The end of the year is a natural time to reflect on key developments and plan for what’s ahead. In that spirit, we’ve rounded up some of 2024’s most notable regulatory compliance highlights and shared a preview of what’s on the horizon for 2025.
AI regulation picked up around the world in 2024, reflecting the exponential development of the technology itself. The standout development was the EU AI Act, which became law in July. As the most comprehensive legal framework around AI to date, it follows a risk-based approach that will shape organizations’ use of AI in the EU and beyond. The Act entered into force in August, and it will follow a rolling timeline of specific provisions taking effect and related enforcement from 2025 into 2030.
The CrowdStrike cybersecurity failure in July sent shockwaves through industries, highlighting the risks of overreliance on a single vendor. This incident served as a powerful reminder of the need for robust contingency planning and diversified cybersecurity strategies to maintain operational continuity.
In the US, new regulatory requirements hit a few roadblocks:
The SEC intensified enforcement against off-channel communications—business communications made on personal devices, social media, or unapproved messaging apps. These actions resulted in significant fines, underscoring the importance of implementing and enforcing robust communication policies to ensure compliance with legal recordkeeping requirements. Notably, organizations that self-reported received lower penalties, highlighting the benefits of proactively identifying issues and self-reporting to minimize consequences.
A new presidential administration often brings changes to regulatory enforcement priorities. While specific focuses may shift, history shows enforcement rarely disappears altogether. Noncompliance remains costly, so organizations with strong compliance programs who prioritize ethical practices will be best positioned to adapt and maintain their reputations.
Attention to Diversity, Equity, Inclusion, and Belonging (DEIB) and Environmental, Social, and Governance (ESG) initiatives will remain critical on the global stage. International markets, investors, and regulatory bodies will continue to demand measurable commitments. Organizations that proactively align with evolving global ESG standards will not only mitigate risks but also position themselves to meet stakeholder expectations and seize new opportunities.
Global regulators are placing a stronger emphasis on operational resilience:
Financial institutions in these regions must act now to meet these new standards, and organizations in other sectors should pay attention to similar trends.
Following the EU AI Act, other regions are expected to introduce or begin developing their own AI regulatory frameworks in 2025. Companies leveraging AI will need to monitor these developments closely, ensuring compliance while maintaining growth and innovation.
As we reflect on 2024 and prepare for 2025, it’s clear the regulatory landscape will continue to evolve at a rapid pace. Staying ahead of these changes requires vigilance, adaptability, and a strong commitment to doing the right thing.
We wish you all a wonderful holiday season and a successful, compliance-ready start to the new year!