Given digital technology is so central to how we live, work, transact and communicate, we have recently seen the finalisation of an unprecedented amount of digital regulation in both the UK and the EU.
In such a fast-moving environment, this begs the question; how should companies stay ahead of the curve? Although the exact response will obviously be company specific, a proactive and strategic approach is key.
As an overriding theme, 2025 is set to be a pivotal year in terms of the regulatory implementation of many new digital rules.
This includes online safety and competition obligations, where we will see both the relative maturing of the EU regimes and the corresponding UK regimes (e.g. the Online Safety Act) coming into effect.
Taking the Online Safety Act as an example, this requires that online services build in safety by design and move from a reactive to a proactive response to online harms. Online services should be preparing now, given Ofcom’s timeline for completion of risk assessments in 2025. Ofcom has estimated that approximately 100,000 online services are within scope.
Consumers purchasing online must be treated fairly
From a broader consumer protection perspective, this year will usher in the new powers of the UK Competition and Markets Authority (CMA) to directly enforce a range of consumer law. The CMA is expected to prioritise activity to ensure that consumers are treated fairly when purchasing online. This should be high on the board and executive agenda of consumer facing companies that have a significant online presence, in particular given the new financial penalties that the CMA has at its disposal, including up to 10% of world-wide turnover.
Artificial intelligence
It almost goes without saying that there will also be a continuing regulatory focus on AI, which we see as coalescing around the key themes of risk, growth, competitiveness, protection of human rights and freedoms, and accountability. Taking just one example, a significant amount of implementation activity under the EU’s AI Act will take place. Firms with activities in the EU should already be assessing which of their current and planned AI systems and models fall within the scope of this regulation and conducting a gap analysis against key requirements.
Cloud computing
Regulators are also focused on interventions to unlock economic growth and promote innovation. One example is in relation to cloud computing, which is so integral to the economy today. New EU regulatory requirements under the EU Data Act will go live during the year, designed to address concerns about a lack of cloud service provider competition, customer ‘lock in’ and limited interoperability, all of which are believed to act as barriers to multi-cloud adoption. In the UK, similar concerns in respect of the largest cloud service providers have been highlighted by the CMA enquiry team, with a recommendation that they be investigated under the UK’s new digital markets regime that went live in January.
Data sharing
Another example is in relation to data sharing, with new rules for sharing connected product data, such as connected cars or smart home devices, going live in the EU. The UK’s Data (Use and Access) Bill is also likely to become law in the UK, which is expected to lead to the introduction of new Smart Data schemes in certain areas of the economy like the energy market. This aims to generate benefits such as those achieved via open banking, for example.
One thing is clear – the role of digital regulation in today’s society will continue to be central to the public, political and economic debate for the remainder of the year ahead.
Deloitte’s Digital Regulatory Outlook 2025 is available here.
Suchitra Nair is partner and head of Deloitte’s EMEA centre for regulatory strategy
Robert MacDougall is director in Deloitte’s centre for regulatory strategy
