A European Parliament briefing published on 5 March 2026 offers a useful artifact for understanding what EU-UK digital cooperation actually looks like five years after the Trade and Cooperation Agreement (TCA) entered into force. The document, authored by Maria Niestadt for the European Parliamentary Research Service, maps cooperation across AI, cybersecurity, platform regulation, and data sharing. The mechanism? Dialogue, information exchange, regulatory updates, and coordination in international fora.
This is not a headline-grabbing development. But for those tracking how Europe's digital governance actually functions – through which channels, under what constraints, with what enforcement capacity – the briefing reveals something worth examining: a relationship that operates largely through soft coordination rather than binding alignment.
The TCA Review Window Opens
The timing matters. Article 776 of the TCA mandates a joint review of the agreement's implementation five years after entry into force – meaning 2026 is the year both sides must formally assess what's working and what isn't. The European Parliament's Committees on Foreign Affairs (AFET) and International Trade (INTA) have already begun drafting an implementation report, as documented in earlier EPRS analysis.
Digital cooperation sits in a peculiar position within this review. Unlike goods trade, where friction is measurable in customs delays and tariff schedules, digital cooperation resists easy quantification. How does one measure the value of information exchange on AI governance? What's the counterfactual for collaboration in international arenas?
The briefing acknowledges this ambiguity without resolving it. Cooperation exists. It takes specific forms. Whether those forms are sufficient for the challenges ahead – AI safety coordination, cross-border data flows, platform accountability – remains an open question.
Research Cooperation: A Clearer Signal
The research and innovation track offers more concrete data. According to a separate EPRS briefing from 9 March 2026, the UK has been associated with Horizon Europe since 1 January 2024, with nearly 6,000 UK Horizon projects recorded as of early January 2026.
This number deserves unpacking. Association to Horizon Europe was a hard-won outcome after years of post-Brexit uncertainty. UK researchers faced a period of exclusion that damaged collaborative networks and created lasting institutional memory. The 6,000 projects represent recovery, not baseline.
The legislative proposals for Horizon Europe (2028-2034) and the Euratom training programme (2028-2032) now create a decision point. Will the UK's association continue under similar terms? Will nuclear science and technology cooperation – explicitly mentioned in the briefing – expand or contract? These questions will be negotiated against a backdrop of broader geopolitical realignment, including transatlantic trade tensions and shifting US policy on technology partnerships.
The Asymmetry Problem
One structural feature of EU-UK digital cooperation deserves attention: the asymmetry in regulatory gravity.
The EU has spent the past five years building a comprehensive digital regulatory architecture – the AI Act, the Digital Services Act (DSA), the Digital Markets Act (DMA), the Data Act, the Cyber Resilience Act. This body of law creates compliance requirements that extend beyond EU borders through market access conditions and supply chain obligations.
The UK, meanwhile, has pursued a more sector-specific, principles-based approach to AI governance, explicitly positioning itself as an alternative to the EU's prescriptive model. The result is two regulatory systems that share vocabulary but diverge on enforcement mechanisms, risk classifications, and compliance timelines.
Cooperation in this context means something specific: it means the UK tracking EU regulatory developments closely (because UK firms selling into the EU must comply), while the EU monitors UK approaches for competitive positioning and potential regulatory arbitrage. The information exchange is real, but the power dynamics are uneven.
This asymmetry shapes what dialogue can accomplish. The EU has less incentive to adjust its frameworks based on UK input; the UK has strong incentives to maintain interoperability without formal alignment. The result is a relationship that functions through parallel development rather than joint rulemaking.
Cybersecurity and FIMI: Where Interests Converge
The briefing identifies cybersecurity and foreign information manipulation and interference (FIMI) as areas of active cooperation. This makes structural sense. Cyber threats do not respect borders, and both the EU and UK face similar threat actors – state-sponsored intrusion campaigns, ransomware ecosystems, coordinated disinformation operations.
The EU's ongoing Cybersecurity Act review, flagged in the European Parliament's 2026 priorities, will shape the institutional architecture for EU cyber resilience. Whether and how the UK integrates with this architecture – through information sharing agreements, joint threat assessments, or coordinated incident response – remains to be determined.
FIMI cooperation carries particular salience given the documented targeting of democratic processes across Europe. The European Parliament's recent work on Women in the age of AI-enabled disinformation signals growing attention to how AI tools amplify manipulation campaigns. UK-EU coordination on detection, attribution, and response could strengthen both parties' resilience – but requires trust and institutional channels that take time to build.
What the TCA Review Should Address
The 2026 review offers an opportunity to move beyond general statements about cooperation toward more specific commitments. Several questions merit attention:
Data adequacy and flows. The UK's data adequacy decision, which allows personal data to flow from the EU to the UK without additional safeguards, expires in 2025 and requires renewal. Any divergence in UK data protection standards could trigger reassessment, with significant implications for digital services trade.
AI governance coordination. As both jurisdictions implement their respective AI frameworks, practical questions emerge: Will conformity assessments be mutually recognized? How will high-risk AI systems operating across both markets demonstrate compliance? What mechanisms exist for coordinated enforcement against non-compliant actors?
Platform regulation alignment. The DSA creates obligations for very large online platforms operating in the EU. UK platforms serving EU users must comply; EU platforms serving UK users face a different regulatory environment. The friction points are predictable; the resolution mechanisms are not.
Talent mobility. Research cooperation depends on researcher mobility. The current visa and work permit arrangements create barriers that did not exist pre-Brexit. The 6,000 Horizon projects represent collaboration despite these barriers, not because of their absence.
The Institutional Capacity Question
Beyond specific policy domains, the deeper question concerns institutional capacity for sustained cooperation. Dialogue requires interlocutors. Information exchange requires trusted channels. Coordination in international fora requires aligned positions developed through prior consultation.
The EU has built substantial institutional infrastructure for digital governance – the AI Office, national market surveillance authorities, the European Data Protection Board, ENISA (the European Union Agency for Cybersecurity). The UK has its own institutions, but the connective tissue between them and their EU counterparts remains thin.
Building that connective tissue is slow work. It happens through working-level relationships, repeated interactions, and accumulated trust. The TCA provides a framework, but frameworks require people to operate them.
Looking Forward
The EU-UK digital cooperation briefing is a snapshot, not a verdict. It documents what exists without claiming that what exists is sufficient. For policymakers, the relevant question is whether the current architecture of dialogue and information exchange can scale to meet emerging challenges – AI safety incidents requiring rapid coordination, cross-border platform harms requiring joint enforcement, cyber attacks requiring real-time response.
The 2026 TCA review creates a window for upgrading this architecture. Whether that window is used depends on political will, institutional capacity, and the recognition that digital cooperation is not a luxury but a necessity in an increasingly fragmented global technology landscape.
The mechanisms matter. The channels matter. The enforcement pathways matter. Everything else is commentary.
For those working through these questions – how Europe's digital governance actually functions, where the gaps are, what institutional capacity is needed – these conversations will continue in Vienna. Human x AI Europe on May 19 brings together founders, investors, policymakers, and builders to work on exactly this terrain.
Frequently Asked Questions
Q: What is the current status of EU-UK digital cooperation after Brexit?
A: According to the European Parliament's March 2026 briefing, EU-UK digital cooperation continues through dialogue, information exchange, regulatory updates, and coordination in international forums across AI, cybersecurity, platform regulation, and data sharing. This cooperation operates through soft coordination rather than binding legal alignment.
Q: How many UK projects are part of Horizon Europe as of 2026?
A: As of 9 January 2026, nearly 6,000 UK Horizon projects have been recorded since the UK's association with Horizon Europe began on 1 January 2024, according to EPRS documentation.
Q: When is the EU-UK Trade and Cooperation Agreement review scheduled?
A: Article 776 of the TCA mandates a joint review five years after entry into force, meaning 2026 is the review year. The European Parliament's AFET and INTA committees are already drafting an implementation report.
Q: What happens to UK data adequacy status under EU law?
A: The UK's data adequacy decision, which permits personal data flows from the EU to the UK without additional safeguards, expired in 2025 and requires renewal. Any significant divergence in UK data protection standards could trigger reassessment by the European Commission.
Q: How does EU-UK cooperation work on cybersecurity and disinformation?
A: The EU and UK cooperate on cybersecurity and foreign information manipulation and interference (FIMI) through information sharing and coordination, driven by shared threat actors including state-sponsored intrusion campaigns and coordinated disinformation operations.
Q: What are the main areas of regulatory divergence between EU and UK digital governance?
A: The EU has implemented comprehensive prescriptive frameworks (AI Act, DSA, DMA, Data Act), while the UK pursues a more sector-specific, principles-based approach. This creates compliance asymmetry where UK firms must meet EU standards for market access, but formal regulatory alignment does not exist.