Law Meets Reputation: 2026 Risk Outlook | Board Edition
‘Law Meets Reputation’ is a professional insights series produced by the Crisis & Disputes team at FTI Consulting (London), informed by our experience advising on complex, high-stakes business challenges.
Just weeks into 2026, many UK businesses already face a changed regulatory landscape, with heightened board accountability and increased risk. Below are five legal developments (emerging or accelerating since late 2025) that should now sit firmly on boards’ risk agendas.
Key takeaways for risk management:
- Together, these developments point to a complex risk environment where legal exposure, political scrutiny and corporate reputation converge. Organisations that treat these issues in isolation, or assume reputational impact can be managed downstream, risk finding themselves reacting rather than leading.
- In this environment, organisations need genuinely integrated, multi-disciplinary advice – with legal and communications specialists working together to define a single, coherent response. The focus must be on enabling early decisions, aligning stakeholders and managing risk holistically.
Businesses in almost every sector have embedded AI across core functions, from customer interactions and HR to compliance and executive reporting. Early disputes focused on model development and training data ownership. In 2026, the sharper risks for most organisations lie in day-to-day operational usage – including inadequate controls over the accuracy of AI outputs, inappropriate reliance on these outputs in subsequent activities or decision-making, and unclear accountability when tools produce errors that are acted on.
These deployment and governance risks are no longer theoretical. The West Midlands Police controversy – where false AI-generated intelligence influenced operational decisions – illustrates how quickly weaknesses in AI oversight can escalate into political and reputational crises.
Why this matters: AI governance is now a mainstream board responsibility. Organisations face exposure not only through traditional legal claims (e.g. misrepresentation, negligence, discrimination and defamation), but through specific scrutiny of board-level controls such as verification, auditability, training and oversight. Failures in these areas can translate rapidly into legal and reputational harm, testing leadership judgment and governance maturity.
The UK’s legislative agenda is pushing cyber resilience firmly into the governance spotlight. The Cyber Security and Resilience (Network and Information Systems) Bill, introduced in late 2025 and debated in early 2026, signals a shift towards greater accountability for preparedness and board-level oversight across critical sectors.
The practical consequence for 2026 is reputational as much as regulatory. Cyber incidents are increasingly being framed in terms of wider economic and public impact – asking, in effect: “Did you endanger the public or the economy?” Scrutiny increasingly focuses on whether leaders anticipated, funded and governed cyber risk appropriately – and not simply whether an attacker got through and how the organisation responded.
Why this matters: For boards, cyber readiness is now a leadership credibility issue – particularly in regulated and critical sectors such as finance, health, infrastructure and data-rich consumer businesses. Directors are expected to demonstrate proactive oversight, investment discipline and risk ownership and clear risk ownership, alongside effective incident response.
The Digital Markets, Competition and Consumers Act has materially expanded the CMA’s consumer protection enforcement powers. The CMA’s first wave of investigations into online pricing practices in November 2025 is a clear signal of how 2026 will feel for consumer-facing businesses.
Practices such as drip pricing, misleading urgency cues, opaque fees and manipulative choice architecture (“dark patterns”) are now priority targets, and enforcement activity is increasingly accompanied by early public scrutiny – meaning reputational impacts can set in faster than legal outcomes.
Why this matters: Boards should assume that consumer compliance issues will surface publicly and early. Allegations often carry greater reputational impact than final findings – turning pricing, user experience and marketing practices into board-level risks, rather than operational details.
The UK remains a leading global venue for collective action claims for alleged competition law breaches. 2026 looks set to maintain that momentum across sectors beyond tech, including transport, energy, pharma and financial services.
A key accelerant is the Government’s stated intention to mitigate the impact of the 2023 Supreme Court judgment in PACCAR and introduce proportionate regulation of litigation funding – moves welcomed by funders and claimant firms, and likely to support continued growth in large-scale claims. At the same time, data breach-related group actions are increasingly being marketed and organised at scale, adding another route to high-volume, reputationally charged litigation risk.
Why this matters in 2026: Collective litigation is increasingly a public, multi-year event. Even defensible claims can generate sustained reputational damage, requiring boards to plan for combined legal risk, media scrutiny, investor concern and stakeholder pressure.
The Employment Rights Act 2025 became law on 18 December 2025, with changes rolling out through 2026–27. A major pressure point for 2026 planning is that “fire and rehire” (and related “fire and replace”) is expected to become significantly more constrained, alongside other reforms that change the risk profile of workforce change programmes.
At the same time, employment disputes are increasingly fought as public campaigns, amplified by unions, activists and social media. That puts internal communications, process fairness and leadership visibility at the centre of reputational outcomes.
Why this matters: Workforce decisions are now leadership moments. Boards should expect restructures, policy changes and industrial relations issues to be judged publicly on fairness, transparency and executive accountability – not just legal compliance.
| The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.
©2026 FTI Consulting, Inc. All rights reserved. www.fticonsulting.com |
