UK Law
Data (Use and Access) Act 2025 (Consequential Amendments and Transitional Provision) Regulations 2026 made
The Data (Use and Access) Act 2025 (Consequential Amendments and Transitional Provision) Regulations 2026 SI 2026/386 have been made. They make various amendments to legislation in consequence of sections 117, 118 and 119(1) of the Data (Use and Access) Act 2025. Those sections establish the Information Commission as a body corporate, abolish the office of the Information Commissioner and transfer the functions of the Information Commissioner to the Information Commission. The Regulations also make minor amendments in consequence of sections 67 and 91 of the 2025 Act, and contain transitional provisions (to maintain pension arrangements) in respect of the person who holds the office of the Information Commissioner and is first chair of the Information Commission under paragraph 2 of Schedule 14 to the 2025 Act.
UK government consults on updated product safety laws
The UK government has launched three consultations with proposals to update product safety rules. The first includes proposals for the new framework to cover a wider scope of products. A second consultation sets out reforms which will make it simpler to enforce product safety rules, helping to ensure consistent, swift and effective action where issues are found. (A third consultation reviews the UK’s furniture fire safety regulations). In particular, the consultation includes proposals for the definitions of businesses in scope of the new framework, producers, onward suppliers and online marketplaces, and their core obligations to proactively protect consumers from dangerous products. They also include a new approach to product information: proposals to allow product information to be provided more flexibly – both physically and digitally – and to move towards a “digital by default” approach to product information. The consultations end on 23 June 2026.
DRCF issues report on agentic AI
The Digital Regulation Cooperation Forum (Ofcom, the FCA, the CMA and the ICO) has issued a report on agentic AI. The report serves as a forward-looking exploration of agentic AI and how UK regulatory frameworks can help realise the opportunities of the technology in a responsible and safe way. Its report aims to inform and foster stakeholder debate. The DRCF emphasises that regulation should act as an enabler of innovation, ensuring that emerging technologies develop in ways that promote economic growth and competition while protecting consumers and their rights. It covers potential future developments in Agentic AI and provides insight into definitions, use cases, future scenarios, and regulatory considerations relating to Agentic AI technologies. It is not a statement of regulatory policy.
CMA launches five new investigations regarding fake reviews
The CMA has opened investigations into five businesses that it suspects may have infringed consumer law with their practices in relation to online reviews. In April 2025, several practices relating to online reviews became “banned practices” under the Digital Markets, Competition and Consumers Act 2024, meaning they are automatically deemed unfair and illegal. This includes obtaining and posting fake reviews, and paid-for reviews that are not clearly marked as incentivised. It also covers how reviews are handled, for example, if negative reviews are hidden, or if star ratings present an inaccurate picture. This new programme marks the next phase of the CMA’s work to curb fake and misleading reviews, and improve trust and transparency online
ICO publishes guidance on purpose limitation principle and reuse of data
The ICO has issued updated guidance on the purpose limitation principle under Article 5(1)(b) of the UK GDPR. The guidance reflects the changes made by the Data (Use and Access) Act 2025. The ICO has also issued guidance clarifying when the reuse of personal data will be regarded as compatible with the original purpose of collection.
Select Committee launches inquiry into neuroscience and digital childhoods
The House of Commons Science, Innovation and Technology Committee has launched an inquiry into neuroscience and digital childhoods to examine the impact of digital devices on brain development, as well as physical impacts, the differences between devices and uses, and the differing impacts on those of different ages and from different backgrounds. Evidence is sought until 19 April 2026.
Ofcom issues information notices for year two risk assessments
Under the Online Safety Act 2023, firms must assess and mitigate the risk of people in the UK encountering illegal content, and platforms likely to be accessed by children must also assess and mitigate the risk of under-18s being exposed to certain types of harmful material. Providers should review their risk assessments at least once a year, and must update them before making any significant change to their service’s design or operation, or if Ofcom makes any significant change to its assessment of risks. Later this year, “categorised” services, which Ofcom expects to include some of the most widely used social media and search services, will have to publish summaries of their risk assessments, forcing them to be transparent about their view of the risks they pose. It has issued formal information requests to 30 providers, covering 43 services, which have until 31 July to submit their Year 2 illegal harms risk assessments and children’s risk assessments to Ofcom. Ofcom will use the responses it receives to identify gaps in risk assessments and drive improvements.
Intellectual Property Office launches digital patents services
The IPO has launched a suite of new digital services to apply for, manage or renew UK patents. The new services allow customers to apply for, manage and renew UK patents in one place. This marks the next step in the “One IPO” digital transformation programme which aims to deliver new digital services for UK intellectual property. The programme will eventually bring patents, trade marks and designs services together under one roof onto a single digital platform. All the IPO’s core patents services are now available on the new platform. Trade marks and registered designs will come later.
CMA calls for evidence about Apple’s and Google’s app store rules
Under the Digital Markets, Competition and Consumers Act 2024, Apple and Google are designated as having strategic market status in the provision of their respective mobile platforms. The CMA is now seeking views on changes that Apple and/or Google have made (or propose to make) in relation to their app store rules in a number of jurisdictions, including the UK. The call for evidence ends on 22 April 2026.
FCA and ICO issue statement on regulatory expectations regarding firms’ approaches to vulnerability related data
The FCA and ICO have issued a statement which aims to help firms understand and apply the FCA’s expectations for delivering good outcomes for retail consumers in vulnerable circumstances, in line with the Consumer Duty, while also maintaining confidence in the lawful, fair and responsible use of personal information in line with the ICO’s expectations. Among other issues, the statement considers automated decision making and profiling.
EU law
European Commission reports first EU DSA transparency reports under disinformation code
Signatories of the voluntary Code of Conduct on Disinformation have published their latest reports about the actions they are taking under the Code to reduce the spread of disinformation online. The reports come from providers of online platforms such as Google, Meta, Microsoft and TikTok as well as fact-checkers, research and civil society organisations and representatives of advertising industry. The reports cover the period from 1 July to 31 December 2025 and include dedicated chapters on actions related to ongoing crises, notably the war in Ukraine, as well as measures to safeguard the integrity of elections. The reports also provide data on the implementation of platforms’ disinformation-related measures and highlight developments in their policies, tools, and partnerships.
EDPB publishes case digest on legitimate interest legal basis under GDPR
Since the GDPR came into force, national data protection regulators have cooperated to adopt a growing number of one-stop-shop (OSS) decisions on the legal basis of “legitimate interest”. The OSS decisions assess and present a wide range of factual contexts. The case digest provides examples of how national regulators analyse controllers’ reliance on the legal basis of “legitimate interest” in specific contexts, providing positive and negative compliance examples. The case digest also considers the EDPB Guidelines 1/2024 on Processing of Personal Data Based on Article 6(1)(f) of the EU GDPR and illustrates how parts of these Guidelines apply in practice . Relevant cases before the Court of Justice of the EU are also mentioned. In addition, several regulators’ decisions and national court judgments are presented as examples of specific issues.
European Parliament rejects proposed Regulation to extend temporary derogation from E-Privacy Directive
The European Parliament has rejected a proposed Regulation amending Regulation which would have extended its period of application until 3 April 2028. The regulation contains a temporary regime about the use of technologies by certain providers of publicly available interpersonal communications services for the purpose of combating online child sexual abuse, pending the adoption of a long-term legal framework.
International law
ICC publishes guidance on AI use in marketing communications
The International Chamber of Commerce (ICC) has published guidance setting out practical direction on the use of AI in advertising and marketing communications. guide sets out how to apply the ICC Advertising and Marketing Communication Code, the international benchmark for responsible marketing, when using AI. Designed as a practical reference, the guide supports marketers, advertising agencies, influencers and anyone in the marketing and advertising ecosystem needing to make informed everyday decisions about AI governance, processes and the use of AI in campaigns. The guide aims to help make sure that communications remain legal, decent, honest and truthful.
