Data protection is now firmly established as one of the key pillars of the global policy landscape. 2024 brought the NIS2 Directive in Europe, new SEC disclosure rules in the US, and the UK Cyber Governance Code of Practice, among others.
As we approach the end of Q1 2025, the sands of cyber resilience are shifting once more. Around the world, governments and regulators are introducing and refining various pieces of legislation to enhance cyber security measures, protect consumer privacy, and address emerging technological challenges. This article provides a snapshot of the key initiatives and their potential impact.
In July 2024, Labour announced the Cyber Security and Resilience Bill during the State Opening of Parliament. This proposed legislation aims to update the existing Network and Information Security Regulations 2018 to bolster the UK’s cyber defences and protect critical infrastructure and digital services.
The bill is currently under parliamentary review, with discussions expected to continue through mid-2025 before potential enactment later in the year.
With strong cross-party support for cyber security enhancements, the bill is expected to pass. However, specific provisions may be adjusted during legislative debates. The bill will drive higher cyber security compliance standards, making it essential for businesses to strengthen their cyber defence strategies.
In January 2025, the US Department of Health and Human Services proposed updates to the HIPAA Security Rule to strengthen protections for electronic protected health information (ePHI).
The public comment period ended in March 2025, with final regulations expected by late 2025.
Healthcare organisations must invest in robust cyber security measures to meet compliance requirements and protect sensitive patient data.
The Digital Operational Resilience Act (DORA) became effective on 17 January 2025, establishing a cyber security framework for financial entities within the EU.
Financial entities are expected to comply by mid-2025.
DORA is expected to increase cyber security resilience in the financial sector, preventing large-scale disruptions from cyber incidents.
South Africa continues to strengthen its cyber security landscape through the enforcement of the Cybercrimes Act (2020). Thus far, only certain sections of the Act have become operational. In 2025, additional provisions are expected to come into full effect, requiring organisations to enhance data protection measures and report cybercrimes more proactively.
The Act is being enforced in phases throughout 2025, with final compliance deadlines for businesses expected by the end of the year.
To avoid regulatory penalties, organisations will be required to improve their cyber security incident response capabilities and mitigate cyber threats effectively.
India's Digital Personal Data Protection Act (2023) is set to be fully enforced in 2025, marking a significant shift in the country's data privacy and cyber security landscape. The law introduces stringent data protection obligations for organisations handling personal data, aligning India more closely with global data protection frameworks like the EU GDPR.
DPDPA’s provisions will be phased in throughout 2025, with key compliance deadlines expected in the second half of the year.
Businesses operating in India must enhance their data protection strategies, invest in stronger encryption and cyber security frameworks, and ensure compliance with India's evolving digital regulations to avoid hefty fines.
2025 is set to be another key year in the cyber resilience landscape. These updates reflect a global commitment to protecting digital assets, preventing cyber incidents, and ensuring business continuity.
To adapt to these regulations, businesses must invest in cutting-edge solutions to remain compliant and resilient with regulations globally. Redstor’s data backup and recovery solutions guarantee full data recovery and compliance across borders.
Get in touch today to learn how Redstor can protect your data.
