Elevate the power of your work
Get a FREE consultation today!
Stay ahead of data regulations in 2025
Blogs and Articles
Regulatory changes are shaking up data management practices… again! Now is the time to reevaluate data lifecycle management, including AI adoption and the role of Information Governance. Jump into the recap of my discussion with two data privacy attorneys below.
Ready or not, the world of data privacy is changing yet again. And we aren’t talking about minor tweaks. New regulations, including the EU AI Act, OFAC in North America, and similar legislation popping up across the globe, are poised to dramatically reshape how businesses manage their records and data. These changes will significantly impact data retention schedules, making a critical reevaluation of your data lifecycle management practices in 2025 absolutely essential.
To kick off this year’s Education Series, I’m joined by Iron Mountain data privacy attorneys Julia Bonder-Le Berre and Justin R. Hampton in our first webinar Navigating the regulatory landscape in the year ahead. We cover everything from the latest legislative updates to practical strategies for ensuring your organization is managing compliance and minimizing risk.
Related: Watch the full webinar
Balancing innovation and risk
Artificial intelligence (AI), in all its forms, offers transformative potential for numerous industries and aspects of daily life, but it also introduces a range of ethical and legal concerns. Regulations are essential to ensure that AI technologies are developed and deployed responsibly, balancing the benefits of innovation with the need to protect individuals and their rights.
The diversity of regulatory approaches worldwide reflects the ongoing debate about how best to govern AI and the challenges of keeping pace with the rapid advancements in technologies. Striking the right balance between promoting innovation and safeguarding against potential risks is a complex task, requiring collaboration between Information Governance leaders, governments and private organizations, data managers, and individual contributors at every organizational level.
We are very early on the journey of AI regulation. The environment remains dynamic in response to rapid changes to the technology.
Trendsetting global regulation
From the United States to Singapore, the approach to regulations is as varied as the physical landscape. Many jurisdictions favor a risk-based approach, where the level of regulatory oversight is proportionate to the potential risks associated with specific AI applications. Others have implemented stricter regulations, including outright bans on certain uses of AI, such as those deemed to pose a high risk of harm to individuals or society.
The EU AI Act is indeed a landmark piece of legislation, adopting a risk-based framework to govern the development and deployment of AI. And while the act continues to set a precedent, recent adjustments show a push for competitiveness alongside compliance. In the US, Colorado’s AI Act leads state-level regulation, focusing on high-risk systems and consumer protection. Canada’s federal efforts face political hurdles, prompting provinces like Ontario to take the lead with targeted AI legislation. These shifts highlight a worldwide focus on balancing innovation with responsible AI deployment.
Understanding the impact of the EU AI Act across the globe:
Here’s how some regional legislation is taking shape:
European Union
- The EU AI Act establishes global standards with AI literacy requirements and prohibited uses.
- There is a recent shift to prioritize competitiveness alongside compliance, demonstrated by adjustments to liability provisions.
- Data retention requirements remain through mandatory logging and risk assessments of AI programs.
United States
- The Colorado AI Act is pioneering state-level regulation focused on high-risk AI systems and consumer protection.
- So far, this legislation is setting a framework for other US states, though it is also undergoing real-time updates.
- The Office of Foreign Assets Control (OFAC) recently updated its statute of limitations from 5 years to 10. Thus, the government can take action up to 10 years after that specific date.
Canada
- The Federal AI and Data Act is currently halted, creating regulatory uncertainty.
- Ontario’s Bill 194 is a provincial-level regulation targeting public sector AI use and consumer protection.
Asia-Pacific
- Singapore introduced the Model AI Governance Framework for AI, which sets out best practices for how private organizations can develop, deploy, and use AI, but it has not announced plans to develop AI-specific laws.
- The Australia Privacy Act 1988 is currently undergoing significant reforms, which will have a profound impact on how personal data is handled, especially in the context of AI.
- The Office of the Australian Information Commissioner (OAIC) is releasing guidance on how current privacy laws apply to the use of AI, with specific guidance released for both developers and deployers of AI systems.
Information Governance for the changing face of data privacy
Organizations need to create Information Governance programs that are free of silos and have functioning cross-collaborative effort.
Both public and private entities are increasingly concerned with where their data resides and who ultimately governs its use. Data transfers and sovereignty are at the forefront of regulatory discussions, which translate to evolving legislation that directly impacts how organizations manage cross-border data flows.
At the same time, the growing sophistication of cyber threats has amplified the importance of robust digital data loss and cybersecurity laws. These laws are expanding the scope of traditional data protection, demanding that Information Governance (IG) leaders implement more comprehensive measures to safeguard their digital assets.
A proactive approach to IG is more critical than ever.
Governance programs should include detailed data mapping, well-defined retention schedules, and clear data handling policies. Data and information leaders can focus on seamless collaboration between various departments within their organizations. By fostering far-reaching communication and alignment, organizations can establish a cohesive framework that not only addresses regulatory requirements but also optimizes data management practices.
The evolving role of Information Governance:
Practical steps to stay ahead of regulations
Navigating the ever-shifting terrain of data regulation demands vigilance and adaptability. Our panelists recommend that you concentrate on these key areas:
- Stay informed about the latest regulatory developments
- Invest in data mapping and ensure your data retention schedules are up-to-date
- Foster a culture of collaboration and learning within your organization
- Adapt, learn, and flow with the changing landscape
Watch the full webinar
Interested in learning more about this topic and hearing the live Q&A with our panelists? Visit Iron Mountain’s 2025 Education Series to watch the on-demand recording of Navigating the regulatory landscape in the year ahead and to register for upcoming webinars.
Featured services & solutions
Information Governance Advisory services
More than 100 information governance experts are ready to help grow your program with a comprehensive approach
Policy Center
Know your obligations and show compliance with our online Policy Center tool
Iron Mountain Education Series
Inspirational conversations with thought leaders to accelerate your digital journey
Related resources
View More ResourcesView More Resources
