Clifford Chance
2025: A Critical Year for Cybersecurity Compliance in UK and EU
In 2024, businesses across Europe observed an evolving cybersecurity landscape characterized by overlapping new legal frameworks. The European Union (EU) introduced several significant texts to protect its digital ecosystem, imposing obligations on a wide range of entities, from manufacturers to financial institutions.
As we move into 2025, the focus shifts from legislation to implementation. EU and UK entities, alongside foreign businesses seeking market access, face mounting expectations to elevate cybersecurity practices.
Beyond technical robustness, compliance must align with the legislative intent, emphasizing harmonization, transparency, and fostering trust within the digital economy. These measures aim to address cross-border risks and build resilience against escalating cyber threats.
Our Tech Group Partner, Patrice Navarro and Senior Associate, Oscar Tang have written this article for Infosecurity Magazine which examines the EU’s key legislative instruments – the NIS 2 Directive, Cyber Resilience Act (CRA) and Digital Operational Resilience Act (DORA) – which together harmonize cybersecurity standards across critical sectors such as infrastructure, digital products and financial services.
It also explores the interplay with broader frameworks, including the AI Act and the General Data Protection Regulation (GDPR), underlining the need for a cohesive regulatory strategy.
The UK’s complementary cybersecurity regulations are also discussed, highlighting their alignment and divergence from EU frameworks. Finally, practical steps for businesses navigating compliance in 2025 are outlined, aiming to foster resilience and long-term competitiveness.
Read the full text on Infosecurity Magazine