UK law
UK government tables amendments to Crime and Policing Bill on harmful pornography and tech liability
The government has tabled amendments to the Crime and Policing Bill meaning tech execs could be held personally liable if platforms fail to comply with Ofcom’s enforcement decisions to remove people’s intimate images that have been shared without consent.
UK government publishes 2035 Smart Data strategy
The Department for Business and Trade (DBT) has published its Smart Data Strategy to 2035, setting out a long‑term framework for developing secure, trusted and interoperable smart data schemes across the economy. The strategy aims to have at least five active smart data schemes by 2030, rising to 20 or more by 2035, with planned next steps including sector‑specific initiatives spanning banking and financial services, energy, transport, property, retail, digital markets, telecommunications and agrifood, as well as industry‑led smart data pilots. The government also plans to publish a Smart Data Guidebook by early 2027, has refreshed the Smart Data Council to support delivery of the guidebook and wider strategy, and intends to consult in due course on longer‑term institutional arrangements for smart data governance. In addition, the strategy outlines work to enable smart data to support trade digitisation and international collaboration.
AI court transcripts study announced
The Ministry of Justice and HM Courts & Tribunals Service have announced a new study exploring the use of artificial intelligence to generate court transcripts more quickly and at significantly lower cost, with the aim of improving victims’ access to justice. The research will assess whether the government’s in‑house AI tool, Justice Transcribe, can meet required accuracy standards while reducing the long delays and high fees that currently prevent many victims from accessing transcripts of court proceedings. The initiative is intended to increase transparency, support victims’ ability to process and understand court outcomes, and modernise the justice system, complementing wider reforms including the Victims and Courts Bill and a commitment to provide free transcripts of judges’ sentencing remarks in Crown Court cases.
ASA and CAP issue Annual Report 2025
The Advertising Standards Authority and the Committee of Advertising Practice have issued their Annual Report 2025 which highlights a year of increasingly proactive, technology‑driven advertising regulation, reflecting the rapid evolution of online and platform‑based advertising. The ASA scanned nearly 60 million online ads, resolved over 40,000 complaints and secured changes to more than 22,000 ads, with a growing emphasis on preventing harm rather than reacting to it. Key regulatory priorities included protecting vulnerable consumers, improving transparency in influencer marketing, and challenging misleading environmental claims, all underpinned by greater use of data, AI and targeted monitoring. The report also signals heightened expectations on advertisers when it comes to major rule changes, including restrictions on less healthy food advertising, and positions the ASA as a more interventionist regulator focused on early compliance, evidential robustness and clear, upfront advertising across digital channels.
CMA issues investigation outcome regarding online drip pricing
The CMA has used its new direct consumer enforcement powers, ordering AA Driving School and BSM Driving School (both owned by the AA) to refund over £760,000 to more than 80,000 learner drivers and imposing a £4.2 million fine for illegal “drip pricing”. The CMA found that a mandatory booking fee of £3 had not been included in the upfront price shown to consumers when booking driving lessons online, breaching the requirement to display the total unavoidable price from the outset. The AA admitted the infringement and settled early, receiving a 40% reduction in the penalty. The case signals a step change in CMA enforcement under the Digital Markets, Competition and Consumers Act 2024, demonstrating a much more interventionist approach to online pricing practices and a clear willingness to impose significant financial penalties and consumer redress without court proceedings.
FCA consults on guidance on regulation of cryptoassets
The FCA is consulting on its guidance on the regulation of cryptoassets. From 25 October 2027, the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 (Cryptoasset Regulations) will introduce new regulated activities for cryptoassets into the FCA’s regulatory perimeter. Those conducting regulated cryptoasset activities will need to apply for authorisation before carrying on these activities by way of business in the UK. Once authorised, they will also need to follow the rules and guidance set out in the FCA Handbook, once finalised. To promote the understanding of the scope of the new regulated activities and when permissions will be required, the FCA is proposing changes to the Perimeter Guidance Manual (PERG) in the FCA Handbook setting out guidance on how the perimeter and permissions apply. The consultation ends on 3 June 2026.
Bank of England and FCA commit to action on AI
The Bank of England has confirmed plans to test the use of AI agents in financial trading markets, according to a response published by the House of Commons Treasury Select Committee. After the Committee recommended that the Bank should undertake AI-specific stress-testing, the Bank has set out plans to investigate the potential impact of AI agents demonstrating correlated behaviour (herding). HM Treasury and the Financial Conduct Authority have also responded to the report. HM Treasury has failed to commit to bringing the major AI and cloud providers into the Critical Third Parties (CTP) Regime before the end of 2026. In its response, the Bank of England indicates that it shares the Committee’s view that the Financial Policy Committee (FPC) should monitor HM Treasury’s use of the CTP Regime and its effectiveness in supporting UK financial stability. The Financial Conduct Authority has confirmed that it will share examples of best practice for AI usage with financial services firms. This follows the Committee’s recommendation that the sector needs clearer guidance on aligning its AI usage with existing rules.
EU law
EDPB adopts DPIA template
The European Data Protection Board (EDPB) is consulting on a new template for Data Protection Impact Assessments (DPIAs) aimed at making to make GDPR compliance easier and more consistent across Europe. It is designed to help organisations to structure and evidence their DPIA processes in a clear and harmonised way, supported by an accompanying explainer document that clarifies key concepts and practical steps. While use of the template is voluntary and organisations remain free to apply their own risk assessment methodologies, the EDPB notes that the predefined fields can save time, reduce errors and ensure all relevant information is captured. The consultation ends on 9 June 2026, after which EU data protection authorities are expected to adopt it either as a common standard or as a basis for aligning national DPIA templates.
European Commission sends Meta Supplementary Statement of Objections
The European Commission has sent Meta a Supplementary Statement of Objections indicating its intention to impose interim measures requiring Meta to restore third‑party AI assistants’ access to WhatsApp under the same conditions as before October 2025. The Commission’s preliminary view is that Meta’s original ban on third‑party AI assistants, and its subsequent replacement of that ban with a paid access model, both effectively exclude rivals and risk causing serious and irreparable harm to competition in the rapidly growing market for AI assistants. This forms part of an ongoing investigation into a possible abuse of Meta’s dominant position under EU competition law, with interim measures intended to apply until the Commission reaches a final decision on the merits of the case.
European Commission proposes measures to Google on sharing search engine data with third parties under DMA
The European Commission has sent preliminary findings to Google outlining proposed measures to comply with the Digital Markets Act. Under the proposed measures, Google should allow third party search engines to access search data, such as ranking, query, click and view data, on fair, reasonable and non-discriminatory terms. The aim is to allow third party online search engines, or “data beneficiaries”, to optimise their search services and contest Google Search’s position. The proposed measures cover the following: the eligibility of data beneficiaries to receive search data, including that of AI chatbots with search functionalities; the scope of the search data that Google must share; the means and frequency by which Google must share search data; measures to ensure the anonymisation of personal data; parameters for setting fair, reasonable and non-discriminatory prices for search data; and processes governing beneficiaries’ access to search data. The Commission is consulting on the proposed measures until 1 May.
European Board for Digital Services issues statement
The EBDS has issued a press statement which reports on its recent meeting, where it confirmed that protecting minors online remains a central priority when enforcing the Digital Services Act (DSA). The Board reviewed national and EU‑level actions under Article 28(1) of the DSA, including enforcement cases involving major platforms such as TikTok, X, Meta services and several pornographic platforms, and confirmed that the DSA Guidelines on the protection of minors will continue to serve as the benchmark for compliance across the EU. Members also considered the roll-out of the EU harmonised age‑verification app and wider age‑assurance “blueprint”, emphasising the need for effective, privacy‑preserving solutions and adequate funding for Safer Internet Centres. Finally, after two years of operation, the Board took stock of its own performance and agreed to streamline its working methods to strengthen strategic coordination and accelerate consistent DSA enforcement across Member States. In addition, President von der Leyen and Executive Vice-President Virkkunen have presented the final EU age verification app. The app will soon be available across the EU on all devices. The EU age verification app is also open source, therefore allowing partner countries to rely on it. The EU app verifies a user’s age online without sharing any personal information, using the “zero-knowledge proof” method. Online platforms can fully rely on the EU age verification app to make sure that children are not exposed to dangerous or harmful content on their services.
