UK
The DSIT joint open letter on AI cyber threats, updated on 22 April 2026 alongside the Cyber Resilience Pledge, does not create new law. It sharpens how the ICO, Ofcom and FCA will judge existing Article 32 and sector security obligations.
HMT’s 22 April 2026 response to the SM&CR reform consultation, with FCA PS26/6 and PRA PS12/26, sets a package aimed at a 50% compliance burden reduction. The scope question comes first: pure APIs and EMIs sit outside SM&CR because the regime attaches to FSMA Part 4A authorised persons. Only dual-regulated firms are in scope.
FCA targeted support went live on 6 April 2026. The FCA/ICO joint statement of 11 December 2025 requires firms to get UK GDPR, PECR and Article 22 compliance in place before they send a single communication.
The FCA opened consultation on CP26/13: Cryptoasset Perimeter Guidance on 15 April 2026 (closes 3 June 2026), completing the FCA side of the UK’s dual-track stablecoin regime. On the Bank of England side, the £20,000 retail cap, £10 million business cap and 60:40 backing split in the November 2025 proposals face sustained industry pushback.
HM Treasury’s 21 April 2026 package consolidates the PSR into the FCA and integrates payment services and e-money regulation with the FSMA 2000 framework.
In short: The £500 million UK Sovereign AI Fund, launched on 16 April 2026, is a pump-primer, not a war chest. Individual US AI companies have closed single funding rounds at several times that figure in the past 18 months. The UK’s real pitch to AI founders is regulatory divergence. The Data (Use and Access)…
In short: Ofcom approved a second licence variation on 15 April 2026 allowing VodafoneThree to deliver direct-to-device satellite services over its 900 MHz mobile spectrum using AST SpaceMobile. It is the second UK non-terrestrial network authorisation after Virgin Media O2 in 1800 MHz. Consultation on the paired handset exemption Regulations closes 18 May 2026. By…
In short: Ofcom’s ban on existing third-party leases of Global Titles takes effect on Wednesday 22 April 2026. Only two narrow migration journeys are extended to 22 October 2026. UK mobile network operators and enterprise lessees of Global Titles, including messaging aggregators and CPaaS providers, must confirm their signalling path complies from that date. Fintechs…
Quick answer. The Payment Systems Regulator (PSR) is the UK regulator for designated payment systems under Part 5 of the Financial Services (Banking Reform) Act 2013 (FSBRA 2013). HM Treasury has consulted on abolishing the PSR and transferring its functions to the Financial Conduct Authority (FCA). The consultation closed on 20 October 2025 and a…
In short: The UK’s open banking advantage is an infrastructure advantage, not an interface one. A shared directory, a common dispute management system and a governed API standard, built out under the Retail Banking Market Investigation Order 2017, make the rails usable at scale. That infrastructure is the platform on which successor Smart Data regimes, enabled…
In short: The European Data Protection Board published a standardised DPIA template on 14 April 2026, open for consultation until 9 June 2026. UK controllers processing EU residents’ data should review the template now. Its design-risk versus incident-risk framework offers a more rigorous structure than the ICO’s current screening checklist. By Rob Bratby, Managing Partner,…
In short: Four UK fibre altnet M&A transactions in Q1 2026 confirm the consolidation wave. The dividing line between a strategic exit at market metrics and a distressed lender-driven exit is debt repayment capacity: whether take-up generates enough recurring revenue to service the debt incurred during the build phase. Acquirers must assess CMA jurisdiction under…