The UK puts a new focus on digital reporting controls
The UK Financial Reporting Council (FRC) has introduced Provision 29 in its revised UK Corporate Governance Code, requiring listed companies to make an explicit declaration on the effectiveness of their risk management and internal control frameworks in their 2026 annual reports.
While companies have previously assessed and reported on their internal controls, this new requirement shifts the focus to a more formal and transparent statement from directors.
One area expected to come under scrutiny is compliance with the European Single Electronic Format (ESEF), also known in the UK as UKSEF. The UK’s Financial Conduct Authority (FCA) has stressed that digital reporting requirements under Disclosure Guidance and Transparency Rules (DTR) 4.1.15R-4.1.18R must be taken as seriously as other financial reporting obligations. Despite ESEF being in place for three years, the FCA has flagged low compliance rates and material errors in tagging financial statements, signalling the need for stronger internal controls.
For companies, this means taking a fresh look at their digital reporting processes. Provision 29 presents an opportunity to strengthen governance, engage with specialists, and ensure compliance with FCA requirements. While ESEF compliance may seem technical, it follows familiar principles of financial control: setting a clear tone from the top, asking the right questions, and conducting thorough reviews.
As digital reporting moves up the governance agenda, companies must ensure they are audit-ready for Provision 29. Now is the time to assess whether controls are fit for purpose.
For more details, read the full update here and commentary here.
