Legal and Regulatory Changes Coming in 2026: What SMEs Need to Know

UK small and medium-sized enterprises (SMEs) face a packed legal calendar in 2026. These legal changes, SMEs 2026, will not arrive as one headline reform. Instead, they come as a steady series of incremental shifts across payment practices, tax administration, corporate transparency, consumer and online safety, employment rights, data regulation, immigration and incentives.

This thought-leadership guide highlights the reforms most likely to affect UK SMEs, explains who owns each issue inside your business and sets out what to do now versus what to monitor. It ends with a 90-day readiness plan and a gentle call to action for SME owners dealing with small claims.

Key Takeaways

Think of the 2026 legal landscape as a radar: each reform lands at a different point in the year and has an internal “owner”. Use the table below to allocate responsibility early.

Cashflow and Tax Reforms 

These rules reshape how you sell, renew, cancel, and moderate online activity, so product, marketing and compliance teams should treat them as system-level changes.

Late Payments and Cashflow Protections

The government’s consultation proposes capping payment terms for large companies supplying SMEs at 60 days, with a further step down to 45 days after a five‑year transition. These regulatory changes for small businesses in 2026 also require buyers to dispute invoices within 30 days or pay them. Statutory interest of 8% above the Bank of England base rate will automatically apply to late payments, and the Small Business Commissioner will gain powers to impose fines and carry out spot checks on payment practices. Some commentators think the proposals could land sooner; either way, they signal tougher cash‑flow discipline for big customers.

How to prepare: ask your finance and sales teams to audit contract terms and standard payment clauses. Introduce a debtor‑days dashboard to monitor average payment periods. Train sales and account managers to challenge unfair terms. Finally, align invoice verification processes so disputes are resolved within 30 days. The reforms target large businesses, but SMEs trading down the chain should replicate best practice.

Making Tax Digital for Income Tax (MTD ITSA)

From 6 April 2026, self‑employed individuals and landlords with annual income over £50,000 must keep digital records and file quarterly updates using MTD‑compatible software. Those with income between £30,000 and £50,000 follow from April 2027. HMRC will gradually lower the threshold, so eventually many directors and property investors will be affected. The change applies to personal trading and property income, not corporation tax, but there will be an overlap for owner‑managed businesses.

How to prepare: ensure your accounting software is MTD compliant and discuss with your accountant how to separate personal and company income streams. For landlords, consider the cost of migrating records and the administrative burden of quarterly submissions. The sooner you implement digital bookkeeping, the smoother your first quarterly filings will be.

Corporate Governance and Transparency

These reforms change how you sell, renew, cancel, and moderate online services, so your systems and customer journeys must be reviewed now, not later.

Companies House Reforms and Identity Verification

From 18 November 2025, all new and existing company directors and persons of significant control (PSCs) must verify their identity via GOV.UK One Login or through authorised service providers. There will be a 12‑month transition period during which unverified individuals can still file, but failing to verify becomes an offence, and filings may be rejected. The reforms aim to improve transparency and crack down on fraud. Future annual confirmation statements will require affirmation that directors and PSCs have been verified and that the registered office is an appropriate address.

How to prepare: compile identification documents for all directors and PSCs. Decide whether to use Companies House directly or work with an authorised corporate service provider. Review your company secretary’s processes to ensure filings are up‑to‑date and remove inactive directors promptly. Educate directors about the penalties for non‑compliance.

Digital, Consumer and Online Safety

This area governs how you sell online, how customers leave, and how you manage user risk, so product, marketing and IT teams must treat it as a core system change, not a legal footnote.

Digital Markets, Competition and Consumers (DMCC) Act: Subscriptions, Pricing and Cancellations

The DMCC Act overhauls consumer rights for subscription contracts. Implementation has been delayed to autumn 2026, but businesses should not wait. The Act will require:

• clear pre‑contract information, including the price after any promotional period;
• renewal reminders (every six months for monthly subscriptions; two notices before annual renewals);
• simple cancellation routes and confirmation of cancellation.

How to prepare: product and marketing teams should map customer journeys, review terms, and implement automated reminder systems. Train customer support to handle cancellations promptly. If you offer auto‑renewing services, ensure your systems can send two renewal notices before charging the customer again. Subscription rules apply across industries, from gyms to software-as-a-service, so early preparation avoids last‑minute redesigns.

Online Safety Act and Ofcom Codes

Ofcom’s roadmap shows that the regulator will publish a categorisation register and consult on additional duties around July 2026, covering fraud advertising, user empowerment and news content. After the register is published, categorised services must submit transparency reports and publish risk assessments; the first reports are due by summer 2027. Ofcom will also publish an age‑assurance report by July 2026 and additional safety measures by autumn 2026. The December 2025 industry bulletin confirmed that providers must send risk assessments to Ofcom between 1 May and 31 July 2026, naming a responsible individual and publishing summaries by October 2026.

How to prepare: if you operate an online platform, especially one with user‑generated content or community features, treat this like any compliance programme. Identify your “owner” (likely product/IT with legal oversight). Carry out illegal‑content and children’s risk assessments now and document controls. Plan for age assurance (e.g., verifying users’ ages) and transparency reporting. Even if your service is unlikely to be categorised, the risk‑assessment exercise will help you respond quickly when Ofcom publishes the register.

Employment, People and Incentives (Keep Watch + Act on Foundations)

These reforms change the cost of employing people, how quickly disputes can arise, and how you reward staff, so HR and finance teams must start groundwork well before April 2026.

Employment Rights Reforms

The Employment Rights Bill aims to rebalance flexibility and security. Discussions between government, unions and business concluded that day‑one rights to sick pay and paternity leave will be delivered in April 2026, alongside the launch of a Fair Work Agency. The qualifying period for unfair dismissal will be reduced from 24 months to 6 months, with the compensation cap lifted. According to employment lawyers, the April 2026 package would also:

• remove waiting days and the earnings threshold for statutory sick pay (see next section);
• grant day‑one rights to paternity and unpaid parental leave;
• double protective awards for failure to consult in collective redundancies from 90 to 180 days’ pay;
• simplify trade‑union recognition and allow electronic and workplace balloting;
• Encourage large employers to publish gender and menopause action plans.

A later October 2026 tranche may extend the time limit for tribunal claims from 3 to 6 months and make “fire and rehire” automatically unfair. Employers will also be required to take reasonable steps to prevent sexual harassment and to inform workers of their right to join a union.

How to prepare: HR teams should audit employment contracts and handbooks. Update family‑friendly policies, sickness procedures and redundancy consultation frameworks. Train managers on the new dismissal and harassment rules. Conduct a sexual‑harassment risk assessment and ensure there is a reporting process. Monitor government guidance, as the timetable may shift, and secondary legislation will provide detail.

Statutory Sick Pay Changes (April 2026)

From April 2026, the statutory sick pay (SSP) system will be transformed. Employees will no longer wait three unpaid days for SSP; it will be payable from the first day of absence. The lower earnings limit (currently £125 per week) will be removed, making all workers eligible. SSP will be calculated as the lower of 80% of average weekly earnings or the flat rate (£118.75 per week in 2025/26). These changes mean part‑time and low‑paid workers will receive sick pay, and employers must prepare for higher payroll costs.

How to prepare: update payroll software to calculate SSP from day one and remove earnings thresholds. Communicate changes to employees and plan for the cash‑flow impact. Review insurance policies and budgets for sickness absence.

EMI Scheme Changes from 6 April 2026

The Enterprise Management Incentive (EMI) scheme will be opened up to larger businesses. For options granted on or after 6 April 2026, the limits will double: the company option limit rises from £3 million to £6 million, the gross assets limit from £30 million to £120 million, and the maximum number of employees from 250 to 500. The exercise period will extend from 10 years to 15 years, and the extended exercise period can also apply retrospectively to existing contracts.

How to prepare: finance and HR teams should review existing EMI options and consider amending them to take advantage of the longer exercise period. Scale‑ups approaching the old limits may now be eligible to grant new tax‑advantaged options. Consult with advisers on the tax implications and update share‑scheme documentation.

Data, AI, Privacy and Cyber Resilience

These rules control how you collect data, use cookies, and deploy AI, so marketing, IT and product teams must treat them as design-level changes, not just policy updates. 

Data (Use and Access) Act and Cookie Reforms

The Data (Use and Access) Act 2025 (DUAA) amends UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations. The ICO notes that its changes will be phased in between June 2025 and June 2026. Key reforms include:

For marketers, the DUAA adds narrow exceptions to the cookie consent rules as part of wider UK business law changes in 2026. Under the statistical (analytics) exception, businesses may set or read cookies to collect aggregate statistics that improve the website, provided they explain it clearly and offer a simple opt-out.

The appearance exception allows cookies to adapt the site to user preferences, such as language or theme. The government expects cookie changes to be implemented 2–12 months after Royal Assent, so plan for rolling updates.

How to prepare: map all cookies and similar technologies on your sites. For analytics, switch to aggregated measurement and provide an easy opt-out. For appearance settings, ensure you do not inadvertently track user behaviour. Update cookie banners and privacy notices to reflect the new exceptions and highlight advertising cookies separately. Train marketing teams on the stricter enforcement regime and prepare to handle subject-access and complaint procedures.

AI Governance: UK and EU

The UK currently pursues a guidance‑based approach to AI regulation. However, UK firms selling into the EU must comply with the EU AI Act. The Act entered into force on 1 August 2024 and will be fully applicable on 2 August 2026, with some exceptions. The Act prohibits certain high‑risk AI practices (e.g., social‑scoring and biometric categorisation) and sets transparency rules for generative AI, which also come into effect in August 2026. High‑risk AI systems integrated into regulated products (such as medical devices or vehicles) have a longer transition until August 2027.

How to prepare: if you deploy AI systems in hiring, credit scoring or other high‑impact domains, start a risk‑classification exercise. Document data governance and risk‑management processes. For generative AI models, ensure outputs are labelled and that training data is appropriately documented. 

UK‑based providers selling into the EU should monitor the European Commission’s AI Office for guidance, and may need to appoint an EU representative. Even if you operate solely in the UK, the Act signals a trend towards formal AI governance; build compliance muscle now.

Immigration and Right‑to‑Work 

These changes affect how you hire, onboard and move staff across borders, so HR and operations teams must update right-to-work processes before 2026.

eVisas and Digital by Default

UK Visas and Immigration is moving to a digital immigration system. From early 2026, most successful applicants applying for a UK visit visa and some other routes will receive both an eVisa and a visa vignette sticker; later in 2026, only the eVisa will be issued. Invitations to set up a UKVI account to access an eVisa started on 11 November 2025, and some applicants now need to access their eVisa via a UKVI account instead of receiving a vignette. eVisas have already replaced vignettes for some categories since 15 July 2025.

Employers must conduct right‑to‑work checks via the government’s online service. eVisa holders provide a share code that employers enter to verify their status. British and Irish citizens can continue to use physical documents, but other documents will gradually be replaced. From 25 February 2026, the government will fully enforce the Electronic Travel Authorisation (ETA) scheme; travellers without an ETA or eVisa will be denied boarding.

How to prepare: update onboarding processes to ask for share codes and use the Home Office online system. Train HR staff on digital checks and keep copies of the status reports for your records. Communicate with existing visa‑holding staff about the transition to eVisas and help them set up UKVI accounts. For business travel, ensure employees obtain an ETA before travel once enforcement starts.

Commercial Contracts, Supply Chain Pressure and ESG

Legal reforms in 2026 will ripple through commercial contracts. Late‑payment reforms will likely force large customers to reduce payment terms, which may push risk down the supply chain. SMEs should review contracts for:

• Audit and data clauses: ensure access to supplier payment records and compliance with data and cybersecurity obligations.
• Termination rights: clarify rights to terminate for non‑payment, failure to meet ESG or data obligations, or regulatory breaches.
• Liability caps: revisit liability caps to ensure they reflect expanded statutory rights (e.g., extended sick pay) and data penalties.
• ESG and modern slavery: anticipate increased requests for supply‑chain data to meet ESG reporting; build mechanisms to respond efficiently.

Early engagement with suppliers and customers can help negotiate balanced clauses. For sector‑specific guidance (e.g., minimum energy efficiency standards for offices), consult specialist advisers.

Funding Compliance and Growth Initiatives

Regulatory changes often require investment, new software, training and professional advice. If you need finance, explore government and private schemes. Start‑up founders might consider [start-up business loans] to fund software upgrades or [new business grants] for training budgets. Established SMEs can tap [small business grants], [business loans for women], or [government‑backed business loans] to support compliance projects. These resources can be accessed through internal funding guides, helping you invest in compliance without stalling growth.

90‑day Readiness Plan

Use the first three months of 2026 to get ahead of the curve:

Compliance Is Resilience

Legal change can feel like a barrage, but proactive compliance enhances credibility with investors, lenders and customers. By assigning clear owners, reviewing contracts and policies, and investing in systems and training, your SME can turn regulatory headwinds into an advantage. 

CaseCraft.AI, our partner in small‑claims automation, exemplifies this mindset. The platform uses AI to streamline evidence preparation and court filings for small claims, letting you recover unpaid invoices quickly and affordably. Ready to future‑proof your business? Book a legal readiness review to see where you stand. If late payments are hampering cash flow, CaseCraft.AI’s tools help you file or defend small claims with confidence, because compliance isn’t just about avoiding penalties; it’s about getting paid.

Note: This article provides general information and does not constitute legal advice. Always consult a qualified adviser about your specific circumstances.