Digital regulation

Recent years have seen a proliferation of digital regulation. The (often overlapping) regimes emerging across the globe are creating an increasingly fragmented picture internationally, with that outlook further compounded by the impact of geopolitical tensions in the digital arena, and divergent domestic policy agendas.

For its part, the UK has vigorously pursued a pro-growth agenda in its approach to digital regulation. Despite that ambition, the government itself acknowledges that the current landscape is imperfect, recently suggesting that regulation “still acts as a boot on the neck of businesses”. On the continent, the EU has come under heavy criticism for the impact of its significant legislative efforts on innovation, resulting in a renewed focus on seeking to ensure regulation does not impede growth. Of course, in light of its ecosystem of tech companies, the influence of the United States is never far from sight and the current administration’s pro-growth, anti-regulation approach inevitably creates spillover effects across the globe.

Here, we examine how these developments are contributing to digital divergence across four key areas: AI, data, competition, financial services and tax.

AI: Balancing innovation and risk

The global competition around AI, and the importance of the AI industry to national economic growth, means that AI regulation is not just about managing the risks AI creates. It is also about ensuring AI development is encouraged, balancing the interests of different sectors and managing geopolitical tensions.

Unsurprisingly, this has led to different approaches to AI regulation. While international initiatives such as the OECD AI principles have influenced many of the AI regulatory regimes we see around the world, when it comes to AI specific legislation, countries tend to sit across a spectrum. At one end, the EU has its comprehensive, risk-based EU AI Act. While parts of the Act are now being reviewed under the EU’s Digital Omnibus simplification programme, it still provides a comprehensive risk-based legal regime governing AI development and deployment. The US (certainly at federal level) arguably sits at the other end, with its minimalist, innovation-first agenda. The UK, which adopts a sector specific approach to AI regulation and is now expecting some form of AI Bill, sits somewhere in-between, though it remains to be seen what the AI Bill will look like and whether that will move the UK along this spectrum.

When looking at the UK and EU, we are also seeing some divergence in other legal regimes impacting AI including privacy and IP.

Data: Privacy at a crossroads

We are seeing both divergence, and convergence in the privacy world.

• Legislation and judicial interpretation: The UK’s Data (Use and Access) Act 2025 amends the UK data protection regime while the European Commission has proposed simplifying the EU GDPR in its Digital Omnibus programme. While both amendments aim to streamline the regimes, given they differ, it may become harder in practice for organisations to adopt a uniform approach to compliance across the EU and UK. There is also an increasing recognition of the importance of consistency of interpretation.
  
  This is reflected in, for example, the European Data Protection Board committing in its Helsinki Statement to new initiatives to increase consistency across Member States and simplify GDPR compliance. The UK courts seem to be singing from the same hymn sheet, with the Court of Appeal recently commenting (in the Farley case) that, it “makes good legal sense for the court to interpret and apply the GDPR in conformity with settled [including post-Brexit] Court of Justice of the EU jurisprudence”. At a global level, the biggest challenge for organisations remains the proliferation of privacy laws across the globe. Given only some are based on the GDPR, organisations are having to adjust their local compliance accordingly.
• Enforcement and civil claims: Data Protection Authorities (DPAs) diverge in the frequency and value of fines they issue, though the EU is trying to address this. DPAs are all focusing on AI as a key priority area, but some favour industry engagement over monetary penalties. The risk profile for mass litigation remains higher in some countries (eg Netherlands), but this is a developing area.

Competition: Regulation of Big Tech

With the UK’s digital markets regime now in force, divergence between the UK and EU regimes is playing out in real time. While divergence was expected – the regimes are based on fundamentally different regulatory philosophies – the picture is further complicated by domestic and geopolitical agendas.

In the autumn, the UK’s Competition and Markets Authority (CMA) issued its first “strategic market status” (SMS) decisions, in respect of Google and Apple. It will now consult on possible interventions which, in contrast to the “one-size-fits-all” approach of the Digital Markets Act (DMA), will be tailored to the firm in question. The CMA will be keen to model a proportionate approach, in line with the UK government’s steer and mindful of US rhetoric on regulation of US tech companies.

Meanwhile, after wasting no time launching non-compliance investigations in 2024, the European Commission has found itself balancing its desire to be seen as a firm enforcer of a key piece of European legislation against the risk of retaliation from the US administration. Although 2025 saw its first non-compliance decisions, they came later than expected, with fines thought to have been calibrated to avoid a reaction from across the Atlantic. Nevertheless, the Commission’s recent announcement that it is investigating whether certain cloud computing services should come within the rules suggests the Commission is unbowed.

A key question for 2026 will be the role of these regimes in addressing potential competition concerns in the AI sector. While the UK regime should be flexible enough to allow the CMA to respond if and when the time is right, the position is currently less clear in Europe – the conclusion of the Commission’s DMA review in May 2026 may shed some light on the direction of travel.

Financial services: Targeted rules make room for divergence

The UK and EU financial services regulators continue to develop specialised digital regulation to encourage responsible innovation, with no signs that omnibus style simplification plans are on the cards. These initiatives are taking place during a period of steady convergence of financial services and technology businesses, where traditional financial services are now delivered via digital platforms and apps, and technology firms are offering payment wallets and credit options.

In 2026 the UK will follow in the EU’s footsteps and finalise its list of third-party tech providers which are considered “critical” to the financial sector. While the UK and EU requirements imposed on these critical third parties are similar on paper, pronounced divergence may emerge in practice if these provider lists look different.

The EU appears to be pulling ahead of the UK on the regulation of cryptoasset activities. Its Markets in Cryptoasset Regulation is fully in force, with grandfathering periods ending by 1 July 2026 across all member states. Meanwhile, the UK is finalising the creation of several new regulated activities tailored to cryptoassets under the Financial Services and Markets Act 2000, which are expected to go live in October 2027. Policy priorities are, however, shared between the jurisdictions, as both wrestle with their approach to US dollar stablecoins and seek to capitalise on momentum in the tokenisation space.

AI regulation presents the sharpest split. The UK financial regulators are maintaining, for now, their principles-based and tech-agnostic approach to AI, contrasting with the EU's classification model. Developments in generative and agentic AI, met with differences between the UK and EU regulatory toolkits, may prompt further divergence.

Tax: Taxing digital business

As digital regulation evolves, often in differing directions in different places, so does the taxation of digital enterprises. Digital opportunities create digital profits which need to be taxed. We continue to expect developments as tax authorities grapple with, for example, how to tax cryptoassets, and the burgeoning returns made by users of online marketplaces. In addition, many countries, including the UK, have implemented digital service taxes (DSTs) which affect social media, search engines and online marketplaces. Some have announced plans to review and potentially remove these DSTs, whilst others are considering introducing new ones. US resistance to DSTs remains resolute – and concerns about retaliation against countries with them remain real.

Mitigating risks and leveraging opportunities in 2026

For some global organisations, divergence in digital regulation can be an additional compliance burden, requiring strategic decisions around whether or not to set a consistent, global benchmark. But for others it might provide opportunities to leverage regulatory differences, benefiting from less strict regimes where possible alongside increased supplier transparency, security and standards where stricter regimes have driven changes in market and supplier behaviour.

Related briefings

• BREAKING: EU announces major digital and data simplification package and delay to AI Act
• Training data in, court case out?
• Are we nearly there yet? UK edges closer to finding solutions on copyright and AI
• Data claims must be proved: lessons from the Court of Appeal on non-material damage
• To enforce or not? AI divides regulators
• EU AI Act - Political Agreement reached