The UK Corporate Governance Code: Key provisions and updates

The UK Corporate Governance Code shapes how UK listed companies govern themselves, report on performance and provide transparent, defensible disclosures. It operates on a comply or explain basis and continues to evolve as expectations for accountability rise.

Organisations have now spent a full year working under the 2024 Code. Most have completed their first reporting cycle and refined their approach to outcomes‑based reporting, culture oversight and stakeholder communication. The final major change, Provision 29, applies to financial years beginning on or after January 1, 2026, and will reshape how boards report on internal controls.

This blog walks through what matters most, including:

• The purpose and structure of the Code
• Who it applies to
• What changed for 2025
• What is coming into effect for 2026
• How boards can stay ahead
• Where technology strengthens reporting and oversight

Purpose and history of the UK Corporate Governance Code

The UK Corporate Governance Code codifies good governance for businesses and investors. It’s required for UK-listed companies and gives all organizations a valuable framework for transparent, defensible management. It helps investors compare companies and encourages boards to align governance with strategy and culture. The Code is structured around five Principles that cover board leadership, division of responsibilities, composition and succession, audit and risk, and remuneration. Provisions then explain how boards should apply those Principles in practice.

Who the Code applies to and when

The Code applies to companies listed under the UK Listing Rules in the commercial companies or closed‑ended investment funds categories. This includes companies listed in the commercial companies (ESCC) category and closed‑ended investment funds and others that adopt the Code voluntarily. To meet Listing Rule expectations, companies must apply the Principles and comply with, or explain against, the Provisions.

The 2024 Code has applied to financial years beginning January 1, 2025. By the end of 2025, most in‑scope companies have already reported under the new framework. Provision 29 applies to financial years beginning on or after January 1, 2026. 

The role of the Financial Reporting Council (FRC)

The FRC oversees corporate governance, audit and reporting standards in the UK. It publishes the Code, issues supporting guidance and reviews annual reports each year to highlight strengths and gaps in governance disclosures.

Throughout 2025 the FRC and related bodies issued updated guidance on NED remuneration, going concern reporting and virtual shareholder meetings. These updates help companies understand how to meet expectations in a landscape shaped by outcomes‑based reporting and increased scrutiny of board decisions. 

Key provisions and updates

1. Outcomes‑based governance reporting

A major shift in the 2024 Code is the focus on reporting outcomes, not policies. Annual reports should show the decisions the board made and the impact of those decisions on strategy, risk and culture. Culture reporting should show how values are embedded and how behaviours are monitored. Boilerplate wording is no longer acceptable. Investors and regulators expect clarity and evidence.

2. Provision 29: internal controls and risk management

Provision 29 becomes effective for financial years beginning on or after January 1, 2026. Boards will need to:

• Monitor and review the effectiveness of the risk management and internal control framework
• Complete an annual review of effectiveness
• Declare whether material controls were effective at the balance sheet date
• Describe any ineffective controls and actions taken

Material controls include financial, operational, reporting and compliance controls. This is a significant shift because the declaration is an outcome statement that must be backed by evidence that stands up to investor scrutiny. There is no external auditor attestation requirement.

3. Audit committee responsibilities

Several audit‑committee‑related provisions have moved into the Audit Committees and External Audit Minimum Standard, which now sets expectations for audit oversight, tendering and independence. Boards should check that committee terms of reference reflect this shift.

4. Remuneration and NED expectations

Recent updates confirm that paying NEDs in shares can support alignment with shareholders, while performance‑linked pay risks affecting independence. Remuneration explanations should reflect the company’s strategy and circumstances, not generic market claims. 

5. Shareholder engagement and meeting formats

Guidance published in December 2025 supports companies planning virtual‑only shareholder meetings. It sets clear expectations on engagement, Q&A and disclosure while government clarifies Companies Act provisions. Boards should review their articles and AGM notices accordingly.

6. Going concern and financial resilience

New FRC guidance published in February 2025 strengthens expectations for solvency, liquidity and going concern reporting. Boards should ensure assessments and disclosures are tailored, evidence‑based and specific to the company’s financial position. 

What boards should focus on now

Board effectiveness and performance

• Focus reviews on decisions and outcomes, not processes. 
• Show how culture is embedded.
• Explain any departures from Provisions clearly and proportionately. 

Stakeholder communication

• Keep disclosures concise and specific.
• Highlight the outcomes of board decisions and link them to strategy.
• Remove duplication across the annual report.

Internal controls and assurance

• Define material controls using a clear, risk‑based test.
• Agree an evidence standard that sets coverage, thresholds and closure criteria.
• Integrate assurance across first, second and third lines to avoid duplication.
• Prioritise principal risks and price‑sensitive reporting.

Governance and compliance operations

• Align listing rule disclosures with the 2024 Code.
• Refresh audit committee terms against the Minimum Standard.

A simple roadmap for Provision 29

Phase 1: Set the foundations Agree material controls. Define evidence requirements with the audit committee.

Phase 2: Test and remediate Run targeted testing. Fix issues early and track retesting.

Phase 3: Dry‑run declaration Prepare draft wording and the supporting evidence pack. Refine both with the audit committee.

Phase 4: Finalise disclosure State the board’s conclusion plainly. Explain any ineffective controls and the actions taken.

This phased approach makes the year‑end declaration clearer, more credible and easier to complete. 

How technology supports Code compliance

Technology strengthens governance, reduces manual effort and improves evidence quality. With Diligent you can:

• Maintain a control inventory linked to risks and reporting duties
• Manage first‑line attestations with workflow and exception handling
• Consolidate all assurance into a single, visible assurance map
• Track issues and remediation
• Produce board‑ready reports that tie evidence to outcomes
• Use analytics that surface anomalies and connect findings directly to audits so evidence quality improves without noise

See how Diligent can streamline and strengthen your UK Corporate Governance Code efforts: Diligent for internal controls and risk management, Diligent for board and leadership collaboration and Diligent One, the platform that brings it all together.