The UK Corporate Governance Code: Key provisions and updates

The UK Corporate Governance Code shapes how UK-listed companies govern themselves, report on performance and provide transparent, defensible disclosures. It operates on a comply-or-explain basis and continues to evolve as accountability expectations rise.

Organisations have now spent more than a year working under the 2024 Code. Most have completed their first few reporting cycles and refined their approach to outcomes‑based reporting, culture oversight and stakeholder communication. The final major change, Provision 29, is now in effect. For companies with calendar-year-ends, the first board declaration on internal controls' effectiveness is due in early 2027, making 2026 the critical year for building evidence and testing material controls.

This matters because the shift is significant. Where previous versions of the Code focused primarily on whether companies had the right policies in place, the 2024 Code demands evidence of outcomes — proof that governance decisions actually influenced strategy, risk management and organisational culture.

According to What Directors Think 2026 by Diligent Institute and Corporate Board Member, 84% of directors have changed their approach to scenario planning, while 39% say technology-enabled compliance monitoring tools would most improve their board’s oversight. The pressure for evidence-backed governance is not unique to the UK, but the Code’s requirements put it squarely into regulatory territory.

This guide walks through what matters most for UK-listed companies and governance professionals, including:

• What the UK Corporate Governance Code is and who it applies to
• The five Principles that underpin the Code’s framework
• Key provisions and updates from the 2024 revision
• How outcomes-based reporting changes annual report expectations
• What boards should prioritise now across effectiveness, stakeholder communication and assurance
• How AI-powered governance technology strengthens Code compliance and reporting quality

What is the UK Corporate Governance Code?

The UK Corporate Governance Code codifies principles of good governance for UK-listed companies and investors. Published and overseen by the Financial Reporting Council (FRC), it gives all organisations a framework for transparent, defensible management — and gives investors a consistent basis for comparing how companies govern themselves.

The Code is structured around five Principles that cover the fundamentals of effective corporate governance. Provisions then explain how boards should apply those Principles in practice. While the Code is mandatory for UK-listed companies on a comply-or-explain basis, many private and international organisations adopt it voluntarily as a governance benchmark.

The five Principles of the Code

The Code’s framework is built around five core Principles:

• Board leadership and company purpose: The board should lead the company towards sustainable success, establish the company’s purpose, values and strategy and ensure that its culture aligns with these.
• Division of responsibilities: The board should include an appropriate mix of executive and non-executive directors, with a clear division of responsibilities so that no individual has unfettered power.
• Composition, succession and evaluation: The board should be composed of the right mix of skills, experience, independence and knowledge. Appointments and succession plans should promote board refreshment and diversity.
• Audit, risk and internal control: The board should establish formal arrangements to consider how it applies corporate reporting, risk management and internal control principles, and to maintain an appropriate relationship with the company’s auditors.
• Remuneration: Remuneration policies and practices should be designed to support strategy and promote long-term sustainable success. Executive remuneration should be aligned to company's purpose and values.

These Principles are deliberately broad. The Provisions beneath them are where the operational detail sits — and where the 2024 revision introduced the most significant changes.

Who the Code applies to and when

The Code applies to companies listed under the UK Listing Rules in the commercial companies or closed‑ended investment funds categories. This includes companies listed in the commercial companies (ESCC) category and closed‑ended investment funds and others that adopt the Code voluntarily. To meet Listing Rule expectations, companies must apply the Principles and comply with, or explain against, the Provisions.

The 2024 Code applied to financial years beginning January 1, 2025. By the end of 2025, most in‑scope companies had already reported under the new framework. Provision 29 became effective for financial years beginning on or after January 1, 2026.

The role of the Financial Reporting Council (FRC)

The FRC oversees corporate governance, audit and reporting standards in the UK. It publishes the Code, issues supporting guidance, and reviews annual reports to highlight strengths and gaps in governance disclosures.

Throughout 2025 the FRC and related bodies issued updated guidance on NED remuneration, going concern reporting and virtual shareholder meetings. These updates help companies understand how to meet expectations in a landscape shaped by outcomes‑based reporting and increased scrutiny of board decisions.

“The strongest defense against emerging risks lies in sound, well-structured governance systems,” says Pav Gill, CEO of Confide. For UK-listed companies navigating the 2024 Code, that defence starts with understanding what the FRC now expects — and where the bar has been raised.

Key provisions and updates from the UK governance code

The 2024 revision introduced several meaningful changes to how boards demonstrate governance effectiveness, report on internal controls and engage with stakeholders.

1. Outcomes‑based governance reporting

A major shift in the 2024 Code is the focus on reporting outcomes, not policies. Annual reports should show the decisions the board made and the impact of those decisions on strategy, risk and culture. Culture reporting should show how values are embedded and how behaviours are monitored. Boilerplate wording is no longer acceptable. Investors and regulators expect clarity and evidence.

2. Provision 29: internal controls and risk management

Provision 29 became effective in January 2026. Boards will need to:

• Monitor and review the effectiveness of the risk management and internal control framework
• Complete an annual review of effectiveness
• Declare whether material controls were effective at the balance sheet date
• Describe any ineffective controls and actions taken

Material controls include financial, operational, reporting and compliance controls. This is a significant shift because the declaration is an outcome statement that must be backed by evidence that stands up to investor scrutiny. There is no external auditor attestation requirement.

This is a meaningful step change. Previous requirements focused on whether internal control systems existed. Provision 29 asks boards to confirm that those systems actually worked — and to publicly say so. For organisations managing risk across multiple jurisdictions and business units, the challenge of gathering evidence is substantial.

3. Audit committee responsibilities

Several audit‑committee‑related provisions have moved into the Audit Committees and External Audit Minimum Standard, which now sets expectations for audit oversight, tendering and independence. Boards should check that committee terms of reference reflect this shift.

4. Remuneration and NED expectations

Recent updates confirm that paying NEDs in shares can support alignment with shareholders, while performance‑linked pay risks affecting independence. Remuneration explanations should reflect the company’s strategy and circumstances, not generic market claims.

5. Shareholder engagement and meeting formats

Guidance published in December 2025 supports companies planning virtual‑only shareholder meetings. It sets clear expectations on engagement, Q&A, and disclosure, while the government clarifies the provisions of the Companies Act. Boards should review their articles and AGM notices accordingly.

6. Going concern and financial resilience

New FRC guidance published in February 2025 strengthens expectations for solvency, liquidity and going concern reporting. Boards should ensure assessments and disclosures are tailored, evidence‑based and specific to the company’s financial position.

What should boards focus on now?

Board effectiveness and performance

• Focus reviews on decisions and outcomes, not processes.
• Show how culture is embedded.
• Explain any departures from Provisions clearly and proportionately.

Stakeholder communication

• Keep disclosures concise and specific.
• Highlight the outcomes of board decisions and link them to strategy.
• Remove duplication across the annual report.

Internal controls and assurance

• Define material controls using a clear, risk‑based test.
• Agree on an evidence standard that sets coverage, thresholds and closure criteria.
• Integrate assurance across first, second and third lines to avoid duplication.
• Prioritise principal risks and price‑sensitive reporting.

Governance and compliance operations

• Align listing rule disclosures with the 2024 Code.
• Refresh audit committee terms against the Minimum Standard.

A simple roadmap for Provision 29:

Phase 1: Set the foundationsAgree on material controls. Define evidence requirements with the audit committee.

Phase 2: Test and remediateRun targeted testing. Fix issues early and track retesting.

Phase 3: Dry‑run declarationPrepare draft wording and the supporting evidence pack. Refine both with the audit committee.

Phase 4: Finalise disclosureState the board’s conclusion plainly. Explain any ineffective controls and the actions taken.

This phased approach makes the year‑end declaration clearer, more credible and easier to complete.

How AI-powered governance technology supports Code compliance

The evidence-gathering, reporting and assurance demands of the 2024 Code — particularly Provision 29 — push many organisations beyond what manual processes can reliably deliver. Technology plays a critical role in closing this gap, reducing manual effort and improving evidence quality.

Diligent's governance, risk and compliance platform addresses the specific challenges UK-listed companies face under the 2024 Code:

• Internal controls and risk management: Maintain a control inventory linked to risks and reporting duties, manage first-line attestations with structured workflows and exception handling and consolidate assurance into a single, visible assurance map. Diligent's SOX Compliance and Internal Audit solutions automate control testing and evidence collection — directly supporting the documentation required by Provision 29.
• Board governance and reporting: Smart Builder automates board book creation, reducing preparation time significantly while improving the quality and consistency of materials directors receive. SmartPrep generates strategic questions with citations, helping directors arrive prepared for the substantive discussions the Code expects. Smart Risk Scanner identifies risky language and legal red flags before materials reach the board.
• Enterprise risk management: Diligent ERM, with Moody's benchmarking integration, provides the risk framework and reporting infrastructure that Provision 29 evidence relies on. Automated dashboards deliver board-ready risk reports that tie evidence to outcomes.

• Analytics and continuous monitoring: ACL Analytics enables 100% data testing rather than sampling, providing the comprehensive coverage needed to strengthen control effectiveness declarations. Analytics surface anomalies and connect findings directly to audits, so evidence quality improves without adding noise to the process.

What Directors Think 2026 also found that 53% of directors say they don't often receive real-time data between meetings, making ongoing oversight a challenge. Diligent One, the platform that connects governance, risk, compliance and audit functions, addresses this gap by providing continuous visibility rather than point-in-time reporting.

See how Diligent can streamline and strengthen your compliance with the UK Corporate Governance Code. Schedule a Diligent demo today

Frequently asked questions about the UK governance code

What changed in the 2024 UK Corporate Governance Code?

The 2024 Code introduced a shift from process-based to outcomes-based reporting. Boards must now demonstrate the impact of their governance decisions on strategy, risk and culture, rather than simply describing the structures they have in place. Other changes include enhanced audit committee expectations through the Minimum Standard, updated NED remuneration guidance and Provision 29, which requires boards to declare the effectiveness of material internal controls from 2026.

When does Provision 29 take effect?

Provision 29 began in January 2026. For companies with a calendar year-end, the first declarations will appear in annual reports published in early 2027. Boards should begin scoping material controls, agreeing on evidence standards and running dry-run declarations well in advance of their year-end.

What are the main principles of the UK Corporate Governance Code?

The Code is structured around five Principles: board leadership and company purpose, division of responsibilities, composition, succession and evaluation, audit, risk and internal control, and remuneration. These Principles set the high-level expectations for governance, while the Provisions beneath them provide the operational detail that boards must comply with or explain against.

Ready to strengthen your UK Corporate Governance Code compliance? Schedule a demo to see how Diligent can support your board’s governance, risk and assurance requirements.