Brace for impact: major UK and EU regulatory changes set to transform 2025

2025 is poised to be a landmark year for businesses as a wave of new UK and EU regulations promise to reshape industries and redefine compliance standards. From product safety laws to AI regulations, leaders across multiple sectors will need to stay ahead to navigate these changes effectively.

The January edition of Regulatory Radar, released today by international law firm RPC, provides a deep dive into the most critical regulatory updates. Packed with insights from the firm's regulatory practice the report breaks down what these developments mean for business and how leaders can prepare for the challenges and opportunities ahead.

Major regulatory changes on the horizon

Among the standout changes are:

Product Regulation and Metrology Bill (PRAM)

Introducing the most significant changes to UK product safety regulation in four decades, this will allow the UK to adopt EU standards on product safety whilst maintaining flexibility to deviate from EU regulations when it is in the interest of UK businesses and/or consumers. The Bill is set to impact regulators and businesses, especially online marketplaces, manufacturers of lithium-ion batteries and products that contain artificial intelligence (AI).

AI regulation

While risk-based approaches to AI regulation still dominate, significant legislation that aims to enable users and consumers to readily identify AI-generated content and its provenance is starting to emerge. There is also a broader consensus around key concepts such as AI and generative models which may be considered as progress towards a more unified international approach.

Cybersecurity and resilience

Introduced to Parliament in 2025, the Cyber Security and Resilience Bill aims to strengthen UK cyber defences. As we await the Bill's specific wording, the UK Government has advised one of the crucial updates in the Bill will be to expand the remit of the legacy regulatory framework to protect supply chains following the rise in large scale and high-profile incidents. In the EU, the Digital Operational Resilience Act (DORA), which comes into force from 17 January 2025, and the NIS2 Directive also introduce risk management frameworks that will impact supply chains in key infrastructure areas.

EU deforestation delay

The European Commission has delayed the implementation of the EU Deforestation Regulation (EUDR) to 30 December 2025, allowing businesses more time to prepare for compliance with its onerous monitoring obligations by tracking or diverting supply chains, and investing in supply chain tracing technology where necessary. More clarity around the EUDR and a list of regions that will be classified as "low risk" for import, requiring a lower standard of due diligence, is expected by 30 June 2025. While the delay will be welcomed by many businesses, proactive preparation is key to ensure timely compliance.

Fraud prevention

On 6 November 2024, the Home Office released its much-anticipated statutory guidance on the new failure to prevent fraud offence, outlining a framework for organisations to ensure reasonable fraud prevention procedures, including regular risk assessments, adequate resourcing, and the appropriate use of data analytics and AI. While the offence doesn't come into effect until 1 September 2025, companies should prioritise preparations to align with the standards set out in the guidance now. Failure to comply could have severe consequences, with organisations facing potentially unlimited fines if convicted.

Autumn Budget

While the impact of the Autumn Budget on businesses and the UK economy remains to be seen, the increase in NICs and measures related to smoking products and soft drinks could put significant pressures on businesses and stifle growth in key sectors such as retail and hospitality. Businesses will need to carefully navigate these adjustments whilst balancing growth and compliance costs.

Partner and Head of Regulatory at RPC, Gavin Reese, remarked: "The regulatory landscape is becoming increasingly complex, with significant changes on the horizon for 2025. Staying ahead of these developments is not just about avoiding penalties—it’s about maintaining a competitive edge and fostering trust with stakeholders and customers. Businesses must adopt proactive compliance strategies to navigate this new era of regulation."

Preparing for the future

RPC’s Regulatory Radar provides actionable insights to prepare and adapt to these changes, underscoring the importance of aligning operations with ever-evolving compliance demands.