New & updated content

This subtopic contains a series of Practice Notes that tell you, on a month-by-month basis, about any amended or newly published content in Risk & Compliance in that year. This content may have been added or amended to reflect regulatory changes or as part of our ongoing content development.

See Practice Note: New and updated content 2025—Risk & Compliance.

See

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Risk & Compliance News

UK government faces fresh pressure to introduce cyber regulation reform

MLex: UK companies are still awaiting the Cyber Security and Resilience Bill, as lawmakers this week renewed pressure on the government to introduce the legislation as soon as possible. The Bill is expected to align with Directive (EU) 2022/2555 (NIS 2 Directive) and to expand regulatory duties across critical sectors. But following a cabinet reshuffle, the government refused to give a timeline when questioned on 10 September 2025, saying only that it would be introduced ‘when parliamentary time allows’.

ICO clarifies myths on storage and access technologies

The Information Commissioner’s Office (ICO) has clarified common misconceptions about how the Privacy and Electronic Communications Regulations (PECR) apply to storage and access technologies such as cookies, tracking pixels and device fingerprinting. It confirmed that PECR is not limited to personal data, that ‘strictly necessary’ must be judged from the user’s perspective, and that consent is required for non-exempt purposes. The ICO also noted that a draft impact assessment has been published and will be finalised following consultation.

EDPB launches consultation on draft guidelines on interplay between EU DSA and GDPR

The European Data Protection Board (EDPB) has opened a public consultation on its draft Guidelines 3/2025, which address how the EU Digital Services Act (EU DSA) and Regulation (EU) 2016/679 (General Data Protection Regulation (GDPR)) should be applied consistently where provisions overlap. The draft explains lawful bases for processing personal data when detecting or removing illegal content, clarifies transparency duties for recommender systems and advertising, and underscores the prohibition on targeted ads using special categories of data. It also highlights the importance of cooperation between Digital Services Coordinators and data protection authorities to prevent regulatory inconsistencies. The consultation runs until 31 October 2025.

OFSI publishes annual frozen assets reporting notice for 2025

The Office of Financial Sanctions Implementation (OFSI) has published its annual frozen assets reporting notice for 2025. The notice outlines the annual reporting obligations under UK financial sanctions legislation. All individuals and entities holding or controlling funds or economic resources belonging to designated persons must provide the required report to OFSI by 30 November 2025. This includes assets both within the UK and overseas, provided they fall under UK jurisdiction. Reports must reflect the status of these assets as of 30 September 2025.

View Risk & Compliance by content type :

News