Sustainability/ESG

A key tenet of the UK government’s growth and net zero strategies is the drive towards a circular economy. We’ve previously reported that the Circular Economy Taskforce published its Terms of Reference and confirmed that a circular economy strategy, underpinned by a series of roadmaps for reform in different sectors and their supply chains, will be forthcoming by autumn 2025. The government has now confirmed that the Taskforce will focus, as a priority, on the following 5 sectors: textiles, transport, construction, agri-food and chemicals & plastics.

From 31 March 2025, under the government’s simpler recycling rules, workplaces in England with 10 or more employees will need to arrange for the separation of waste into: dry recyclables such as plastic, glass, metal, paper and card (some waste collectors will require further separation of paper and card from other dry recyclables); food waste; and non-recyclable waste. The rules extend to residential homes, universities, schools, hospitals and nursing homes and are part of the government’s transitioning to a more circular economy. The Environment Agency has taken on regulatory responsibility and will support businesses and waste collectors with these and other new responsibilities to come: 31 March 2026 – local authorities will be required to collect the core recyclable waste streams from all households in England; 31 March 2027 – kerbside plastic film collections from workplaces and households, and workplaces with less than 10 employees to arrange for recycling of core waste. Guidance is available to support workplaces in England with these changes.

The Science Based Targets initiative (SBTI) has published an initial draft of its revised Corporate Net Zero Standard for public consultation. The paper sets out greater flexibilities for tackling scope 3 emissions, including allowing companies to set targets for green procurement and revenue generation, instead of setting emissions reduction targets. For more information on the SBTI, see our earlier briefing.

The IFRS Foundation has launched a Jurisdictional Roadmap Development Tool to support jurisdictions and policy makers in adopting/using the IFRS Sustainability Disclosure Standards (IFRS S1 – general requirements for disclosure of sustainability-related financial information; and IFRS S2 – climate-related disclosures).

On 26 March 2025, the Loan Market Association, Loan Syndications and Trading Association, and Asia Pacific Loan Market Association updated their Sustainability-linked Loan Principles, Green Loan Principles, and Social Loan Principles.

The European Parliament has agreed to delay application of new rules on due diligence and sustainability reporting requirements.

Corporate/corporate reporting

The Energy Savings Opportunity Scheme (ESOS) has been updated and is now ongoing, with the compliance deadline of 5 December 2027. Businesses should note that the existence of one single large UK undertaking within a corporate group will trigger ESOS, and necessitates compliance across the group. Specialist advice may be required. Businesses may also wish to undertake ESOS due diligence on acquisitions.

The monetary size thresholds for micro, small and medium size entities (both companies and limited liability partnerships) have increased as from 6 April 2025. The changes are designed to reduce the reporting burden on companies by: increasing the turnover and balance sheet criteria that help determine whether a company is a micro-entity or small, medium-sized, or large, by approximately 50%; and removing several reporting requirements from the directors’ report where there’s overlap with other reporting requirements, or where little material value to users has been identified. The Financial Reporting Council has updated existing publications accordingly, and has published a summary document outlining the changes.

The Companies (Directors’ Remuneration and Audit) (Amendment) Regulations 2025  come into force on 11 May 2025 and apply to financial years commencing on or after 11 May 2025. Non-exhaustively, they remove: some of the directors’ remuneration reporting requirements in the Companies Act 2006 and the Large and Medium-Sized Companies and Groups (Accounts and Report) Regulations 2008; most of the disclosures which were added to implement parts of the revised EU Shareholder Rights Directive into the UK in 2019; and the requirement for directors’ remuneration reports to be kept available on the company’s website for ten years. The Regulations also exclude unquoted traded companies from the directors’ remuneration report and policy requirements.

The UK government has confirmed it will proceed with significant reforms to the regulation of umbrella companies to address non-compliance which has deprived workers of employment rights to which they are entitled, distorted competition in the labour market, and lead to tax losses to the Exchequer.

Data protection/cyber security/tech and digital

The Information Commissioner’s Office (ICO) has announced a package of measures to drive economic growth. Measures include introducing a statutory code of practice for private and public sector businesses developing or deploying AI, and new guidance on international data transfers. The Information Commissioner says we’ll hear more in the coming months about exactly how the regulator plans to deliver on its commitments.

The Data (Use and Access) Bill is expected to be ready this spring as it makes its way swiftly through the various legislative stages. Significant debate centres on proposed reforms which would remove the current general restriction on automated decision-making with a legal or similarly significant effect.

The ICO has reiterated that online targeted advertising should be considered as direct marketing after Facebook agreed to stop targeting adverts at an individual user using personal data.

The ICO has fined an IT and software provider £3 million following a 2022 ransomware attack. The Information Commissioner is urging all organisations to make sure that every external connection is secured with multi-factor authentication.

The government has published its much-anticipated Cyber Governance Code of Practice and is urging directors and company boards to shore up their cyber defences using the new guidance. This National Cyber Security Centre (NCSC) blog post explains that the Code is part of a package of available resources which includes online training modules.

The government published a policy statement on the new Cyber Security and Resilience Bill which will be introduced to Parliament later this year.

The NCSC has unveiled a roadmap for organisations to migrate to post-quantum cryptography to mitigate the threat from future quantum computers. The guidance sets out a timeline for organisations to transition to quantum-resistant encryption methods by 2035. The NCSC says that, while the timelines are relevant to all organisations, its guidance is primarily aimed at technical decision-makers and risk owners of large organisations, operators of critical national infrastructure systems including industrial control systems, and companies that have bespoke IT.

The NCSC has published guidance for organisations setting up a ‘privileged access workstation’ solution. It says that, when designed and implemented in the right way, this is an indispensable tool for organisations to help defend against real-world cyber threats.

See our recent briefing on high risk AI systems under the EU AI Act.

Commercial/general

The government has published a new Action Plan for overhauling the regulatory system in the UK. To support growth and private sector investment, the ambitious strategy aims to:

• Reduce the complexity and burden of regulation, including consolidation or removal of certain specific regulators
• Simplify, streamline and modernise environmental and planning regulation
• Consider opportunities to adapt health and safety regulation which may be limiting growth, whilst maintaining high standards
• Clarify the role, approach, processes, transparency and performance of regulators (especially in relation to environmental, competition and financial services regulation)
• Challenge and address excessive risk aversion
• Capitalise on AI and innovation opportunities.

And it’s already happening:

• The Department for Business and Trade has published its strategic steer to the CMA, setting out how it expects the CMA to support and contribute to economic growth. The CMA has published its new, growth-driven approach document, as well as guidance on its new consumer enforcement regime.
• On 25 March, the FCA launched a new 5-year strategy with 4 priorities: being a smarter regulator –predictable, purposeful and proportionate, improving its processes and embracing technology to become more efficient and effective; supporting economic growth; helping consumers navigate their financial lives; and fighting financial crime.
• The Corry Reviewwas set up in October 2024 to examine the environmental regulatory landscape and develop recommendations to drive economic growth while protecting the environment. The Review’s findings have now been published and include 29 recommendations for reform. In related news, Natural England has outlined plans to change the way it works, including introducing outcome-focused regulation, enforcement that supports growth and partnering with planners and developers on “high nature; low carbon houses, energy and transport infrastructure”.

The data centre sector presents significant opportunities and is a key focus of growth for many investors, developers, contractors, energy operators, landowners and government. Delivering and operating data centres involves a range of challenges in respect of infrastructure, energy and construction, as well as commercial, technical and operational matters. Principal among these, and considered here in more detail, are challenges associated with securing access and connection to utilities, necessary consents and the environmental impact of the power and water required to run a data centre.

The CMA has issued its first fines for illegal information exchange in labour markets. See our recent article for further information. Over the next few months, the CMA will look to publish further guidance for employers on how to avoid anti-competitive conduct in labour markets.

From 6 April 2025, the Digital Markets, Competition, and Consumer Act will significantly impact how businesses approach consumer protection. See our briefing for all you need to know.

The FCA has outlined its next steps on its Consumer Duty review. Steps include: making it easier to navigate regulations for consumer finance, investment and mortgages firms; withdrawing hundreds of supervisory publications; reviewing prescriptive disclosure rules to give firms more flexibility; and revisiting rules for businesses.

The Terrorism (Protection of Premises) Act 2025, also known as ‘Martyn’s Law’, received Royal Assent on 3 April. There will be a 24-month implementation period to allow businesses to prepare. It requires persons with control of certain premises or events to take steps to reduce the risk of harm to individuals from acts of terrorism. As well as concert halls and stadiums, Martyn’s Law will impact other publicly accessible venues and events, including hospitals, large care homes, shops, leisure, education and transport facilities, and more. It applies where it’s reasonable to expect that 200 or more people may be present at the same time, with additional duties imposed where it’s reasonable to expect 800+ attendees.

A wide-ranging Crime and Policing Bill was introduced to the House of Commons on 25 February 2025. In relation to helping tackle serious and organised crime, the bill makes provision for corporate liability where a senior manager commits an offence while acting in the scope of their actual or apparent authority, for all crimes (replacing the provisions in the Economic Crime and Corporate Transparency Act 2023, which are confined to economic crimes).

The Infrastructure and Projects Authority (IPA) has published (scroll down to ‘Latest from the IPA’) its latest suite of guidance regarding PFI projects. The guidance comprises a PFI Asset Condition Playbook, insurance guidance for PFI projects, and guidance on navigating the risks of PFI project distress. It’s intended to provide practical advice to key PFI stakeholders including contracting authorities and private sector delivery partners.

The Foreign, Commonwealth & Development Office confirmed, on 14 March, that the EU plans to introduce the Entry/Exit System in October 2025 (the specific start date is yet to be confirmed).

The European Accessibility Act, a directive to improve the accessibility of products and services in the EU, takes effect on 28 June 2025. The focus is primarily on digital products and services, including consumer banking and e-commerce. Retailer websites, for example, will need to be updated to make sure they comply with certain accessibility requirements. As this is a directive, local laws will need to be checked. While this is EU legislation, it extends to any business offering the relevant goods or services in the EU, even if they’re based in the UK.

The Business and Trade Committee published a draft Green Paper setting out 20 ways the UK and the EU can reset their relationship for mutual benefit.

People

On 18 March 2025, the government launched a consultation on mandatory ethnicity and disability pay reporting for large employers (those with 250 or more employees). Responses will help shape the upcoming Equality (Race and Disability) Bill. The government aims to use a reporting framework similar to that for gender pay gap reporting, but with distinct considerations for ethnicity and disability. The consultation closes on 10 June 2025.

Also in relation to shaping the Equality (Race and Disability) Bill, the government is seeking feedback until 30 June 2025 on areas of existing equality legislation and possible reform.

The 2025 update report from the Parker Review on Ethnic Diversity shows significant progress, with 95% of FTSE 100 companies having met the target of at least one minority ethnic director on their board, and 82% of all FTSE 250 companies.

On 24 March 2025, the Home Office updated its statutory guidance on transparency in supply chains under section 54 of the Modern Slavery Act 2015 for the first time since it was published in 2015. Under section 54, businesses with an annual turnover of £36 million or more that supply goods or services and conduct business in the UK must publish an annual slavery and human trafficking statement.

The FCA and Prudential Regulation Authority have dropped proposed rules aimed at improving diversity and inclusion in regulated firms, citing  “the broad range of feedback received, expected legislative developments and to avoid additional burdens on firms at this time”.

See our recent briefing for important updates to the wide-ranging Employment Rights Bill.

A new right to neonatal care leave and pay came into force on 6 April 2025. The government has published this guide for employers. Acas also published guidance on the new law.

Right to Work checks are to be extended to the gig economy. See our recent briefing for more information.

Employer National Insurance contributions increased from 13.8% to 15% from 6 April 2025. The threshold at which employers become liable to pay contributions on an employee’s salary reduces from £9,100 to £5,000 per year. National minimum wage rates increased on 1 April 2025. The Department for Business and Trade has issued a toolkit for employers, following changes to the rates. See also our recent briefing on navigating compliance with the National Minimum Wage.