The UK government outlined its new legislative agenda in the King’s Speech today, 13 May 2026. This details the legislation the current government will introduce into Parliament. Emphasis on current. We may be back here sooner rather than later.
During the State Opening of Parliament, it is traditional for a member of the Commons to be ‘held hostage’ in Buckingham Palace, awaiting the safe return of the King. The prime minister probably has a rather long list of MPs he might like to have under lock and key at the moment, as this King’s Speech is given under a cloud of continuing leadership speculation gripping the Labour Party.
Nevertheless, the business of government goes on. There are significant regulatory changes announced which we were expecting. But a few notable things that were missing.
What was included
- Cyber Security and Resilience Bill: Carries over from previous session
- Enhancing Financial Services Bill: SMCR Phase 2 reform
- Regulating for Growth Bill: Stronger ministerial steer over regulators
- Small Business Protections (Late Payments) Bill: Payment practices become a board issue
- Public Office (Accountability) Bill: The Hillsborough Law and the duty of candour
- Competition Reform Bill: Greater political influence over the CMA
- Remediation Bill: More on building safety and cladding
What was excluded
- Audit Reform and Corporate Governance Bill
- Equality (Race and Disability) Bill
- A standalone AI Bill
What we’re not sure of
- FCA as the single professional services regulator for AML: Not explicitly mentioned in the King’s Speech or accompanying briefing notes, but could be included in the Regulating for Growth Bill when published
- Who the PM will be in six months’ time
Cyber Security and Resilience Bill
The Cyber Security and Resilience Bill, carried over from the previous parliamentary session, is one of the most important measures for corporate compliance. It will update the UK’s existing cyber framework and expand the range of organisations subject to cyber security duties.
The Bill will bring many managed IT companies into scope, recognising that these providers often hold trusted access across public bodies, critical national infrastructure and business networks. It will also regulate data centres, reflecting their importance to patient records, online payments, email services, cloud infrastructure and AI development. Operators managing the flow of electricity to smart appliances, including electric vehicle charge points and electrical heating appliances, will also face new requirements. Regulators will be given powers to designate critical suppliers to essential services, including suppliers to the NHS or water companies, where disruption could have wider consequences.
The incident reporting requirements are especially important. In-scope organisations will need to report a greater range of harmful cyber incidents to their regulator and the National Cyber Security Centre within 24 hours, with a full report within 72 hours. Data centres, digital service providers and managed service providers will also have to take reasonable steps to identify and notify customers likely to have been affected by significant or potentially significant cyber incidents. Enforcement will be modernised, including tougher turnover-based penalties for serious breaches.
This moves cyber compliance well beyond the IT department. Boards and senior leaders will need assurance that incident response plans are real, tested and understood. Supplier due diligence will need to examine cyber resilience, not just price and service levels. Procurement teams will need to think more carefully about the cyber exposure created by managed service providers, software vendors, cloud providers and critical outsourced functions.
The Bill also has a clear training implication. Phishing remains one of the most common ways attackers gain access to systems. If the legal framework becomes more demanding on cyber resilience and incident reporting, organisations will need to show that they are taking human-factor risks seriously. That means regular training, reporting channels, simulated exercises, escalation procedures and a culture where employees report suspicious activity quickly.
The practical compliance questions are straightforward: who owns cyber risk at board level, which suppliers are critical, what incidents must be reported, who makes the reporting decision, and can the organisation meet a 24-hour notification window under pressure?
Enhancing Financial Services Bill
The Enhancing Financial Services Bill confirms that reform of the Senior Managers and Certification Regime is now moving from regulatory adjustment into legislation. The government presents the Bill as part of a wider effort to modernise financial services regulation, support growth and reduce unnecessary administrative burden while maintaining individual accountability.
Several practical changes already took effect from 24 April 2026 and more from 10 July 2026 which are detailed here. From 1 September 2026, SMCR will be aligned with the FCA’s broader approach to non-financial misconduct.
The Enhancing Financial Services Bill is expected to provide the vehicle for deeper Phase 2 reforms. The government wants fewer elements of SMCR fixed in primary legislation, with more detail set through FCA and PRA rules. The most significant expected proposal is the removal of the Certification Regime from the Financial Services and Markets Act. That would allow regulators to move away from a broad, annual recertification model towards a more targeted regime focused on roles that genuinely create risk.
The bill is also expected to reduce the number of roles requiring pre-approval as Senior Management Functions. Some senior appointments may in future rely more heavily on the firm’s own fitness and propriety assessment, with notification to the regulator rather than prior approval. If implemented, this will shift more responsibility onto firms’ internal governance processes.
Firms may face fewer process-driven obligations, yet they will need stronger evidence that internal judgements are sound. Role classification, fitness and propriety assessments, conduct rules training, non-financial misconduct processes, regulatory references, responsibility maps and internal reporting channels all need to be defensible.
Regulating for Growth Bill
The Bill gives ministers a new statutory power to issue strategic steers to regulators, defining what growth means in different regulatory contexts. This is critical as it could make regulators more dependent on direction from ministers, meaning business could end up with less clarity on long-term direction of regulators’ expectations. It could also see ministers expect more fines, for instance from the ICO, or take action on politically popular issues.
The Bill will also create what the government calls cross-economy sandbox powers. These would allow existing rules to be temporarily relaxed under strict controls so that businesses can test new products and technologies in real-world settings. This is expected to include medicines, medical devices, autonomous maritime technology, defence technology and AI-enabled products and services as potential areas where sandboxes could be used.
This Bill is politically important because the government wants regulation to support investment, infrastructure and innovation, while maintaining essential safeguards. That may lead to more pressure on regulators to justify slow, duplicative or overly risk-averse processes. However this will naturally reduce the independence of regulators across different sectors, and potentially put their priorities more at the master of political priorities.
Small Business Protections (Late Payments) Bill
The Bill will impose maximum payment terms of 60 days, with limited exemptions. It will enforce mandatory interest for late payments at 8% above the Bank of England base rate, introduce time limits for raising invoice disputes, and require boards or audit committees of persistently late-paying large companies to publish commentary on poor payment performance and the actions they intend to take. It will also give the Small Business Commissioner new powers to investigate poor payment practices, adjudicate disputes and fine businesses that persistently pay suppliers late or fail to comply.
This is highly relevant for compliance because it links payment culture to governance, reporting and enforcement. Large companies will need to review their supplier payment terms, invoice approval processes, dispute mechanisms and finance controls. Businesses in construction will need to pay particular attention because the Bill also proposes targeted action to ban the practice of deducting and withholding retention payments under construction contracts.
For boards, the issue will be whether poor payment practice is being treated as a finance administration problem or as a conduct and governance risk. If audit committees are required to publish commentary on persistent late payment, the reputational risk could become as important as the financial penalty.
Public Office (Accountability) Bill
The Public Office (Accountability) Bill, commonly known as the Hillsborough Law, is one of the most significant accountability reforms in the King’s Speech for public bodies and organisations carrying out public functions. Although primarily aimed at the public sector, its implications reach well beyond central government, particularly for law firms and the higher and further education sector.
The Bill is designed to change how public authorities behave when things go wrong. It responds to longstanding criticism that, after major public tragedies, some institutions have withheld information, adopted adversarial legal tactics or engaged with bereaved families and investigators in a defensive way. Hillsborough is the defining reference point, but the wider context includes public concern following disasters and scandals such as Grenfell and Windrush.
At the heart of the Bill is a new duty of candour and assistance. This would require public authorities and officials to act in a way that is truthful, accurate and helpful when engaging with inquiries, inquests and external investigations. The important point for compliance teams is that this is intended to be proactive. Public bodies would not simply wait for a coroner, inquiry chair or family representative to request documents. They would be expected to identify and disclose relevant information themselves.
That changes the compliance culture around serious incidents. Disclosure can no longer be treated as a narrow legal exercise focused on minimising exposure. Organisations will need systems that can find relevant information quickly, assess it properly and disclose it responsibly.
The Bill is expected to apply not only to ministers, government departments and emergency services, but also to NHS bodies, local authorities, universities and further education institutions. It may also capture private organisations carrying out public functions or public contracts.
That is particularly important for higher and further education. Universities and colleges can become involved in inquests and investigations following student deaths, safeguarding failures, welfare concerns, disability support issues or serious incidents on campus. Under a statutory duty of candour, institutions may be expected to disclose information such as welfare records, disability support arrangements, safeguarding concerns, referral failures, internal communications and evidence of process gaps where relevant.
For compliance, legal and safeguarding teams, this raises practical questions. Are records held across student services, academic departments, accommodation teams, disability support, wellbeing teams and security capable of being brought together quickly? Are escalation decisions documented? Are staff trained to record concerns clearly? Are internal reviews designed to find the facts, or mainly to manage liability?
The Bill also changes the dynamics of inquests. It would expand access to non-means-tested legal aid for bereaved families whenever a public authority is designated as an interested person. At the same time, public bodies would need to justify that their own legal representation at inquests is necessary and proportionate.
That could significantly affect legal strategy. Public authorities and institutions should not assume they can take an adversarial, lawyer-heavy approach as the default. Legal teams will need to show that representation is appropriate, proportionate and consistent with candour.
The Bill also raises the stakes for personal accountability. It would abolish the common law offence of misconduct in public office and replace it with two statutory offences. The first would address wilful or seriously improper conduct by a public official. The second would apply where a public official fails to prevent death or serious harm in circumstances where they owed a duty to act. These offences are expected to carry potential penalties of up to 10 and 14 years’ imprisonment.
One unresolved issue is legal professional privilege. The Bill does not expressly override privilege of course, so privilege remains legally intact. However, the duty of candour may make assertions of privilege more difficult in practice. Public bodies that withhold information on privilege grounds may face closer scrutiny from coroners, inquiry chairs, families and the media. Privilege will need to be asserted carefully, with a clear rationale, rather than used as a routine shield against disclosure.
The same applies to internal investigations. Many organisations currently structure internal reviews to preserve privilege and control legal exposure. Under a statutory duty of candour, the timing, scope and framing of those investigations may be scrutinised. A review process that appears designed to delay disclosure or shape a defensive narrative could itself become a source of criticism.
For compliance leaders, the practical response should be to review serious incident procedures now. Organisations in scope, or likely to be affected indirectly, should examine disclosure protocols, document retention, safeguarding escalation, whistleblowing routes, legal privilege policies, staff conduct rules and board reporting. They should also train senior leaders and frontline staff on what candour means in practice.
Competition Reform Bill
The Competition Reform Bill is presented as a pro-growth reform of the UK’s competition regime. The government says it will make CMA investigations faster and more predictable, reduce unnecessary burdens on business and help consumers benefit sooner. In practice, the Bill could reshape merger control, market investigations, remedies and the way the CMA makes its most important decisions.
The most significant issue is political control, or at least political influence. At present, in-depth Phase 2 merger decisions are made by independent CMA panels drawn from external experts. That model has been defended as a safeguard of independence and fresh scrutiny. The government now wants Phase 2 merger decisions and major market review decisions to move to sub-committees of the CMA Board, including senior CMA executives, non-executive directors and external experts. The stated aim is greater accountability and consistency.
That may make decisions more predictable. It may also make them more closely aligned with the CMA’s institutional priorities, ministerial steers and the government’s wider growth agenda. Ministers would not be deciding individual cases, but strategy, guidance and political pressure can still shape the environment in which decisions are made.
The CMA has faced sustained criticism from businesses, investors and government over perceptions that UK merger control has become unpredictable and overly burdensome. In 2025, the CMA cleared every merger it reviewed, following pressure to align competition enforcement with a pro-growth agenda and the replacement of the CMA chair amid concerns the regulator was seen as an obstacle to investment.
This may mean high-profile mergers and market practices may attract political, media and stakeholder attention, especially where they involve consumer prices, jobs, digital markets, public services or national competitiveness. Once a transaction becomes part of a public narrative, the regulatory dynamic can shift.
The Bill is also expected to clarify the CMA’s merger jurisdiction. The government proposes statutory “closed lists” for the share of supply test and material influence test. This should make the regime easier to navigate, but it should not be mistaken for a major narrowing of CMA powers. Minority investments, strategic partnerships, joint ventures and deals with limited UK nexus may still be reviewable where influence can be inferred.
Market reviews are also likely to become faster. The government wants to replace the current two-stage process with a single-stage review, usually capped at 24 months. That may reduce long-running uncertainty, but it will also mean earlier information gathering, earlier remedies discussions and less time for businesses to shape the evidential record. There are also important changes to remedies. Sunset clauses are expected to become the default for market remedies, with formal reviews at least every ten years. This could help businesses subject to old obligations, while making remedy monitoring a more active part of future compliance planning.
Compliance teams should review deal-screening processes, especially for minority investments, joint ventures and strategic partnerships. They should prepare for earlier remedies discussions, faster market reviews and more scrutiny of internal documents. Board papers, investment committee minutes and risk assessments should clearly show how competition issues were identified and managed.
Remediation Bill
The Remediation Bill will be important for building owners, landlords, developers, managing agents, construction businesses and product manufacturers. The King’s Speech says the Bill will speed up remediation for people living in homes with unsafe cladding.
The compliance implications are familiar but still significant. Organisations connected to higher-risk buildings will need to maintain strong evidence of building safety assessments, remediation plans, resident communication, funding routes and responsibilities across ownership and management structures. For affected organisations, this involves health and safety, fire safety, contractual liability, insurance, customer communication, regulatory engagement and reputational risk.
What wasn’t included in the King’s Speech
One of the most striking omissions is a dedicated Audit Reform and Corporate Governance Bill. Audit reform has been discussed for years. Companies that expected a clear legislative timetable may now need to keep preparing without knowing when, or in what form, ARGA and wider audit reforms will return.
The expected Equality (Race and Disability) Bill is also absent from the King’s Speech, and this was supposed to bring in mandatory disability and ethnicity pay gap reporting. Perhaps this may be taken forward through a different route, but it is not included in this speech.
A further notable omission is specific legislation making the FCA the single professional services regulator for anti-money laundering. This had been expected as a possible major AML supervision reform, replacing the current professional body supervision model for sectors such as law and accountancy. The open question is whether the government could attempt to introduce the AML supervision reform through another legislative vehicle. The Regulating for Growth Bill is one possible candidate to watch, because it is concerned with regulatory architecture, regulatory burdens, growth duties and powers to modernise regulation. However, we still don’t have definitive legislative plans for AML supervision reform, so firms should not neccessarily assume the FCA transition is imminent.
Would a change of prime minister make a difference?
A change of prime minister would not necessarily derail the King’s Speech programme, but it could change the political weight behind different parts of it. Employment law is the clearest example. Former deputy PM Angela Rayner has been closely associated with the government’s employment rights agenda and was reported to favour stronger protections, including the original proposal for day-one unfair dismissal rights. That was later reduced to a six-month qualifying period after opposition in the Lords and negotiations with business and unions. A change in leader could see a return to those issues.
If Labour moved to a more left-aligned leadership, employers could expect pressure for a more interventionist workplace agenda. That might mean faster implementation of employment reforms, stronger enforcement, less appetite for business-led dilution, and renewed pressure around day-one protections, zero-hours contracts, union rights, harassment duties and pay transparency. It could also affect the missing Equality (Race and Disability) Bill, since a more employment-rights-focused leadership may be more likely to revive mandatory ethnicity and disability pay gap reporting.
A change of prime minister would not automatically require a new King’s Speech. The new leader could continue with the existing legislative programme, while changing the emphasis, timing and political priority given to different Bills. A more significant reset would require the government to prorogue Parliament and open a new session with a further King’s Speech, which a future PM might do sooner rather than later to cement their agenda. But as of the time of writing, this is the speech—and the legislative programme—that we got.
