Compliance & Regulatory
Key contact
Legislation
Failure to prevent fraud – now in force
The corporate offence of failure to prevent fraud, introduced under the Economic Crime and Corporate Transparency Act 2023 (ECCTA), has been in effect since 1 September 2025. An important focus for many businesses in 2026 will be a formal review and reinforcement of their policies, training, and other operational measures to ensure compliance with the standards and expectations of the ECCTA.
A large organisation is criminally liable if a person associated with it (including employees, agents, subsidiaries, or anyone performing services for or on behalf of the organisation) commits a fraud offence intending to benefit the organisation or its clients. This applies to organisations meeting at least two of these thresholds:
- 250+ employees
- £36m+ turnover
- £18m+ in assets
These criteria are assessed based on the financial year before the fraud occurred.
Implications for businesses
The offence carries an unlimited fine, and enforcement agencies have signalled they will use it actively. The SFO and CPS have already updated their compliance guidance, so expect scrutiny of fraud prevention frameworks during investigations and any Deferred Prosecution Agreement negotiations.
Commercial organisations will have a defence if they can show they had reasonable prevention procedures in place, or that it was not reasonable to expect any such procedures. Government guidance sets out six principles for building those procedures:
- Top-level commitment
- Risk assessment
- Proportionate, risk-based controls
- Due diligence
- Communication and training
- Monitoring and review
Actions for business to consider
- Review and update fraud risk assessments
- Embed prevention measures into your compliance programme
- Train staff and ensure whistleblowing channels are clear
- Document as much as you can as prosecutors will expect to see evidence of what you have done
Building Safety Regulator (Establishment of New Body and Transfer of Functions etc.) Regulations 2026
For more information on this topic, please see our article in the Construction section here.
A new era for product safety and standards
Last year, Parliament saw the Product Regulation and Metrology Bill, designed to update UK product safety regimes for the digital age – covering AI risks, lithium-ion fire hazards, and online marketplace safety. Now, with Royal Assent received on 21 July 2025, the framework has transitioned from concept to reality.
The Product Regulation and Metrology Act (Act) grants the Secretary of State powers to make product regulations by secondary legislation relating to the marketing or use of products in the UK. The purposes include reducing or mitigating risks, ensuring product efficiency and effectiveness, and the accuracy of weighing or measuring products. Products are defined as tangible items resulting from a method of production, which can include items with intangible (software) components. The Act expressly covers embedded software as an ’intangible’ component of a product.
Implications for businesses
Product regulations may set requirements covering production, composition, characteristics, installation, use, marking, online marketing, information provision (including risk information), statements and certification, complaints handling, and cooperation with authorities. These requirements can be imposed on a wide range of businesses, including manufacturers, importers, installers, online marketplace operators, intermediaries, and certification bodies.
Importantly, those controlling access to, or content of, online marketplaces, or acting as intermediaries for such persons, can be directly regulated. This represents a significant extension of explicit regulatory duties onto online marketplaces, creating parity with traditional retailers.
The Act is structured to allow rapid regulatory responses to emerging risks (such as those associated with AI or lithium-ion batteries) via secondary legislation, supporting a more agile regulatory framework.
Secondary legislation may introduce criminal and civil sanctions, recalls, inspection, and information-gathering powers, significantly increasing compliance expectations and enforcement risks for businesses.
Actions for businesses to consider
- Map affected product lines: identify goods, including those with software components, that fall under the new Act’s remit
- Track upcoming regulations: secondary legislation may appear one to two years post Act; keep an eye on Office for Product Safety and Standards (OPSS) and Department for Business and Trade (DBT) consultation windows
- Prepare marketplaces: if you run or sell via platforms, proactively review listing processes, seller vetting, and recall mechanisms
- Label and measure accuracy: ensure your scales, packaging, and measurement systems comply with forthcoming legal metrology standards
- Incorporate software assurance: consider software audits as part of product compliance checks
- Engage in consultations: respond to Government and OPSS calls for input as these shape the detail of future regulations
- Strengthen internal controls: set up governance frameworks that can swiftly absorb new standards, from performance testing to audit trails
News
Higher Risk Buildings: Regulatory proposals set to unblock Gateway delays
For more information on the delay of Gateway 2 applications, please see our article in the Construction section here.
Key contact
Contact us today
Whatever your legal needs, our wide ranging expertise is here to support you and your business, so let’s start your legal journey today and get you in touch with the right lawyer to get you started.
Get in touch
For general enquiries, please complete this form and we will direct your message to the most appropriate person.