CEO fraud is evolving with artificial intelligence, shifting from mass phishing to highly targeted attacks that are harder to detect. Deepfake technology and hyper-realistic scenarios demand stronger compliance programs, ISO 37003-based fraud control systems, and proactive protocols to protect organizations against this rising threat.
In brief This marks an important, substantial step towards a new harmonized and more restrictive regime for branches…
Ukraine’s Defence City regime, effective from October 2025, offers tax, customs, and regulatory incentives to defence-related enterprises. Eligible companies must earn most income from defence goods or services. Benefits include exemptions on reinvested profits, real estate, land, and environmental taxes, plus simplified customs and currency rules. However, it excludes R&D credits and broader investor incentives, and cannot be combined with other preferential regimes. Residency is limited to strategically significant entities approved by the Ministry of Defence.
On 23 September 2025, the EU Environment Commissioner proposed delaying the EU Deforestation Regulation (EUDR) by another year due to IT system challenges. Originally set for 30 December 2025, the compliance deadline may be extended to 30 December 2026. The delay aims to reduce uncertainty for authorities and stakeholders and ensure the IT infrastructure can handle operational demands. Further discussions among EU institutions are expected before a formal announcement.
The European Supervisory Authorities report steady improvement in principal adverse impact (PAI) disclosures under the SFDR, especially among larger financial groups. However, disclosures often lack quantifiable actions, and “non-consideration” statements remain generic. The ESAs recommend clearer, shorter, and machine-readable disclosures, more proportional requirements, and less frequent reporting to enhance quality and relevance. Further regulatory guidance may follow to address persistent shortcomings.
Until recently, the EU lacked a specific framework governing green claims. A new Directive aiming at “empowering consumers for the green transition” supplements the existing rules on unfair commercial practices to include a new harmonized regime for green claims, applicable from September 2026. Businesses should carefully consider how this new regime will impact their upcoming commercial communications, including voluntary environmental reports and climate targets, to mitigate legal and reputational risks.
On 13 August 2025, Ukraine approved tenders for two oil and gas blocks—Mezhyhirska and Svichanska – under its Minerals Deal with the US Bidders must meet financial and work commitments, with production sharing terms favouring investors initially. Each PSA lasts 50 years and includes environmental and compliance obligations. This marks a key step in Ukraine’s post-war reconstruction and energy strategy.
The Financial Conduct Authority (FCA) has said following its recent multi-firm review of how its climate disclosure rules have been operating that it will look to “streamline and enhance” its sustainability reporting framework and has pledged to “simplify disclosure requirements”. This is welcome news for the industry and seems to be driven by feedback from the asset management sector that Task Force on Climate-related Financial Disclosures (TCFD) reporting rules are overly granular. There also seems to be a move towards consolidation across UK sustainability reporting frameworks as the FCA will consider the Sustainability Disclosure Requirements (SDR), International Sustainability Standards Board (ISSB) and transition planning going forward.
On September 1, 2025, Spain will officially launch the new independent whistleblower protection authority (AIPI), marking a major step in implementing Law 2/2023. This article outlines key compliance obligations for companies and the broader impact on corporate integrity.
2 August 2025 was an important deadline under the EU AI Act: obligations for providers of general-purpose AI (GPAI) models entered into force, provided the model is placed on the market on or after this date. The European Commission and EU AI Office have been gearing up for this deadline with recently released Guidelines for providers of general-purpose AI models (the Guidelines) and a final General-Purpose AI Code of Practice (the Code). The Code was subject to the Commission and the AI Board assessing its adequacy. The Commission confirmed the Code’s formal approval on 1 August. The Guidelines provide an interpretative framework for understanding the obligations of providers of general-purpose AI models, and the Code offers specific measures suggested by the Commission that providers can implement to demonstrate that they meet these obligations.