See what's coming next in cyber and data protection regulation.
Stay ahead of the ever-evolving regulatory landscape and understand which upcoming pieces of legislation may impact your organisation. In this guide, we break down the key regulatory changes impacting the UK, Europe, US, and other regions across the next three years. Sharing key information on each framework, including the scope and when they will come into effect, this guide will help you anticipate any changes in your regulatory requirements.
UK and Europe
Our key updates cover:
- The European Commission reaffirming that the UK provides an adequate level of data protection
- The Data Use and Access Act receiving royal assent
- Updates and amendments to the Cyber Security and Resilience Bill, Crime and Policy Bill, and Cyber Resilience Act
- NIS2 national measures in Germany and Portugal
Covered in this guide: UK Data Use and Access Act, EU AI Act; Portugese Decree-Law 125/2025; The Implementing Regulation (EU) 2025/2392; Digital Omnibus Regulation; Norway Act on Artificial intelligence; Hungary AI Act; Italy AI Law.
US
Our key updates cover:
- Which state-level privacy measures have come into effect in January 2026
- State-level AI measures coming into effect later this year
- New regulations and acts aiming to promote child/teen safety, sensitive data regulation, and AI transparency and security
Covered in this guide: APRA; US AI Bill; CCPA; ICDPA; FLorida AI Bill of Rights and Data Centers Bill; Pennsylvania House Bill 1530; The Vermont Age-Appropriate Design Code Act; CAIA; Virginia Senate Bill 854; Amendment to the Business & Commerce code, Texas; Texas Senate Bill 1188; The New York Artificial Intelligence Companion Models Act; New York Algorithmic Pricing Disclosure Act; New York Cybersecurity Regulation Amendments; Guidance on Managing Risks Related to Third-Party Service Providers (New York); The RAISE Act; Michigan House Bill 5357.
Global
Our key updates cover:
- The acceleration of regulation globally in 2026
- Which Asia-Pacific measures have come into effect in January 2026
- How cross-border transfer compliance is becoming more structured
- The tightening of "trustworthy AI" controls
Covered in this guide: Australian Privacy and Other Legislation Amendment Bill 2024; The Children’s Online Privacy Code (Australia); The AI Impact Assessment Tool Australia; Brazil AI Bill; Brazil Bill No.36/2025; Colombia Bills No. 214/2025 and No. 274/2025; Law 21.719 is Chile’s major privacy reform; Chile Model Contractual Clauses; Paraguay Personal Data Protection Act; Argentina Data Protection Law Draft; Canada Bill C-26; Canada Bill C-8 on Cybersecurity; Ethiopia Personal Data Protection Bill (PDPP); Gambia The Personal Data Protection and Privacy Act; Bangladesh Bill for the Personal Data Protection Ordinance; South Korea Publication and Distribution of Artificial Intelligence (AI) Security Guide; India Bills 182 amendment to the DPDPA; India Bills 277 amendment to the DPDPA; China Amendments to Cybersecurity Law; Thailand Draft Guidelines on AI use in Financial Services; Personal Data Protection Law (PDPL) (Vietnam); Vietnam Law on Artificial Intelligence
