Compliance

Top Emerging Trends in Compliance For 2025

By Michael J. Martin | January 16, 2025 | 4 min read
Compliance 2025

2025 is looking like a dynamic year for security governance and compliance. Some big changes are on the way — from brand new standards to insurance taking a larger role. What can you expect to see in the new year?

Below are the major trends we’ve noticed in compliance, risk, and governance.

The supply chain will be a major focus for compliance

You are only as strong as the weakest link in your supply chain, both digital and physical. Criminals have long known this, attacking vendors and suppliers in the hopes of getting their hands on assets belonging to their customers.

Businesses are paying more attention to this threat, and we expect to see more robust supply chain scrutiny in 2025.

AI is changing everything — including the supply chain

Building or using software with built-in AI? You may soon find yourself dealing with (or implementing) another layer of compliance. Currently there is no U.S. policy governing AI and AI-related data use (there is one in the E.U.) but organizations are taking their own steps to regulate and examine AI-based solutions.

Over the last few months we’ve been hearing from customers of all kinds that additional scrutiny to third party risk assessment for vendors that supply AI-enhanced solutions. Leaders are adding questions about AI, data use, and data privacy.

This isn’t surprising; AI has been the Next Big Thing for two years now. It’s natural that businesses are starting to recognize it as a potential risk as well. This is true for users of solutions with AI as well as for software developers who use third-party AI modules in their own products solutions — it’s critical to know what the AI is doing with the data it analyzes.

Third (and fourth and fifth) party risk will be a compliance focus

AI is just one part of the supply chain compliance picture going into the new year.

Most companies are aware of the need to secure their vendors. However, while many organizations do a good job of vetting their primary suppliers, they don’t — or can’t — vouch for the security of their second or third-party suppliers. At most, they might conduct a cursory survey of fourth and fifth party suppliers. However, the interconnectedness of the digital ecosystem has shown us that a fourth or fifth party data breach can be as devastating as a cyber attack on a third party.

In 2025, more companies are likely to find ways of going deeper, and vetting their whole supply chain. We suggest building security controls into your contracts during onboarding, requiring your third parties to adopt your security process and pass your requirements to their own suppliers.

In short, more businesses will realize that the suppliers of their suppliers are not their friends.

Compliance in the physical supply chain

The physical supply chain is likely to undergo more scrutiny as well. Businesses are likely to be looking beyond their tier one suppliers to gain a deeper understanding of their suppliers. This is likely to be fueled by security and resilience concerns as well as sustainability requirements — which brings us to our next prediction.

What will ESG look like in 2025?

Environmental, Social, and Governance (ESG) is likely to be a focus for individual organizations in the new year, especially as U.S. companies attempt to compete with their European rivals. While ESG has been more of a focus lately, the EU’s policies — such as the Corporate Sustainability Reporting Directive (CSRD) — have made it a global sustainability leader.

Because sustainability and social responsibility may be seen as a differentiator in the market, US companies who want to keep up with the EU (and do business in Europe) are likely to take it upon themselves to tighten and expand internal ESG policies in order to compete.

A focus on proactive compliance

Driven by current events, — such as school shootings and the recent assassination of the UnitedHealthcare CEO — we are starting to see a push towards a proactive compliance culture. For example, other health insurance groups are putting more resources into executive protection, rather than waiting for another assassination attempt to occur and responding after the fact. Schools are also getting more proactive about their security, and will soon have a standard to be compliant with.

The long-awaited ASIS school security standard

ASIS has been working on a comprehensive school safety standard for a while. Now planned to release in 2025, the standard provides guidance for the development, implementation, maintenance, and continual improvement of a school security program for K-12 schools. This standard has been hotly anticipated by the security community, so we expect to see much more discussion about securing schools in the next year.

Rapid changes to regulations and standards

Heavily-regulated industries are seeing increasingly rapid changes to the standards and regulations in their sector. This is likely to become more common in the coming year.

Traditionally, standards were revisited and updated once every couple of years. However, the rapid changes in the market and in technology also mean that standards have to be updated more frequently. Now standards are updated as needed and pushed out quickly.

This can be a challenge for organizations used to waiting two years for an update to a regulation. The focus for these companies will be tio stay on top of new changes so they don’t unintentionally fall out of compliance.


What challenges will your business face this year?

Contact us now about assessing your security, and make a plan for the next year.

Are you ready to improve your organization’s risk management?

See why our clients call us 'game changing.'
Book Risk-Free Demo