As we approach 2026, many changes are taking place in the UK in terms of environmental, social and governance (ESG), governance, risk-management and compliance (GRC) and financial regulation. Although it is not part of the European Union, the UK nevertheless will be influenced by it. This article briefly summarises the developments that will take place in the EU, before turning to focus on the UK and the new rules, changes and milestones in compliance for boards, compliance teams and risk leaders. It considers the preparations that should already be ongoing and sets this in the context of intensifying geopolitical and regulatory pressure.

The European Union

As 2026 approaches, regulatory change across the European Union is entering a decisive phase, with new rules moving from design to delivery. The coming year marks a shift from preparation to enforcement, as sustainability, financial resilience and digital governance obligations begin to bite simultaneously.

In the areas of ESG, the EU’s sustainability framework broadens significantly. Companies reporting under the Corporate Sustainability Reporting Directive (CSRD) will, for the first time, be required to demonstrate alignment with all six EU Taxonomy environmental objectives, extending well beyond climate into water, pollution, circular economy and biodiversity. At the same time, long-awaited sector-specific and third-country sustainability reporting standards are due to be finalised, setting clearer and more demanding expectations for how different industries report risk and impact.

Financial services regulation also tightens. From January 2026, ESG risk becomes formally embedded in EU bank governance under CRD6 and the European Banking Authority’s (EBA’s) ESG risk management guidelines, with boards explicitly accountable and supervisors expected to test implementation through routine reviews. Basel III “finalisation”, including the delayed go-live of the new market risk framework, adds further pressure to capital, data and model governance.

Beyond finance, 2026 brings tangible change in the real economy, from the first major textile extended producer responsibility schemes to the early operational obligations of the EU AI Act for high-risk and general-purpose AI models. Together, these developments signal a year in which EU regulation becomes more integrated, more supervisory and more operational. It sets a useful reference point for what may lie ahead in the UK.

The UK – From NOW

2026 isn’t a distant horizon – it’s the year several UK regimes stop being “nice to have” and start being audited, enforced or priced. What switches on in 2026? Where will scrutiny intensify? What do boards, risk leaders and compliance teams need to get right now?

The 2026 Dashboard

Think of 2026 as a switchboard year, with several UK regimes going live almost at once. From 6 April 2026, firms selling retail investments must produce new product summaries under the Consumer Composite Investments (CCI) regime, meaning factsheets and digital journeys will need redesigning mid-tax year. By 2 December 2026, smaller firms face their first Sustainability Disclosure Requirements (SDR) entity-level disclosures, bringing climate metrics into annual reports and websites. Meanwhile, by mid-November 2026, Companies House expects identity verification to be fully rolled out, affecting directors, persons with significant control (PSCs) and filing agents, and potentially blocking transactions if verification is incomplete.

ESG that becomes “operational”

SDR: From labels to living evidence

In 2026, the UK’s Sustainability Disclosure Requirements (SDR) move decisively beyond fund labels into continuous proof. Asset managers and asset owners should: (1) embed SDR metrics into monthly risk and performance dashboards; (2) evidence stewardship and outcomes, not just intentions; and (3) prepare early if they are a smaller firm, as full product and entity disclosure requirements apply from 2 December 2026. Firms already piloting SDR-aligned MI report fewer surprises when FCA reviews intensify.

UK SRS: The runway year

Government consultation on UK Sustainability Reporting Standards (UK SRS), aligned to International Reporting Standards – IFRS S1 and S2, makes 2026 a design year. Practical actions include: (1) mapping existing climate and risk data to S1/S2 concepts; (2) stress-testing data controls and audit readiness; and (3) assigning clear executive ownership before mandates bite.

Transition Plans: From PDFs to governance

By 2026, boards are challenged on whether transition plans genuinely drive decisions. Expect scrutiny on: (1) assumptions and scenario credibility; (2) links between capex, remuneration and milestones; and (3) board oversight. Transition plans become operating manuals, not marketing brochures.

Prudential and conduct regulation: “Less about new rules, more about measurable outcomes”

With the rulebook largely written, 2026 becomes the year regulators judge firms on execution. Outcomes, not intent, dominate supervisory conversations.

Basel 3.1: Rehearse before the curtain rises

The Prudential Regulation Authority’s (PRA’s) decision to delay Basel 3.1 implementation until 1 January 2027 turns 2026 into a preparation sprint rather than a pause. Banks should: (1) run parallel capital calculations to expose volatility and data gaps; (2) tighten model governance and approvals; and (3) test management actions under stressed balance-sheet scenarios. Supervisors have been clear that dry-runs, not promises, will shape credibility.

Consumer Composite Investments: proving good outcomes

From 6 April 2026, CCIs reform reshapes retail disclosures. Firms must: (1) redesign sales journeys around clearer risk-return narratives; (2) align product governance and complaints to the new disclosures; and (3) evidence that customers actually understand them. The FCA explicitly links CCIs to Consumer Duty outcomes, making weak implementation a conduct risk, not a documentation issue.

Corporate GRC and economic crime: The quiet 2026 board-level headache

2026 is when economic crime reform stops being abstract and starts breaking processes. The staged rollout of Companies House identity verification, beginning in late 2025, becomes unavoidable for boards overseeing UK entities. Directors and PSCs must be verified, filing permissions tightened and third-party agents controlled, turning what felt administrative into a core governance change.

The practical pain points are real. Complex group structures discover that a single unverified overseas director can block statutory filings. Deals slip when M&A timetables collide with verification backlogs. Finance teams find routine confirmations delayed because historic agents no longer have authority. In 2026, boards need clear ownership, early population checks and contingency plans, or Companies House reform becomes an operational risk, not just a compliance one.

“New-ish” business-world theme for 2026: Regulated digital assets meet mainstream risk management

By 2026, regulated digital assets stop feeling niche. The FCA has made stablecoin payments a supervisory priority, signalling expectations closer to mainstream payments regulation. For risk and compliance leaders this means: embedding financial crime controls equivalent to Faster Payments; mapping stablecoin activities into operational resilience scenarios; clarifying safeguarding and custody responsibilities; and rehearsing incident response for cyber or technology failures. Firms experimenting in 2024–25 now face outcome-based scrutiny. Boards should treat stablecoins as another critical payment rail, not a lab project, if they want to stay ahead of supervision in 2026.

Conclusion: A practical checklist for early 2026

If 2026 is about outcomes, Q1–Q2 is about preparation. Five practical moves stand out. First, refresh ESG data and assurance plans for SDR and emerging UK SRS expectations. Second, lock board time for transition plans and risk appetite. Third, run parallel Basel 3.1 capital numbers. Fourth, overhaul CCI summaries and governance. Finally, verify directors, then verify your verifiers.