Data Regulations in 2025: What to Expect
As 2025 ramps up, businesses across sectors must brace themselves for a dynamic regulatory landscape, especially in the realm of data and digital technologies. With the enforcement of significant frameworks such as the Digital Operational Resilience Act (DORA), this year promises to mark a turning point in how organizations approach compliance and governance. Here’s what you need to know.
A Shift Toward Enforcement
While the groundwork for many regulations has been laid in recent years, 2025 will see a shift from planning to action. For example, the EU’s NIS2 directive, aimed at enhancing cybersecurity across essential services and digital infrastructure, will move into stricter enforcement phases. Similarly, the AI Act will require organizations to evaluate and document their use of artificial intelligence, while DORA will ensure financial institutions and their service providers are resilient to operational disruptions. Companies should anticipate penalties for non-compliance as the EU demonstrates its commitment to upholding these frameworks.
Regulations Beyond Tech Giants
Although ambitious regulations like the DSA and AI Act are often perceived as targeting American tech giants, their reach extends to all businesses leveraging digital tools. For instance:
- Digital Service Providers: These organizations will face overlapping requirements under multiple frameworks, including NIS2 and the AI Act, due to their dual roles as both users and producers of AI technologies.
- Traditional Businesses: Sectors such as insurance and pharmaceuticals, which are accustomed to regulatory constraints, will now encounter entirely new compliance challenges. This includes ensuring « AI literacy » among employees as outlined in Article 4 of the AI Act, which requires organizations to demonstrate that users understand AI systems they interact with.
The Importance of Gap Analysis
To navigate this complex regulatory environment, businesses should conduct thorough gap analyses. This involves evaluating compliance with existing frameworks and identifying areas where additional measures are needed to meet new requirements. For organizations that have already invested in adhering to one or two regulations, building on these efforts can streamline future compliance efforts.
Green Regulations on the Horizon
Another critical trend is the growing convergence of digital and environmental regulations. As data centers proliferate, their environmental impact is becoming a focal point for policymakers. While comprehensive legislation on sustainable digital practices may not emerge in 2025, businesses can expect increased pressure from both regulators and market forces to adopt « green » practices. Proactive efforts in this area could soon become a competitive advantage.
The Role of Geopolitics
Geopolitical factors, such as the return of Donald Trump to the U.S. presidency, will influence the regulatory environment. Historically, transatlantic tensions over data sharing have complicated compliance for multinational organizations. How the EU responds—whether by imposing sanctions or pursuing negotiations—will shape the global regulatory landscape in 2025.
Preparing for the Future
The coming year offers businesses an opportunity to rethink their approach to compliance and innovation. Organizations with plans to deploy AI-driven profiling or complex algorithms should prioritize ensuring that employees and stakeholders understand the ethical and regulatory implications of these tools. As micro-uses of AI proliferate, their long-term compliance and operational impacts cannot be underestimated.
In 2025, the regulatory landscape will demand agility, foresight, and a willingness to adapt. By staying informed and proactive, businesses can turn compliance challenges into opportunities for growth and differentiation in an increasingly regulated world.
- Date 29 janvier 2025
- Tags Data & IA, Practice IT, Practice transformation & organisation agile, Regulatory landscape, Regulatory Landscape, Stratégie IT