UK Corporate Law
james

How New UK Corporate Law in 2025 Affects Your Business

Why 2025 is a pivotal year

If you operate a company in the UK – or you’re a director, founder, CFO, or in-house counsel – 2025 brings significant corporate law reforms. These changes affect how you govern, disclose, and sell to customers.

Three key developments dominate the landscape. First, a revised UK Corporate Governance Code tightens expectations around internal controls and board responsibility. Second, a powerful new consumer protection regime allows the Competition and Markets Authority (CMA) to levy hefty penalties for unfair practices. Third, the phased rollout of Companies House reforms under the Economic Crime and Corporate Transparency Act (ECCTA) includes identity verification. Later in the year, a new corporate offence of failure to prevent fraud for large organisations takes effect.

Together, these changes raise the bar on transparency, accountability, and customer fairness.

1) Corporate governance: stronger internal controls and board accountability

For premium-listed companies (and as a benchmark for many large private companies), the 2024 UK Corporate Governance Code applies to accounting periods starting on or after 1 January 2025. It emphasises robust risk management and internal controls. Additionally, it expects boards to report on the effectiveness of those controls.

A key element – Provision 29, focused on internal controls – starts slightly later. This provision applies to periods beginning on or after 1 January 2026. Consequently, boards should treat 2025 as the build year. They should clarify ownership of controls, evidence testing and assurance, and prepare for formal declarations in 2026.

What it means in practice: Audit and risk committees will need clearer documentation of controls. These controls cover financial reporting, non-financial metrics, and key operational risks (for example, cybersecurity and third-party risk). Furthermore, expect more granular board papers, tighter escalation pathways, and increased interaction between finance, internal audit, and compliance. Many companies are upgrading control registers, mapping control owners, and implementing periodic effectiveness testing ahead of 2026 declarations.

2) Consumer law: the CMA’s new powers and a clampdown on “drip pricing” & fake reviews

From 6 April 2025, the Digital Markets, Competition and Consumers Act 2024 (DMCC) ushered in a tougher UK consumer protection regime. The CMA can now directly enforce consumer law and fine businesses up to 10% of global annual turnover for serious infringements—without first going to court. The reforms specifically target unfair practices like hidden mandatory fees (“dripped pricing”) and fake or misleading online reviews. If you advertise prices or rely on reviews (most e-commerce does), you are in scope.

What it means in practice: You must display the total unavoidable price upfront (or as early as practicable in the journey). Additionally, you must stop using or soliciting fake reviews. Platforms and merchants need processes to identify, moderate, and remove suspicious review content. They must also keep records of takedown decisions and avoid incentivising positive-only feedback. The CMA has signalled a more assertive stance in 2025 and beyond—therefore, businesses should expect faster, tougher investigations.

3) Companies House reforms: identity verification and cleaner public data

Companies House continues rolling out ECCTA reforms designed to tackle economic crime and improve data integrity. In 2025, you’ll see preparations for mandatory identity verification for directors and people with significant control (PSCs). The government’s transition plan indicates compulsory verification begins for new incorporations and new appointments by 18 November 2025. This is followed by a transition window to bring existing directors and PSCs into the net (typically through the annual confirmation statement). In most cases, individuals will verify once and receive a personal code to use across roles.

What it means in practice: Company secretarial teams should prepare onboarding workflows for verification. They should also update incorporation checklists and brief existing office-holders ahead of their next confirmation statement. Many firms are also revisiting their registered office address arrangements and lawful purpose statements. These are areas Companies House has been tightening alongside its new powers to query and annotate filings. (Note: broader accounts filing reforms – for example, profit & loss disclosure for small and micro entities – are being phased and bite later, but planning should start now.)

4) Economic crime: the new “failure to prevent fraud” offence (large organisations)

Another headline change lands in late 2025. The ECCTA introduces a new corporate law criminal offence of failure to prevent fraud for large organisations, commencing on 1 September 2025. An organisation will be liable if an associated person (e.g., employee, agent, subsidiary) commits a fraud offence intending to benefit the organisation. However, the organisation can avoid liability if it can show it had reasonable procedures to prevent fraud. Government guidance – published to help firms design proportionate controls – highlights risk assessment, due diligence, training, and monitoring.

What it means in practice: If you meet the “large organisation” thresholds, 2025 is the year to complete a fraud risk assessment. You should also map “associated persons” and implement controls targeted at your highest-risk exposures (for instance, sales incentives, third-party intermediaries, and procurement). Many organisations are adopting a framework akin to anti-bribery programmes. This includes tone from the top, clear policies, training with real-world scenarios, robust speak-up channels, and evidence of oversight. Contracts with distributors, introducers, or marketing affiliates should include enhanced representations, audit rights, and termination rights for misconduct.

Who is affected—and how much?

  • Listed companies: Highest immediate impact from governance code changes. Board and audit committee agendas expand in 2025 to prepare for Provision 29 declarations in 2026.
  • D2C and platform businesses: Significant exposure under DMCC (pricing transparency, subscriptions, reviews). Penalties can be material given the 10% global turnover ceiling.
  • All UK companies: Company secretarial processes will change as identity verification becomes standard. Plan around your confirmation statement date post-November 2025.
  • Large organisations (as defined in ECCTA): New criminal exposure for failure to prevent fraud from September 2025. Document “reasonable procedures.”

Corporate Law Action checklist for 2025

  1. Map your obligations by date. Identify which rules apply now (e.g., DMCC from 6 April 2025) and which are staged (e.g., governance declarations from 2026; Companies House verification steps from 18 November 2025). Build a timeline with owners.
  2. Strengthen internal controls and assurance. Align your control framework to the updated Code. Define control owners, testing cycles, and evidence packs that support your board’s effectiveness statement.
  3. Clean up pricing and review practices. Eliminate hidden mandatory fees. Ensure the total price is clear upfront. Implement review moderation policies and logs. Avoid incentives that bias reviews.
  4. Prepare for identity verification. Update director/PSC onboarding and confirm how you’ll capture verification ahead of confirmation statements. Communicate early with board members and shareholders.
  5. Institute anti-fraud procedures (large organisations). Complete a fraud risk assessment, roll out targeted training, tighten third-party due diligence, and record your rationale as “reasonable procedures.”
  6. Audit your contracts and customer journeys. Ensure platform T&Cs, checkout flows, and marketing claims match DMCC expectations. Set up monitoring to catch regressions.
  7. Brief the board. Schedule 2025 board teach-ins on code changes, DMCC enforcement risk, and ECCTA timelines. Document decisions and oversight to evidence compliance.

Common pitfalls to avoid

  • Assuming “we’re small, so this doesn’t apply.” Even if you’re not listed or “large,” DMCC still applies to most B2C businesses. Companies House verification will touch virtually all companies.
  • Equating policies with compliance. The new regimes emphasise effectiveness. Boards must evidence that controls operate and that consumer-facing practices are actually fair in reality, not just on paper.
  • Leaving identity verification to the last minute. Director and PSC calendars fill fast. Align verification with meetings and filings to avoid late confirmation statements.
  • Underestimating review risk. Review ecosystems are messy. Implement automated flags and manual sampling, plus clear guidance for staff on what counts as a prohibited review practice.

Final word

2025 is about raising standards and proving them. The Corporate Governance Code asks boards to demonstrate control effectiveness. The DMCC empowers the CMA to penalise unfair consumer practices. ECCTA pushes verification and anti-fraud discipline across the corporate lifecycle. Treat this as an opportunity to simplify processes, document what works, and build trust with investors and customers. If you need tailored help – whether that’s a readiness review, a board workshop, or a consumer law audit – this is the year to act.

Note: This article provides general information and is not legal advice. For advice on specific circumstances, and Corporate Law, consult Blake-Turner.