2024 was an important stage in the history of technology regulation.
Newly introduced laws and regulations aimed at ensuring safety, transparency, and responsibility in the digital environment and fighting the dominance of large technology companies were adopted. These measures cover areas such as artificial intelligence, cybersecurity, digital service, and cryptocurrencies, setting a global regulatory standard…. So, to wrap up the 2024 year, let`s discover the main tech legislation and how it's going to embrace upcoming 2025!
Core regulations of 2024
In 2024, significant legislative measures were adopted in the field of technology aimed at strengthening regulation and ensuring the safety of digital products and services. The key ones include:
AI Act. The European Union approved the world's first comprehensive law on artificial intelligence, which entered into force on August 1, 2024. The relevant regulation establishes several provisions, including specific prohibitions, restrictions, and permits, such as banned applications and law enforcement exemptions. Additionally, the EU's AI Act defines rules for every company using artificial intelligence systems based on four levels of risk.
Cyber Resilience Act. The Cyber Resilience Act entered into force on 10 December 2024. The main obligations introduced by the CRA will apply from 11 December 2027. The relevant Regulation introduces mandatory cybersecurity requirements for manufacturers and retailers that govern the planning, design, development, and maintenance of such products. It also provides for cybersecurity obligations for entities at all stages of product creation and operation, and in the event of a breach, establishes sanctioned liability for companies for information leakage.
Digital Markets Act. Although the Regulation was adopted in 2022, it is in 2024 that the EU is paying special attention to monitoring compliance with these rules and improving its implementation mechanisms. First and foremost, the DMA aims to create a more competitive and fair digital marketplace where innovative startups and companies can develop on a level playing field with technology giants ‘gatekeepers’ (for example, Amazon, Apple, ByteDance, Meta, Microsoft). Most DMA requirements are aimed at ensuring sustainable and equitable development of the digital ecosystem. Gatekeepers are required to ensure that their platforms and services are interoperable with third-party solutions. This includes supporting integration and interoperability with gatekeepers' platforms, which prevents them from creating undue advantages. They are also prohibited from favouring their own services to the detriment of smaller competitors' products and services, promoting healthy competition.
Digital Services Act. The Digital Services Act (DSA) entered into force on 16 November 2022, and its main provisions began to apply at different times:
From 25 August 2023 - for very large online platforms and search engines (with an audience of more than 45 million users in the EU).
From 17 February 2024 - for all other online platforms, digital intermediaries and service providers covered by the law.
The Digital Services Act (DSA) protects consumers and their fundamental rights in the digital space by introducing clear and balanced rules. It stimulates innovation, economic development and competitiveness, and supports the development of small platforms, start-ups and SMEs. In line with European values, the law changes the balance of roles between users, platforms and authorities, making citizens the top priority.
Cryptocurrencies` governance development
In 2024, cryptocurrency regulation became a global trend as many countries focused on establishing clear rules to protect consumers, combat illegal activities and foster innovation in the digital asset space. Here are the main changes:
In the United States, after years of uncertainty, the Securities and Exchange Commission (SEC) has made its position on cryptocurrencies clear, classifying most of them as securities and declaring its intention to regulate them. However, the SEC is not the only body that has the final say on cryptocurrency-related issues. However, the change of power in the country after this year's elections may change the approach of both the SEC and the entire federal government to cryptocurrencies.
In the European Union, The MiCA provisions relating to CASPs will apply from 30 December 2024. The Regulation itself establishes uniform rules for the cryptocurrency market in the EU. It provides for mandatory registration of cryptocurrency companies and compliance with consumer protection standards. What about the requirements for CASPs? CASPs will be obliged to comply with both general requirements that apply to all types of services they provide and specific obligations set for certain types of services. Providers authorized under MiCA will be able to take advantage of the European passport, which will allow them to provide their services in all EU countries.
As for other countries and their legal developments in the cryptocurrency sphere, China, for example, continues to ban cryptocurrency trading and mining, but as an alternative is introducing and developing the digital yuan.
Key achievements & mistakes
The year 2024 was marked by significant progress in the tech sector (artificial intelligence, cybersecurity, etc.), as well as changes in technology legislation aimed at strengthening data protection and ethical standards.
Two sides of the same coin - Artificial intelligence. Why? Since the beginning of 2024, artificial intelligence has been gaining incredible momentum in terms of discussion and implementation in business, workflows, education, and defense. This year can be called the beginning of the artificial intelligence era. However, this increase in data growth has led to an increased focus on ethical issues such as privacy, algorithm bias, and responsible use of artificial intelligence technologies.
Among the achievements. The Artificial Intelligence Act (AI Act) came into force in the EU in August 2024. This is the first large-scale regulation in the world designed to control the use of AI in the EU. This document classifies AI systems by risk level: from minimal to unacceptable.
Speaking of the US, today there is no single national law to regulate AI in this country, but there are numerous initiatives and regulations at the state and federal government levels (The National AI Initiative, The National Institute of Standards and Technology's (NIST) AI).
The world was not ready at the legislative level for such an active introduction of artificial intelligence and faced the challenge of introducing legislative norms and rules that would regulate the activities of artificial intelligence in various spheres of life.
Cybersecurity. Microsoft Digital Defence Report 2024 highlights the main trends and threats in global cybersecurity. One of the key insights is the blurring of the lines between the activities of state actors and cybercriminals, who often collaborate to achieve political and strategic goals. The number of attacks on critical infrastructure, such as energy and water supply, is growing rapidly due to the vulnerability of Internet devices. Conflicts, such as the war in Ukraine, demonstrate the active use of cyber tools and hybrid influence operations that extend beyond the war zones.
Artificial intelligence has become a double weapon - it is used both to enhance attacks and to defend against them. Despite the introduction of multi-factor authentication (MFA), attacks on personal data have increased to 600 million cases per day, and attackers often bypass protection through social engineering. The report emphasises the need for innovative approaches to cyber defence and international cooperation to effectively counter growing threats.
Among the achievements. Despite the aforementioned gaps in cybersecurity, the world has made progress:
1. Implementation of the Zero Trust architecture. Many organisations have moved to the Zero Trust model, which is based on the principle of ‘never trust, always verify’. This approach improves cloud security by reducing the risk of unauthorised access to sensitive data.
2. Improving the security of cloud data. There is an increased focus on encryption, multi-factor authentication (MFA) and role-based access control (RBAC), which ensures that only authorised users have access to data and reduces the risk of leaks.
3. Development of artificial intelligence (AI) and machine learning (ML) technologies in cybersecurity. AI and ML are actively used to detect threats, predict attacks, and automate incident response, which increases the effectiveness of information system protection.
Analysing the above achievements and gaps, it can be concluded that the world is facing challenges to improve existing legislation, and unify and harmonize it, which can only be achieved through unification and enhanced cooperation between countries.
Trends & upcoming changes in 2025
The key technology trends in 2025 are expected to include autonomous artificial intelligence (Agentic AI), AI governance platforms for ethical use, quantum computing and cryptography, climate technologies for mitigation, convergence of human and machine intelligence, hybrid computing, spatial computing for interactive experiences, and multifunctional robots. These innovations will contribute to efficiency, safety and sustainability in various industries.
Due to this rapid pace of technological change, governments will seek to adapt legislation to balance innovation and security.
Thus, in 2025, significant changes in technology legislation are expected due to the following trends:
1. Regulation of artificial intelligence. The rapid development of AI raises concerns about ethical aspects, transparency, and liability. Governments seek to establish clear rules to ensure the safe and ethical use of AI.
2. Strengthening cybersecurity. The growing number of cyber threats requires the introduction of proactive defense methods, including the use of AI, and stricter cybersecurity regulation.
3. Protection of intellectual property. The development of digital technologies requires the improvement of intellectual property legislation to support innovation and protect the rights of authors.
4. Regulation of financial technologies (FinTech). The rapid growth of the FinTech industry is prompting the adoption of new legislation aimed at supporting and developing innovation in the financial sector.
5. Data protection and privacy. The increasing volume of digital data requires stronger data protection legislation to guarantee the privacy and security of individuals' personal information.
Cases & learning points
In 2024, the European Union and the USA saw several important court decisions related to technology and its regulation. Here are some of them:
Developing rules on deepfakes: In November 2024, a US federal judicial panel agreed to develop rules governing the use of evidence obtained through artificial intelligence, including deepfakes. This decision is aimed at ensuring the proper use of AI technologies in litigation and protecting against potential misuse.
The fine against Google: In September 2024, the Court of Justice of the European Union confirmed the decision to impose a fine of EUR 2.7 billion on Google for abuse of dominant position in the market. The company was accused of using its own price comparison service to gain an unfair advantage over competitors.
Restrictions for Meta: In December 2024, the EU Court of Justice ruled that Meta (the owner of Facebook) must restrict the use of user data for personalized advertising, citing the Data Protection Act. This decision underlines the importance of personal data protection in the digital age.
These court decisions reflect the growing attention of regulators to the activities of large technology companies and their impact on the market and society.
Our company insights and advice on preparations for 2025
The year 2024 demonstrated the rapid development of technology legislation around the world. This affects Tech businesses, startups, large corporations, and users. To successfully adapt to the changes in 2025, you should pay attention to the following aspects:
1. Stricter requirements for data privacy and security. The European General Data Protection Regulation remains the benchmark for privacy. Updates are expected in 2025 to cover new technologies such as AI and IoT. USA: States such as California will continue to introduce their own laws, such as the CCPA/CPRA (California Consumer Privacy Act), which require transparency in data collection and use.
Advise: Conduct a data audit, assess how personal data is stored and used. Use monitoring systems, encryption, and tools to ensure regulatory compliance.
2. Preparing for innovations in the regulation of cryptocurrencies and blockchain technologies.
Insight: The licensing and authorization provisions of the EU MiCA Regulation (Markets in Crypto-Assets) will come into force at the end of 2024. Beginning in January 2025, Crypto Asset Service Providers (CASPs) must start applying for licenses to operate legally within the EU. During a grandfathering period of up to 18 months, existing providers can continue their operations while working towards full compliance with the new requirements (from December 30, 2024, to July 1, 2026).
3. Adapting to digital transformation and Web3. Web3, based on decentralized technologies such as blockchain and smart contracts, is transforming business through decentralization, transparency, and user control over their data. This opens up new opportunities for monetization, efficiency and customer engagement, including through tokenization, NFT, DeFi and DAO. At the same time, the technology faces challenges such as scalability and regulatory uncertainty. Companies that adapt to these changes will be able to remain competitive in the decentralized future.
Insight: Web3 creates new business opportunities through decentralisation, transparency and user control over data. Technologies such as smart contracts, NFTs and DeFi are transforming business models, paving the way for efficiency, new revenue streams, and global scale.
Recommendation: Businesses should invest in integrating Web3 technologies such as blockchain and smart contracts, and consider tokenizing their assets. It is important to adapt to the new paradigm of data and customer trust management.
In conclusion, 2024 marked a pivotal year for tech regulation, with landmark legislation like the EU AI Act and the Cyber Resilience Act laying the groundwork for a more responsible digital future. As we move into 2025, managing this framework will be crucial for businesses. This necessitates a proactive approach to AI compliance, enhanced cybersecurity measures, robust data privacy strategies, and a keen understanding of the regulatory field for cryptocurrencies and Web3 technologies.
Comments