![](https://static.wixstatic.com/media/9dbcad_ca8571b7222b46b1b1ab72c7afeff6bc~mv2.png/v1/fill/w_980,h_733,al_c,q_90,usm_0.66_1.00_0.01,enc_auto/9dbcad_ca8571b7222b46b1b1ab72c7afeff6bc~mv2.png)
All I need for Christmas is compliance with my business…
We know how perfect and empowering a plan is. 2025 is shaping up to be a year of significant legal challenges and opportunities for tech businesses. From data privacy to AI regulation, the stakes are high. To manage this complex field and succeed, it's essential to stay informed and take proactive steps to protect your business. This article is the trustworthy guide on which regulations and frameworks were key in 2024, what are the learning points, expectations and changes, and how to become prepared for the 2025-compliance year with your innovative business!
Let`s dive in the main regulatory approaches that has impacted 2024, and will be only embraced in 2025:
On 1 August 2024, the European Union implemented the world’s first legislation governing the use of AI in both public and private sectors — the EU AI Act. This act aims to mitigate the various potential risks associated with AI while ensuring that it is safer and more secure for businesses operating within the EU.
As part of the phased compliance rollout, the EU AI Act emphasizes the importance of AI literacy among employees to ensure safe and compliant AI usage.
Starting February 2, 2025, the EU AI Act requires organizations in the European market to ensure employees involved in AI use and deployment have adequate AI literacy. This applies to both AI system providers and users.
According to Article 4 of the EU AI Act:
“Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used.”
20 June 2025 marks a milestone for Europe’s smartphone market. On this date, two directives from the European Commission will come into force and disrupt the industry, through new standards for energy labelling and ecodesigns.
20 June 2025 marks a milestone for Europe’s smartphone market. On this date, two directives from the European Commission will come into force and disrupt the industry, through new standards for energy labeling and ecodesigns.
Smartphone vendors and their suppliers have been adjusting products and roadmaps since drafts of the directives were first published in 2022. In the next nine months, manufacturers will release new and updated devices, as any product intended to stay on the market after 20 June 2025 must be compliant. For example, if Apple wants to keep the next iPhone series on the market beyond June 2025, the changes will likely be made at the next launch events.
The Digital Operational Resilience Act (DORA) is a EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025.
It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and making sure that the financial sector in Europe is able to stay resilient in the event of a severe operational disruption.
With the introduction of DORA, financial institutions are now required to follow stringent guidelines for safeguarding against ICT-related incidents. These include measures for protection, detection, containment, recovery, and repair. DORA explicitly targets ICT risks, introducing clear rules for ICT risk management, incident reporting, operational resilience testing, and oversight of ICT third-party risks.
The Markets in Crypto-Assets Regulation (MiCA) institutes uniform EU market rules for crypto-assets. The new legal framework will support market integrity and financial stability by regulating public offers of crypto-assets and by ensuring consumers are better informed about their associated risks.
The MiCA Regulation will come into full force at the end of 2024.
Therefore, such crypto assets will be subject to regulation from 2025:
ART (Asset-referenced token) - tokens tied to assets or currencies (for example, stETH).
EMT (Electronic money token) - tokens pegged to one official currency (USDT - sounds familiar, right?).
Other crypto assets range from Bitcoin and Ether to meme coins and utility tokens.
What will remain outside the scope of MiCA regulation?
NFTS;
Securities, derivatives, deposits;
Social payments, pensions;
Electronic money, if it is not EMT.
Therefore, entrepreneurs should prepare for new transparency standards for launching crypto projects.
The Financial Conduct Authority (FCA) wants to overhaul safeguarding practices to improve consumer protection. Key proposals include:
Same-day segregation: Customer funds must now be segregated on the same business day they’re received, replacing the current next-day (D+1) requirement.
Daily reconciliations: Firms will need to perform both internal and external reconciliations every business day to ensure accuracy.
Stronger insolvency protections: A statutory trust will be introduced over customer funds, offering better safeguards if a firm goes insolvent.
New reporting and audit rules: You’ll be required to submit enhanced audits and a monthly regulatory return to the FCA.
These new rules will be set out in the Client Assets Sourcebook (CASS) section of the FCA’s Handbook of rules and guidance, providing firms with a clear framework for compliance.
The proposed changes would be implemented in two stages:
Interim rules (2025):
The FCA plans to finalise these rules by mid-2025.
A six-month transition period will follow, giving firms time to adjust.
End-state rules:
These will establish the statutory trust and replace the current regulations.
A 12-month implementation period is expected after publication.
Those regulations are proposed as a vivid way of tech development in 2025, so what are the main trends and changes to expect?
Growth of AI
ChatGPT was introduced a mere two years ago. Now, generative AI is anticipated to be embedded in 80% of conversational AI models in 2025.
AI is expected to be the most important technology in 2025. We’ll see more sophisticated models that automate complex processes or repetitive tasks, enhance customer experiences through personalization, improve decision-making processes, and aid a variety of industries, including healthcare, finance, and education.
We’re likely to see more regulations in 2025, including protections against discrimination and the spread of discrimination, as well as greater data transparency. Human-centered AI, which indicates that AI demands human oversight and input, will also be essential.
Green Tech
Technology and the environment have long seemed to be at odds. It’s imperative to find ways to reduce environmental impact and account for our natural resources. This is the only way to address challenges regarding the environment and society.
Enter green tech, also known as climate tech or cleantech. Guided by the environmental, social, and governance (ESG) framework, green tech often leverages renewable resources, focuses on energy efficiency, and aims to minimize your carbon footprint.
What is more, as part of the European Green Deal, the European Commission has adopted two regulations for smartphones and tablets, namely this one on ecodesign and another on energy labelling. Together, they aim to allow EU consumers to make more informed and sustainable purchasing choices and to encourage sustainable consumption.
Global Cybersecurity
With threats mounting, businesses must be on higher alert than ever before. Yet only 2% of companies worldwide have implemented cyber resilience across their organization, according to PwC’s 2025 Global Digital Trust Insights survey. The same survey found that the top four cyber threats named—cloud-related threats, hack-and-leak operations, third-party breaches, and attacks on connected products — are also the ones security executives are least prepared to face.
The emergence of sophisticated technologies heightens the risk. For instance, AI-created malware aids cybercriminals. There is an increased attack surface thanks to remote work with the expansion of the IoT and public cloud. Generative AI allows for the infiltration of deepfakes. And these are just some of the threats we’re facing.
Blockchain Beyond Cryptocurrency
The World Economic Forum expects that 10% of global GDP may be tokenized and stored on the blockchain by 2027. However, despite the fact that cryptocurrency launched blockchain’s rise to stardom, its implications and use cases already extend far beyond the monetary realm.
Offering security, transparency, immutability, and decentralization, blockchain applies across industries and niches.
For example, blockchain enhances transparency in supply chains, allowing manufacturers, businesses, and consumers to track products’ journeys. In healthcare, which frequently grapples with sensitive data, it enables better data sharing, patient record management, insurance claim processing, and more.
In 2025, we may well see blockchain being used to secure personal data for enhanced data management. Increasingly, the technology could be applied to digital voting, providing identity protection and tamper-free ballot-casting. It also means greater transparency in entertainment and media through, for instance, secure licensing and royalties distribution.
Safeguarding customer funds
Between 2018 and 2023, insolvencies among payment and e-money firms revealed widespread issues with safeguarding practices. These failures led to significant losses for consumers, and recent case law has added uncertainty about the protection of funds during insolvency. By introducing stricter rules, the FCA aims to provide clearer protections and reduce the risk of consumer harm.
If you manage a payment or e-money institution, these new rules will reshape how you safeguard customer funds, with major implications for your daily operations and compliance processes.
As professionals, we`re here to simplify your lives a little bit, providing the roadmap - key action steps that you need to take in 2025 with compliance! To effectively manage the changes, companies should implement a strategy that encompasses compliance, operational resilience, and proactive engagement with regulatory requirements. Stay tuned and approach us for free initial consultation.
Frequently check regulatory developments and information from established bodies such as the European Banking Authority (EBA), European Securities and Markets Authority (ESMA), the UK's Financial Conduct Authority (FCA) and others.
Invest in compliance technology by assessment mechanisms to evaluate readiness of your systems, identify gaps, and draft plans for implementing necessary systems.
Enhance data management, as similarly to the point above, more comprehensive data collection needs preparation for compliance audits. You can start getting ready now by identifying potential issues in data collection, storage, and analysis and plan how you can improve to stay compliant across all regulatory areas.
Choose cross-functional teams that prioritise synergetic work. Many of the regulations will require collaboration between finance, IT, legal, and other departments, as in our team. Stay ahead of the curve by preparing your teams for the upcoming changes, building relationships, and communicating projects that may be on the horizon.
The future is bright for tech businesses, but management of the regulatory landscape can be enduring. Icon.Partners are here to equip you with the knowledge to thrive in 2025. From AI regulations to enhance consumer protection, we've outlined key trends and upcoming changes.
Take proactive steps – implement a compliance strategy, invest in technology, and empower cross-functional teams. Partner with use for expert guidance and a smooth transition to a compliant 2025. Let's turn compliance into a competitive advantage, together!
Comments