On 13 April 2026, Great British Energy - Nuclear (GBE-N) signed a contract with Rolls-Royce SMR. The deal covers three small modular reactors (SMRs) at Wylfa in North Wales. The three units will generate at least 1.4 GWe, enough for around three million homes for 60 years. The National Wealth Fund committed up to £599m ($797m, €701m).
The steel and the money are the straightforward part. The hard part is proving to a regulator that the design, the data and the control systems are sound. That proof is the real schedule. This month, regulators across Europe are showing exactly how it works.
GBE-N bought £300m of independent assurance before it signed the reactor contract

Twelve days before the reactor deal, GBE-N signed something quieter. On 1 April it awarded a £300m ($399m, €351m) Owner's Engineer contract to an Amentum and Cavendish Nuclear joint venture. Cavendish is part of Babcock.
The venture, Litmus Nuclear, provides independent assurance across design, safety, engineering, construction and commissioning. The contract runs up to 14 years. Its purpose is to ensure the programme meets every regulatory requirement and reaches a final investment decision. Assurance was bought first, on purpose.
The schedule gate is not steel or money. It is a regulator's assessment due December 2026

Rolls-Royce SMR's design sits in the third and final stage of the Generic Design Assessment (GDA). The UK's nuclear regulators run it. That assessment is expected to conclude around December 2026. A final investment decision is expected in 2029.
The GDA is where a design becomes buildable. The regulator examines safety, security and the evidence behind both. No amount of factory throughput moves that gate. The pace of the assessment sets the pace of the pour.
The regulator fined Sellafield £332,500 for cyber failures with no attack

This is not theoretical. In October 2024 the Office for Nuclear Regulation fined Sellafield Ltd £332,500 ($442,000, €389,000) for cyber security shortfalls. The failures spanned 2019 to 2023 and breached the Nuclear Industries Security Regulations 2003.
No attacker exploited the gaps. The company was still prosecuted and pleaded guilty. It had failed to run required health checks on its operational technology (OT) and information systems. The lesson is blunt. In regulated nuclear, weak assurance is an offence, attack or not.
What best describes your work?
IEC 62443 and ISO 19650 are the two standards a regulator can actually audit

Assurance needs a common language. Two public standards provide it. IEC 62443 sets cyber security requirements for industrial control and OT systems. ISO 19650 sets how project information is structured, exchanged and handed over.
Neither is exotic. Both are used across data centres, energy and process industries. That is the point. A regulator, an insurer or an owner can audit against them. Standards turn "trust us" into "here is the evidence."
Finland and four other regulators just made design assurance cross-border

The direction is international. On 3 July 2026, Finland's regulator STUK published a Joint Early Review of a new SMR design. It was conducted with regulators from the Czech Republic, Poland, Sweden and Ukraine.
Five authorities assessed one concept against their national rules. None found a fundamental obstacle. All stressed that leveraging one country's assessment elsewhere requires significant preparation and clear approaches. Portable assurance needs standardised evidence. The regulators said so themselves.
Could you hand a regulator the digital evidence for your last project without a scramble?
France, Canada and the UAE treat digital evidence as delivery, not paperwork

The pattern repeats across continents. In France, EDF holds a 12.5% stake in Britain's £38bn ($50.5bn, €44.5bn) Sizewell C. French engineering firm Assystem is doubling its UK nuclear workforce. These are delivery organisations built on documented, auditable engineering.
In Canada, the regulator CNSC has aligned with the UK and US on principles for artificial intelligence in nuclear. Those principles start from one requirement: the data a model reads and the answers it gives must be checkable. In the UAE, the four-unit Barakah fleet reached full operation in 2024. Repeatable, documented delivery cut Unit 4's schedule 40% against Unit 1.
Regulators now target a two-year design assessment. Standards-first delivery is how

Here is the counterintuitive part. Rigorous assurance accelerates a regulated programme. The UK's regulators now aim to complete a design assessment in two years, partly by trusting regulators abroad. The Rolls-Royce SMR is 90% factory-built to a standardised design. Repetition only pays if every unit carries identical, verifiable evidence.
A programme that structures its data to a standard clears regulatory review faster. It reuses assessments across units and borders. It avoids the rework that a Sellafield-style gap forces. Discipline upfront buys speed later. That is engineering, not bureaucracy.
AI can assemble the evidence. A competent person still signs it

Artificial intelligence is useful here, within limits. It can gather records, flag gaps and assemble a conformance case in hours rather than weeks. It makes a mountain of design and construction data legible.
It does not sign the safety case. A competent engineer does, and a regulator accepts it. Intelligence informs. Expertise decides. The value is moving evidence from visible to decision-worthy, so the person at the gate can act with confidence.
The bottom line
Britain's new nuclear age will not be won on steel or spending. It will be won on data a regulator can trust. GBE-N bought assurance before it bought a reactor. Finland is standardising it across borders. Sellafield shows the cost of neglecting it.
The same discipline governs data centres, LNG and every regulated build. Standards-first delivery is the fast route, not the slow one. The programmes that treat assurance as the product, not the paperwork, will set the schedule for everyone else.
Next week: Johor's data-centre demand hit 3.8 GW. Singapore's cap sent it there.
[Webinar] 8 levels of context maturity in AI-native engineering
AI is in your engineering workflow. While the token spend shows it, the throughput doesn't. The human is very much still in the loop, and that's a context problem.
Join live July 23 (FREE) to learn:
The 8 levels of context maturity: where most teams are stuck and what the ceiling looks like at each stage
Why more MCPs, rules, and skills provide agents access but not understanding
How leading engineering teams are using a context engine to make the most of their agents



