As we move further into 2025, several key regulations from the European Union are set to take effect. Businesses should familiarise themselves with these new rules to ensure compliance and avoid potential penalties:
- <span class="news-text_medium">Digital Operational Resilience Act (“DORA”):</span> Effective from 17 January 2025, DORA establishes a robust framework aimed at ensuring financial entities can withstand, respond to and recover from various ICT-related disruptions and threats.
- <span class="news-text_medium">EU Data Act:</span> While the EU Data Act came into force on 11 January 2024, most of its provisions will apply from 12 September 2025. This legislation introduces new standards for the exchange, distribution and use of both personal and non-personal data, as well as improving data interoperability and data-sharing practices.
- <span class="news-text_medium">Corporate Sustainability Reporting Directive (“CSRD”):</span> From 2025 onwards, the CSRD will require large companies to disclose information about how they manage social and environmental risks. This directive aims to standardise sustainability reporting across the EU, promoting greater transparency for investors and other stakeholders.
- <span class="news-text_medium">Entry/Exit System (“EES”):</span> Set to be implemented in 2025, the EES is an EU-wide electronic system for registering entry, exit and refusal of entry data for third-country nationals crossing EU borders. This system is designed to modernise border management and improve security.
- <span class="news-text_medium">European Travel Information and Authorisation System (“ETIAS”):</span> Starting in late 2025, ETIAS will require visa-exempt non-EU nationals, including UK citizens, to obtain travel authorisation before entering Schengen Area countries. This authorisation, valid for up to three years, aims to strengthen security by pre-screening travellers.
- <span class="news-text_medium">Carbon Border Adjustment Mechanism (“CBAM”):</span> Entering its transitional phase in October 2023, CBAM will require importers to report the carbon emissions embedded in certain goods. Beginning in 2026, importers will need to purchase certificates reflecting the carbon price that would have been paid if the goods were produced under EU carbon pricing rules. This measure is designed to prevent carbon leakage and promote cleaner industrial production worldwide.
- <span class="news-text_medium">Cyber Resilience Act:</span> Proposed in September 2022, this act aims to set unified cybersecurity standards for hardware and software products in the EU. After adoption, manufacturers will have a two-year period to comply with the new requirements, with enforcement expected to begin in late 2027.
Businesses with EU connections must stay informed and prepared for these regulatory changes to ensure compliance and smooth operations in 2025.
