Feb 192026

UK Data Privacy and Cybersecurity Outlook for 2026: What Financial Services Firms Need To Know

Francesca Blythe, William RM Long and Matthias Bruynseraede
, , , ,

Last year saw many developments across the international data privacy and cybersecurity landscape, and this momentum shows no sign of slowing.

In the UK, 2025 saw the rollout of major legislative and policy initiatives, most notably the finalisation of the Data (Use and Access) Act 2025 and the introduction of the Cyber Security and Resilience Bill. At the same time, rapid advances in artificial intelligence (AI) continue to intensify cybersecurity and privacy risks. Together, these developments require organisations to adopt a forward-looking approach to managing data privacy, cybersecurity and AI risk.

Click here to view article.

This article first appeared on Thomson Reuters on February 17, 2026 and can be viewed here.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

Francesca Blythe

London

fblythe@sidley.com

William RM Long

London

wlong@sidley.com

Matthias Bruynseraede

London

mbruynseraede@sidley.com

You might also like
The New Cyber Doctrine of the United States: The Trump Administration Issues Cyber Strategy and Executive Order Targeting Cybercrime

The New Cyber Doctrine of the United States: The Trump Administration Issues Cyber Strategy and Executive Order Targeting Cybercrime

On March 6, 2026, the Trump Administration released President Trump’s Cyber Strategy for America, and an Executive Order targeting cyber-enabled crime, fraud, and predatory schemes.   Together these documents do more than merely outline the Administration’s response to cyber threats; they articulate a new cyber doctrine centered on imposing costs on adversaries and mobilizing both government and private-sector capabilities at scale.

Generative AI and Privilege: Practical Lessons from Two Early Decisions and What Comes Next

In February 2026, two federal courts drew national attention by addressing generative AI in the privilege context. At first glance, the decisions appear incongruent: one denied privilege where AI was used; the other upheld work product protection in a similar context. Yet neither decision announced a shift in privilege law. Each applied existing principles to new factual settings. The practical implications are straightforward: understand the confidentiality terms governing AI platforms, ensure appropriate attorney involvement where privilege is sought, and maintain disciplined policies around AI-assisted legal analysis.

Geopolitics and Cybersecurity: Japan and the UK Announce Strategic Cyber Partnership Among Growing Global Focus on Privacy and Cyber Risks Posed by Foreign Actors

On January 31, 2026, the governments of Japan and the United Kingdom announced they were strengthening their cybersecurity collaboration through a bilateral Strategic Cyber Partnership (Partnership).