Twelve frameworks that govern your IR website. Plain English.
A definitive reference for the disclosure obligations that matter for AIM and Main Market issuers. Each framework is explained, the common failure modes are named, and our handling is documented. Refer to this page when scoping a build, briefing your NOMAD, or preparing your audit committee.
The master AIM website disclosure rule.
What it requires.
Every AIM issuer must maintain a public website that holds a defined set of information, free of charge, and updated within stated horizons. The mandatory disclosures include a description of the business, the names and biographies of directors, the chosen corporate governance code and a description of how it is applied, the constitutional documents, a published list of significant shareholders holding three per cent or more (with a six-month update horizon for material changes), the country of incorporation, the NOMAD's name and address, and the most recent annual report and accounts. Disclosure of the chosen corporate governance code has been mandatory since September 2018. Every element of the rule carries its own timeliness obligation; populating the page once and leaving it is not compliance.
Where issuers commonly fall short.
The single most-breached element is the six-month significant-shareholders update. Issuers refresh the list on annual report publication and the next mandatory refresh quietly slips, leaving the page correct in form but stale in substance. The second most common failure is the chosen governance code disclosure: companies that have changed code, typically from the UK Corporate Governance Code to the QCA Code, without updating the website. The third is the disclosed NOMAD, which lags adviser changes by weeks or months. Beyond content gaps, the structural problem is less visible: WordPress sites running themes from 2018 or 2019 are routinely non-compliant with the AI-readability expectations the LSE flagged in its November 2025 reform statement, even where every required text field is nominally populated. The reformulation of the AIM rulebook explicitly preserved Rule 26 even while relaxing obligations elsewhere -- a clear signal that the website floor is not moving.
How Actually AI handles it.
AIM Rule 26 is the spine of every Foundation Build. We construct the page to the letter of the rule, populate it with structured-data markup so the required disclosures are machine-readable, and connect the significant shareholders block, the NOMAD disclosure, and the governance code statement to the Compliance Monitor for ongoing six-month and event-driven alerting. When an adviser change or a code transition occurs, the Monitor flags the relevant section for update within 24 hours of the triggering event. The November 2025 LSE reform statement preserved Rule 26 intact even while relaxing several other obligations, and our build pattern reflects that preservation: this is the obligation that the LSE considers non-negotiable, and we treat it accordingly.
Periodic financial reporting and ten-year retention.
What it requires.
Issuers in scope must publish annual and half-yearly financial reports within the relevant deadlines and retain them in a publicly accessible archive for at least ten years from the date of publication. The archive must allow a reader to retrieve a specific historical report without paying or registering. Annual reports must include financial statements prepared under applicable accounting standards, a management report, and the directors' responsibility statement. Half-yearly reports must include condensed financial statements and an interim management report. Reports published in separate chapters or sections for web presentation must individually carry the responsibility statement or clearly cross-reference it.
Where issuers commonly fall short.
The most common failure is the retention horizon. Archives that hold five or six years of reports are common; archives that reach the full ten-year threshold are less so, particularly after a content management system migration where only the most recent reports are brought across. Less common but more consequential is the responsibility statement problem: when annual reports are split into chapters for web publication -- accounts, strategic report, governance report -- the responsibility statement is sometimes truncated from the downloadable chapters even though it is present in the full document. This creates a gap between the legally required disclosure and what an investor actually downloads from the site.
How Actually AI handles it.
Our document archive component holds reports indefinitely, with metadata sufficient to satisfy the DTR 4 retrieval standard. Every migration we manage explicitly preserves the full historical depth rather than importing only recent filings. The Compliance Monitor watches the publication-date metadata on every archived document and flags anything approaching the ten-year boundary so the document can be re-archived before the retention clock expires. Where an annual report is published in chapters, the responsibility statement is always present in every downloadable section, not only in the master document.
Continuing obligations and accessible disclosure.
What it requires.
Issuers in scope must publish regulated information in a manner that ensures fast access on a non-discriminatory basis. The information must be retained on a website for a minimum of five years, in a format that is accessible to investors and capable of retrieval. Specific obligations under DTR 6 cover the routing of disclosures through a regulatory information service and the prompt notification of major shareholding changes when the relevant thresholds are crossed. The non-discriminatory access requirement means that paywalls, mandatory registration, or technically inaccessible formats are non-compliant even if the substantive information is accurate.
Where issuers commonly fall short.
The most common format failure is PDF-only archives that have not been tested for screen-reader compatibility or basic accessibility. A PDF generated by printing from a finance system with no tagged structure, no alt text on charts, and no reading order passes a cursory inspection but fails a basic accessibility check. The second common failure is the regulatory information service routing: when an issuer changes RNS provider, the website's live feed integration sometimes lags the switch by days or weeks, creating a period during which disclosures are published to one channel but not visible on the other. The five-year retention floor is also frequently confused with the ten-year floor in DTR 4; they are different rules applying to different categories of document.
How Actually AI handles it.
Every disclosure on a site we build is published in HTML where the content type permits, with the PDF as the formal signed record. The HTML publication satisfies the accessibility and retrievability standard; the PDF satisfies the formality standard. The RNS feed integration is built directly to the regulatory information service and is monitored for delivery latency as part of the Managed Service. Where an issuer switches provider, the feed integration is updated within 24 hours of the change. Format accessibility is verified on every monthly content update and re-audited annually as part of the compliance report. The five-year and ten-year retention floors are tracked separately in the Compliance Monitor rather than conflated.
Corporate governance statement.
What it requires.
Issuers must publish a corporate governance statement, either inside the annual report or by clear cross-reference from the website to a standalone governance section. The statement must identify the chosen corporate governance code, explain any departures from its provisions and the reasons for those departures, describe the main features of the internal control and risk management systems in relation to financial reporting, and disclose the composition and operation of the audit committee, the nomination committee, and the remuneration committee. Where the issuer uses a code that operates on a comply-or-explain basis, each explanation must be specific to the issuer rather than generic.
Where issuers commonly fall short.
The chosen-code statement is the most common gap, particularly during governance code transitions. A company that was applying the UK Corporate Governance Code and has moved to the QCA Code will sometimes have the old code still named on the website long after the transition is complete in the annual report. Departure narratives are frequently perfunctory -- a single sentence that acknowledges the departure without explaining the reason -- which satisfies the letter of comply-or-explain while providing nothing useful to an investor. Committee composition disclosures routinely lag changes in committee membership by months, particularly when a non-executive director joins mid-year. Published terms of reference for audit, remuneration, and nomination committees are sometimes absent or last updated several years prior.
How Actually AI handles it.
Our governance section template has a single canonical location for the chosen code, departure narratives, committee terms of reference, and committee membership. Each element is a discrete content block rather than a paragraph inside a PDF, which means it can be updated without republishing the full annual report. The Compliance Monitor watches each element for staleness against the last-updated date and flags changes in committee composition within 48 hours of the triggering RNS announcement. When an issuer transitions between governance codes, we rebuild the governance section to match the new code rather than annotating the existing one.
Main Market continuing obligations.
What it requires.
Main Market issuers must comply with continuing obligations covering the disclosure of inside information, the equal treatment of shareholders, the maintenance of adequate procedures, systems, and controls to ensure compliance, and the publication of information required by the rules in a manner that is accessible to investors. The website obligations under UKLR 6 include prompt publication of regulated information, the maintenance of investor communications in an accessible archive, the publication of committee terms of reference, and the clear presentation of shareholder voting results from general meetings. The standard expected of Main Market issuers is generally higher than the AIM equivalents, reflecting the broader investor base and greater liquidity.
Where issuers commonly fall short.
On Main Market sites, the typical gap is between the legal team's assessment of compliance -- usually correct in substance -- and what an institutional investor or buy-side analyst experiences in practice. The regulatory disclosures are present, the RNS archive is populated, the committee terms of reference exist. But the information is buried in a seven-level navigation structure, the search function returns results in publication-date order with no relevance ranking, and the general meetings archive requires three clicks and a PDF download to find the poll results from the last AGM. The structural compliance is in place; the usability is poor enough that the effective accessibility of the information is compromised.
How Actually AI handles it.
We build to the letter and to the spirit of UKLR 6. Every required element is mapped to a specific page section during the scoping phase, and the design is tested against the institutional-analyst use case before delivery: can a long-only fund manager find the answer to a standard due-diligence question within 90 seconds without contacting the company? If the answer is no, the information architecture is reworked before sign-off. General meeting results are published in a dedicated, searchable archive. Committee terms of reference are linked from the governance overview page, not buried in a compliance appendix.
Inside information disclosure.
What it requires.
Issuers must publish inside information as soon as possible after it has come into existence, unless the conditions for delayed disclosure under the UK Market Abuse Regulation are satisfied and properly documented. Published inside information must be retained on the issuer's website for a minimum of five years from the date of publication. Where delayed disclosure is used, the issuer must notify the FCA immediately after publication that disclosure was delayed, and must maintain an internal record of the delayed-disclosure decision sufficient to demonstrate that the conditions were met. The obligation to publish promptly applies even where the information is also being announced through a regulatory information service.
Where issuers commonly fall short.
The five-year retention horizon is the most common failure on the website side of this obligation. Inside information notices fall off the website at the same retention period as ordinary RNS announcements rather than being held for the full five years. This happens because the distinction is not reflected in the content management system: there is no flag for MAR Article 17 items versus ordinary trading updates, so the housekeeping process treats them identically. Delayed-disclosure decisions are sometimes inadequately documented: the decision to delay is made correctly, the announcement is made in time, but the internal record of why the three conditions were satisfied is thin or missing.
How Actually AI handles it.
Our document archive flags items published under MAR Article 17 at publication, applying a five-year retention floor distinct from the general RNS archive. The flag is set when the content is published, and the Compliance Monitor watches it separately from the ordinary retention schedule. Delayed-disclosure documentation is held in a structured private record linked from the internal compliance log, accessible to the FCA on request and to the audit committee on the quarterly compliance review. The separation of the MAR five-year floor from the general RNS archive is a deliberate design choice, not a content management afterthought.
Accessibility, the rising baseline.
What it requires.
The Web Content Accessibility Guidelines version 2.2 set the AA-level conformance criteria for digital accessibility under four principles: perceivable, operable, understandable, and robust. AA conformance requires that all non-text content has a text alternative, that colour is not the sole means of conveying information, that text meets minimum contrast ratios (4.5:1 for normal text, 3:1 for large text), that all functionality is operable by keyboard, that focus indicators are visible and meet minimum size thresholds, that interactive targets meet minimum size requirements, and that form inputs are programmatically labelled. WCAG 2.2, finalised in October 2023, added nine new success criteria over WCAG 2.1. The new criteria materially affect how a typical IR site behaves, particularly around focus appearance, target size, and authentication processes.
Where issuers commonly fall short.
Most IR websites fail the AA threshold on between three and five commonly recurring criteria. Insufficient colour contrast on disclaimer text and document metadata captions is ubiquitous: the house brand colour passes contrast tests on a white background and fails on the off-white panel backgrounds used throughout the site. Focus rings hidden by overlay components or reset by CSS normalisation are the second most common failure. Drag-and-drop operations on interactive components, such as slide controls and timeline widgets, frequently lack a single-pointer or keyboard alternative. Document archives fail because PDFs are generated from source systems without tagged structure, alt text, or reading order, and are never re-tested after generation.
How Actually AI handles it.
Every page we build is constructed semantically, with focus states visible by default, contrast ratios that pass AA across the full brand palette including all background variants, and keyboard operability tested on every interactive element before delivery. Accessibility is not a post-build checklist; it is enforced during development by the Tailwind design token system, which embeds compliant contrast values into the palette. Managed Service includes an annual full accessibility re-test against the current WCAG version. We do not ship a build that fails AA. The /accessibility statement on every site documents the current conformance state, the date last tested, and the contact route for accessibility-related requests, in accordance with the public sector accessibility regulations model even where they do not strictly apply.
The homepage prominence requirement.
What it requires.
Commercial organisations that supply goods or services, carry on business in the UK, and have an annual turnover above the £36m threshold must publish a modern slavery and human trafficking statement for each financial year, approved by the board and signed by a director. The statement must cover the organisation's structure and supply chains, the policies in relation to slavery and human trafficking, the due diligence processes, the risk assessment and management approach, and the key performance indicators. A link to the statement must appear in a prominent place on the homepage of the organisation's website. Statements must be published within six months of the end of the financial year to which they relate.
Where issuers commonly fall short.
The prominence requirement is the most common failure. The statement exists -- it is published somewhere on the website and it is signed -- but the homepage link is buried in a footer column labelled "Legal" alongside the privacy policy and cookie notice, rather than in a separately labelled and visible location. In some cases the link is absent from the homepage entirely and the statement is only reachable via the site search or a direct URL. The annual update sometimes lapses: the statement is refreshed in the first year and then the same signed statement sits on the site for two or three consecutive years with only the date changed.
How Actually AI handles it.
Our homepage template includes a clearly labelled Modern Slavery Act link in the footer, separated from the general legal links, with the statement landing on a dedicated page that carries the publication date, the financial year to which it relates, and the director signature. The Compliance Monitor flags the statement at the eleven-month mark after publication so the next year's version is prepared and reviewed before the six-month post-financial-year deadline. We do not treat the Modern Slavery Act statement as a boilerplate document; if the issuer has operations or supply chains that have changed materially since the prior statement, we flag that for the company secretary's attention during the annual update review.
Reporting and three-year website retention.
What it requires.
Employers with 250 or more employees must publish gender pay gap data annually, reporting on mean and median hourly pay gaps, mean and median bonus pay gaps, the proportion of men and women receiving bonuses, and the distribution of men and women across four pay quartiles. The data must be published on the employer's own website and on the government's gender pay gap reporting service. The government reporting portal is mandatory; the website publication is in addition to it, not a substitute. Published gender pay gap data must remain accessible on the employer's website for at least three years from the date of publication.
Where issuers commonly fall short.
The three-year website retention is the most reliably overlooked element. When a new year's data is published, the previous year's data is sometimes quietly removed or overwritten, leaving the website holding only the current year rather than the rolling three-year window required. A second common gap is the supporting narrative: the published figures are accurate but the accompanying written explanation is inconsistent with them, asserting progress in areas where the data shows deterioration or vice versa. Third, the bonus pay gap component is sometimes omitted from the web publication even where it is correctly filed on the government portal.
How Actually AI handles it.
A dedicated gender pay gap page on every applicable site holds the current year's data alongside the prior two years, meeting the three-year retention requirement as a structural feature rather than a housekeeping task. The supporting narrative is drafted as a separate editable content block so it can be updated consistently with the data rather than requiring a republication of the whole page. The Compliance Monitor watches the publication date and flags the upcoming deadline. The bonus pay gap component is a named field in the content structure, making omission visible at review rather than invisible in a monolithic document.
Streamlined Energy and Carbon Reporting.
What it requires.
Large UK companies and LLPs in scope must report on UK energy use, UK greenhouse gas emissions across Scope 1 and Scope 2, an energy efficiency action taken during the year, and a normalised intensity metric relating emissions to a relevant business metric such as revenue, headcount, floor area, or units of output. The reporting must appear in the annual report, or for LLPs, in the annual accounts. The methodology used must be disclosed and must be applied consistently year on year. Emissions figures must follow a recognised reporting standard such as the GHG Protocol or ISO 14064.
Where issuers commonly fall short.
The intensity metric is the most common source of year-on-year inconsistency. Issuers change the denominator between reporting years -- from revenue to headcount, for example, or from headcount to floor area -- without a clear explanation of the change, making trend analysis impossible and the figures essentially incomparable. The energy efficiency action narrative is frequently perfunctory, listing a lighting upgrade or a heating system replacement without quantifying the saving or connecting it to the energy figures reported. On acquisitions and divestments, the prior year comparatives are sometimes restated silently without disclosure of the restatement or the reason for it, which again breaks comparability.
How Actually AI handles it.
Our SECR page template enforces year-on-year comparability by holding the chosen intensity metric and its denominator as a named content field that cannot be changed without an explicit methodology note being triggered. Acquisitions and divestments are footnoted in the current year's figures rather than silently absorbed into the comparatives. The energy efficiency action narrative is a structured content block with a field for the quantified saving, not a free-text paragraph. Where the issuer is on the Premium tier, the SECR figures feed into the live ESG dashboard, providing quarterly tracking between annual publication dates.
Cookies and analytics consent.
What it requires.
Under the Privacy and Electronic Communications Regulations 2003 and the UK General Data Protection Regulation, websites must obtain freely given, specific, informed, and unambiguous consent before placing non-essential cookies on a visitor's device. Essential cookies necessary for the operation of the service may be set without consent. A cookie policy must be published that identifies each category of cookie set, explains the purpose, and specifies the retention period. Visitors must be able to withdraw consent as easily as they gave it. Analytics and tracking cookies that identify individuals or build profiles require consent even where the service provider claims otherwise.
Where issuers commonly fall short.
The most common technical failure is a consent banner that appears to ask for consent but sets analytics and advertising cookies in the page code before the visitor has taken any action. This is a consent-before-collection breach, not a banner-design issue. The second common gap is a cookie policy that was written at launch and has not been updated to reflect cookies added by third-party scripts, marketing integrations, or social sharing widgets. The resulting mismatch between declared and actual cookie inventory is a regulatory exposure. The third failure is the absence of a usable withdrawal mechanism: consent can be given by clicking "Accept All" but withdrawal requires navigating to a settings page that is not linked from the site footer.
How Actually AI handles it.
We deploy Plausible Analytics by default on every site we build. Plausible is a cookie-free analytics service that does not track individual visitors, does not set persistent identifiers, and does not require a consent banner under PECR for the analytics function alone. Where an issuer requires marketing cookies -- for a paid media campaign, a social pixel, or a CRM integration -- the consent flow is built using a server-side consent management platform that sets no non-essential cookie before consent is recorded. The cookie policy is generated from an automated audit of the actual cookie inventory at build time and re-audited on every Managed Service cycle. The withdrawal mechanism is linked from the footer of every page.
Stakeholder reporting.
What it requires.
Directors of large UK companies and publicly quoted companies must include in the strategic report a section 172(1) statement describing how they have had regard to the matters set out in section 172 of the Companies Act 2006 when performing their duty to promote the success of the company. Those matters include the likely consequences of decisions in the long term, the interests of employees, the need to foster the company's business relationships with suppliers, customers, and others, the impact of operations on the community and the environment, the desirability of maintaining a reputation for high standards of business conduct, and the need to act fairly between members of the company. The statement must describe how the directors have had regard to each matter, with reference to specific decisions and their outcomes, not merely assert that regard was had.
Where issuers commonly fall short.
Section 172 statements are frequently generic to the point of being interchangeable between issuers. The statement lists the six statutory matters, asserts that directors had regard to each one, and provides no specific decision or outcome as evidence. This satisfies the minimum formal requirement but fails the substantive standard the FRC guidance describes, which calls for specific examples of how stakeholder interests were considered and how they influenced outcomes. The reverse failure also exists: statements that read as a marketing narrative about the company's values rather than a governance record of how directors exercised their duty. Neither version is particularly useful to an investor trying to assess how the board actually operates.
How Actually AI handles it.
We do not write the section 172 statement; that is a governance judgement that belongs with the board and the company secretary. What we do is structure the IR website to surface the underlying evidence that makes the statement verifiable. The strategic report narrative, the employee engagement disclosures, the supplier relationship commentary, the environmental disclosures from the SECR section, and the community investment record are each held in named, linkable content blocks. The section 172 statement on the website cross-references these blocks explicitly, so that a reader can follow the assertion -- "we had regard to the interests of employees" -- directly to the evidence -- the employee survey results, the workforce consultation record, or the pay and conditions data -- rather than accepting the assertion on its face.