“Welcome to the April 2026 edition of our Technology & Digital round-up. This month we’re looking at a flurry of urgent warnings to businesses to act now on cyber threats; the government’s £500 million Sovereign AI initiative; and the latest from the ICO on automated decision-making, including in recruitment.”
- Sally Mewies, Partner and Head of Technology & Digital
If you’d like to receive the Technology & Digital round-up and other similar updates direct to your inbox, please click here.
After this edition had already gone to press the ICO published its final guidance on the use of storage and access technologies, including cookies. We’ll be providing our insights in a separate update to follow. In the meantime, please get in touch and our team will be happy to help.
#1: Businesses urged to act now on AI cyber threats and sign up to new Cyber Resilience Pledge
In an open letter to UK business leaders the government warned that rapid advances in AI are fundamentally changing the cyber threat landscape for businesses of every size in every sector. Recent testing by the UK’s AI Security Institute of AI firm Anthropic’s new Mythos model found it to be substantially more capable at cyber offence than any previously assessed model. Tests of such advanced frontier AI models show that AI cyber capabilities are accelerating even faster than expected. Government and businesses must prepare and plan accordingly.
In a keynote speech to the annual government cybersecurity conference the National Cyber Security Centre’s CEO described how the UK faces a ‘perfect storm’ for cybersecurity – rapid technological change such as AI and quantum computing combined with ‘the most seismic geopolitical shift in modern history’. Cyber operations are ‘as much a reality of modern warfare as drones and missiles’. Businesses are urged to follow recent NCSC guidance found in a series of posts here.
At the same conference the Security Minister announced a £90 million investment to strengthen our cyber resilience and introduced the Cyber Resilience Pledge which the government is asking every major organisation to sign. The Pledge will launch this summer and commits signatories to make cyber a Board responsibility; sign up to the Early Warning service; and require Cyber Essentials across supply chains. Signatories will be listed online as models of good practice.
“These are urgent warnings to all businesses to act now as we face a critical turning point in the threat landscape. The government and NCSC stress that this is about getting the basics right, understanding the full extent of the risks we’re up against and sharing responsibility for cybersecurity throughout the organisation – led from the very top.”
Click here for our latest updates on the Cyber Security and Resilience Bill and the key implications for in-scope businesses.
#2: Government launches unique £500 million fund backing British AI startups
The UK ‘must be an AI maker, not just an AI taker’ said the Technology Secretary as the government launched Sovereign AI, a new £500 million ‘first-of-its-kind’ fund to help promising homegrown AI startups scale fast and compete on the global stage, reducing reliance on a small group of overseas tech giants.
Sovereign AI is independent and will act ‘like a venture capital fund with the muscle of the state behind it’, moving at the pace of the AI industry and cutting through red tape. An investment committee will make its own decisions free from political interference. The package goes beyond direct investment to include fully funded access to the UK’s largest AI supercomputers, measures to fast-track global talent and other hands-on government support.
The first equity investment is in Callosum, a company building a new class of AI infrastructure. Six other startups will receive access to world-class compute and Sovereign AI will have right of first refusal on future investments for a number of recipients.
“We’re hearing a lot at the moment about the threats posed by AI and its rapidly advancing capabilities, but as the government is keen to remind us with the launch of this new fund, ‘AI is the defining technology of our era’. Sovereign AI is an important step forward in supporting UK companies at the cutting edge, with the aim of boosting the country’s economic growth and our national security.”
#3: Recent ICO activity on automated decision-making, including in recruitment
The data regulator is consulting until 29 May on draft guidance about automated decision-making including profiling. This follows changes introduced by the Data (Use and Access) Act 2025 which allows organisations to make solely automated decisions in a wider range of situations, provided they have appropriate safeguards in place. The draft guidance will inform parts of the ICO’s upcoming ADM and AI code of practice which it will be required to produce by law.
A report published alongside the draft guidance sets out the ICO’s findings and expectations on the use of ADM in recruitment, a key focus of its AI and biometrics strategy. The report draws on evidence gathered from over 30 employers across a range of sectors who engaged voluntarily with the initiative. The overall takeaway is that employers have more work to do to make sure that use of these tools respects people’s information rights. The ICO identified shortcomings concerning meaningful human involvement; transparency and safeguards; fairness, bias and discrimination; data protection impact assessments; and lawful basis.
“The ICO supports innovation and recognises that using automated tools in recruitment can benefit both employers and candidates alike. But organisations must make sure that they comply with data protection law requirements. This report provides clarity for employers on the practical steps they should take to meet regulator expectations.”
The Digital Regulation Cooperation Forum set out five lessons learned about the relationship between digital regulation and AI adoption in the UK, drawing on survey evidence from UK businesses and interviews with stakeholders at the heart of AI decision-making.
The CMA announced a package of actions on business software and cloud services including the launch in May of a strategic market status investigation into Microsoft’s business software ecosystem. The CMA’s stated aim is to create greater choice for UK businesses and the public sector at a pivotal time of advances in AI.
The FCA’s chief data, information and intelligence officer said in a recent speech that agentic commerce will change how financial decisions and transactions are made, demanding a fundamentally new approach. Announcing the next phase of the FCA’s AI Lab, they confirmed that there will be no new rules on AI policy. Instead, examples of good and poor practice will be published later this year.
The FCA is consulting until 3 June on new guidance to help firms understand how they might be affected by the upcoming regulatory regime for cryptoassets.
The ICO published guidance explaining the new ‘recognised legitimate interest’ lawful basis introduced by the Data (Use and Access) Act 2025 and related guidance for organisations such as local authorities and NHS trusts on requesting personal information to fulfil public tasks or official functions.
The FCA and ICO issued a joint statement setting out their expectations regarding firms’ approaches to vulnerability related data.
Data centre disputes are increasing. See our recent article for practical tips on effective risk management and how we can support you.
Regulations coming into force in May pave the way for a new permit scheme establishing a dedicated licensing route for passenger-carrying automated services to operate on public roads.
The European Commission unveiled EU Inc., a new single set of corporate rules that will apply across the EU including fully digital operations throughout a company’s lifecycle.
…and in other news
The NCSC confirmed that it will begin recommending passkeys wherever a service supports them, and two‑step verification where it does not, in a move away from traditional passwords.
The government published its Smart Data Strategy with a target of five or more active smart data schemes by 2030 rising to at least 20 by 2035. This includes prioritising the key sectors of banking (payments); financial services; road fuels; energy; property; retail; digital markets; transport; telecommunications; and agrifood.
The Science, Innovation and Technology Committee launched an inquiry into whether low‑energy computing could help solve the AI energy crisis.
The government published its response to the call for views on enterprise connected device security. Next steps include asking manufacturers to use the NCSC’s device security principles for manufacturers to make their products secure by design.
The Quantum Development Group of thirteen countries leading the development of quantum tech agreed at their latest meeting held in London to deepen cooperation across priority areas including research and investment security and supply chain resilience, and supporting companies to scale up.
Google announced that from 15 June it will treat “back button hijacking” – when a site interferes with a user’s browser navigation and prevents them from using their back button to immediately get back to the page they came from – as an explicit violation of its malicious practices policy. This means that pages may be subject to manual spam actions or automated demotions, which can impact performance in Google Search results.
The BBC reported on OpenAI pausing a £multi-billion UK data centre project citing concerns about high energy costs and regulation.
The government announced nineteen new Technical Excellence Colleges, backed by £175 million, to deliver high‑quality training in the key growth sectors of advanced manufacturing, clean energy, defence, and digital and technologies.
The government has awarded regions across the UK up to £20 million through the Local Innovation Partnerships Fund to support local innovation projects and accelerate the commercialisation of new tech. The funding will back regional strengths across areas such as clean energy, advanced manufacturing, defence, autonomous systems, and space and agri-tech.
The government published the terms of reference for its Women in Tech Taskforce which examines the barriers to women entering, progressing and leading in the UK tech sector.
How we can support you
If you have queries about any of the points covered in this edition of the Technology & Digital round-up, or need further advice or assistance, please get in touch with Sally, Andrew, Nick, Paul, Luke, Matthew or one of our Technology & Digital experts.
Want to watch a previous webinar? Visit our digital academy, home to a library of digital content including webinars, our bite-sized video nuggets and podcasts, including our 60 second videos on what is an NFT and what is a blockchain.
Want to learn more from our Technology & Digital experts and be the first to receive important updates, developments and events from the team? Then visit our #WMTechTalk page or sign up for our newsletter, the Technology & Digital round-up here.
Our Clients
Resources
Services
Technology & Digital round-up: April 2026
30th April 2026
“Welcome to the April 2026 edition of our Technology & Digital round-up. This month we’re looking at a flurry of urgent warnings to businesses to act now on cyber threats; the government’s £500 million Sovereign AI initiative; and the latest from the ICO on automated decision-making, including in recruitment.”
If you’d like to receive the Technology & Digital round-up and other similar updates direct to your inbox, please click here.
Ready to protect your business against cyber-attacks? Click here to access our cybersecurity and data protection tool.
Get in touch with Sally Mewies, Andrew Northage, Nick Stubbs, Paul Armstrong, Luke Jackson, Matthew Lingard or any member of our Technology & Digital team if you have any queries or need advice or assistance.
Here’s your top stories for April.
Stop press!!
After this edition had already gone to press the ICO published its final guidance on the use of storage and access technologies, including cookies. We’ll be providing our insights in a separate update to follow. In the meantime, please get in touch and our team will be happy to help.
#1: Businesses urged to act now on AI cyber threats and sign up to new Cyber Resilience Pledge
In an open letter to UK business leaders the government warned that rapid advances in AI are fundamentally changing the cyber threat landscape for businesses of every size in every sector. Recent testing by the UK’s AI Security Institute of AI firm Anthropic’s new Mythos model found it to be substantially more capable at cyber offence than any previously assessed model. Tests of such advanced frontier AI models show that AI cyber capabilities are accelerating even faster than expected. Government and businesses must prepare and plan accordingly.
In a keynote speech to the annual government cybersecurity conference the National Cyber Security Centre’s CEO described how the UK faces a ‘perfect storm’ for cybersecurity – rapid technological change such as AI and quantum computing combined with ‘the most seismic geopolitical shift in modern history’. Cyber operations are ‘as much a reality of modern warfare as drones and missiles’. Businesses are urged to follow recent NCSC guidance found in a series of posts here.
At the same conference the Security Minister announced a £90 million investment to strengthen our cyber resilience and introduced the Cyber Resilience Pledge which the government is asking every major organisation to sign. The Pledge will launch this summer and commits signatories to make cyber a Board responsibility; sign up to the Early Warning service; and require Cyber Essentials across supply chains. Signatories will be listed online as models of good practice.
“These are urgent warnings to all businesses to act now as we face a critical turning point in the threat landscape. The government and NCSC stress that this is about getting the basics right, understanding the full extent of the risks we’re up against and sharing responsibility for cybersecurity throughout the organisation – led from the very top.”
– Nick Stubbs, Partner, Commercial
Click here for our latest updates on the Cyber Security and Resilience Bill and the key implications for in-scope businesses.
#2: Government launches unique £500 million fund backing British AI startups
The UK ‘must be an AI maker, not just an AI taker’ said the Technology Secretary as the government launched Sovereign AI, a new £500 million ‘first-of-its-kind’ fund to help promising homegrown AI startups scale fast and compete on the global stage, reducing reliance on a small group of overseas tech giants.
Sovereign AI is independent and will act ‘like a venture capital fund with the muscle of the state behind it’, moving at the pace of the AI industry and cutting through red tape. An investment committee will make its own decisions free from political interference. The package goes beyond direct investment to include fully funded access to the UK’s largest AI supercomputers, measures to fast-track global talent and other hands-on government support.
The first equity investment is in Callosum, a company building a new class of AI infrastructure. Six other startups will receive access to world-class compute and Sovereign AI will have right of first refusal on future investments for a number of recipients.
“We’re hearing a lot at the moment about the threats posed by AI and its rapidly advancing capabilities, but as the government is keen to remind us with the launch of this new fund, ‘AI is the defining technology of our era’. Sovereign AI is an important step forward in supporting UK companies at the cutting edge, with the aim of boosting the country’s economic growth and our national security.”
– Paul Armstrong, Director, Commercial
#3: Recent ICO activity on automated decision-making, including in recruitment
The data regulator is consulting until 29 May on draft guidance about automated decision-making including profiling. This follows changes introduced by the Data (Use and Access) Act 2025 which allows organisations to make solely automated decisions in a wider range of situations, provided they have appropriate safeguards in place. The draft guidance will inform parts of the ICO’s upcoming ADM and AI code of practice which it will be required to produce by law.
A report published alongside the draft guidance sets out the ICO’s findings and expectations on the use of ADM in recruitment, a key focus of its AI and biometrics strategy. The report draws on evidence gathered from over 30 employers across a range of sectors who engaged voluntarily with the initiative. The overall takeaway is that employers have more work to do to make sure that use of these tools respects people’s information rights. The ICO identified shortcomings concerning meaningful human involvement; transparency and safeguards; fairness, bias and discrimination; data protection impact assessments; and lawful basis.
“The ICO supports innovation and recognises that using automated tools in recruitment can benefit both employers and candidates alike. But organisations must make sure that they comply with data protection law requirements. This report provides clarity for employers on the practical steps they should take to meet regulator expectations.”
– Grace Parkin, Senior Associate, Regulatory & Compliance
More legal and regulatory developments…
…and in other news
How we can support you
If you have queries about any of the points covered in this edition of the Technology & Digital round-up, or need further advice or assistance, please get in touch with Sally, Andrew, Nick, Paul, Luke, Matthew or one of our Technology & Digital experts.
Want to watch a previous webinar? Visit our digital academy, home to a library of digital content including webinars, our bite-sized video nuggets and podcasts, including our 60 second videos on what is an NFT and what is a blockchain.
Want to learn more from our Technology & Digital experts and be the first to receive important updates, developments and events from the team? Then visit our #WMTechTalk page or sign up for our newsletter, the Technology & Digital round-up here.
Our people
Sally
Mewies
Partner
Andrew
Northage
Partner
Nick
Stubbs
Partner
Paul
Armstrong
Director
Matthew
Lingard
Director
Luke
Jackson
Director
Grace
Parkin
Senior Associate
Sally
Mewies
Partner
Andrew
Northage
Partner
Nick
Stubbs
Partner
Paul
Armstrong
Director
Matthew
Lingard
Director
Luke
Jackson
Director
Grace
Parkin
Senior Associate
Drone laws, GDPR and practical advice
Technology & Digital round-up: June 2026
Technology & Digital round-up: May 2026
From intrusion to influence: Cyber warfare below the threshold of conflict
Sustainability in the built environment: How technology can support ESG reporting
Sally
Mewies
Partner
Head of Technology & Digital
Sally's contact details
sally.mewies@walkermorris.co.uk
Nick
Stubbs
Partner
Nick 's contact details
nick.stubbs@walkermorris.co.uk
Andrew
Northage
Partner
Regulatory & Compliance
Andrew's contact details
andrew.northage@walkermorris.co.uk
Paul
Armstrong
Director
Commercial
Paul 's contact details
paul.armstrong@walkermorris.co.uk
Matthew
Lingard
Director
Intellectual Property, Trade Marks & Designs
Matthew's contact details
matthew.lingard@walkermorris.co.uk
Luke
Jackson
Director
Commercial
Luke's contact details
luke.jackson@walkermorris.co.uk
Grace
Parkin
Senior Associate
Regulatory & Compliance
Grace 's contact details
grace.parkin@walkermorris.co.uk
Sally
Mewies
Partner
Head of Technology & Digital
Sally's contact details
Email me
Nick
Stubbs
Partner
Nick 's contact details
Email me
Andrew
Northage
Partner
Regulatory & Compliance
Andrew's contact details
Email me
Paul
Armstrong
Director
Commercial
Paul 's contact details
Email me
Matthew
Lingard
Director
Intellectual Property, Trade Marks & Designs
Matthew's contact details
Email me
Luke
Jackson
Director
Commercial
Luke's contact details
Email me
Grace
Parkin
Senior Associate
Regulatory & Compliance
Grace 's contact details
Email me