn SLB and others v PAK and others, in an appeal from an arbitral tribunal, itwas held that a contract obligation to provide a guarantee within 120 days,or such later date as the buyer may designate in writing from time to time,was an innominate term and not a condition. Although the buyer had acontractual right to terminate for failure to comply with this term, it wasnot entitled to loss of bargain damages.Commercially connectedUK and EU commercial law updates9As a reminder, contract terms are either:• conditions - terms that go to the heart of the contract, breach of which isknown as repudiatory breach, and gives rise to the right to claim damagesand to terminate the contract• warranties - terms that do not go to the heart of the contract, breach ofwhich gives rise to the right to claim damages only• innominate terms - terms in respect of which the remedy for breachdepends on the nature and effect of the breach at the time that it arises. Ifthe breach deprives the innocent party of substantially the whole benefitwhich it was intended that it should obtain, then it will be treated as abreach of conditionIn coming to its conclusion in this case the court found:• the starting point is that a term will only be treated as a condition or awarranty if the contract wording or context makes this clear; if not, the termwill be innominate• it is a matter of contract construction whether a term is a condition,warranty or innominate term• the words “by no later than 120 days…” did not in themselves make the terma condition, and the ability for the buyer to designate a later date was afactor pointing towards the term not being a condition• the obligation to provide the guarantee was not interdependent with othercontract terms - several payment instalments were deferred if the guaranteewas not provided, and the failure to provide the guarantee did not relievethe seller of the obligation to deliver the contract goods• the fact that the buyer had an express contractual right to terminate thecontract if the guarantee was not provided was a strong factor in theobligation being an innominate term - if it was a condition then the buyerwould have had a common law right to terminate for repudiatory breach andso the contractual termination right would have been unnecessary• further, the contractual termination right provided that all obligations, dutiesand liabilities of each party would be completely discharged on termination,thereby making it clear that there was no contractual entitlement to recoverloss of bargain damages - it would be inconsistent with this if there was alsoa common law right to terminate that gave rise to the right to recover loss ofbargain damages• a failure to provide the guarantee could constitute a minor or serious breachdepending on how late it was, and a range of potential impacts arising frombreach of one term is the “hallmark” of an innominate termThis case is a reminder that it is prudent to consider the impact of eachpotential breach under a contract at the drafting stage and to includeexpress remedies to deal with the consequence of each breach whereappropriate. If particular breaches by the counterparty are regarded asbeing sufficiently serious to constitute repudiatory breaches at commonlaw, it is a good idea to make this clear in the contract. However, whenconsidering potential damages claims arising from breach of contract,always consider how the exclusions and limitations of liability in thecontract will impact on these.EU IndustrialAccelerator ActpublishedThe EU Industrial Accelerator Act marks a decisive shift in Europe’sindustrial strategy, aimed at rebuilding manufacturing strength whilefast-tracking the clean transition. Targeting energy-intensive and strategicallycritical sectors, the proposal responds directly to global competitive pressures andthe growing risk of deindustrialisation within the EU.For more information see our Flash update: LinkedIn.EU proposessimplified rules forOn 25 February 2026, Committees of the European Parliament supportedproposals to introduce a new category of company - small mid-capenterprises (SMCs) - aimed at addressing the sharp increase in regulatoryCommercially connectedUK and EU commercial law updates10small mid-capcompaniesobligations that can arise when companies move beyond small and mediumsized enterprise (SME) thresholds. Members of the European Parliament (MEPs)propose defining SMCs as companies with fewer than 1,000 employees and either upto €200 million in turnover or €172 million in total assets, expanding on thethresholds originally proposed by the European Commission.If adopted, the proposals would extend certain SME-related regulatory flexibilities toSMCs across a number of EU frameworks. These include exemptions from somerecord-keeping obligations under the General Data Protection Regulation (GDPR)where processing does not pose a high risk to individuals’ rights, and measuresunder the Markets in Financial Instruments Directive (MiFID) enabling SMCs toaccess SME growth markets with simplified prospectus disclosure requirements. Thepackage also proposes adjustments to obligations under legislation coveringbatteries, fluorinated gases and the resilience of critical entities, as well as measuresintended to facilitate SMC access to trade defence instruments.The proposals must still be endorsed by the Parliament in plenary beforenegotiations with the Council can begin.Navigating EUregulatory trendsThis item first appeared in our Commercially Connected short dated 11 March 2026.Europe’s regulatory landscape is entering a period of profound transformation.Economic pressures, geopolitical tensions, and technological disruption are reshapingthe priorities of EU lawmakers, creating a dynamic environment wherecompetitiveness and security increasingly influence legislative agendas. This shiftmarks a departure from the previous emphasis on sustainability and standardsetting, signalling a new era of regulatory complexity and strategic opportunity forglobal businesses operating in Europe.Our report provides a clear roadmap for navigating these changes. It examines theforces driving EU regulatory reform, highlights emerging trends, and analyses theirimplications for businesses across sectors. You will gain practical insights intoupcoming legislation, understand the trade-offs between competitiveness, securityand sustainability, and access actionable recommendations to future-proofcompliance strategies. By engaging with this report you can identify growthopportunities, mitigate risks, and position yourself as trusted EU-aligned players in arapidly evolving market.Access the report here: Opportunities, Risks and Strategic Actions -Navigating EU Regulatory Trends.With thanks to Dr. Alexander Niethammer and Pia Krökel Caruana.EU pharmaceuticallaw reformOn 11 December 2025, the EU agreed on the most significant reform of EUpharmaceutical law in over 20 years. The reform reshapes how innovationincentives, supply security and public access to medicines are balancedacross the EU.Early negotiations raised concerns that intellectual property incentives for innovativemedicines would be weakened. The final agreement, however, retains coreprotections, including a baseline of eight years of regulatory data protection and oneyear of market protection. Additional exclusivity extensions also remain availablewhere specific criteria are met. At the same time, the package introduces newlaunch, supply and transparency obligations that may materially affect marketaccess strategies.The reforms signal a more interventionist EU approach to pharmaceuticals, whilecontinuing to protect pharmaceutical innovation. Commercial incentives are linkedmore closely to public value objectives such as medicine availability andantimicrobial resistance.The package is expected to enter into force at the end of Q2 2026, following formaladoption and publication. Member States must transpose the directive, while theregulation applies after an approximate two-year transitional period. However, someprovisions will apply on a staggered basis. These include measures on criticalmedicines, supply security and the grandfathering of protection periods.To read more, see our full briefing: EU: Pharmaceutical Law Reform.Commercially connectedUK and EU commercial law updates11With thanks to Dr. Tobias Maier, Edward M. Tompkin-Haag, Marta Gonzalez Diaz andEduardo BuitronHow statutorywarranty laws differacross jurisdictionsThis item first appeared in our Commercially Connected short dated 4 March 2026.How statutory warranty laws differ across jurisdictions: understanding thedifferences between statutory warranty regimes for B2B sales agreementsacross key European jurisdictions.When supplying goods across borders, statutory warranty rules may affect your riskexposure, customer obligations and the enforceability of contractual limitations.Although warranty regimes across European countries seem similar at first sight,each jurisdiction imposes different warranty provisions in the B2B context. Otherthan for consumer law, generally no EU laws regulate this field.Whenever a company operates via distribution models, delivers or purchases goodscross border or negotiates pan European supply agreements, understanding thesedifferences can be helpful. Depending on the governing law and type of contract,mandatory warranty provisions may override or supplement your negotiated terms,limit your ability to exclude liability, or impose specific repair and replace obligations- or apply per se if nothing is agreed on to deviate from the statutory concepts.Hence choosing the governing law for your contract might be just as important asthe contractual provisions themselves and can determine whether it is advisable foryou to divert from statutory provisions by agreement.While the individual circumstances always matter, several jurisdictions offer stricteror more seller-friendly frameworks than others. For a high level overview of thestatutory warranty landscape applicable for the sale of movable, non-digitalgoods in a B2B context across Germany, UK, France, Belgium, Romania,Czech Republic, Switzerland, Austria, Italy, Netherlands, and Ireland, seeHow statutory warranty laws differ across jurisdictions.Key considerations to take awayDepending on whether you are selling or purchasing goods, it is worth assessing thespecific statutory warranty provisions of jurisdictions where a governing law can bechosen for your contractual relationship. Sellers may favour legal systems allowinggreater limitation or exclusion of warranty obligations, while buyers might preferjurisdictions with stricter or more structured statutory protections. Hence, reviewingthe length of warranty periods, burden of proof rules, notice requirements, and theavailability of remedies is essential for understanding where the risk profile bestaligns with the business model. Equally important is deciding whether to rely onstatutory provisions or consciously depart from them through mutual agreement.With thanks to Beatrice Bigonzi, Edward M. Tompkin-Haag, Maarten Stassen, ManuelBoka, Olaf van Haperen, Dr. Tobias Maier, Brian Connolly, Irina Stoicescu, OndrejSudoma, Chloe Charbeaux and Marius KundererYou may also beinterested in:The UK Employment Rights Bill: changes to collective redundanciesThe UK Employment Rights Act: equality and harassment dutiesUK Retail Finance Horizon Scanner - February 2026Financial Services Regulatory Calendar 2026Financial Crime Horizon Scanner: Sanctions Shifts, Transparency Rules &AML PrioritiesEU Legislation Roundup: February 2026Global Health & Life Sciences BulletinLinks Visit our Strategic Contracts hubCommercially connectedUK and EU commercial law updates12ESGDevelopment SummaryGlobal sustainabilityand ESG Insights -February 2026This item first appeared in our Commercially Connected short dated 18 March 2026.Global Sustainability & ESG Insights - February 2026: in the latest edition ofour monthly Global Sustainability & ESG Insights we provide you with a summary ofthe key developments from around the world from February 2026, including:• SBTi launches consultation on updated Automotive Net Zero Standard• Hong Kong: electric vehicles roadmap updated• EU: Omnibus I Package: Sustainability Reporting and Due Diligence rulessimplified• EU: Climate Law• EU: Ecodesign for Sustainable Products Regulation• EU: Standard for Carbon Removal Projects published• UK: Sustainability Reporting Standards published• UK: draft Deposit Return Scheme for Drinks Containers (Wales) Regulations2026 published• UK: Biodiversity Beyond National Jurisdiction Act finalised• UK: Carbon Border Adjustment Mechanism development• UK: Forever Chemicals Action Plan published• UK: FCA consultation on Sustainability Disclosures for listed companies• US: EPA finalizes rule adding chemical to the Toxics Release InventoryCommercially connectedUK and EU commercial law updates13• US: 2009 Endangerment Finding rescinded• US: New York advances Climate & Environmental Protection PackageFinal UKSustainabilityReporting StandardspublishedThis item first appeared in our Commercially Connected short dated 4 March 2026.On 25 February 2026, the Department for Business and Trade (DBT)published the final UK Sustainability Reporting Standards (UK SRS), based onthe first two Sustainability Disclosure Standards issued by the InternationalSustainability Standards Board in June 2023 (ISSB Standards). Thepublication represents a significant step in creating a consistent,internationally aligned sustainability reporting framework for UKcompanies.UK SRS are available for voluntary use now. The Government will consult later in2026 to determine which entities will need to apply the standards and when.Background to UK SRSTwo standards have been published: (1) UK SRS S1: General Requirements forDisclosure of Sustainability-related Financial Information and (2) UK SRS S2:Climate-related Disclosures.UK SRS S2 builds on the existing Taskforce on Climate-related Financial Disclosures(TCFD) framework, which has applied to certain UK companies since 2021. UnlikeTCFD, UK SRS S1 requires broader disclosure of sustainability-related financialinformation.For further detail on the key amendments to the ISSB Standards see our briefing:UK: Final UK Sustainability Reporting Standards publishedNext steps and actionsUK SRS sits within the broader Modernising Corporate Reporting (MCR) programme,under which the Government will consider making UK SRS reporting mandatory forlarger private entities not subject to FCA regulation. The Government intends toconsult further on its MCR programme later in 2026. The Government aims tobalance simpler reporting requirements with the benefits of enhanced sustainabilitydisclosures.Separately, the FCA is currently consulting on amendments to the UK Listing Rulesto require in-scope listed entities to report climate-related information under UK SRSS2 (excluding Scope 3 emissions) on a mandatory basis, with Scope 3 emissions andnon-climate sustainability matters subject to "comply or explain" reporting. Phasedimplementation is proposed from 1 January 2027.Companies in the UK should now:• Consider whether, to meet investor expectations and help streamlinereporting obligations to lenders, financial sponsors and customers, theyshould adopt the standards voluntarily ahead of becoming subject tomandatory requirements. This may also be helpful to achieve globalconsistency.• Carry out a gap analysis against their current climate and sustainabilityreporting (including the EU Corporate Sustainability Reporting Directive,where applicable) to highlight where additional data, systems, processes andgovernance will be required to report against UK SRS.• Monitor developments with the Government's wider MCR programme, whichmay result in mandatory UK SRS reporting for economically significantprivate entities.• Plan for future audit and assurance of disclosures (which is likely to emergeas an expectation).The publication of UK SRS marks a significant step in the shift towards globallyconsistent sustainability reporting. Early planning will help companies manage dataand governance challenges and integrate sustainability-related information moreeffectively into financial reporting.With thanks to Phil Spyropoulos, Sarah Turner and Thomas PritchardCommercially connectedUK and EU commercial law updates14UK EPR On 23 March 2026 PackUK announced that UK Packaging PRO has beenappointed as Producer Responsibility Organisation (PRO) for the UK EPR(Extended Producer Responsibility for packaging) scheme, with effect from1 April 2026. This is a collaborative group made up of over 100 brands, retailersand trade bodies, and it will help PackUK administer the scheme, in order to supportcloser producer involvement.The EPR scheme requires packaging producers to pay all the costs of collecting anddisposing of their packaging when it becomes waste. The policy aim is to drivepackaging producers towards using less packaging and choosing moreenvironmentally friendly options.UK consultation onsustainable aviationfuelOn 23 March 2026 the Department for Energy Security and Net Zero openeda consultation on the treatment of sustainable aviation fuel under the UKEmissions Trading Scheme.Consultation closes on 15 June 2026 and businesses in the aviation sector shouldconsider responding.Waste crime actionplan for EnglandOn 20 March 2026 the Department for Environment, Food & Rural Affairspublished its waste crime action plan for England, based on the principles ofprevention, enforcement and remediation. Measures being introduced include newenforcement powers and an increased enforcement budget, a new Operational WasteIntelligence and Analysis Unit, clean-up of the worst illegal waste sites, naming andshaming offenders, and penalty points on driving licences of fly tipping offenders.Welsh Biodiversity BillpassedOn 24 February 2026 the Welsh Government announced that theEnvironment (Principles, Governance and Biodiversity Targets) (Wales) Billhad been passed. This will:• establish in Welsh law principles of precaution, prevention, rectification atsource and polluter pays, together with an overarching objective of ensuringa high level of environmental protection, improving environmental qualityand contributing to sustainable development• create the Office of Environmental Governance Wales, an independent bodytasked with holding public bodies to account on environmental lawcompliance• require Welsh Ministers to set legally binding biodiversity targetsWales proposesmandatory digitalwaste tracking regimeOn 3 March 2026, the Welsh Government laid the draft Digital Waste TrackingRegulations 2026 before Senedd Cymru. The draft Regulations, expected tocome into force on 1 October 2026, will introduce the first phase of a digitalsystem to record the movement of controlled waste in Wales. Under theRegulations, operators of permitted sites receiving controlled waste will be requiredto record specified information about waste received and ensure that it is uploadedto the digital tracking system using approved software, replacing existing paperbased waste transfer notes and hazardous waste consignment notes.The Regulations are made under powers in the Environment Act 2021 and form partof a wider UK programme to introduce digital waste tracking, with each nationadopting its own legislation. A later phase is expected to extend digital tracking fromthe point waste is produced through transport to the receiving site and to includecertain commercial waste received at household recycling centres.Businesses in the Welsh waste sector should prepare for a move towardmandatory digital recording and reporting of waste movements, requiringoperators to ensure systems and processes are in place to capture andsubmit the required data once the regime is implemented.Changes to Welshrules for separatecollection of wastematerial for recyclingOn 6 April 2026 The Waste Separation Requirements (Wales) (Amendment)Regulations 2026 come into force, making minor amendments to the WasteSeparation Requirements (Wales) Regulations 2023 which require occupiers of nondomestic premises in Wales to separate recyclables for collection.The amending regulations require separation of all small waste electricaland electronic equipment and remove expanded polypropylene plasticCommercially connectedUK and EU commercial law updates15packing from the list of waste sub-fractions in the plastic waste stream.Organisations in Wales should familiarise themselves with the changes.The Welsh Government has also updated its statutory code of practice on separatecollection of waste material for recycling to reflect these changes.Omnibus I Directivepublished in OJEUOn 18 March 2026 the Omnibus I Directive, which simplifies the CorporateSustainability Reporting Directive (CSRD) and Corporate Sustainability DueDiligence Directive (CS3D) came into force.Member States must transpose the CSRD provisions into national law by 19 March2027 and the CS3D changes by 26 July 2028. For a reminder of the changes madeby Omnibus I see the December edition of Commercially Connected.Businesses affected by the new thresholds may need to adjust theirsustainability reporting and due diligence processes. The changes could alsoinfluence how organisations prioritise risk management across supplychains and business relationships.Call for feedback onEnvironmentalOmnibusOn 12 March 2026 the European Commission opened a call for feedback onthe Environmental Omnibus. This Omnibus was proposed in December 2025 andaims to reduce administrative burdens for businesses in relation to waste, productsand industrial emissions, while seeking to maintain high environmental and healthstandards.Feedback is due by 7 May 2026 and all businesses impacted by potentialchanges should consider sharing their views.Call for evidence onreview of EU WaterFramework DirectiveOn 17 March 2026 the European Commission issued a call for evidence inrelation to a review and proposed revision of the Water FrameworkDirective. Changes are intended to improve EU access to critical raw materials, aspart of the wider policy aim of protecting industry and supply chains fromgeopolitical and price shocks.Responses are due by 14 April 2026 and businesses involved in ordependent on supply chains for critical raw materials should respond tohelp shape this strategy.Amended EU ClimateLawOn 18 March 2026 the amended EU Climate Law was published in the OJEU, and itcomes into force 20 days later. This introduces a binding target for the EU to reduceGHG emissions by 90% by 2024 (as compared to 1990 levels).Businesses may face increased regulatory pressure to reduce emissions andadopt cleaner technologies as a result of this Act, and supply chains mayneed to adapt to stricter environmental standards and reporting.Emissions credits forheavy duty vehiclesOn 12 March 2026 the European Parliament adopted a European Commissionproposal for a Regulation to introduce more flexibility in the way emissioncredits for heavy duty vehicles are calculated. This is part of the EU automotivepackage which supports a transition to clean mobility.The European Council now needs to adopt the Regulation, following which it will bepublished in the OJEU and enter into force. Businesses using heavy dutyvehicles in their operations should review the changes.Links Visit our ESG hubCommercially connectedUK and EU commercial law updates16Consumer lawDevelopment SummaryDMCC consumer ADRregimeOn 6 April 2026 The Digital Markets, Competition and Consumers Act 2024(Commencement No. 3 and Transitional Provisions) Regulations 2026 will comeinto force.The regulations will bring into force the parts of the Digital Markets,Competition and Consumers Act 2024 (DMCC) that relate to the ADR regimefor consumer disputes, replacing the existing regime under The AlternativeDispute Resolution for Consumer Disputes (Competent Authorities andInformation) Regulations 2015.The key change from the old regime is that mandatory accreditation is required forADR providers. Provisions on ADR fees have also been tightened. Traders are onlyrequired to notify consumers about ADR or other arrangements that are actuallyavailable, whereas under the old regime traders have to notify the consumer aboutADR even if the trader isn’t obliged or willing to carry out ADR. There is also noobligation under the new regime to provide information about ADR on websites or interms and conditions.Traders should ensure that they are ready to comply with the new regime,and should familiarise themselves with the transitional provisions in respectof any existing consumer disputes.CMA guidance onconsumer law and AIagentsOn 9 March 2026 the Competition and Markets Authority (CMA) publishedguidance on complying with consumer law when using AI agents. Thisemphasises that the same rules apply however you interact with consumers, andthat when using an AI agent you should tell consumers that this is the case, trainyour AI agents to comply with the law, monitor performance by AI agents and reactquickly to problems.Commercially connectedUK and EU commercial law updates17This guidance is of relevance to all consumer-facing organisations that useAI in their dealings with customers.CMA research onagentic AI andconsumersOn 9 March 2026 the Competition and Markets Authority (CMA) published thefindings of its research into agentic AI and consumers. It notes that we arecurrently at a potential turning point, where use of AI as a tool could transform intouse of AI to anticipate our needs and execute transactions on our behalf. This comeswith the usual warning that safeguards need to be built into agentic AI systems toensure that risks are minimised while benefits and opportunities are harnessed.ICC guide onresponsible AI inmarketingOn 20 March 2026 the ICC published a guide on how to apply its Advertisingand Marketing Communication Code when using AI. This is intended to be apractical guide for marketers, advertising agencies, influencers and anyone elseinvolved in marketing and advertising.CMA annual plan for2026-27On 23 March 2026 the Competition and Markets Authority (CMA) publishedits annual plan for 2026-27, largely reflecting the draft plan that was consulted onin January.For consumer protection, key priorities include fostering trust and confidence toenable consumers to engage meaningfully in the economy and to ensure faircompetition among businesses; initial investigations into price transparency andpotentially misleading online choice architecture; strategic implementation of theDMCC regime, focusing on areas involving essential expenditure or clear violations ofthe law, while encouraging behavioural change within businesses and sectorsthrough advisory letters and broader engagement measures.EU annual SafetyGate reportOn 5 March 2026 the European Commission published its annual report onSafety Gate, the EU Rapid Alert System for dangerous non-food products.The report notes that the number of alerts notified through Safety Gate in 2025 wasthe highest ever, with the most frequently reported dangerous products beingcosmetics (36%), toys (16%) and electricals (11%).The Commission notes that it is currently planning sector “sweeps” to checkcompliance with the General Product Safety Regulation, as well as coordinatedproduct safety actions between national authorities. The Commission also intends toupdate rules on market surveillance and product compliance via the EU Product Actlater in 2026. Businesses manufacturing and supplying consumer goods shouldensure that they are complying with all relevant product safety laws.Links Visit our Consumer hubCommercially connectedUK and EU commercial law updates18Cyber securityDevelopment SummaryVersion 1.0 of UKDigital VerificationServices TrustFramework prereleasedOn 3 March 2026 the UK Government published a pre-release of Version 1.0of the UK digital verification services (DVS) trust framework (Framework),together with supplementary codes and supporting documents.A DVS enables a person to prove their digital identity. The Framework sets the rulesfor organisations to be certified as trustworthy DVS providers. Section 28 of the Data(Use and Access) Act 2025 (DUAA) introduced a regulatory structure for theFramework.Version 1.0 of the Framework should be published in final form and comeinto force later this year, once conformity assessment bodies have beenaccredited to certify DVS providers against it. At this point DVS providerswill be able to apply for certification under Version 1.0 (rather than thecurrent pre-DUAA version).Consultation on EUCyber Resilience ActguidanceOn 3 March 2026 the European Commission launched a consultation on itsnon-binding guidance on how to apply the Cyber Resilience Act (CRA) inpractice.The CRA will impose obligations on manufacturers, producers and importers to makeproducts with digital elements safe to use and resilient against cyber threats and toadequately disclose security features. Most of the CRA will start to apply from 11December 2027, but from 11 September 2026 manufacturers of products with digitalelements will be required to notify, via a single reporting platform, actively exploitedvulnerabilities and incidents that could affect the security of that product.The guidance is aimed at facilitating compliance by manufacturers,developers and other stakeholders, in particular microenterprises and SMEs.It focuses on the scope of the CRA, in particular remote data processing solutionsCommercially connectedUK and EU commercial law updates19and free and open-source software, support periods, the interplay between the CRAand other EU legislation, and the concept of substantial modification.Responses are due by 31 March 2026. Organisations dealing in productsthat are potentially in-scope of the CRA should review the draft guidanceand provide feedback on any aspects of it which are unclear or wouldbenefit from further clarification.EDPB and EDPS JointOpinion on EUCybersecuritypackageOn 18 March 2026 the European Data Protection Board (EDPB) andEuropean Data Protection Supervisor (EDPS) adopted a Joint Opinion on theproposed EU Cybersecurity package, with a focus on those aspects of thepackage that interact with the processing of personal data.This package was proposed in January 2026, and is aimed at strengthening the EU’sresilience against growing cyber and hybrid threats targeting essential services,democratic institutions and critical infrastructure. Proposals include an overhaul ofthe EU Cybersecurity Act, enhancing the European cybersecurity certificationframework, targeted amendments to NIS2 to simplify compliance and giving greaterpowers to the European Union Agency for Cybersecurity (ENISA). For more detailedinformation see the January edition of Commercially Connected.The matters covered in the Opinion include:• support for the objectives of strengthening ENISA’s role, facilitating take upof cybersecurity certification, aiding NIS2 compliance and addressing risks toICT supply chains• support for a single-entry point for reporting personal data breaches (asstated in their Joint Opinion on the Digital Omnibus proposal)• in line with the GDPR, cybersecurity measures that involve processing ofpersonal data must be necessary and proportionate• it should be clarified that the EDPR, as well as the EDPB, can request advicefrom ENISA on implementation of EU cybersecurity laws and policies thatrelate to data protection and privacy• provisions relating to ENISA’s role as a central hub for operationalcooperation should be tightened up in order to make it clear that these donot circumvent the need for compliance with data protection laws• clarificatory changes are needed to the European Cybersecurity Skillsframework that sets standards for cybersecurity jobs• the interplay between cybersecurity certification and GDPR certificationshould be clarifiedWe will monitor and report on progress of the reforms proposed in the Cybersecuritypackage.FAQs on EUCybersecurity ActSingle ReportingPlatformFrom 11 September 2026, under the EU Cybersecurity Act, manufacturers ofproducts with digital elements will be required to notify, via a SingleReporting Platform (SRP), actively exploited vulnerabilities and incidentsthat have a severe impact on the security of that product.This month the European Union Agency for Cybersecurity (ENISA) publishedFAQs on the SRP, which it says will be able to be used for both mandatory andvoluntary reporting.Producers of in-scope products will need to comply with the new regime and soshould review the FAQs to aid reporting compliance.Links Visit our Data Privacy, Security and Technology hubCommercially connectedUK and EU commercial law updates20Data protection and privacyDevelopment SummaryICO consultation onguidance on research,archiving andstatistics provisions inUK data protectionlawOn 27 February 2026 the Information Commissioner’s Office (ICO) launcheda consultation on updates to its guidance on the research, archiving andstatistics provisions in UK data protection law, following the Data (Use andAccess) Act 2025 (DUAA) coming into force on 5 February 2026.The ICO is particularly interested in views on its guidance on the revised criteria forscientific research, and the new “disproportionate effort” exemption from therequirement to inform data subjects that previously collected data is to be re-usedfor research purposes (Section 77 DUAA).Consultation closes on 27 April 2026. Organisations involved in carrying outresearch, archiving or processing for statistical purposes should considerreviewing the guidance and responding to the consultation to share theirviews on how clear and helpful the guidance is.ICO open letter onage assurance forsocial media andvideo sharingplatformsThis item first appeared in our Commercially Connected short dated 18 March 2026.On 12 March 2026 the Information Commissioner’s Office (ICO) published anopen letter to social media and video sharing platforms on strengtheningage assurance. This is part of the ICO’s Children’s Code strategy.Key messages include:• if platforms have set a minimum age for use of their services, theywill generally have no lawful basis for processing personal data ofchildren below that age• platforms should therefore urgently review their age assurance measuresto ensure underage children cannot access their servicesCommercially connectedUK and EU commercial law updates21• self-declaration of age is not an effective means of age assurance, asit can easily be bypassed• sophisticated age assurance tech solutions now exist and should beimplemented, with examples including facial age estimation, digital ID andone-time photo matching, but the tech itself must comply with dataprotection law (it must be lawful, fair, proportionate, secure, collect theminimum necessary personal data, and be clearly explained to users in anage-appropriate manner)• the ICO will be monitoring compliance by platforms and this will help informwhether further regulatory action is undertakenAll platforms should review and update their age assurance measures inlight of this letter to ensure they are sufficiently robust, or risk regulatoryscrutiny and potential enforcement action.Also on 12 March, Ofcom sent out similar messaging and announced that it will bereporting on age assurance measures and children’s online experiences, in thecontext of the Online Safety Act 2023. in May.ICO publishesinformation on datasecurity breachesOn 12 March 2026 the Information Commissioner’s Office (ICO) publishedinformation on data security breaches that have been reported to it. Thedata relates to Q4 2025, during which 23% of reported breaches were cyberincidents and 77% were non-cyber; data emailed to the wrong recipient was themost common incident type; and the health sector suffered the highest number ofreported incidents.This data demonstrates that human error accounts for a significantproportion of incidents. Organisations should ensure that staff are givenappropriate training to minimise the scope for error.Alongside the data the ICO has also publicised its guidance on data security andhow to deal with personal data breaches, which all organisations shouldfamiliarise themselves with.Consultation ondigital IDsOn 10 March 2026 the Cabinet Office launched a consultation on a proposeddigital ID system, which aims to enable easy access to all governmentservices. The principles of usefulness, inclusivity and trust will underpin thissystem. The Government also intends that digital ID will be used to check workers’rights to work to prevent illegal working.Consultation is open until 5 May 2026. Following this the Government will establish a“People’s Panel” to help inform next steps.EDPB CoordinatedEnforcementFramework actionfocus for 2026On 19 March 2026 the European Data Protection Board (EDPB) announcedthat its Coordinated Enforcement Framework action focus for 2026 will beGDPR transparency and information obligations, i.e. the obligation to ensurethat individuals are informed when their data is being processed.During 2026, 25 EU data protection authorities will assess how controllers arecomplying with transparency obligations, using enforcement actions and fact-findingexercises across multiple sectors. Findings will be shared and consolidated into anEDPB report later in the year, with potential follow-up at national and EU level. Thisinitiative signals coordinated regulatory scrutiny of privacy notices andtransparency practices, increasing enforcement risk for organisations withnon-compliant practices.EDPS Compass for itsrole under the AI ActOn 17 March 2026 the European Data Protection Supervisor (EDPS) publisheda “Compass” document outlining how it intends to fulfil its new role underthe EU AI Act, in which it is designated as a market surveillance authority for AIsystems used by EU institutions, bodies, offices and agencies, as well as a notifiedbody for conformity assessments of certain high-risk AI systems. The role will befulfilled based on the four pillars of supervision of EU AI systems, contribution to AIAct governance and regulatory coordination, institutional empowerment fortrustworthy AI, and international engagement and exchange of best practices.Consultationresponses to draftOn 12 March 2026 the European Commission and the European DataProtection Board (EDPB) published the contributions received to theirCommercially connectedUK and EU commercial law updates22guidelines oninterplay betweenDigital Markets Actand GDPRconsultation on the draft guidelines on the interplay between the DigitalMarkets Act and the GDPR. Responses are currently being reviewed, followingwhich the Commission and EDPB will decide whether to make any changes to thedraft guidelines.The final form guidelines are expected to be adopted in Q4 2026.EDPB and EDPS JointOpinion on proposalfor EU Biotech ActOn 12 March 2026 the European Data Protection Board (EDPB) andEuropean Data Protection Supervisor (EDPS) published a Joint Opinion on theEuropean Commission’s proposal for a European Biotech Act (Act).The Act is intended to strengthen the EU biotech and biomanufacturing sectors andto facilitate consistent application of the EU Clinical Trials Regulation. The EDPB andEDPS welcome the proposal and support its objectives, but make a number ofrecommendations to clarify aspects of the proposal that interplay with GDPRcompliance. Recommendations include clarifying the roles of clinical trial sponsorsand investigators as sole or joint controllers, retention periods for personal data, andpurposes and safeguards for further processing of personal data for other clinicaltrials or scientific research, as well as requiring pseudonymisation of personal datawhenever it isn’t necessary to process directly identifiable personal data. They alsosuggest that it would be advisable for the legislators to make it mandatory for theEDPB to produce guidance on how to assess whether clinical trials are GDPRcompliant, and for the European Medicines Agency to cooperate with the EDPB inproducing guidance that relates to personal data and the use of AI in clinical trials.Links Visit our Data Privacy, Security and Technology hubCommercially connectedUK and EU commercial law updates23IPDevelopment SummaryUK Governmentpublishes key reporton copyright and AIOn 18 March 2026, the UK Government published two key documents asrequired by section 136 of the Data (Use and Access) Act 2025: Report onCopyright and Artificial Intelligence (the Report) and an accompanying Copyrightand AI Economic Impact Assessment (the Impact Assessment). Thesedocuments examine how copyright law applies to AI development and set outpotential policy options for reform. See our detailed briefing for more information:UK Government tentatively sides with creatives in its Report on Copyrightand AI but much uncertainty remains.Significantly, the Government has decided not to proceed with its initialpreferred option of a broad copyright exception with the right to opt out,which will be welcome news to creative industries and rights holders.Instead, it proposes to gather further evidence before adopting a position orintroducing any legislative changes; a recurring theme throughout the documents,which will no doubt be disappointing for those hoping for greater clarity on theGovernment’s direction of travel in this area.The consultation set out four policy options:• Option 0: maintaining the status quo;• Option 1: strengthening copyright to require licensing in all cases• Option 2: introducing a broad data mining exception without the right to optout• Option 3: introducing a data mining exception with the right to opt out andtransparency measures.The most notable and tangible stance taken is the Government’s confirmation thatoption 3 is “no longer the government’s preferred way forward”, adopting theposition recommended in House of Lords report on AI, copyright and thecreative industries published on 6 March. For the time being the status quo isCommercially connectedUK and EU commercial law updates24maintained, favouring creative industries over AI developers, with the Reportindicating the Government will consider and engage stakeholders on other potentialpolicy approaches. Aside from this, the Report adopts a cautious wait-and-seeapproach.It proposes developing best practice guidance on transparency, includingpotential standards for web crawlers, recordkeeping, dataset disclosure andlabelling of AI-generated content. Licensing is reaffirmed as the primarylawful route for training large-scale generative AI systems, with noimmediate government intervention in the licensing market. A CreativeContent Exchange pilot platform is expected to launch by summer 2026 to testcommercial licensing models.The Government proposes removing copyright protection for wholly AI-generatedworks, while retaining protection for AI-assisted works involving human creativity. Italso recognises growing risks around AI-generated digital replicas and will explorewhether a new personality or digital replica right is needed. The Report highlightsthe importance of technical standards and metadata and acknowledges ongoingenforcement challenges given opaque training practices and cross-border AIdevelopment.For right holders and creative industries, the Government's cautiousapproach represents a win in the form of the continuation of the status quo,with copyright remaining a barrier to unlicensed AI training in the UK andlicensing remaining the primary lawful route for AI training. However,practical enforcement challenges persist, particularly given that mostfrontier AI model training occurs outside the UK in jurisdictions with morepermissive regimes.For AI developers, the UK's current copyright framework continues topresent constraints on domestic AI training. SMEs may facedisproportionate compliance burdens, and the uncertainty around futureregulatory changes may affect investment decisions. The Governmentrecognises that around one in three UK AI start-ups are reportedlyconsidering relocating, citing regulatory environment among their reasons.The Report signals that significant copyright reform remains some way off.Transparency obligations look set to increase, both for training data and AIgenerated outputs. Technical standards for metadata and rights signals arelikely to become more important. Digital replicas and computer generatedworks are areas to watch for future reform. It is clear that internationaldevelopments will influence UK policy and compliance requirements and sodevelopments in international litigation, regulation and strategy shouldcontinue to be monitored.UK report on AI,copyright and thecreative industriespublishedThis item first appeared in our Commercially Connected short dated 11 March 2026.On 6 March 2026 the House of Lords Communications and Digital Committeepublished its report on AI, copyright and the creative industries, followingits inquiry into copyright and AI.The report concludes that copyright protection for creators is under threat from genAI. This is due to gen-AI’s ability to quickly create imitations of creative works,having learned from large collections of human-created content, often withoutpermission or payment. According to the report, this is not due to defectivecopyright laws, but rather to the unlicensed use of copyright protected works andlack of transparency by AI developers on how AI systems are trained. The lack of arobust ‘personality right’ or specific protection for digital likeness in the UK alsomeans that creators and performers cannot challenge harmful outputs that imitatetheir distinctive style, voice or persona.The report makes the following recommendations to the Government:• Following its December 2024 consultation, make a final decision on itsapproach to copyright and AI in the next year. In the meantime, axe theproposal for a commercial text and data mining (TDM) exception tocopyright law with an opt-out right for copyright holders, and make apublic statement to the effect that AI developers in the UK must obtainlicences before using copyright protected works to train gen-AI models. Thereport stresses that the interests of the UK creative industries and domesticCommercially connectedUK and EU commercial law updates25AI sector should be prioritised over the interests of international tech firms.• Establish new laws to protect against unauthorised digital replicasand AI outputs that imitate someone's style, giving creators controlover their commercial identity.• Develop a legal framework for proportionate, mandatorytransparency reporting on AI training data. Also consider how toencourage compliance by international developers through publicprocurement and regulatory tools.• Prioritise development and adoption of sovereign AI models thatprovide enhanced transparency and respect for copyright.• Support a fair, inclusive UK licensing market and promote open,interoperable globally aligned standards for rights reservation, dataprovenance, and labelling of AI-generated content.Under the Data (Use and Access) Act 2025, the Government is due topublish an impact assessment and progress report on copyright and AIissues by 18 March 2026, so we should soon see the extent to which thefindings of this House of Lords Committee report are to be taken on boardby the Government. Rightsholders and AI developers and deployers alikeshould closely monitor developments. For the time being, the positionremains that failure to obtain appropriate licences to use copyrightprotected works in training AI systems could lead to claims for copyrightinfringement by rightsholders.UPDATE: the report and impact assessment have now been published - see articleabove.New collective AIlicensing schemeoffered to publishersPublishers’ Licensing Services (PLS) has launched the first stage of a newvoluntary collective licensing scheme to support lawful generative AI use ofpublished content. Developed with the Copyright Licensing Agency (CLA) and theAuthors’ Licensing and Collecting Society (ALCS), the initiative provides a structuredroute for AI companies to license and access text-based works for model training,fine-tuning and retrieval-augmented generation. A central content repository will behosted by the CLA, with licence revenues distributed back to participating publishers.The scheme responds to increasing concern that AI developers are training modelson large volumes of copyright protected material without permission. By opting in,publishers can ensure their content is used lawfully and is fairly valued, while alsogaining access to an emerging AI licensing market. The model builds on the UK’sestablished voluntary collective licensing framework, offering a scalable alternativeor complement to direct commercial agreements with AI companies.Participation is optional, and publishers can choose which works to include and whichAI uses to authorise. The scheme is open to all sectors, including book, academic,magazine, specialist, professional and educational publishing (subject to existing CLAor NLA licensing arrangements). PLS is now inviting publishers to opt in and beginonboarding content.Human Authored logoscheme launched bythe Society of AuthorsThe Society of Authors (SoA), working with the US Authors Guild, haslaunched the Human Authored logo scheme to enable authors to identifyand promote works created by humans amid the increasing numbers ofAI-generated books. The initiative is intended to protect human creativity, drawattention to the skill, empathy and imagination involved in original writing, andsupport fair payment for authors. It reflects growing concern that unregulatedgenerative AI is undermining creative careers, with SoA research reporting fallingincomes, cancelled commissions and that 86% of authors say generative AI hasalready reduced their earnings. The SoA is urging the UK Government to introducean AI regulatory framework to protect livelihoods across the UK’s £124.6bn creativeindustries.Separately, the SoA has announced that nearly 10,000 authors have collectivelypublished an empty book, Don’t Steal This Book, as a protest against the alleged useof copyrighted works to train AI models without permission. The action responds toCommercially connectedUK and EU commercial law updates26authors’ fears that proposed reforms, though still vague at present, could allow AIcompanies to use their works without consent or remuneration.UK: IPO publishes itsUK Design ProtectionReviewOn 9 March the UK IPO published its UK Design Protection Review. Thistakes stock of how design protection operates in the UK and makessuggestions for reform. It focuses on protectable design outputs forproducts and parts of products, including both 3D objects and 2D graphicand digital designs.The summary explains the UK framework of registered and unregistered designrights, noting that the UK now has two unregistered design rights (including thesupplementary unregistered design right derived from the EU regime) alongsideregistered design rights. It outlines, at a high level, their subject matter, exclusions,ownership, scope of protection, exceptions and duration, and highlights keydistinctions.The report situates designs within overlapping IP regimes, noting potentialinteractions with copyright, patents and trade marks. It recommends clarifyingand simplifying the UK’s design rights framework, improving understandingof registered and unregistered protections, and addressing overlaps withother IP rights. It suggests modernising rules to ensure clearer subjectmatter boundaries, more consistent protection, and a system better alignedwith contemporary design practices. The executive summary of the report isavailable here and the full report is available on requestfrom [email protected] AdVocate:advertising andmarketinginternationalquarterly newsletterGlobal AdVocate: advertising and marketing international quarterlynewsletter: welcome to the fifth edition of Global AdVocate, our internationalquarterly newsletter providing insights on key legal developments impactingadvertising and marketing activity worldwide.This edition highlights major updates across multiple jurisdictions. These include newEU rules on political advertising, France’s evolving regulation of influencers andonline safety for minors, Italy’s adoption of a new influencer regulatory framework,Germany’s implementation of the Empowering Consumers Directive and relatedgreenwashing restrictions, China’s new Measures for live-streaming e-commerce andpublic consultations on advertising citations, and the UK’s updated rules on lesshealthy food and drink advertising, gambling, endorsements and environmentalclaims.We also cover further developments relating to gambling advertising supervision inthe Czech Republic, the advertising of alcoholic beverages in Latvia, Spain’sforthcoming Royal Decree on medical device advertising, South Africa’s proposedalcohol advertising ban, and the Netherlands’ latest case law and regulatory activityon food labelling, comparative advertising and sustainability claims.This edition includes a detailed summary of recent case law and enforcementactions, reflecting the increasing scrutiny of environmental claims, pricing practices,influencer activity, and the use of AI or digital tools in commercial communications.Links Visit our IP hubCommercially connectedUK and EU commercial law updates27Technology lawDevelopment SummaryAlso see the following articles in other sections:UK Government publishes report on copyright and AI and economic impactassessmentCMA guidance on consumer law and AI agentsCMA research on agentic AI and consumersICC guide on responsible AI in marketingEDPS Compass for its role under the AI ActCall for evidence onAI, business and thefuture of theworkforceOn 10 March 2026 the House of Commons Business and Trade Committeelaunched an inquiry into AI, business and the future of the workforce, whichwill help inform Government priorities.A call for evidence is open until 3 April 2026, with information requested on theopportunities and costs posed by AI for both businesses and workforcesUK consultation onprotecting childrenonlineThis item first appeared in our Commercially Connected short dated 4 March 2026.On 2 March 2026 the Department for Science, Innovation and Technologylaunched a consultation on potential measures to protect children online. Thisis framed as the next stage of online regulation following the Online SafetyAct 2023, moving beyond regulation of illegal and harmful content to lookat the impact of tech on children’s lives and wellbeing.The consultation asks for views on matters including:Commercially connectedUK and EU commercial law updates28• how children use tech, and the associated benefits, harms and risks• potential interventions to keep children safer online, with possibilitiesincluding a legal requirement for social media services to have a minimumuser age (the “social media ban” that has been widely reported on in themedia); raising the age of “digital consent” (i.e. the age at which childrencan consent to the processing of their personal data) from 13, as it currentlyis; restricting access to services based on the presence of particular featuresand functionalities which are age-inappropriate or too risky (such aslivestreaming, ability to send and receive nude images and videos, locationsharing, stranger pairing and disappearing messages); age restricting accessto addictive features such as infinite scrolling, affirmation features andcontent recommendation algorithms; “curfews” to limit time children canspend on individual apps; and age restrictions on access to chatbots• defining the services that any restrictions should apply to - it is recognisedthat the term “social media” has no specific meaning in law, and that gamingsites and messaging services raise many of the same concerns as “socialmedia” - and in particular whether the UK should look to follow theAustralian model• appropriate and effective age assurance tech to ensure compliance with, andenforcement of, any new laws• whether DfE guidance on mobile phones in schools should be given statutorystanding• preparing children for a digital future through support with media and digitalliteracy skills, promotion of high quality content, and effective use ofparental controlsConsultation closes on 26 May 2026, and the Government has committed toact quickly by responding with the consultation outcome this summer. Techcompanies and other organisations providing online services that fall withinthe scope of this wide-ranging review should respond with their views, andshould keep abreast of the direction of travel of the possible outcomes fromthe consultation. It is likely that this consultation will lead to new lawswhich will impact directly and significantly on the business models, featuresand functionalities, and technical access to and operation of in-scopeservices.Online Safety Act2023 updatesOn 26 February 2026 a consultation on possible amendments to the rules forappeals under the Online Safety Act 2023 (OSA) opened. It closes on 21 May 2026.Also on 26 February 2026, Ofcom published its annual report on notices to deal withterrorism and/or child sexual abuse and exploitation.On 17 March 2026 Ofcom published the final version of its Statement of ChargingPrinciples in relation to online safety fees, comprising a percentage of qualifyingworldwide revenue, payable by providers of regulated services under Section 84OSA. It applies from 1 April 2026.On 24 March 2026 Ofcom opened a consultation on proposed updates to itsregulatory documents and guidance relating to illegal harms to reflect theintroduction (in December 2025) of the new priority offences of encouraging orassisting serious self-harm and cyberflashing. Responses are due by 24 April 2026.On 7 April 2026 The Online Safety Act 2023 (Commencement No. 7)Regulations 2026 bring into force the duty for regulated user-to-user services toreport to the National Crime Agency any child sexual exploitation and abuse contentfound on their services, unless they already have equivalent arrangements in placewith a foreign agency. Also on 7 April 2026 The Online Safety (CSEA ContentReporting by Regulated User-to-User Service Providers) Regulations 2026come into force, setting out more detailed reporting requirements. Ofcom haspublished a quick guide to aid compliance with these rules. Equivalent rules forsearch services will come into force at a later date.Online AdvertisingTaskforce progressreport 2025On 17 March 2026 the Department for Culture, Media & Sport published a2025 progress report on the Online Advertising Taskforce. This sets out howgovernment and industry are working together to improve trust, transparency andCommercially connectedUK and EU commercial law updates29accountability in online advertising as digital ads continue to dominate UK ad spend.During 2025 the Taskforce’s progress included age-assurance pilots to limitchildren’s exposure to age-restricted ads, publishing best-practice guidance on theuse of AI in advertising, increasing uptake of influencer marketing standards, andpilot data-sharing to tackle fraudulent advertising. A new Ad Fraud and Standardsworking group is being established, signalling a sharper focus on transparency andfraud in 2026.The report shows rising regulatory and policy expectations being driventhrough voluntary standards and coordinated industry action, with clearimplications for advertisers, platforms and intermediaries on compliance,governance and fraud prevention.CMA post on AI andcollusionOn 4 March 2026 the CMA published a blogpost on AI and collusion:frontiers, opportunities and challenges. This explains how algorithms and AI aretransforming pricing decisions across markets, bringing efficiency andpersonalisation benefits but also creating significant risks including dynamic pricingharms and new forms of algorithmic collusion. It stresses that businesses mustunderstand competition law, avoid sharing or relying on competitively sensitive data,scrutinise pricing tools, and report concerns to the CMA.EU Council sets outits position on the AIaspects of the DigitalOmnibusThis item first appeared in our Commercially Connected short dated 18 March 2026.On 13 March 2026 the Council of the EU published its position on the AIRegulation proposed under the Digital Omnibus package.The Digital Omnibus package was adopted by the European Commission inNovember 2025 and it includes proposals for two simplifying Regulations, onerelating to the AI Act, and the other to data, cybersecurity and privacy rules.Changes to the AI Act proposed by the Council include:• a prohibition of AI practices that generate non-consensual sexual andintimate content or child sexual abuse content• rules relating to standalone high-risk AI systems to apply from 2 December2027, and to high-risk AI systems embedded in products to apply from 2August 2028 (rather than the Commission proposal of aligning theapplication dates with the availability of standards, specifications andguidance to support compliance)• a reinstatement of a requirement for registration of AI systems thatproviders consider to be exempt from high-risk categorisation• a reinstatement of a strict necessity standard for processing of specialcategories of personal data for the purpose of bias detection and correction• the date for national level AI regulatory sandboxes to be set up to bepostponed to 2 December 2027• a requirement for the Commission to produce compliance guidance relatingto high-risk AI systems that are subject to sectoral harmonisation legislationNegotiations with the European Parliament will now start. The evolving regulatorylandscape means that businesses should closely follow legislativedevelopments to ensure timely and effective adaptation to the newrequirements.UPDATE: on 18 March 2026 the European Parliament Internal Market and CivilLiberties committees adopted their joint position on the proposal. One this isapproved in plenary (expected on 26 March), negotiations with the Council willbegin.European ParliamentResolution oncopyright and gen-AIOn 10 March 2025 the European Parliament adopted a Resolution oncopyright and gen-AI. The Resolution states that the Parliament believes thatcurrent copyright law is not adequate to address the challenge of licensingcopyrighted material for gen-AI and that a new legal framework is required.Recommendations to the Commission include:Commercially connectedUK and EU commercial law updates30• consider measures to safeguard the press and news media sector fromexploitation by AI systems that use their content and divert traffic andrevenue from them• develop systems for licensing of copyright protected material to ensure fairremuneration for rightsholders, to include voluntary sectoral collectivemanagement societies• look into tools to enable rightsholders to exclude their works from AI training• require AI providers and deployers to keep records of use of copyrightedworks• use the AI Act general-purpose AI Code of Practice as a living document viawhich challenges in copyright protection and AI development can beaddressed• consider measures to protect individuals from dissemination of AI-generateddigital image, audio and video contentWhilst it is not legally binding, this Resolution is a clear indicator of theEuropean Parliament’s views on potential legislation in this area.Second draft Code ofPractice onTransparency of AIgenerated Contentunder the AI ActpublishedOn 5 March 2026 the EU Commission published a second draft of the Code ofPractice on marking and labelling AI-generated content under Article 50 ofthe EU AI Act (Code).The EU AI Act transparency provisions apply from 2 August 2026 and are intended toensure that people are aware that they are interacting with or being exposed to AI.They require deployers and providers of certain AI systems to inform people whenthey interact with an AI system or view AI generated or manipulated content.The Code has been significantly reworked following feedback. Furtherfeedback on this version is requested by 30 March 2026. Providers anddeployers of in-scope AI-systems should review this draft and provide theirinput. The final version of the Code is expected by early June.EU-Canada DigitalTrade AgreementOn 6 March 2026 the European Commission announced that the EU and Canadahave started negotiations for a Digital Trade Agreement.You may also beinterested in:EU and UK: Technology Law Shorts - March 2026South Korea: Enactment of AI lawEU AI Act - high-risk AI systems in employment
Register now for your free, tailored, daily legal newsfeed service.
Find out more about Lexology or get in touch by visiting our About page.
RegisterCommercially Connected - 25 March 2026
To view this article you need a PDF viewer such as Adobe Reader.
If you can't read this PDF, you can view its text here.
European Union, United Kingdom
March 25 2026
Popular articles from this firm
