The United Kingdom spent 2025 trying to answer a question that has dogged post-Brexit policymakers since the referendum: what should regulation actually be for?
The answer, delivered with increasing clarity across the year, is growth. Not growth as an assumed byproduct of good regulation, but growth as a statutory duty embedded into how regulators from the Financial Conduct Authority (FCA) to energy regulator Ofgem are expected to operate. Economic outcomes have become central to regulatory decision-making in ways that would have been inconceivable a decade ago.
This represents more than a philosophical shift. The Regulatory Action Plan, strengthened growth duties, and new accountability mechanisms introduced throughout 2025 make clear that authorisation timelines, enforcement priorities, and cross-border relationships will now be judged through an explicitly economic lens. Public dashboards track regulator performance. Independent reviews scrutinise how effectively watchdogs balance their mandates. The 25 per cent administrative burden reduction target hangs over the system like a productivity ultimatum.
Yet 2025 also brought the first enforcement actions under the Online Safety Act, the first Strategic Market Status designations under the new digital markets regime, and a bruising parliamentary fight over employment rights that ended with the government abandoning its flagship day-one unfair dismissal pledge. The Competition and Markets Authority (CMA) designated Google with Strategic Market Status in respect of general search – the first such designation globally under domestic competition law – and followed with designations for Apple and Google in mobile platforms.
These threads pull in different directions. A growth-first regulatory philosophy sits uneasily alongside expansive new platform obligations and enhanced worker protections. The government insists the tensions are manageable; critics argue the growth agenda will inevitably hollow out the protections that regulation exists to provide.
For regulators and regulated entities across Australia, New Zealand, and the UK’s other trading partners, these developments matter, wherever they transpire. The UK is positioning itself as a test case for whether economic objectives can be embedded across a modern regulatory system without creating the very uncertainty that business finds most costly.
Growth duty meets accountability culture
The Regulatory Action Plan and its October update represent the government’s most concerted effort to reshape how regulators understand their role. The reforms rest on three pillars: a strengthened statutory growth duty requiring regulators to prioritise business growth while maintaining protections, a public dashboard allowing businesses to scrutinise regulator performance with quarterly updates, and independent reviews of key regulators with recommendations delivered to ministers.
Business Secretary Peter Kyle framed the reforms bluntly. By stripping back unnecessary rules and pointless paperwork, regulators would free businesses to grow while ensuring vital protections remained enforced. The growth duty would anchor this shift, with greater transparency ensuring regulators could be held to account.
TheInstitute for Government (IfG) has been less convinced. The think tank’s assessment noted the 25 per cent administrative burden reduction target requires systemic thinking, not tinkering, and highlighted a critical gap: no independent oversight mechanism exists to track whether the burden reduction target is actually being achieved. Implementation detail remains sparse, raising questions about whether growth duties will survive a change of government.
The Prudential Regulation Authority (PRA) published its second report on secondary competitiveness and growth objectives in June, documenting progress on facilitating the international competitiveness and growth of the UK economy over the medium to long term. The FCA announced accelerated authorisation targets: new firm authorisations to be completed within four months rather than six, with senior manager applications processed within two months for at least half of applications.
Whether these mechanisms deliver genuine productivity improvements or simply create new compliance complexity while weakening protections will become clearer as regulators and regulated entities adjust to the new expectations. The IfG’s November 2025 assessment warned that strengthening the growth duty depends on clear and granular growth policy. Without it, the reforms risk becoming political theatre.
From legislation to enforcement: the online safety regime goes live
The Online Safety Act moved from legislative text to enforceable reality in 2025. Phase 2 child safety duties became binding from 25 July, extending obligations beyond illegal harms to child protection more broadly. User-to-user and search services likely to be accessed by children must now implement measures preventing young people from encountering harmful material, including content promoting self-harm, suicide, violence, and pornography.
Ofcom, the UK’s communications regulator responsible for overseeing online safety alongside broadcasting and telecoms, published its Protection of Children Codes of Practice in final form on 24 April. Services were required to complete children’s risk assessments by 24 July and have risk mitigation measures operational from 25 July. With these moves, the regulator makes its enforcement stance clear.
Enforcement Director Suzanne Cater declared 2025 the year of action, predicting a huge uptick in enforcement work. Platforms unwilling to engage, unwilling to accept problems, or putting profits above safety would face very different treatment. Chief Executive Dame Melanie Dawes added that Ofcom had already engaged constructively with some platforms and seen positive changes ahead of time, but expectations would remain high. Those who fell short would face consequences.
Platforms unwilling to engage, unwilling to accept problems, or putting profits above safety would face very different treatment.
The penalties are substantial: fines of up to £18 million or 10 per cent of global turnover (whichever is greater), potential criminal liability for directors, and the possibility of restrictions on UK market access.
In November, Ofcom issued its first financial penalty under the legislation against 4chan – a fixed penalty of £20,000 and a daily non-compliance fine of £100 for up to 60 days. The amount is modest; the message is not. Phase 3, covering categorised services and the largest Category 1 platforms, remains scheduled for 2026. Whether Ofcom can scale enforcement to cover these platforms effectively will test whether the regime’s design matches its ambition.
Digital markets: the SMS regime takes shape
The Digital Markets, Competition and Consumers Act 2024 came into force on 1 January 2025 for digital markets and competition provisions, with consumer protections following in April. The legislation establishes the CMA’s Digital Markets Unit (DMU) with powers to designate undertakings as having Strategic Market Status in respect of specific digital activities.
The CMA moved quickly. On 10 October, it issued its first SMS designation: Google, designated in respect of general search and search advertising services. The 156-page decision found that Google accounts for over 90 per cent of UK general search queries, with no rival gaining ground in over 15 years. UK search advertising revenues exceed £10 billion annually, with margins above 25 per cent and returns on capital over 40 per cent.
The CMA estimated that Google earned at least £3–4 billion of profits in 2024 from UK general search services above a 10–15 per cent weighted average cost of capital – returns indicative of substantial and entrenched market power.
On 22 October, the CMA confirmed additional SMS designations for both Apple and Google in their respective mobile platforms, covering operating systems, app distribution, browsers, and browser engines on smartphones and tablets.
These designations open the door to conduct requirements addressing self-preferencing, data access, interoperability, and algorithmic transparency. Penalties for non-compliance can reach 10 per cent of global turnover.
The regime represents the UK’s alternative to the EU’s Digital Markets Act – creating UK-specific obligations for global platforms through a domestic regulatory framework rather than pan-European regulation. For platforms, this means additional compliance complexity; for UK businesses and consumers, it promises more responsive oversight of digital market power.
The 2026 challenge will be whether the first conduct requirements deliver meaningful behavioural change and whether the regime can adapt quickly enough to address emerging AI-driven market dynamics that the CMA has acknowledged may in fact strengthen Google’s position.
Employment rights: a manifesto pledge abandoned
The Employment Rights Bill, Labour’s flagship commitment to make work pay, underwent substantial revision during its parliamentary passage – culminating in a major policy reversal on 27 November.
The bill proposes restrictions on zero-hours contracts, protections against fire and rehire, enhanced family-friendly rights, strengthened unfair dismissal protections, reforms to trade union recognition, and new equality duties on employers. But the government’s original pledge to grant day-one unfair dismissal rights – a cornerstone of the 2024 manifesto – has been abandoned.
The government announcement confirmed that discussions concluded that reducing the qualifying period for unfair dismissal from 24 months to six months, whilst maintaining existing day-one protection against discrimination and automatically unfair grounds for dismissal, represented a workable package.
The compromise followed what the BBC described as a significant U-turn driven by a series of constructive conversations between trade unions and business representatives. The House of Lords had twice voted in favour of a six-month timeframe.
Business Secretary Peter Kyle defended the outcome, noting it was not his role to obstruct that compromise. He emphasised the government’s commitment to consultation, pointing to the primary legislation’s mandate to engage in consultations across 26 distinct areas.
TUC General Secretary Paul Nowak welcomed the progress, calling the bill essential to better quality, more secure jobs for millions of workers across the economy. The absolute priority, he said, was getting these rights on the statute book so working people could start benefiting from them from April 2026.
For her part, Conservative Opposition Leader Kemi Badenoch criticised the approach. If 26 consultations were necessary to rectify this, she argued, then there was a significant issue at hand.
Implementation is phased, with initial tranches expected from April 2026 for provisions including statutory sick pay from day one and enhanced family rights. The six-month qualifying period for unfair dismissal – the last time such a period was in place was 1974–1979 – will take effect at a date yet to be confirmed. The Fair Work Agency, a new enforcement body, will be established in 2026.
Financial services: the divergence accelerates
The UK continued its post-Edinburgh and Mansion House financial services reforms in 2025, embedding growth and competitiveness as secondary objectives for both the FCA and PRA.
The Financial Services and Markets Act 2023 gave both regulators a statutory secondary objective to facilitate, subject to aligning with relevant international standards, the international competitiveness of the UK economy and its growth over the medium to long term. The PRA’s second annual report, published in June, documented progress on capital framework simplification and regulatory divergence from EU baseline requirements.
At the Chancellor’s July Leeds summit – framed as Mansion House 2.0 – the government announced accelerated authorisation targets for financial services firms. Letters from the FCA and PRA published on 15 July confirmed new timelines: statutory deadlines for new firm authorisations reduced to four months from six, with complex variations of permission targeted for completion within three months.
The FCA and PRA also launched consultations on Phase 1 reforms to the Senior Managers and Certification Regime, aimed at improving approval processes and raising thresholds for enhanced SMCR requirements.
The House of Lords Financial Services Regulation Committee’s June 2025 report identified operational inefficiency – particularly slow authorisation timelines – as a constraint on innovation, and recommended a concierge service to help foreign firms navigate UK requirements.
The reforms create substantive divergence from EU norms. Consumer Duty application to wholesale firms is being reconsidered; inherited EU regulatory templates are being deleted; and capital framework simplification is proceeding on UK-specific timelines. Divergence creates opportunities for UK capital markets but raises questions about equivalence and mutual recognition with the EU.
Cyber security: expanding the regulatory perimeter
The Cyber Security and Resilience Bill, introduced to Parliament in November, expands the scope of the Network and Information Systems Regulations 2018 to cover managed service providers and data centres – entities previously outside the regulatory perimeter.
The reforms bring an estimated 900 to 1,100 additional Managed Service Providers (MSP) within regulatory scope, regulated by the Information Commissioner’s Office (ICO). As a Pinsent Masons analysis noted, large and medium-sized MSPs will need to put in place appropriate measures to manage risks to the services they provide.
Data centres will be regulated as operators of essential services, overseen by the Department for Science, Innovation and Technology (DSIT) and Ofgem. The designation applies to facilities offering a rated IT load of more than 10 megawatts and provided on an enterprise basis – aligning with the EU’s treatment of data centres as critical infrastructure under NIS2, the EU’s updated Network and Information Security Directive.
Penalties increase substantially: up to £17 million or 4 per cent of worldwide turnover. New obligations include robust cyber security risk management, reporting of significant incidents to government and customers, and submission to competent authority inspections. The bill also allows regulators to designate critical suppliers directly as operators of essential services.
The expansion tracks the EU’s NIS2 Directive and reflects the UK’s 2024 designation of data centres as critical national infrastructure.
Competition and energy: sector developments
The CMA launched a consultation on revised merger remedies guidance in October, embedding its 4Ps framework – pace, predictability, proportionality, and process – into merger control. The updated guidance introduces a 40-working-day KPI for pre-notification (down from an average of 65 working days) and a 25-working-day KPI for straightforward clearance decisions (reduced from 40).
The reforms point toward a more permissive approach to remedies design, with greater willingness to accept behavioural remedies, efficiency claims, and hybrid solutions at Phase 1 rather than requiring full structural separation.
In energy regulation, Ofgem announced plans in September to require suppliers to offer at least one lower standing charge tariff by end-January 2026. Director General for Markets Tim Jarvis acknowledged the reform’s limitations. The costs covered by the standing charge ultimately must be paid. They cover the costs of transporting energy to homes or businesses. These charges cannot be removed, only moved around.
Citizens Advice energy director Gillian Cooper offered a measured assessment: while the introduction of a lower standing charge may offer consumers additional options, it will not lead to a reduction in their bills.
Ofgem also unveiled plans for its largest-ever review of Guaranteed Standards of Performance, proposing a shift toward outcomes-based regulation – reflecting broader government pressure on regulators to reduce prescriptive rules.
What to watch in 2026
Three dynamics will likely shape the UK regulatory landscape in the year ahead:
- The growth experiment enters its implementation phase. Public dashboards, strengthened duties, and accelerated authorisation targets are now in place. Whether these mechanisms deliver genuine productivity improvements or simply create new compliance complexity while weakening protections will become clearer as regulated entities and regulators adjust to the new expectations.
- Digital governance reaches the enforcement frontier. The Online Safety Act, DMCCA, and cyber-resilience reforms position the UK as neither EU nor US in its approach to platform regulation – more interventionist than Washington, more agile than Brussels. The first SMS conduct requirements and Ofcom’s willingness to escalate enforcement will test whether this middle path holds.
- Post-Brexit divergence compounds. Financial services reforms, employment rights compromises, and competition policy shifts all demonstrate a willingness to chart an independent course. The question is whether divergence attracts investment and innovation or creates friction for cross-border business.
What to watch:
- First SMS conduct requirements: Will the CMA’s requirements for Google deliver meaningful market change?
- Phase 3 Online Safety implementation: Can Ofcom scale enforcement to cover Category 1 platforms effectively?
- Employment Rights Bill commencement: The six-month qualifying period, day-one sick pay, and Fair Work Agency launch will test employer adaptation.
- Financial services divergence: Will accelerated authorisations and regulatory streamlining attract international capital?
- Cyber-resilience enforcement: First regulatory actions against MSPs and data centres will establish the regime’s credibility.
By December 2026, regulators and regulated entities alike will have a clearer sense of whether the UK’s growth-oriented, digitally sophisticated, and internationally distinctive regulatory model delivers on its promise – or whether the tensions between growth and protection, innovation and rights, prove harder to reconcile than Westminster anticipated.
