Ashurst Governance & Compliance Update – Issue 83
The Information Commissioner's Office has published a guide to the practical steps which companies can take to strengthen their resilience against AI-powered cyber threats. This has been published in light of cyber criminals increasingly using artificial intelligence to carry out attacks that are faster, more advanced and harder to detect.
The ICO believes that all organisations must be proactive in taking steps to prepare themselves for emerging threats and that by investing in cyber resilience and ensuring appropriate security measures are in place, companies can build public trust and confidence in how an organisation protects the personal data it holds.
The five practical steps focus on:
Cyber readiness and response featured as one of Ashurst Perkins Coie's Key Board Priorities for 2026. You can access the related podcast here. All of our 2026 Board Priorities can be found here.
The Chartered Governance Institute UK & Ireland (CGI) has issued an update to its guidance note on the proper purpose test under sections 116 to 119 of the Companies Act 2006 (2006 Act).
Any person may request to inspect, and obtain a copy of, a company's register of members, provided the request includes specified information, that is set out in an appendix to the guidance, including the purpose for which the information contained in the register is to be used (section 116, 2006 Act). The company may apply to court if it considers that the request has not been made for a proper purpose. What is a proper purpose is dependent on the particular facts and circumstances of each case.
The CGI, formerly known as the Institute of Chartered Secretaries and Administrators (ICSA), published guidance in June 2007 to assist companies in assessing whether a purpose set out in a section 116 request is proper.
The High Court has held that a company failed to prove that an application by a third party to obtain a copy of the company's register of members was not for a proper purpose because the purpose was a commercial one or would be commercially disadvantageous to the company's shareholders (Aviva plc v Litani LLC [2025] EWHC 3134 (Ch)).
The updated guidance considers the principles arising from a number of cases, including Aviva plc.
The updated guidance includes non-exhaustive lists of purposes that the CGI considers proper or improper and contains best practice recommendations for companies who receive section 116 requests. These recommendations include:
The CGI suggests that companies should develop internal processes to deal with section 116 requests, particularly as the requirement that the register must be supplied or an application to court made within five working days of receipt.
Section 250 of the Crime and Policing Act 2026 (CAPA) comes into force on 29 June 2026 and will significantly extend the scope of corporate criminal liability in the UK. For more detail, see our briefing here.
Under CAPA, organisations will be criminally liable if a senior manager commits any criminal offence while acting within the actual or apparent scope of their authority.
CAPA will repeal the senior manager provisions in section 196 of the Economic Crime and Corporate Transparency Act 2023 – which only covered specified economic crime offences (such as bribery or fraud) – and expand them to apply to a much wider range of criminal offences. See our previous briefings here and here for further background.
The draft Register of Overseas Entities (Protection and Trusts) and Limited Liability Partnerships (Application of Company Law) (Amendment) Regulations 2026 (draft regulations) have been re-issued together with an explanatory memorandum.
The Economic Crime (Transparency and Enforcement) Act 2022 (2022 Act) established the register of overseas entities (ROE) regime. In particular, the 2022 Act created a ROE maintained by Companies House that records the true beneficial owners and managing officers of overseas entities that own land or property in the UK.
In August 2025, the Trust Disclosure Service was established by Companies House, allowing third parties to apply and access unpublished trust information held on the ROE if they have a legitimate interest. There have been a few practical difficulties with the application process for requesting unpublished trust information that the draft regulations seek to address.
A previous version of the draft regulations was issued and laid before Parliament on 22 April 2026 before being withdrawn on 13 May 2026.
The draft regulations amend the following legislation relating to the ROE:
The draft regulations also amend regulation 31D (Required particulars) of the Limited Liability Partnerships (Application of Companies Act 2006) Regulations 2009 (SI 2009/1084) to remove service address requirements for registrable persons and registrable relevant legal entities. Companies House does not currently have the systems to receive this information, but the explanatory note states that requirements will be reinstated in due course.
The London Stock Exchange has published AIM Notice 62, consulting on proposed amendments to the AIM Rules for Companies and the AIM Disciplinary Procedures and Appeals Handbook. The consultation builds on the November 2025 Feedback Statement on Shaping the Future of AIM (see our Feedback Statement update here for background).
Proposed amendments include the following:
The Exchange has also published AIM Notice 63 to consult on certain administrative and clarificatory amendments to the AIM Rules for Nominated Advisers following the proposed changes to the AIM Rules for Companies. It also introduces a new Nominated Adviser Technical Note on the Exchange's expectations of Nominated Advisers in performing their obligations, as trailed. The Technical Note will take effect immediately other than for those areas which are subject to AIM Rule changes.
The consultations close on 2 July 2026. A further consultation on the contents of an AIM admission document is expected in due course.
The Financial Services Regulatory Initiatives Forum has published its Regulatory Initiatives Grid which maps the regulatory pipeline for the UK financial services industry for the next two years. This 10th edition of the Grid is stated to reflect the Forum's ongoing alignment with the government's growth agenda.
Key capital markets initiatives include:
The FCA has published Handbook Notice No 140 detailing, amongst other things, amendments that have been made to the UKLRs and Glossary by three FCA instruments. All changes are in force.
The key updates include:
Companies House has announced that it is reviewing the retention period for dissolved company records, following concerns that records should be held for longer than 20 years. Currently Companies House retains records of dissolved companies for 20 years at which time selected records are transferred to the 'appropriate' Public Record Office – e.g. The National Archives for companies registered in England and Wales. Any records not transferred are destroyed.
Companies House has paused the transfer and destruction of records while its policy is under review. It is still possible to search for information on the Find and update company information and Search for a dissolved company services. As before, access to company records not available online can be requested on payment of a fee.
Any changes to the retention period will be subject to public consultation.
As announced in the King's Speech, the Commercial Payments Bill has been published and introduced to Parliament. Accompanying Explanatory Notes can be found here. Note that the Bill has also been referred to as the 'Small Business Protections Bill'.
The Bill contains numerous measures to improve commercial payment practices and address the persistent late payment of commercial debts in the UK. These were trailed by the Department of Business and Trade (DBT) in March 2026 which we covered in AGC Update, Issue 81 – Item 1.
In overview, the Bill amends and enhances existing laws on late payments by introducing the following:
The DBT has also published guidance on the Bill.
Other business-focused legislation introduced by the King's Speech includes the 'Competition Reform Bill', which intends to make competition investigations faster and more predictable and the 'Regulating for Growth Bill', which intends to strengthen the duty on regulators to prioritise economic growth. The centrepiece for financial services is the Enhancing Financial Services Bill (published on 19 May 2026 as the Financial Services and Markets Bill), which delivers key elements of the 2025 Leeds Reforms. See our update for further information. The 'Representation of the People Bill' will also tighten restrictions on who can make political donations to registered political parties with implications for corporates which wish to do so. Briefing notes to the King's Speech can be found here.
The FRC has published its latest review of structured digital reporting, Structured Digital Reporting: Insights 2025/26, together with an accompanying factsheet. The report is based on a market-wide analysis of digital reports filed by UK-listed companies, supplemented by detailed reviews of 30 annual reports.
The FRC notes that most filings are well structured and comply with requirements. However, the review identifies a number of recurring issues that limit the usefulness of structured data for investors, regulators and other users:
The FRC also identifies a number of process and compliance issues. These include a failure to make structured reports readily accessible on company websites or in a viewer-friendly format; validation errors and warnings not being fully resolved before filing; late filing of structured reports (affecting around 10% of sample companies); and failures to ensure successful publication on the National Storage Mechanism (NSM).
The FRC recommends that companies use the FCA's mandatory tag list to support completeness checks, prioritise standard tags over custom extensions, conduct post-submission checks on the NSM and build sufficient time into the filing process to identify and resolve validation errors. The FRC has directly notified companies where significant issues were identified through its review.
The UK government has published a Post-Implementation Review of the SECR Regulations 2018, which considers whether and to what extent the streamlined energy and carbon reporting (SECR) requirements have achieved their original objectives, whether those objectives remain appropriate and the extent to which they could be achieved with less regulation.
The review recommends that the regime is retained as it has mainly met its objectives and had delivered measurable benefits including contributing to reductions in electricity and gas use among in-scope companies and disclosure of energy and carbon data by 79% of companies that would not have otherwise published that data. The regime has also increased internal awareness of energy use and emissions and supports investor scrutiny as part of a wider reporting and policy environment. While forward-looking frameworks (such as the Taskforce for Climate-related Financial Disclosures (TCFD) and the EU's Corporate Sustainability Reporting Directive (CSRD)) are considered more significant in driving strategic decision-making, the government believes that SECR provides essential baseline data and governance infrastructure that underpins those regimes. The review recommends reforms to simplify and improve the regime and reduce administrative burden on in-scope companies.
The review follows a 2023 call for evidence on the benefits, costs, and practicalities of Scope 3 greenhouse gas emissions reporting and the SECR regime (see AGC Update, Issue 59 – Issue 9), which was intended to inform the move to reporting using the UK Sustainability Reporting Standards (UK SRS) that were endorsed in February 2026. The review states that improvements to the scheme will be explored via the government's planned consultation later in 2026 on Modernising Corporate Reporting (see Government endorses ISSB sustainability reporting standards to create UK SRS). Potential changes include:
The Taskforce on Inequality and Social-related Financial Disclosures (TISFD) has published a "beta" draft of its Framework on recommendations for disclosures of 'people-related information' for public feedback. The TISFD is a voluntary, UN-backed, taskforce supported by organisations from across business, finance, labour, civil society and international organisations.
The draft Framework is intended to support businesses to identify and report inequality and people-related impacts, dependencies, risks and opportunities (IDROs). The Framework adopts the structure of the TCFD's four pillars and its 12 recommendations largely mirror those of the TCFD. It aims to reduce duplication in reporting by building on and complementing existing disclosure standards including the ISSB, the Global Reporting Initiative (GRI) and the European Sustainability Reporting Standards (ESRS).
The draft Framework includes conceptual foundations, such as definitions and concepts needed to understand the relationships between business, finance, people and inequality, as well as draft disclosure recommendations across governance, strategy and impact and risk management pillars. The TISFD has taken a system-level risk approach to inequality as it recognises that inequality and other people-related issues are shaping business performance, investment outcomes and the stability of economies and markets where they accumulate across sectors and markets. Having information on people-related IDROs is key for investors as these issues can affect long-term portfolio performance and, because they can be systemic issues, diversification may not be possible.
The Framework enables people-related issues (including inequality, human and labour rights and wellbeing) to be considered alongside climate and nature issues as relevant to financial disclosures.
Feedback on the beta version of the Framework should be submitted before 31 July 2026. The TISFD intends to publish the final Framework by the end of 2027. Businesses are encouraged to take part in piloting the Framework. Further information on this will be available later in 2026.
The Science-based Targets Initiative (SBTi) has published version 2.0 of its Corporate Net-Zero Standard, which is intended to drive business transformation by embedding science-based targets into core decision-making across operations, value chains and capital allocation.
Key changes introduced by the new version of the Corporate Net-Zero Standard, which has been in development since 2024, include:
Use of Corporate Net-Zero Standard version 2.0 to submit targets to the SBTi for validation will become mandatory from 1 February 2028. Companies may elect to use either the current version 1.3.1 or version 2.0 from Q1 2027 until 31 January 2028. Companies currently working towards setting targets using the current version 1.3.1 should continue to use that version. Companies that have already set science-based targets using version 1.3.1 and companies that are in the process of using version 1.3.1 to set targets can take advantage of both the current flexibilities in version 1.3.1 and the changes in version 2.0.
The SBTi has also published several resources to support version 2.0 including a Guide for companies in transition to Corporate Net-Zero Standard version 2.0, which explains the differences between previous versions of the Corporate Net-Zero Standard and version 2.0.
The European Commission has launched a consultation on guidelines for the Corporate Sustainability Due Diligence Directive (CS3D) ((EU) 2024/1760).
The CS3D, which was amended by Directive 2026/470 (Omnibus I) (see Ashurst Perkins Coie Governance & Compliance Update – Issue 79), requires very large EU companies and non-EU companies with a significant market presence in the EU to identify, prevent, mitigate, and bring to an end adverse impacts on human rights and the environment across their own operations, subsidiaries, and value chains.
The guidelines are intended to help in-scope companies understand how to fulfil their due diligence obligations and to inform value chain partners, including businesses in non-EU countries, on how to engage with the due diligence process.
The European Commission is seeking input on a wide range of topics, including:
The consultation closes on 24 July 2026. The European Commission plans to adopt the guidelines in Q1 2027.
If you would like to receive future Ashurst Perkins Coie Governance & Compliance updates, please click here to sign up.
Authors: Will Chalk, Partner; Shan Shori, Expertise Counsel; Becky Clissmann, Sustainability Counsel; Marianna Kennedy, Senior Associate.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.
Editorial Disclaimer
Originally published before the Ashurst Perkins Coie combination. See disclaimer.