• 30 Jan 2025
• •
• 3 min read

Legislation update: Key legal and compliance changes in early 2025

Christmas already feels like a distant memory, and 2025 is shaping up to be a significant year for UK businesses when it comes to legal and compliance developments. Here are some of the key updates from January and what they signal for the months ahead.

Artificial intelligence (AI)

On 13 January, the government published an AI Opportunities Action Plan alongside its official response. The Action Plan makes 50 recommendations, primarily aimed at:

• Leveraging AI to boost productivity and economic growth.
• Enhancing public services through increased efficiency and lower costs.

This focus on AI underscores its growing importance across sectors, with businesses encouraged to stay ahead of emerging trends.

Cybersecurity

The government has launched a consultation on proposals to address the growing threat posed by the criminal infection of computer systems with malicious ‘ransomware’ software. Three core legislative proposals have been put forward:

• Targeted ban on ransomware payments: for all public sector bodies, including local government, and for owners and operators of Critical National Infrastructure, that are regulated, or that have competent authorities.
• Ransomware payment prevention regime: All ransomware victims (not covered by the proposed ban) would need to:
  • Report their intention to make a ransomware payment before paying over any money to the criminals responsible.
  • Receive approval before any payment is made to ensure compliance with sanctions and anti-terrorism laws.
• Incident reporting regime: Introduces mandatory reporting requirements for suspected ransomware incidents.

Data protection

Data protection remains a dynamic area, with various EU cases and EDPB opinions already published this year. But crucially, international transfers are also under the spotlight again:

• European General Court ruling: The European General Court set a new precedent by ordering the European Commission to pay damages to an individual for unlawfully transferring their personal data to the US without adequate protections.
• Political developments in the US: The election of Donald Trump as US President has raised questions about the stability of the EU/US Data Privacy Framework and its UK equivalent, the Data Bridge.
• UK adequacy decision: The EU’s adequacy decision for the UK is set to expire in June 2025 unless renewed, potentially impacting international data transfers from the EU to the UK.

Digital Markets, Competition and Consumers Act 

This significant piece of legislation aims to reform the UK’s consumer and competition law. Key updates include:

• Competition and digital market changes: These provisions came into effect on 1 January 2025.
• Consumer protection reforms: These changes are now set for Spring 2025
• Subscription contract reforms: Implementation has been delayed until Spring 2026 at the earliest, offering businesses more time to prepare.

Employment law

The Neonatal Care (Leave and Pay) Act 2023 will come into effect from 6 April 2025. This new right applies from the first day of employment and provides leave for parents of babies under 28 days old who are admitted to hospital for 7 or more consecutive days. You can read more here.

Procurement Act 2023

We previously discussed the Public Procurement Act, which governs public procurement processes and will come into effect on 24 February 2025. Organisations involved in public sector contracts should ensure compliance with the new regulations.

Online Safety Act

The Online Safety Act 2023 introduces new responsibilities for social media and search platforms to improve user safety. Initial implementation steps include:

• Age assurance measures: Ofcom has issued guidance for services to adopt effective age verification systems.
• Children’s access assessments: Must be completed by 16 April 2024.
• Risk assessments for child-accessible services: To be conducted by July 2025.

What to expect

With so much happening in January alone it looks like there will be a lot for in-house legal teams and compliance teams to keep up with in 2025.

Disclaimer

This information is intended for general informational purposes only and does not constitute legal advice. We recommend seeking professional advice before taking any action on the information provided. If you would like to discuss your specific circumstances, please feel free to contact us on 0800 2800 421.