Major laws we’re tracking:
- Crime and Policing Bill – Will mean senior managers can be personally liable for ANY corporate offence
- Cyber Security and Resilience Bill – Will mandate cyber security and training for more companies
- Money Laundering and Terrorist Financing (Amendment and Miscellaneous Provision) Regulations 2025 – Will update AML laws for regulated entities
- EU Digital Omnibus – Will reduce compliance obligations of some aspects of GDPR and EU AI Act
- New Zealand Crimes Amendment Bill & Modern Slavery Bill – Will extend corporate modern slavery compliance and make reporting mandatory for companies with over NZ$100m revenue p.a.
UK regulatory update
The UK is proposing a shakeup in how mergers and acquisitions are reviewed and how the Competition and Markets Authority undertakes investigations, but this could open the door to more political influence.
The Bank of Scotland received a £160,000 penalty for breaching sanctions because of a slight spelling change between a Russian passport and the sanctions list.
The UK has now moved to a single sanctions list instead of the previous multiple lists.
The Public Office (Accountability) Bill, better known as the Hillsborough Law, could have a serious impact on the HE/FE and other public bodies who will face a duty of candour in the event of an inquest or major health and safety investigation.
The Serious Fraud Office has come out with new bribery red flags that firms should be aware of, and the wider message is that evidence beats box ticking.
Provisions of the Data (Use and Access) Act 2025 which criminalise the creation of non-consensual intimate images using AI have been implemented. The use of apps for such purposes will be criminalised under the Crime and Policing Bill.
EU regulatory update
The EU is planning new cybersecurity laws. Once passed, the Cybersecurity Act 2 and Digital Networks Act will reshape supply chain security, certification and digital infrastructure.
The EU AI Act continues its uneven application. Finland became the first country to bring its version into national law, enabling it to fine companies for breaches. But the Omnibus plans to cut down on some obligations.
An interesting GDPR case shows the limits of the law. A train passenger in Austria claimed that being addressed as Mr or Ms was inaccurate personal data as they were non-binary, but this was rejected.
The EU’s deforestation regulation (EUDR) has been delayed again. The end of 2026 is the new supposed deadline for some parts of the law, but it remains to be seen what will come into force.
US regulatory update
Yet another AI hallucination in a court case has cost plaintiffs’ counsel $86,000 in fines imposed by a court in Florida.
A federal court sentenced the CEO of a Georgia-based manufacturer to eight years in prison for a complex bribery and AML scheme. He paid hundreds of thousands in bribers to a Honduran government entity for guaranteed business.
Regulatory issues with AI and healthcare are coming into the spotlight as Big AI seeks to improve health outcomes, but runs into HIPAA issues.
The legal market
The VinciWorks AML Core Group met in January and discussed significant issues affecting the sector including forthcoming FCA supervision, CDD, new technology and what’s coming next for AML.
When it comes to AML compliance, a recurring theme in SRA reports is the difference between policies and practice. Only a small minority of law firms meet AML expectations in full, exposing firms to risk of fines.
An investigation into the $4 billion OneCoin scam shows the continuing risk of cryptocurrency. The pyramid scheme highlights the AML issues intertwined with crypto, and reminds why it should always be treated as high risk.
Meanwhile a new study shows that crypto is central to financial crime, with at least $82 billion laundered through the ‘currencies’ in 2025.
Around the world
Singapore’s new Workplace Fairness Act and forthcoming Workplace Fairness Dispute Resolution Bill will add additional discrimination protections and HR compliance layers to the financial hub.
New guides
Compliance Tech Buyers Guide 2026: Compliance meets resilience
The state of cryptocurrency compliance in 2026: Key risks and challenges
Sexual harassment and the Employment Rights Act: Your guide to implementing all reasonable steps
A practical 10-step guide to getting started in data protection
Thriving in a volatile regulatory landscape: A playbook for compliance leaders
When data thinks: The intersection of GDPR and AI
Omnitrack – Legal Suite Use Case
The Employment Rights Act 2025 for Health and Safety Professionals
Astute: Compliance eLearning experience platform
Where can I find more?
Follow our daily blog. Check out our new guides. Subscribe to the podcast.
