Regulatory reform in the UK – navigating change, uncertainty and opportunity

Regulation - the current growth agenda

It’s a time of change and uncertainty in terms of the environment in which the UK regulators are currently operating. We have the AI revolution, geopolitical, demographic and climate change, a war in Europe, the threat of the withdrawal by the U.S. of the nuclear umbrella from Europe and a volatile political regime in the US with more tariffs threatened unless a trade deal is done.

But change also creates opportunity and the UK Government’s agenda is focused on growth. That does not just mean growing the economy; it is about making the UK an attractive place to do business.

Brexit can be seen as an opportunity in that respect, in that the UK can replace some over bureaucratic EU regulation with sensible principle based regulation. We saw that in February 2025 with the new Public Procurement Act 2023 coming into force, streamlined legislation compared with the previous EU based legislation, which gives much more flexibility to public bodies on the award procedure. Another opportunity the UK took was to replace the EU state aid regime with the Subsidy Control Act 2022, which again gives far more flexibility and no need for public authorities to obtain the consent of any authority before they award a subsidy or grant.

So, there are ways in which regulation can be used to make the UK a more attractive place to do business. The Government has recently published a blueprint for an updated approach to regulation, focusing on growth, with three key aspects: tackling complexity and the burden of regulation, reducing uncertainty, and challenging excessive risk aversion.

• In terms of ‘tackling complexity’ and the burden of regulation the Government has already announced the closure or merging of some regulators. There are more than 100 regulators in the UK. The Payment Systems Regulator is being merged into the Financial Conduct Authority, as an example.
• ‘Reducing uncertainty’ is about trying to introduce more predictability into the regulatory environment and, for example, reducing the number of factors that certain regulators must have regard to, which makes their decision making very complicated.
• ‘Challenging excessive risk aversion’ is a potential relaxation of the post financial crisis focus on removing risk and the caution around excesses that led to the crisis. The stance is to be ‘proportionate’ and avoid excessive risk aversion.

Alongside the blueprint the Government has identified eight strategic sectors which offer the highest growth opportunity for the economy and business:

• Advanced manufacturing
• Clean energy industries
• Creative industries
• Defence
• Digital technologies
• Financial services
• Life sciences; and
• Professional and business services.

Promoting innovation is core to the Government’s strategy and although the Government is looking to reduce the number of regulators, it introduced in October 2024 the Regulatory Innovation Office (RIO), whose stated purpose is to speed up regulatory decisions by acting as an intermediary between Government, regulators and businesses. Thus, the RIO aims to streamline the regulatory process, reduce “red tape,” and facilitate the rapid development and deployment of innovative technologies. The RIO’s immediate focus will be on priority areas: drones and other autonomous technology, engineering biology, space, AI and digital in healthcare.

The heads of regulators were called in to see the Chancellor of the Exchequer in January 2025 with the clear instruction to promote growth.

Antitrust

The new digital markets competition regime is now in force, introduced to give the CMA much more power to regulate the big tech companies. The initial investigations into Google and Apple are now underway and there is speculation that the fact that the new interim Chairman of the CMA is the former chairman of Amazon UK may affect the CMA’s stance.

There is a sense that the Government is worried about upsetting the new US administration, not only having regard to the potential increase in tariffs, but more generally about upsetting the big US tech companies.

On climate change, in terms of antitrust, the CMA has published a guidance note on cooperation agreements for sustainability and climate change. It encourages businesses who want to get together with competitors to try and reduce carbon emissions. The CMA and the European Commission have an open door policy to discuss industry initiatives of that type. For example, the CMA has recently published guidance to the Builders Merchants Federation relating to the building materials industry using a single supply chain assurance services provider.

Innovation is a particularly sensitive area for competition policy at this time. Any restriction on innovation in a commercial agreement should be considered very carefully.

‘Price algorithms’ are under the spotlight for the CMA. It considers that price fixing is unlawful. Whether that is achieved in a traditional way, or by programming an algorithm to behave in a particular way, the effect of the arrangement is the same. In some cases competitors have outsourced their pricing algorithm to the same provider that has resulted in alignment of prices which may be unlawful.

Traditionally cartels have been on the sales side. Sellers get together to fix prices, and traditionally cartelists have ended up charging somewhere between 15% and 25% higher than they would have done in a competitive market. There is now a lot of litigation going through the courts where victims of cartels are seeking to recover the excess prices that they have paid, often through class actions. But competition authorities, although still focused on seller cartels, are also looking at buyer cartels, which is where buyers get together and look to push down purchase prices to increase their profitability.

Competition authorities distinguish between an unlawful buyer cartel and a lawful joint purchasing arrangement. They recommend that to be lawful a joint purchasing arrangement should be transparent and be properly documented. So, if your business is contemplating that sort of arrangement, then it is prudent to be transparent about it. Tell the supplier that you are buying on behalf of others as well, not just buying for yourself, and document the joint purchasing arrangement. If you try and hide the arrangement and you do not document it you may well be deemed to be part of an unlawful buyer cartel.

The CMA is also now using data science tools in its detective work. For example, the CMA is working with public sector purchasers to try to identify bid rigging, i.e. where suppliers in a particular market get together and decide who’s going to win particular contracts. The CMA now has more sophisticated techniques for trying to detect where that might be happening.

Dawn raids nearly ground to a halt during the pandemic. We are now seeing these return with a different dimension because with many people now working hybrid or from home, the competition authorities are now increasingly looking to obtain warrants to search people’s homes and cars if that person is likely to have documents there and be likely to destroy those documents if they were aware of an investigation. Dawn raid training as part of a competition law compliance programme should now include potential dawn raids at home.

New public procurement regime

The new Procurement Act 2023 came into force on 24 February 2025 and is a simplification of the EU regime. The main change is the debarment register, which is now maintained by the Government. Contracting authorities must notify Ministers if they exclude a supplier (for mandatory or discretionary grounds). Ministers may investigate a supplier (including following notification) and, if considered appropriate, add that supplier to a central debarment list for up to five years. Suppliers will (or may, for discretionary grounds) be unable to win public contracts while on the list. There are also new and expanded grounds to exclude suppliers.

The new regime is also much more transparent in terms of significantly more notices and information having to be published by the authority on a central digital platform, spanning the entire procurement cycle from pre-procurement planning to expiry or termination of the contract, including publication of a contract with a value exceeding £5 million. For example, if an authority wants to make a direct award and not go through a competition process it must publish a notice that it intends to make a direct award. Also an authority must publish a notice of its intention to vary a contract. The increased transparency may result in more legal challenges.

A fundamental change in the legislation is that when the UK was under the EU regime the main driver was the creation of an internal market between EU member states. If it was a building contract, a Greek builder should have an equal opportunity with a British builder to win a public works contract in the UK. But that EU single market dimension is no longer in the legislation so the focus is on value for money, more opportunities for small and medium sized businesses and more emphasis on social value.

Also, for any contracts with a value exceeding £5 million, at least three KPIs must be set for that contract.

Data protection

On data protection, under the Data (Use and Access) Bill currently before Parliament, there may be a relaxation on the consent requirement for certain cookies. The Government regards it as ‘overburdensome’ that whenever we go to websites we have to go through and indicate what level of consent we are giving to the use of our personal data.

What the Government is keen to see is that where privacy is respected then consent to cookies should not be required in some cases. The difficulty with relaxing the standards is that the UK’s adequacy arrangement with the EU is up for renewal towards the end of 2025 and the UK does not want to upset the EU, as it could withdraw that adequacy status, which would increase the burdens for transferring personal data from the EU to the UK. So, the UK’s flexibility in departing from EU standards is not high.

New UK corporate offence of failure to prevent fraud

The new failure to prevent fraud corporate offence will come into force on 1 September 2025. Under this new offence a company (or partnership) will be criminally liable for the offence if a person associated with it commits fraud with the intention of benefiting the company or any entity, i.e. a client or customer, for which the associate provides services on the company’s behalf. The offence is punishable by an unlimited fine

There are three thresholds, at least two of which need to be satisfied for the offence to apply to a company. First, the company’s UK turnover must exceed £36 million; secondly, its total assets  must exceed £18 million; thirdly, it must have more than 250 employees. The company may also be guilty of the offence if the company’s parent company satisfies at least two of these thresholds.

An associated person of a company may be an employee, agent, subsidiary or sub-contractor.

There must be a fraud offence committed that could potentially be prosecuted in the UK. In addition to UK companies, the offence will apply to companies incorporated outside the UK with a UK connection.

A fraud offence includes cheating the public revenue, false accounting, false statements by company directors, participating in a fraudulent business and obtaining services dishonestly.  It also includes aiding, abetting, counselling  or procuring a fraud offence.

A company is not guilty of the offence if it itself was a victim or intended victim of the fraud offence, for example if the loss caused, or intended to be caused, by the fraud would be borne by the company or the fraud was committed with intent to harm the company. But a company would not be a victim only because it suffered indirect harm due to the fraud by an associated person, for example damage to its reputation.

There are two defences to this offence. One is that at the time that the fraud offence was committed the company had put in place reasonable procedures designed to prevent fraud; or that it was unreasonable to expect the company to have put in place any such procedures.

The Government has published guidance on six areas which companies should review to facilitate compliance with the requirement to put in place reasonable procedures to prevent fraud. Companies should aim to have established or reviewed these procedures before 1 September 2025 if not already done:

• Top level commitment – senior management clearly endorsing the company’s intolerance of fraud, for example a clear statement on the company’s website;
• Risk assessment – reviewing potential areas where fraud could take place within the business, assessing level of risk and putting in place mitigating steps and appropriate policies;
• Proportionate risk-based prevention procedures – for example, a fraud prevention plan, and sanctions/disciplinary measures for individuals or entities which commit fraud;
• Due diligence – If a company engages a new employee or supplier, it should do appropriate due diligence on them. This can be done in-house or by external providers. An audit trail will be an important part of showing that reasonable procedures had been put in place;
• Communication – provide appropriate fraud specific training to employees, agents and other potential associated persons, including requiring compliance with appropriate policies;
• Monitoring and review.

Q&A

We discussed some of the implications for businesses across key aspects of regulatory change, including:

• The Payment Systems Regulator (PSR) is to be absorbed into the Financial Conduct Authority (FCA) to reduce the complexity and level of regulation in the financial services sector, but will we see more oversight interest in the regulations as they are now to fall under the FCA?

It is hoped they will not make obligations more onerous especially in the short term, but the transition to the FCA will take time and we can still see policy change over time. The Payment Services Regulator has statutory functions, so legislation will be required to assign those functions to the FCA, which of course is also regulated under statute.

• What are the current thresholds for merger control?

There are three alternative tests under which a merger can qualify for investigation by the CMA:

• • 1. Is if the UK turnover of the target company exceeds £100 million.
  • 2. Is where the buyer and seller overlap in the supply of a good or service of a particular description and their share of supply in that area of overlap is at least 25 per cent in the UK as a whole or in a part of the UK and at least one of the parties’ UK turnover exceeds £10 million.
  • 3. Where at least one of the parties has UK turnover of at least £350 million and has a share of supply of at least 33 per cent.

• What has been the impact of the National Security and Investment Act 2021 (NSIA)?

A significant proportion of mandatory notifications for clearance of acquisitions under the NSIA have been in the defence sector. An important check is to confirm whether the target company holds export licences in relation to the UK as this can bring a transaction within the scope of the mandatory notification regime. Whilst the defence and military and dual use sectors represent a large proportion of remedy cases, the Government has imposed remedies across a range of other sectors including communications, energy, computing hardware, advanced materials and satellite and space technology. There is also increased interest in imposing commitments relating to sensitive data, including requirements that such data is maintained in the UK and not exported, and that sensitive information flows from the target company are restricted.

Many transactions ‘called-in’ for in-depth review involve Chinese acquirers. However, it is also noteworthy that in the last year or so a significant proportion of called-in transactions concerned UK acquirers and also U.S. acquirers. Whilst the nationality of the acquirer is an important consideration,  this suggests that the activities undertaken by the target are the most important factor — meaning there are some deals where the target’s activities are so sensitive that it will be called in, regardless as to whether the acquirer is from a ‘friendly’ allied country of the UK, or indeed if the acquirer is UK-based. The extent to which a target business conducts sensitive activities that necessitate some engagement between the Investment Screening Unit — the body tasked with overseeing the filing and review process (ISU) — and other government bodies, such as the Ministry of Defence, is a driver in the timeline for approvals under the NSI regime (and related likelihood of a call-in notice).

Reviews are mostly timely but the duration of the procedure can be unpredictable where remedies are required.

To date, six deals have been blocked or unwound — all involving Russian or Chinese buyers, including most recently in November 2024 when the Government ordered a Chinese entity to divest a controlling interest in a Scottish semiconductor chip firm. The Government has prohibited deals across a variety of sectors, including telecommunications; semiconductors; dual-use electronics; and the licensing of dual-use vision sensing technology; but all with the common theme of the country of origin of the controlling investors. The Government has also intervened in transactions where the immediate acquirers are apparently based in a neutral third country (e.g. Luxembourg, the Netherlands) but who were found to be ultimately controlled by Russian or Chinese (or Hong Kong) investors.

A further 26 transactions have been approved subject to conditions. Common conditions have included requirements to (i) maintain strategic capabilities/security of supply in the UK or ensure continued UK ownership of the relevant companies, (ii) protect, provide access to, or restrict sharing sensitive information and/or technology, (iii) appoint UK Government-approved board observers,  (iv) allow the Secretary of State to step in and take operational control of a business, (v) maintain UK headquarters or presence and  protect/expand employees and local R&D capabilities,  (vi) establish notification and reporting obligations, for example keep the UK Government informed of changes to a contract, and (vii) appoint UK Government-approved auditors. Such conditions have been imposed on UK and non-UK acquirers.

Furthermore, other deals have been reported to be abandoned and filings withdrawn, many of which involved Chinese buyers.

The NSIA regime will remain an important tool used by the Government to address national security risks and the global political environment may prompt further changes to the scope and enforcement priorities pursued under the regime.

• With the new failure to prevent fraud offence what should relevant businesses be doing now to assess risk and put procedures in place?

A risk assessment is a really important part of the procedure, it is really a case of looking internally at each part of the business and assessing where the fraud risks might be and then identifying mitigating steps, for example ensuring that invoices are accurate, and putting appropriate policies in place. This will be a similar exercise which many businesses will have undertaken when the Bribery Act 2010 was introduced. Relevant businesses should aim to have established or reviewed their anti-fraud procedures before 1 September 2025 if not already done.

We wish to thank all of the roundtable attendees for their valuable engagement and insights during our discussion on regulatory reform.

Anthony is a partner in our Commercial team specialising in competition law, commercial contracts and trade regulation, including data protection, public procurement, sanctions, export control, anti-bribery, IP, IT and communications.

Oliver is a partner in our Banking & Finance team, whose key expertise involves advising corporate borrowers on significant financing and refinancing transactions as well as restructuring matters.

If you would like to contact Anthony or Oliver concerning anything raised during the roundtable, or are looking for any commercial, competition or financing support, they would be very pleased to hear from you.

You can sign up to mailings for our Counsel+ forum here to receive learning resources and invitations to events and networking opportunities.