Things to look out for in 2026

In December, I was pleased to welcome some of our readers to the PL&B Meet the Correspondents event, generously hosted by Stephenson Harwood, where four of our brilliant regular correspondents – Katie Hewson, Stephenson Harwood; Emma Erskine-Fox, TLT; Nicola Fulford, Hogan Lovells; and Victoria Hordern, now Digiphile – spoke about topical data protection issues.

This half-day networking event was so well received that we expect to repeat it in 2026. In the meantime, I am excited to announce another regular correspondent to the pool of writers, Mercedes Samavi at Morrison and Foerster – see their article about the Online Safety Act (OSA).

OSA’s regulator, Ofcom, will be busy in 2026 – its list of key implementation deliverables under the Act starts with publishing its final guidance in February 2026 on super-complaints. This concept means that designated bodies such as consumer groups can raise systemic issues with the regulator, rather than it dealing with individual complaints.

On the legislative agenda we now have the Cyber Security and Resilience Bill which has just been through the second reading in the House of Commons. The ICO has welcomed the Bill by saying that it is an important piece of legislation that will strengthen the country's cyber resilience and ultimately better protect people's data. It plans to take a proactive, risk-based oversight approach.

On AI, the UK has chosen a sector-specific approach and empowering existing regulators to apply rules within their sectors. We may in 2026 see an AI Bill with a limited scope and a provision on regulatory sandboxes.

The next developments in AI and Copyright are expected in March with the publication of a progress statement as per the Data (Use and Access) Act 2025. The government will issue an economic impact assessment as well as a report on the use of copyright material in the development of AI systems.

Laura Linkomies
Editor, Privacy Laws & Business

January 2026