Adequacy regulations
Latest updates – last updated 15 January 2026
15 January 2026 – We’ve broken down the content of our previous Guide to international transfers into specific detailed guides, including this one on Adequacy regulations. We’ve updated our guidance to include more information on how adequacy works including specific guidance on the UK Extension to the EU-US Data Privacy Framework (DPF). We’ve also highlighted the new language brought in by the Data (Use and Access) Act to refer to the standard required for adequacy. The UK government will use this standard when carrying out its adequacy assessments.
About this guidance
This guidance discusses UK adequacy regulations for international transfers in detail. It is aimed at Data Protection Officers (DPOs) and those with specific data protection responsibilities.
It provides guidance on what the adequacy regulations are and when they apply. It sets out what organisations need to do to comply with the legislation.
The guidance provides some examples to help illustrate how the legislation might apply in practice. However, we don’t address every aspect of regulatory compliance that applies to you.
You should read this in conjunction with our other guidance. For broader data protection compliance, see our Guide to data protection.
If you’ are processing information for law enforcement purposes under part 3 of the Data Protection Act 2018 (DPA), please read our separate guidance on international transfers in our Guide to law enforcement processing.
Contents
- Is the restricted transfer covered by adequacy regulations?
- How does the UK Extension to the EU-US Data Privacy Framework work?