Find a lawyerOur capabilitiesYour careerSearch
Executive summary

The 2025 Data Law Trends report is here, and this year’s findings reveal one thing loud and clear: the pace of change in data law is accelerating, profoundly impacting businesses.

We’ve identified eight key trends that will shape the future, and they’re more than just legal shifts – they’re strategic opportunities for those ready to act.

Last year, we reported on key disruptions as new technologies and regulations began to take hold. In 2025, the stakes are even higher. Data laws are shaping everything from risk management to growth opportunities, and staying ahead of these shifts is critical.

From the rise of AI governance to the tightening of data transfers, these trends reflect the new realities of doing business in a data-driven world. Each one has been carefully pinpointed by our global team of experts, who are advising top tech companies on the frontlines of these changes.

Our goal with this report is simple: to give you the insights you need to stay ahead of these changes. It’s a guide to help you prepare your business, navigate the challenges, and seize the opportunities.

Dive in – the future of data law is here, and it’s moving fast.

2025 Data law trends
Previous reports

Notes

Data protection and privacy laws, which we collectively refer to as ‘privacy laws’ in this report, vary around the world – along with their associated terminology and definitions. Given the global influence of EU privacy laws, especially the General Data Protection Regulation (GDPR), this report generally uses EU privacy law terminology to refer to similar concepts (eg ‘personal data’, ‘data protection impact assessments’, ‘data protection officers’ and ‘data subjects’) since readers will often be most familiar with those terms.

Law stated as at 1 October 2024

Data law is no longer a peripheral concern – it’s the heartbeat of modern business strategy. As we stand on the brink of transformative change, it’s crucial to recognize that adapting to these emerging trends is not just about compliance;
— Christine Lyon, Giles Pratt and Christoph Werkmeister | Global Co-heads of the Freshfields data privacy and security practice
big quote image

2025 Data law trends

Reports
Nov 29 2024
1. AI governance takes center stage

With regulatory pressures, changing expectations from shareholders and customers, and the increasing risk of litigation, it’s clear that addressing AI governance is more important than ever.

Reports
Nov 29 2024
2. International data transfers are under the spotlight

In 2025, questions around data transfers and localization requirements will still be front and center for businesses. Regulators across different jurisdictions – each with varying requirements – aren’t holding back either; they’ve shown they’re ready to impose hefty fines for non-compliance.

Reports
Nov 29 2024
3. A new wave of cyber threats is here

As global cybersecurity threats continue to evolve, companies are navigating an increasingly complex risk landscape.

Reports
Nov 29 2024
4. New global regulations are changing our digital operations

Over the past year, a global push to regulate the safety, accountability, and transparency of online services have begun to crystalize. In late 2023, the EU Digital Services Act came into force alongside the passage of the UK Online Safety Act, signaling a significant shift in how digital intermediaries are regulated.

Reports
Nov 29 2024
5. Tougher enforcement is reshaping data and privacy compliance

The spotlight on AI risks is intensifying, and with it comes a surge in data-related regulatory enforcement worldwide. Regulators are not only using existing laws but are also advocating for greater powers to oversee AI development and deployment.

Reports
Nov 29 2024
6. US State consumer privacy laws are expanding

Consumer privacy legislation in the US has reached a critical turning point. With no comprehensive nationwide privacy law in place, individual states have begun enacting their own laws to safeguard consumer privacy. Currently, over 40 percent of US states have implemented consumer privacy laws, and momentum continues to grow as additional states propose and consider their own legislation.

Reports
Nov 29 2024
7. Asia’s privacy laws are maturing

In recent years, many countries across Asia have either rolled out new comprehensive privacy laws or made significant amendments to existing regulations. Notable examples include China, India, Indonesia, Japan, Malaysia, South Korea, Sri Lanka, Thailand, and Vietnam. Currently, Indonesia, India, and Malaysia are working toward the full implementation of their newly amended laws.

Reports
Nov 29 2024
8. New EU data access regulations are shaping the future

The European Commission’s Data Strategy 2020 has paved the way for new data access regulations that will significantly impact businesses across Europe. In this chapter, we dive into the data access rights established by the EU’s Data Act, along with two pivotal Common European Data Spaces: the European Health Data Space (EHDS) and the Financial Data Access (FIDA) framework.

contact card image
Data and Cyber Newsletter
Sign up to our weekly Data & Cyber Newsletter.

Follow Freshfields’ for regular bulletins that will help you keep abreast of the rapidly changing data, cybersecurity, digital markets and AI legal landscapes.