Canadian privacy regulators are intensifying scrutiny of platforms used by minors, emphasizing age assurance and youth privacy. Investigations reveal that self-declared age gates and adult-oriented consent language are inadequate. Platforms must adopt layered age verification, youth-friendly privacy communications, and contextual data practices. Enforcement is shaping standards ahead of formal guidance, urging proactive compliance measures.

In brief On 25 September 2025, the Monetary Authority of Singapore (MAS) introduced initiatives aimed at promoting responsible advertising and sharing of financial content online. The MAS has issued the following guidance: By establishing expectations for both financial institutions (FIs) and online content creators to conduct digital advertising in a…

On 6 October 2025, Governor Gavin Newsom announced that California enacted a series of laws that included an amendment to California’s antitrust statute, the Cartwright Act. He declared that the series of bipartisan legislation “further protects families by creating stronger consumer protections and increasing affordability.” Specifically, the antitrust amendment prohibits the use or distribution of “common pricing algorithms” that rely on competitor data or facilitate coordinated pricing. Two days later, Governor Newsom signed a second bill into law dramatically increasing penalties for Cartwright Act violations—raising corporate criminal fines, individual criminal fines, and giving courts discretion to apply civil penalties for misconduct.

Earlier this summer, the US Administration’s Working Group on Digital Asset Markets published a report, entitled Strengthening American Leadership in Digital Financial Technology. The Report contains recommendations for revising existing legislation and IRS guidance regarding trusts engaged in cryptocurrency staking, Code provisions that may deny recognition of gains or losses by active securities traders, and reporting requirements for participants in digital asset transactions and for the exchanges that facilitate such activities

Ukraine’s Defence City regime, effective from October 2025, offers tax, customs, and regulatory incentives to defence-related enterprises. Eligible companies must earn most income from defence goods or services. Benefits include exemptions on reinvested profits, real estate, land, and environmental taxes, plus simplified customs and currency rules. However, it excludes R&D credits and broader investor incentives, and cannot be combined with other preferential regimes. Residency is limited to strategically significant entities approved by the Ministry of Defence.

Vietnam’s draft AI Law, released for public consultation, aims to establish a comprehensive governance framework by January 2026. It introduces phased implementation, risk-based classification, role-driven accountability, and obligations for general-purpose AI. The law promotes innovation through incentives and sandboxes, and enforces strict penalties for violations, including revenue-based fines. Businesses in high-risk sectors like finance and health will face increased scrutiny. Stakeholders are urged to submit feedback before the National Assembly’s session on 20 October 2025.

The Brazilian Data Protection Authority (ANPD) has become an autonomous regulatory agency with expanded powers under Provisional Measure No. 1.317/2025 and Decree No. 12.622/2025. It now oversees digital protections for children and adolescents, including enforcing court orders, setting security standards, and coordinating with other agencies. The ANPD can issue regulations, supervise entities, and ensure proportional obligations for tech providers, prioritizing children’s rights and data protection in digital environments.

Organizations domiciled in Colombia can now adopt the international standard ISO/IEC 42001:2023, which will make them among the first organizations in Latin America to have a certifiable standard for the responsible management of artificial intelligence (AI) systems.

On 25 September 2025, the Australian Government released draft legislation to regulate Digital Asset Platforms (DAPs) and Tokenised Custody Platforms (TCPs). The proposed law requires operators of these platforms to hold an Australian Financial Services Licence and comply with tailored disclosure, conduct, and licensing obligations. It aims to close regulatory gaps, enhance investor protection, and position Australia as a credible hub for digital asset innovation. Consultation on the draft closes on 24 October 2025.

On 23 September 2025, the EU Environment Commissioner proposed delaying the EU Deforestation Regulation (EUDR) by another year due to IT system challenges. Originally set for 30 December 2025, the compliance deadline may be extended to 30 December 2026. The delay aims to reduce uncertainty for authorities and stakeholders and ensure the IT infrastructure can handle operational demands. Further discussions among EU institutions are expected before a formal announcement.