Get started

UK Regulatory Calendar 2026 — Key Dates for Businesses

guide 8 min read Updated 2026-03-23

UK Regulatory Calendar 2026 — Key Dates for Businesses

Building a compliance calendar is one of the most effective planning tools for avoiding last-minute scrambles. When do your key regulatory deadlines fall? Which months have multiple changes hitting simultaneously? When do you need to have decisions made, policies updated, or systems changed?

This is your master calendar for 2026 — the key regulatory dates that affect UK SMEs, mapped to the calendar so you can plan around them.

January 2026

Status Check

January is the natural planning month. Use this month to:

  • Review 2025 compliance work and identify gaps
  • Audit your current regulatory exposure across all domains
  • Identify which regulations apply to your specific business
  • Set compliance priorities for 2026

Action: Map your business against the UK Regulatory Horizon to identify which regulations affect you.

February 2026

Data Use and Access Act Phase 3 Preparation

DUAA Phase 3 lands in June. February is the start of vendor coordination.

Key deadline: Check your Data Processing Addendums with cloud providers, payroll providers, CRM platforms, and any processor of personal data. Confirm they’re aligned with DUAA Phase 3 standards.

Action: Create a spreadsheet of all data processors, their current DPA version, and whether they’ve confirmed DUAA Phase 3 compliance.

What applies: Any business processing personal data (employees, customers, website analytics).

March 2026

Legal and Tax Planning

Q1 is when many businesses complete tax and accounts work. Use this period to review:

  • Whether you need to register with the ICO if you haven’t already
  • Whether your data retention policies comply with current law
  • Whether your employment contracts need updating for April changes

Action: Schedule any solicitor or tax advisor consultations for employment law or data protection changes now.

April 2026

EMPLOYMENT RIGHTS ACT PHASE 1 — DEADLINE

This is the first major regulatory deadline of the year. Phase 1 lands on April 1, 2026.

Key changes effective:

  • Unfair dismissal rights from day one (subject to statutory probation)
  • Statutory sick pay from day one (no waiting days, no lower earnings limit)
  • Paternity leave from day one, flexible within first year
  • Doubled protective awards for redundancy consultation failures
  • Fair Work Agency formally established with investigation powers

Action: By this date, you must have:

  • Updated employment contracts for new hires
  • Updated payroll systems for day-one SSP
  • Briefed managers on day-one rights
  • Reviewed your harassment policies and started training

What applies: All employers with employees.

Related articles: Employment Rights Act 2025 — Key Changes, The Fair Work Agency.

May 2026

Preparation for DUAA Phase 3

DUAA Phase 3 is 4 weeks away. This is your final push.

Action:

  • Confirm all processor agreements are updated
  • Review your privacy notices to ensure they accurately reflect current data practices
  • Test your Subject Access Request process — can you deliver data in structured formats within 30 days?

What applies: Any business processing personal data.

June 2026

DATA USE AND ACCESS ACT PHASE 3 — DEADLINE

DUAA Phase 3 lands in June. This brings strengthened data processor accountability standards, new cross-border data flow mechanisms, and strengthened data subject access rights.

Key changes effective:

  • Data processor accountability standards (explicit requirements for processor security, documentation, evidence of compliance)
  • UK transfer impact assessments required for data transfers outside the UK
  • Strengthened data subject access rights (data must be provided in commonly used, portable formats)

Action: By this date, you must have:

  • Updated all processor agreements to reflect Phase 3 standards
  • Documented your data transfers (especially to cloud providers in the US or other countries)
  • Updated your data access process to deliver portable, structured data formats

What applies: Any business processing personal data (employees, customers, website analytics).

Related articles: Data Use and Access Act, Digital Compliance Overview.

July 2026

Summer Planning and Preparation

July and August are often quieter months operationally. Use this for planning.

Action:

  • Review Phase 1 (April) implementation — what worked, what didn’t?
  • Begin drafting updates for October Phase 2 changes (harassment prevention duty, tribunal time limit extension)
  • Start planning for January 2027 Phase 3 (six-month qualifying period, zero-hours reforms)

August 2026

EU AI Act High-Risk Deadline (Conditional)

If the European Commission’s Digital Omnibus proposal is not adopted, this is the deadline for AI compliance. If the Omnibus is adopted, the deadline extends to December 2027.

Key requirement: High-risk AI systems (recruitment, credit scoring, automated decisions) must be fully compliant. This includes technical documentation, risk assessments, human oversight, and quality management.

Who’s affected: Any business using AI for high-risk functions (hiring, credit/insurance decisions, automated employee decisions) with EU customers or market presence.

Action: If you haven’t started AI compliance:

  • Inventory your AI systems (including embedded AI in SaaS tools)
  • Classify each by risk tier
  • Begin documentation for high-risk systems

Related article: EU AI Act — What UK Businesses Need to Know.

Note: Monitor the Digital Omnibus progress. If passed, the deadline extends to December 2027 — this is a significant extension if you’re behind on AI compliance.

September 2026

Final Preparations for Phase 2

Phase 2 lands in October. September is your final preparation month.

Action:

  • Complete manager training on harassment prevention
  • Finalise your harassment policy and communicate it to staff
  • Ensure harassment training records are documented
  • Review your tribunal documentation retention process (extending from 3 months to 6 months)

What applies: All employers.

Related article: Employment Rights Act 2025 — Key Changes.

October 2026

EMPLOYMENT RIGHTS ACT PHASE 2 — DEADLINE

Phase 2 brings the “all reasonable steps” harassment prevention duty, extended tribunal time limits, and tipping law reforms.

Key changes effective:

  • Employer harassment prevention duty: you must take “all reasonable steps” to prevent harassment by third parties
  • Tribunal time limit extends from 3 to 6 months for most claims
  • Tipping law reforms: tips cannot be counted toward minimum wage, cannot be withheld

Action: By this date, you must have:

  • Implemented your proactive harassment prevention policy
  • Trained managers on harassment prevention and third-party harassment risks
  • Updated your tribunal documentation retention process
  • Updated tipping arrangements (if applicable)

What applies: All employers.

High-impact sectors: Hospitality, retail, and customer-facing roles where harassment risk is highest.

Related articles: Employment Rights Act 2025 — Key Changes, The Fair Work Agency.

November 2026

End-of-Year Compliance Review

Mid-to-late November: reflect on the year and plan for 2027.

Action:

  • Review Q4 Fair Work Agency guidance (if published)
  • Audit your compliance with Phase 1 and Phase 2 changes
  • Identify any gaps or ongoing issues
  • Plan implementation timeline for Phase 3 (January 2027)

December 2026

Year-End and Planning for 2027

December is typically quieter. Use this for planning 2027 compliance.

Action:

  • Plan your implementation approach for Phase 3 (January 2027 changes)
  • Review any outstanding vendor compliance (processors, AI providers)
  • Prepare for Q4 annual compliance reviews
  • Set compliance priorities for 2027

Important planning point: Phase 3 lands in January 2027. You have December to prepare.

Key Points by Domain

Employment Law

DateEventImpact
Apr 2026Phase 1: Day-one rights, SSP, paternity leaveImmediate contract and payroll changes
Oct 2026Phase 2: Harassment duty, tribunal extension, tippingPolicy, training, documentation changes
Jan 2027Phase 3: 6-month qualifying period, zero-hoursFundamental shift in employer-employee relationship

Data Protection

DateEventImpact
Feb–May 2026Vendor coordination for DUAA Phase 3DPA updates, processor agreements
Jun 2026DUAA Phase 3 effectiveData processor accountability standards in force
Jun 2027DUAA Phase 4 (expected)Further clarifications pending

AI Compliance

DateEventImpact
Aug 2026EU AI Act high-risk deadline (if Omnibus not adopted)Full compliance required for high-risk systems
Dec 2027Extended deadline (if Digital Omnibus adopted)Additional 16 months for compliance

Cybersecurity

DateEventImpact
2026Cyber Security and Resilience Bill expected to passNew enforcement framework, expanded scope
2028Bill enforcement begins (expected)New requirements for in-scope organisations

How to Use This Calendar

1. Assign Ownership

For each key date, assign someone in your business responsible for that area. Don’t leave it to “everyone will know.” Make it explicit: “Sarah is responsible for employment law compliance. Mark is responsible for data protection.”

2. Set Implementation Deadlines

Work backwards from each deadline. If Phase 1 lands in April, you need contracts updated by March, payroll tested by mid-March, manager briefings complete by late March. Build in buffer time.

3. Block Calendar Time

Block time on your business calendar for compliance work. Don’t treat it as “something to squeeze in.” Treat it as you would any other business priority.

4. Plan for Overlap

Multiple regulations land in close succession. April Phase 1, June DUAA Phase 3, October Phase 2. You can’t do all three simultaneously. Plan which to tackle first and sequence your workload.

5. Review Quarterly

Set reminders to review this calendar at the end of each quarter. Are you on track? Do you need to accelerate anything? Have any new regulations been added?

What’s Not in This Calendar

This calendar focuses on 2026. Looking ahead:

  • January 2027: Employment Rights Act Phase 3 (6-month qualifying period, zero-hours reforms)
  • April 2027: Secondary legislation on statutory probation period (expected)
  • December 2027: Potential extended deadline for EU AI Act high-risk compliance (if Digital Omnibus adopted)
  • 2028: Cyber Security and Resilience Bill enforcement expected to begin

For a forward-looking view of 2027 and beyond, see the full UK Regulatory Horizon.

Build Your Own Calendar

The simplest approach: create a spreadsheet or calendar file with these dates, add any industry-specific regulations that apply to your business, assign responsibility, and set reminders.

Or subscribe to our fortnightly newsletter to receive updates on regulatory changes and deadlines relevant to your business.

Planning transforms chaos into manageable work. Use this calendar to plan yours.

Free newsletter

Get insights like this fortnightly

UK compliance rules are changing fast. Our newsletter covers what changed, what's coming, and what it means for your business.

Subscribe →

Free, fortnightly, no spam. Unsubscribe any time.

Want to check your compliance?

Find out where you stand — and get a prioritised action plan.

Map your regulatory profile →

More from this hub

How to Stay Ahead of Regulatory Changes — A Practical Framework

Reactive compliance is expensive. Here's a practical framework to monitor, prioritise, and implement regulatory changes before deadlines arrive.

Read article →

Employment Rights Act 2025 — Key Changes Every Employer Must Know

The Employment Rights Act 2025 rolls out across four phases from April 2026 to January 2027. Here are the key changes every UK employer must know about.

Read article →

EU AI Act — What UK Businesses Need to Know (Even If the UK Hasn't Adopted It)

The EU AI Act applies to UK businesses with EU customers. Here's what it is, what it requires, and how to prepare for the August 2026 (or December 2027) deadline.

Read article →