Regulatory Insights for 2025: Navigating a Complex Compliance Landscape

2025: A Look at What’s Ahead in Capital Markets, Regulatory Compliance, and Cybersecurity Series

The regulatory environment for 2025 is being shaped by shifting policies under a new presidential administration and evolving global frameworks. As companies navigate these, understanding the compliance trends and preparing for potential changes will be critical to their success.

In part two of this three-part series on what’s ahead for 2025, DFIN’s Craig Clay, President of Global Capital Markets, and Dannie Combs, Senior Vice President and Chief Information Security Officer, address the evolving regulatory mandates. Read the first part, Capital Markets Outlook: Opportunities Amid Change.

How do you see SEC Mandates evolving in 2025 under the new SEC Chairman, Paul Atkins?

Craig Clay: Incoming SEC Chairman Paul Atkins brings a different perspective on regulations compared to his predecessor. Atkins has emphasized the importance of principle-based disclosures and the role of management in determining what is material. The shift suggests that mandates like the currently paused climate disclosure rules and broader topics such as human capital metrics and board diversity reporting will face hurdles under his leadership.

In areas like cryptocurrency, we could see a slowdown in efforts to classify digital assets as securities, with enforcement actions paused or adjusted in the name of fostering innovation.

That said, the SEC's core mission of protecting investors and ensuring market transparency will remain intact. Instead of sweeping mandates, the focus may shift to targeted actions aimed at curbing fraud and providing clarity where needed.

Companies that have invested in compliance and operational transparency will be better prepared to navigate this evolving regulatory environment. This readiness will be especially critical as markets demand greater accountability and as businesses operate within a patchwork of state, federal, and global requirements.

How is the cybersecurity disclosure landscape shaping up for 2025?

Dannie Combs: The cybersecurity disclosure landscape is evolving rapidly, with a heightened emphasis on transparency and accountability. This will be significantly influenced by the recently introduced SEC disclosure regulations, that mandate public companies must disclose material cybersecurity incidents and their impacts within a short period of time. As such, companies will need to adopt more rigorous reporting standards to ensure timely and accurate communication with stakeholders and the public in the event of a material cyber incident. This shift toward greater disclosure is driven by regulatory pressures and the growing demand from the public and investors for accountability in managing cyber risks.

What steps should clients take to prepare for regulatory uncertainty?

Craig Clay: 2025 may usher in a shift toward deregulation, potentially offering some reprieve from often hard-to-disclose items like climate-disclosure metrics. However, companies must still consider the expectations of investors and other stakeholders, such as advisory firms that guide shareholder voting decisions. Now is an ideal time to step back, assess where you stand, and have the right tools and processes in place. This will help ensure you are more easily meeting disclosure demands — whether required by regulators or driven by investor expectations.

How will advancements in AI and other technologies support companies in achieving regulatory compliance? 

Craig Clay: Advancements in AI are transforming the way companies approach compliance by addressing one of the most persistent challenges: managing the vast amounts of data and manual processes that make regulatory adherence so complex. By automating repetitive tasks and organizing data more efficiently, AI offers the potential to not only simplify compliance but also enhance accuracy and transparency for stakeholders, easing the burden on organizations while strengthening trust.

At the same time, maintaining control and ensuring data security remain critical priorities across all industries. Our recent CFO survey underscores that leaders are acutely aware of the need to balance progress with caution. The key to navigating a rapidly changing landscape is to establish strong guardrails, be resilient, and remain focused on long-term objectives.

The regulatory landscape in 2025 demands agility and proactive preparation. With shifting mandates and evolving disclosure requirements, companies must prioritize readiness and leverage technology to stay ahead.

DFIN is here to help, offering the tools and expertise needed to simplify compliance, enhance accuracy, and build stakeholder trust.

Stay tuned for Cybersecurity in 2025: Priorities and Best Practices, part three of this three-part blog post series, where we explore the top cybersecurity threats, priorities, and best practices.