The FCA has fundamentally redrawn what "good" consumer outcomes look like in the UK. The CMA's Digital Markets Unit is coming after dark patterns and manipulative design with new urgency. And advertising standards enforcement is sharpening around claims that were once considered normal.

The UK regulatory environment in 2026 is reshaping how boards and in-house teams think about risk. What follows are four pressure points GCs should prioritize immediately.

Regulatory Focus for 2026

Consumer Duty and AI Accountability

The FCA's Consumer Duty has moved the burden of proof in a fundamental way. Firms can no longer point to policies and procedures, they must empirically demonstrate that products and services deliver good outcomes for consumers. That distinction touches every corner of a business, but it lands hardest on marketing and product teams whose content makes claims about value, pricing, and suitability.

The pressure sharpens when algorithmic decision-making enters the picture. The FCA has been explicit: systems that embed bias, deliver opaque pricing, or lack adequate human oversight will be treated as direct Consumer Duty breaches. AI governance and Consumer Duty compliance are, in the regulator's view, the same issue. A single complex marketing document - comparing financial products, explaining pricing, describing policy terms - can require 15+ hours of specialized review against Consumer Duty standards. Scale that across a digital-first business and the manual compliance model breaks down quickly.

Watch out for:

• Marketing claims about value or suitability that aren't supported by documented outcome evidence

• AI-assisted content that hasn't been reviewed for bias or accuracy against Consumer Duty standards

Get ahead of it:

• Build outcome evidence into your pre-publication review process, not just accuracy checks

• Document your bias testing protocols for any algorithmic system touching consumer-facing content

FCA Financial Promotions

The FCA's financial promotions regime has tightened considerably. The new approval framework requires that all financial promotions are approved by an FCA-authorized person before publication. This requirement has caught many firms off guard, particularly those operating in the digital and social media space where content moves fast and approval workflows haven't kept pace.

The FCA has been increasingly willing to act. It withdrew approval permissions from a number of authorized approvers in 2024 and has signaled it will continue scrutinizing the quality of approvals, not just their existence. For GCs, the risk isn't only in what gets published - it's in the approval process itself. An undocumented, email-based approval chain is difficult to defend when the FCA comes asking.

Watch out for:

• Social media content, influencer partnerships, or AI-generated promotions published without documented FCA-authorized approval

• Email-based approval chains with no audit trail

Get ahead of it:

• Map every channel through which financial promotions reach UK consumers

• Ensure your approval workflow produces a documented record - not just a sign-off in a message thread

Dark Patterns and Choice Architecture

The CMA has made manipulative design an explicit enforcement priority, and it's already acting. Subscription traps, drip pricing, and choice architectures that systematically obscure consumer options are all in scope. The CMA doesn't need to prove consumers were deceived - conduct that makes exits unreasonably difficult or buries material information can ground a claim on its own.

For legal teams, this extends compliance review well beyond the words on a page. Friction placement, cancellation pathways, option visibility, and confirmation flows all carry regulatory exposure. A legal sign-off that stops at the terms and conditions will miss the risk entirely.

Watch out for:

• Cancellation flows with more steps than the signup process

• Pricing information that only becomes fully visible at the final stage of checkout

Get ahead of it:

• Test your user journeys from a consumer's perspective, not a legal reviewer's

• Involve legal in product design conversations before build, not after launch

ASA and CAP Code Enforcement

ASA enforcement has sharpened around two areas particularly relevant to in-house teams: environmental claims and pricing transparency. Greenwashing complaints have risen sharply, and the ASA has made clear that vague sustainability language - "eco-friendly," "carbon neutral," "sustainable" - requires substantiation that most marketing teams haven't documented. Pricing claims, including discount advertising and subscription pricing, are under similar scrutiny.

The operational challenge is that ASA complaints can be triggered by competitors, consumers, or the ASA's own monitoring. By the time a complaint lands, the content is already live. The only reliable defense is a documented pre-publication review process that assessed the claim against CAP Code standards before it went out.

Watch out for:

• Environmental claims without documented substantiation on file

• Discount or "was/now" pricing without a clear reference price basis

Get ahead of it:

• Treat substantiation as a pre-publication requirement, not a post-complaint exercise

• Build CAP Code review into the campaign approval process, not just legal sign-off

The Operational Reality: Why Manual Compliance Can't Keep Pace

Each of these developments raises the bar for what good compliance looks like - and each assumes an in-house function that can operate at scale and speed. That assumption is where most teams fail.

The infrastructure most in-house lawyers rely on - email review loops, Word document approvals, institutional knowledge concentrated in a handful of reviewers - breaks down under this kind of volume and complexity. 

• Marketing guidelines go stale. 

• Reviewers leave and take their reasoning with them. 

• The same questions resurface and receive different answers. 

• Older compliance tools flag issues without resolving them, consuming legal capacity on alert management rather than actual risk decisions.

The organizations navigating this most effectively have moved compliance decision-making into documented, automated systems. Compliance standards become explicit rules applied consistently: visible, auditable, and accessible to both legal and product teams. Let’s say a marketer proposes a last-minute copy change to a social media advert, it’s evaluated against documented risk tolerance, not reconstructed from scratch. That consistency also creates what regulators now explicitly expect: evidence that compliance risk has been systematically assessed and managed, not left to ad hoc judgment.

The question isn't whether your compliance function covers the right areas - it's whether it's built to operate at the volume and consistency this environment demands.

About Haast

Leading financial services, insurance, telecommunications, and retail organizations in the UK are already deploying compliance automation platforms to manage regulatory risk at scale. Haast is purpose-built for this environment: combining pre-publish review, live monitoring, and regulatory horizon scanning into a single compliance platform powered by AI agents trained on FCA, CMA, and other regulatory standards.

To learn how in-house teams are managing regulatory pressure without proportionally scaling legal headcount, visit haast.io.