Samuel Rasmussen

The UK’s data protection regime has just undergone its biggest recalibration since Brexit. On June 19, 2025, the Data (Use and Access) Act (DUAA) received Royal Assent, introducing a suite of reforms aimed at modernizing how organizations collect, use, and share personal information. But unlike GDPR’s transformative shake-up in 2018, this legislation is more evolutionary than revolutionary, nudging UK data protection in a direction that’s lighter on red tape, but still recognizably rights-driven.

In the U.S., the regulatory landscape is trying to catch up, but in true American style, it’s a bit of a mess. It’s fragmented, complex, and, at times, contradictory. The goal of the legislation is to manage the risks, promote innovation, and make sure AI is used responsibly. But how we get there, and who’s in charge of making the rules, is anything but straightforward. As AI moves from being an abstract concept to a core part of business operations, understanding this evolving legal maze is crucial for companies.

The House Financial Services Committee has advanced a proposal that would dismantle the Public Company Accounting Oversight Board (PCAOB). If enacted, the legislation would fold the PCAOB’s responsibilities into the Securities and Exchange Commission (SEC), prompting fears about the long-term stability of financial market oversight. The proposal has ignited a heated debate, with PCAOB Chair Erica Williams leading the charge against it, warning that the change could cause significant disruptions.

In the vast and sprawling digital landscape, where our lives are lived in bits and bytes, we often forget how much of our personal data is at risk, until something shatters that illusion of safety. In the early months of 2025, that illusion was pierced when a massive data breach at X (formerly Twitter) exposed over 200 million user records. Names, email addresses, screennames, user IDs, and profile images, fragments of millions of lives, were laid bare for anyone to see.

The UK government’s plan to modernize its cyber defenses isn’t just another legislative checkbox. It’s a pointed response to a threat that’s evolving faster than policy typically can. With ransomware attacks delaying over 11,000 NHS appointments last year and state-sponsored actors regularly probing UK infrastructure, the forthcoming Cyber Security and Resilience Bill is just trying to catch up.

The AMF's 2025 International Seminar wrapped up on March 20, leaving behind not just a digital trail but an invaluable conversation on the future of global financial regulation. Held in a 100% online format from March 10 to 20, the event brought together over 950 participants from 85 financial market authorities worldwide. It was a gathering of minds—regulators, experts, and thought leaders—all grappling with the growing complexities of financial markets in today’s fast-paced, tech-driven world.

The Institute of Internal Auditors (IIA) recently released a Public Consultation Draft for its Third-Party Topical Requirement. At first glance, it may seem like a technical set of guidelines, but the stakes are high. As businesses increasingly rely on third-party relationships—whether with vendors, contractors, consultants, or others—internal auditors face growing challenges in managing these complex connections. The IIA’s draft aims to offer a more standardized, comprehensive approach to assessing and managing the risks tied to external partnerships. For organizations that regularly engage with third parties, the draft provides a clear framework designed to ensure that no critical risks go unnoticed.