Regulatory Frameworks

Category: News
Published: 5^th December 2025

Access our Report

The regulatory landscape is tightening globally. Organisations must comply with frameworks such as GDPR, NIS2, the EU AI Act, ISO 42001, and emerging sector-specific guidance for financial services and healthcare. For example, the FCA Consumer Duty requires financial institutions to evidence strong operational resilience, responsible data use and robust oversight of suppliers. Similarly, NHS-linked bodies must use the Data Security and Protection Toolkit (DSPT), which requires clear identity access controls, privileged-account governance and breach-response readiness.

Data Privacy

Enforcement is intensifying. The message from the ICO in October 2025 was clear: “Maintaining good cybersecurity is fundamental to economic growth and security. With so many cyber attacks in the headlines, our message is clear: every organisation, no matter how large, must take proactive steps to keep people’s data secure. Cyber criminals don’t wait, so businesses can’t afford to wait either”. In 2025, Capita were issued a fine of £14m for failing to ensure the security of personal data related to a breach and Guernsey’s Office of the Data Protection Authority (ODPA) fined a medical group £100,000 after patient data was stolen due to poor patching and delayed threat detection.

AI Governance

The release of ISO 42001 and growing AI regulatory frameworks highlight the need for organisations to monitor AI usage, enforce data access controls, and maintain auditability of AI-driven processes. Organisations that fail to establish clear AI governance risk not only operational disruption but also regulatory penalties.

Download the full Cyber Trends 2026 Report

Get the complete analysis and recommendations in a board-ready PDF.

Read the Report

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
crisp-clientsession/*	6 months	Session ID for existing chat through Crisp chat
li_gc	2 years	No description

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-3109036-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Send a message

Contact details

Social media

Regulatory Frameworks

Data Privacy

AI Governance

Download the full Cyber Trends 2026 Report