Pensions law update: April 2026

Welcome to the April edition of our monthly Pensions Law Update.

Pre-Easter Royal Assent wasn’t to be for the Pension Schemes Bill in the end, with substantive changes made at report stage in the House of Lords that will now need to be considered in the Commons. In this edition we bring you the latest version of our Pension Schemes Bill handbook, updated at the end of March for the key amendments agreed in the House of Lords.

We also share updates on the proposed statutory guidance on trustee investment duties, the Pensions Regulator’s guidance for trustees on the s37 remedy and the latest on the new “guided retirement” requirements for trust-based DC schemes. With commentary and articles on cyber security governance (including the recent Companies House cyber security incident), key case law developments and employee healthcare trusts, it’s another bumper edition this month.

Policy update

Pension Schemes Bill: poised for ping pong

In March, the Pension Schemes Bill reached the report and third reading stage in the House of Lords, with some 178 amendments tabled for consideration. Over three days of debate a number of important substantive changes were agreed by the Lords, including in relation to cornerstones of Government policy such as the controversial “investment mandation” power that would apply to default funds in certain DC schemes (which was removed) and the “scale” requirement for DC schemes (where the Lords voted to incorporate a new exemption power for well-performing schemes).

These are substantive changes which we do not anticipate will be readily accepted in the Commons, where of course the Government enjoys a healthy majority. For example, press reports on 27 March indicate that the Government is intending to re-table a revised, narrower version of the proposed mandation power.

A period of ping pong between the Houses now seems likely, with the result that Royal Assent is likely to come later than the Government had initially hoped. The amended Bill is due to be considered by the Commons on 15 April 2026.

Our Pension Schemes Bill handbook has been updated to reflect these recent developments. The latest edition, published on 26 March, incorporates our commentary on the key changes agreed by the House of Lords.

Clarity on fiduciary duties – deferred but not derailed?

One of the more unexpected developments during the Pension Schemes Bill report stage was the rejection by the House of Lords of Government amendment 156. This is the provision that would have required the Secretary of State to publish statutory guidance to support trustees with understanding their investment duties in relation to pension scheme assets. In this article we consider the debate, and look at what might come next.

Royal Assent for Finance Act 2026

The Finance Bill received Royal Assent on 18 March 2026, becoming the Finance Act 2026.

This is the legislation which brings most unused pension pots and certain death benefits within scope for inheritance tax purposes. The change will apply in respect of deaths on and from 6 April 2027.

The Bill also makes some technical changes to regulation-making powers in respect of the lifetime allowance abolition.

DB in the spotlight

Section 37 remedy – new guidance from TPR

On 26 March 2026 the Pensions Regulator published its guidance for trustees, pension scheme managers and responsible authorities on applying the s37 remedy provisions in the Pension Schemes Bill.

The Bill has of course not yet received Royal Assent and TPR highlights that the guidance will be updated to reflect the final provisions when they are passed. However, at this stage, with the Bill nearing the final stages of the parliamentary process the shape of the remedy clauses seems to be reasonably settled, barring any unexpected developments.

Some key takeaways from TPR’s guidance include:

• Although the clauses are not yet in force, TPR highlights that schemes can instruct their actuary to begin work. However, as TPR notes, there is no time limit for using the remedy so, in our view, in most circumstances there need be no rush to begin before the clauses become law. Where schemes do not proceed with the work immediately TPR notes they must have document retention policies in place to ensure that documents are not destroyed.
• TPR highlights that the remedy provisions permit the actuary to act on the basis of the information available to them if they consider it sufficient for the purpose of forming an opinion. On this basis, TPR does not expect schemes to undertake “exhaustive searches before your actuary undertakes the remediation work”, though notes the actuary may request additional information to support their assessment.
• Reflecting the pragmatic approach adopted by the FRC guidance for actuaries (see our update here), when an affected amendment is identified TPR suggests trustees should undertake a cost benefit analysis to “weigh up” the merits of conducting a search for evidence of past certification against assuming there was no such certification and asking the actuary to apply the remedy.
• The key role of professional advisers is highlighted throughout. Trustees are expected to have a clear understanding of the issues and the options available to them, and to engage legal and actuarial advice, as well as with the sponsoring employer.

We note that the guidance does not refer to the Verity Trustees decision, which has yet to be handed down but is expected to answer some key questions about the scope of the s37 confirmation requirement and whether it applied to certain categories of amendment.

If you would like to discuss any aspect of the new guidance, please contact Richard Knight or your usual Burges Salmon pensions team contact.

Cyber security

Companies House cyber incidents

On 16 March 2026, Companies House issued a statement regarding a security issue with their WebFiling service. You can read the statement, here.

In summary, it appears that there was a window between October 2025 and 13 March 2026 when personal data from individual companies that is not normally publishable may have been visible to other logged-in WebFiling users (not to the general public without login details). Amendments could have been made to the data that was unintentionally viewable.

The statement says that there are “no reports at this stage of data having been accessed or changed without permission” and that, in addition, it is clear that (a) passwords were not compromised, (b) no data used as part of the Companies House id verification process (e.g. passport information) was accessed and (c) no existing filed documents, such as accounts or confirmation statements could have been altered.”

In terms of action, Companies House has said “We are asking all companies to check their registered details and filing history to make sure everything appears correct. If a company has a concern, please contact us on [email protected] using ‘WebFiling issue’ in the subject heading and include evidence to describe the concern.”

In a pensions context, schemes with corporate trustees and professional trustees should be aware of this statement and consider whether any action should be taken at this stage. If you would like to discuss the issue further please do get in touch with your usual Burges Salmon pensions team contact.

Cyber governance – lessons from the Court of Appeal

Cyber governance and active work to build cyber resilience is more important than ever following the recent Court of Appeal decision in DSG Retail Limited v Information Commissioner, where it was held that information can remain “personal data” which a controller must secure even where a malicious party cannot identify the individuals concerned without additional information. Our Disputes team explore the decision in more detail in this recent article:

Considering the implications of the decision for the clients we advise in the Pensions & Lifetime Savings team, Samantha Howell comments that: “From a pensions perspective, it is really important for trustees and sponsors to build their scheme’s cyber resilience on an ongoing basis. This is critical for so many reasons, including (i) the potential costs and reputational issues associated with a cyber incident, (ii) the long-lasting implications of such incidents and (iii) ensuring that schemes are meeting the Pensions Regulator and ICO’s best practice requirements in this area, which will feed into a scheme’s ESOG and ORA (with the deadline for many schemes imminent). This decision by the Court of Appeal adds another important point to that existing list of reasons”.