Global Compliance Weekly: Key Developments in Late August 2025

Compliance Hub

Compliance Hub

7 min read
Global Compliance Weekly: Key Developments in Late August 2025
Photo by Vladislav Klapin / Unsplash

A roundup of the most significant compliance developments from the final week of August 2025

Bottom Line Up Front

The final week of August 2025 has delivered several pivotal compliance developments that will reshape regulatory landscapes globally. The EU AI Act's General-Purpose AI obligations took effect August 2nd, marking a watershed moment for AI regulation. Meanwhile, major SEC enforcement actions continue under the new administration, and cross-border procurement restrictions signal increasing trade compliance complexities. Organizations must act swiftly to address these evolving requirements.

Global Privacy & Compliance Explorer
Interactive map for exploring global privacy regulations and compliance requirements. Navigate GDPR, CCPA, PIPEDA, and more.
Interactive Regulatory MapLovable

EU AI Act: General-Purpose AI Regulations Now in Force

The Game Changer

August 2, 2025 marked a critical deadline under the EU AI Act as obligations for providers of general-purpose AI (GPAI) models officially entered into force. This represents the most significant AI regulatory milestone to date for global technology companies.

The EU AI Act: Comprehensive Regulation for a Safer, Transparent, and Trustworthy AI Ecosystem
In August 2024, the European Union introduced the EU Artificial Intelligence Act, marking a significant leap in the regulation of AI technologies. As the world’s first comprehensive AI law, the EU AI Act is poised to shape how artificial intelligence is developed, deployed, and governed across industries. It aims
Compliance Hub WikiCompliance Hub

What Changed

The European Commission and EU AI Office released final Guidelines for providers of general-purpose AI models and completed a General-Purpose AI Code of Practice, with the Commission confirming the Code's formal approval on August 1st. These frameworks provide:

  • Interpretative guidance for understanding GPAI model provider obligations
  • Specific compliance measures companies can implement to demonstrate regulatory adherence
  • Clear regulatory pathways for AI deployment in EU markets
Navigating the EU AI Act: A Comprehensive Guide for Deployers of High-Risk AI Systems
The European Union’s Artificial Intelligence Act (EU AI Act) marks a significant milestone in the regulation of AI technologies. While much attention has been focused on AI providers, deployers of high-risk AI systems face equally important responsibilities. This guide breaks down the key requirements and considerations for deployers under the
Compliance Hub WikiCompliance Hub

Business Impact

Organizations deploying AI models in EU markets must now ensure compliance with these new frameworks or risk significant penalties. The regulations particularly affect companies with AI models that have widespread applications across multiple use cases.

GeneratePolicy.com - AI Security Policy Generator
Generate comprehensive security policies instantly with AI. Tailored for HIPAA, GDPR, ISO 27001, and industry-specific compliance requirements.
GeneratePolicy.com

EU-China Trade Compliance: Medical Device Procurement Restrictions

Historic Enforcement Action

For the first time, the European Commission completed an investigation under the International Procurement Instrument (IPI) and implemented measures to limit the participation of economic operators from non-EU countries – specifically China – in the EU public procurement market.

DeviceRisk.health - HIPAA Risk Assessment
Comprehensive HIPAA risk assessment and management for healthcare devices
HIPAA Risk Assessment

The New Rules

The EU responded with Implementing Regulation (EU) 2025/1197 that requires contracting authorities/entities in all EU member states to exclude Chinese suppliers – and to a certain extent products manufactured in China – from larger public procurement contracts for medical devices.

Digital Wealth Shield
Comprehensive security for high net worth individuals
Digital Wealth Shield

Strategic Implications

This action signals:

  • Escalating trade tensions between EU and China
  • Supply chain diversification requirements for EU healthcare organizations
  • New due diligence obligations for procurement teams
  • Potential reciprocal actions from other jurisdictions
HIPAA Security Assessment Tool | Healthcare Cybersecurity Self-Assessment
Free healthcare cybersecurity risk assessment tool for HIPAA compliance, IoT medical device security, and PHI protection. Identify vulnerabilities and get actionable recommendations.
HIPAASecurity.health

Enforcement Strategy Shift

Under Chairman Atkins, the SEC filed 31 enforcement actions in Q2 2025, with a strong fraud focus and continued scrutiny of advisers and broker-dealers. The new administration has implemented several key changes:

AI Security Risk Assessment Tool
Systematically evaluate security risks across your AI systems
AIRiskAssess.comAIRiskAssess Team

Notable Developments

  • Crypto-friendly approach: The SEC announced the formation of the Crypto Task Force on January 21, 2025, led by Commissioner Hester Pierce, dedicated to developing a comprehensive regulatory framework for crypto assets
  • Case dismissals: Several enforcement actions from the previous administration were dismissed as part of regulatory reform efforts
  • Focus refinement: Every case filed in district court alleged fraud, suggesting the SEC has refocused its limited enforcement resources on fraud cases involving more egregious conduct

Key Enforcement Areas

  1. Investment adviser compliance - Fee disclosures and conflict of interest violations
  2. Broker-dealer SAR filing failures - Continued emphasis on suspicious activity reporting
  3. Fraud-focused actions - Moving away from technical violations toward serious misconduct
EU Compliance Mapping Tool | Map Cybersecurity Standards Across Frameworks
Compare and map cybersecurity standards across ISO 27001, NIST, ETSI, and national frameworks. Simplify compliance with our interactive mapping tool.
Map Cybersecurity Standards Across Frameworks

Cybersecurity Compliance Intensifies

Regulatory Acceleration

The compliance landscape in 2025 is marked by aggressive regulatory momentum and cross-border enforcement alignments, with expanded reporting windows and stricter definitions of "material breach".

Healthcare Under Siege

Cyberattacks on the healthcare sector surged 86% globally in 2024, with patient data exposure and ransomware incidents driving the majority of compliance violations. New 2025 regulations demand:

  • Airtight data governance protocols
  • Zero-trust security frameworks
  • Proactive breach response capabilities
  • Real-time incident reporting

Cross-Sector Impact

The SEC now requires publicly traded companies to report cyber incidents within four business days, while HHS has refined its HIPAA enforcement playbook to include explicit criteria for ransomware breach thresholds.

PII Compliance Navigator | U.S. State Privacy Law Sensitive Data Categories
Comprehensive tool to explore which U.S. states classify different types of data as sensitive under privacy laws. Navigate compliance requirements across 19 states.
PII Compliance NavigatorDavid Stauss

UK Education Compliance Overhaul

New BCA Requirements

Starting in September 2025, UK universities and colleges will face significantly higher compliance standards under the updated UK BCA rules 2025.

Stricter Thresholds

The revised requirements include:

  • Visa refusal rate: Must maintain below 5% (previously 10%)
  • Enrollment rate: Minimum 95% of issued CAS must result in actual enrollment
  • Course completion rate: At least 90% completion required (up from 85%)

Enforcement Mechanisms

The white paper calls for a public-facing Red-Amber-Green (RAG) banding system to clearly indicate each sponsor's compliance status and boost transparency.

US State Breach Notification Requirements Tracker
Comprehensive tool for researching breach notification laws, ransomware requirements, and privacy regulations across all 50 US states.
Breach Notification TrackerBreach Notification Tracker

Internet Governance Complexity

Via the Internet, companies can publish information, offer contracts, deliver virtual items, and send payments to any country in the world, raising questions about what law governs transactions and activities involving businesses in multiple jurisdictions.

Practical Implications

Organizations operating globally must navigate:

  • Multi-jurisdictional compliance obligations
  • Conflicting regulatory requirements
  • Data localization mandates
  • Cross-border enforcement coordination
AI RMF to ISO 42001 Crosswalk Tool
Navigate between NIST AI Risk Management Framework and ISO/IEC 42001 standards with our interactive crosswalk tool.
AI Risk Management Framework to ISO 42001 MappingAI Risk Assessment

Looking Ahead: Compliance Priorities for September 2025

Immediate Action Items

  1. AI Compliance Audit - Review AI deployments against new EU requirements
  2. Supply Chain Assessment - Evaluate medical device procurement processes for EU operations
  3. Cybersecurity Framework Review - Ensure incident response capabilities meet new timelines
  4. Cross-Border Operations Analysis - Map jurisdictional compliance obligations

Strategic Considerations

  • Technology integration with compliance monitoring systems
  • Enhanced due diligence for international business relationships
  • Regulatory change management processes
  • Cross-functional compliance team development
CMMC & NIST 800-171 Compliance Assessment Tool
Evaluate and improve your organization’s cybersecurity compliance with CMMC and NIST 800-171 standards.
cmmcnist.tools

Key Takeaway

The convergence of AI regulation, trade restrictions, cybersecurity mandates, and enforcement evolution creates an unprecedented compliance complexity that demands proactive, technology-enabled approaches. Organizations that adapt quickly to these regulatory shifts will gain competitive advantages, while those that lag risk significant penalties and operational disruptions.

For ongoing compliance updates and analysis, subscribe to our weekly compliance intelligence briefings.

GDPR & ISO 27001 Compliance Assessment Tool
Comprehensive tool for security leaders to evaluate GDPR and ISO 27001 compliance and prioritize remediation efforts
GDPRISO.com

This analysis is based on developments through August 23, 2025, and reflects publicly available regulatory information. Organizations should consult with qualified legal counsel for specific compliance guidance.

Zero Trust Maturity Evaluator | Free Assessment Tool for CISOs
Evaluate your organization’s Zero Trust security maturity across 7 critical pillars with our free assessment tool. Get personalized recommendations for your security roadmap.
ZeroTrustCISO.com

Read more

Commonwealth Workplace Protection Orders Bill 2024: What Your Organization Needs to Know

Commonwealth Workplace Protection Orders Bill 2024: What Your Organization Needs to Know

The Commonwealth Workplace Protection Orders Bill 2024 represents a significant development in Australian workplace safety legislation, introducing new legal mechanisms to protect government workers from violence and aggression. While currently stalled due to the federal election, this bill warrants close attention from compliance professionals, particularly those working with government entities

By Compliance Hub
Generate Policy Global Compliance Map Policy Quest Secure Checklists Cyber Templates