Policy Watchlist — July 2024 through December 2025
The Policy desk now maintains a continuous record stretching back to January 2020 with 62 historical briefs sourced from official registers across the Americas, EMEA, and APAC. The following sections capture the backfilled cadence before the forward-looking…
The Policy desk now maintains a continuous record stretching back to January 2020 with 62 historical briefs sourced from official registers across the Americas, EMEA, and APAC. The following sections capture the backfilled cadence before the forward-looking 2024–2025 run, ensuring stakeholders can trace how regulatory priorities evolved into today’s roadmap.
Historical backlog (2020–2022)
Every entry below links directly to primary legislation, regulator notices, or intergovernmental communiqués so editors can surface authoritative evidence when connecting past milestones to current deliverables.
2020 policy backlog
| Month | Focus area | Jurisdiction | Primary source(s) | Coverage notes |
|---|---|---|---|---|
| Jan 2020 | NIST Privacy Framework Launch | United States | NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Version 1.0); NIST Privacy Framework Roadmap | NIST released Version 1.0 of the Privacy Framework, aligning privacy risk management practices with the Cybersecurity Framework for enterprise adoption. |
| Jan 2020 | EU 5G Cybersecurity Toolbox Published | European Union | Cybersecurity of 5G networks — EU Toolbox of risk mitigating measures; Secure 5G networks: Commission endorses EU Toolbox | EU member states and the Commission endorsed a coordinated 5G cybersecurity toolbox to restrict high-risk suppliers and embed common risk mitigation baselines across national rollouts. |
| Feb 2020 | European Commission AI White Paper | European Union | White Paper on Artificial Intelligence: A European approach to excellence and trust; European Commission presents strategies for data and Artificial Intelligence | The European Commission published its artificial intelligence white paper outlining a risk-based regulatory framework and coordinated investment plan for trustworthy AI across the single market. |
| Feb 2020 | U.S. DoD AI Ethical Principles | United States | DOD Adopts Ethical Principles for Artificial Intelligence; DoD AI Ethical Principles | The U.S. Department of Defense formally adopted five ethical principles governing the design, development, and use of artificial intelligence across defense missions. |
| Mar 2020 | Japan Stewardship Code Revision | Japan | Japan Stewardship Code (2020 revision); FSA news release on revised Stewardship Code | Japan’s Financial Services Agency released the second revision of the Stewardship Code on March 24, 2020, deepening expectations for investor engagement, sustainability oversight, and proxy voting transparency across Japanese markets. |
| Apr 2020 | EU COVID-19 Contact Tracing Recommendation | European Union | Commission Recommendation (EU) 2020/518 on a common Union toolbox for the use of technology and data to combat and exit from the COVID-19 crisis; Mobile applications to support contact tracing in the EU’s fight against COVID-19 — Common EU Toolbox | The European Commission set interoperability, data minimisation, and sunset expectations for COVID-19 contact-tracing apps across member states. |
| Jul 2020 | California CCPA Enforcement Commences | United States (California) | California Department of Justice: California Consumer Privacy Act (CCPA); Attorney General Becerra reminds Californians of their data privacy rights under the CCPA | California’s Attorney General began enforcing the California Consumer Privacy Act, requiring covered businesses to evidence opt-out workflows, data-rights response procedures, and employee training programmes. |
| Jul 2020 | CJEU Schrems II Decision | European Union | CJEU Press Release No. 91/20 — Data Protection Commissioner v Facebook Ireland and Schrems; Judgment of the Court (Grand Chamber) of 16 July 2020 — Case C-311/18 | The Court of Justice of the European Union invalidated the EU–U.S. Privacy Shield while upholding Standard Contractual Clauses, forcing companies to reassess transatlantic data transfer safeguards. |
| Jul 2020 | SEC Proxy Voting Advice Final Rule | United States | Exemptions from the Proxy Rules for Proxy Voting Advice; SEC adopts amendments to improve proxy voting advice | The SEC adopted final amendments regulating proxy voting advice businesses on July 22, 2020, tightening disclosure, conflict management, and issuer engagement requirements before shareholders vote. |
| Jul 2020 | EU Security Union Strategy | European Union | Communication from the Commission on the EU Security Union Strategy; EU Security Union Strategy — Questions and Answers | The Commission’s Security Union Strategy mapped a 2020–2025 agenda for resilience, cybersecurity, and crisis coordination across the EU. |
| Aug 2020 | SEC Human Capital Disclosure Modernization | United States | Modernization of Regulation S-K Items 101, 103, and 105; SEC modernizes disclosure framework for business, legal proceedings, and risk factors | On August 26, 2020, the SEC modernised Regulation S-K to require narrative human capital disclosures and to streamline business, legal proceedings, and risk factor reporting for public companies. |
| Aug 2020 | UK Children’s Code Finalised | United Kingdom | Age Appropriate Design: a code of practice for online services; ICO publishes final version of the Age Appropriate Design Code | The UK Information Commissioner issued the final statutory Age Appropriate Design Code, giving online services 12 months to embed children’s privacy-by-design safeguards before enforcement on 2 Sep 2021. |
| Sep 2020 | MAS Individual Accountability Guidelines | Singapore | MAS Guidelines on Individual Accountability and Conduct; MAS media release on IAC guidelines | The Monetary Authority of Singapore issued Guidelines on Individual Accountability and Conduct on September 10, 2020, formalising senior manager accountability, conduct risk governance, and remediation expectations for financial institutions. |
| Sep 2020 | Brazil LGPD Enters into Force | Brazil | Law No. 13.709/2018 — Lei Geral de Proteção de Dados Pessoais; LGPD entrou em vigor | Brazil’s Lei Geral de Proteção de Dados (LGPD) entered into force, obligating controllers and processors to operationalise lawful bases, transparency notices, and data subject response protocols under ANPD oversight. |
| Sep 2020 | SEC Shareholder Proposal Amendments | United States | SEC Release 34-89964 (Shareholder Proposal Amendments); SEC press release on Rule 14a-8 amendments | The U.S. Securities and Exchange Commission adopted amendments to Exchange Act Rule 14a-8 on September 23, 2020, tightening eligibility, resubmission, and engagement requirements for shareholder proposals at public companies. |
| Nov 2020 | Canada Digital Charter Implementation Act Introduced | Canada | Bill C-11: Digital Charter Implementation Act, 2020; Canada introduces the Digital Charter Implementation Act, 2020 | Canada tabled Bill C-11 to replace PIPEDA with the Consumer Privacy Protection Act and create a new data protection tribunal with order-making powers and significant penalties. |
| Nov 2020 | California Privacy Rights Act Approved | United States (California) | Proposition 24 (California Privacy Rights Act of 2020); Proposition 24: California Privacy Rights Act | California voters approved the California Privacy Rights Act (CPRA), establishing enhanced data rights and a dedicated privacy enforcement authority with a January 2023 effective date. |
| Dec 2020 | New Zealand Privacy Act 2020 Commences | New Zealand | Privacy Act 2020; Privacy Act 2020 has commenced | The Privacy Act 2020 took effect with mandatory breach notification, cross-border disclosure controls, and expanded enforcement tools for the Privacy Commissioner. |
| Dec 2020 | EU Digital Services & Digital Markets Act Proposals | European Union | Proposal for a Regulation on a Single Market for Digital Services; Proposal for a Regulation on contestable and fair markets in the digital sector | The European Commission unveiled the DSA/DMA package, introducing platform due diligence and ex ante gatekeeper obligations that later shaped the EU’s platform regulation regime. |
| Dec 2020 | EU Sixth AML Directive Deadline | European Union | Directive (EU) 2018/1673 of the European Parliament and of the Council; Anti-money laundering: stronger rules will apply as of December 2020 | EU Member States reached the transposition deadline for the Sixth Anti-Money Laundering Directive, expanding predicate offences and liability requirements for AML programs. |
| Dec 2020 | MAS Environmental Risk Management Guidelines | Singapore | MAS Guidelines on Environmental Risk Management for Banks; MAS Guidelines on Environmental Risk Management for Asset Managers | Singapore’s Monetary Authority finalised environmental risk management guidelines for banks, insurers, and asset managers on December 7, 2020, embedding board accountability for climate governance in the financial sector. |
| Dec 2020 | EU NIS2 Directive Proposal | European Union | Proposal for a Directive on Measures for a High Common Level of Cybersecurity across the Union (NIS2); Commission proposes measures to boost cybersecurity and critical infrastructure resilience | The European Commission tabled the NIS2 Directive to expand cybersecurity obligations for critical and important entities Zeph Tech serves. |
| Dec 2020 | UK FCA TCFD Rule for Premium Listed Issuers | United Kingdom | FCA Policy Statement PS20/17; Primary Market Bulletin 32 on climate-related disclosures | The UK Financial Conduct Authority finalised PS20/17 on December 21, 2020, requiring premium listed companies to include TCFD-aligned climate governance disclosures in their annual reports for periods beginning in 2021. |
2021 policy backlog
| Month | Focus area | Jurisdiction | Primary source(s) | Coverage notes |
|---|---|---|---|---|
| Jan 2021 | U.S. Corporate Transparency Act Enacted | United States | Public Law 116-283 — National Defense Authorization Act for FY2021; FinCEN Beneficial Ownership Information Reporting | The U.S. National Defense Authorization Act enacted the Corporate Transparency Act, mandating beneficial ownership reporting to FinCEN for millions of entities. |
| Jan 2021 | MAS Technology Risk Management Update | Singapore | Technology Risk Management Guidelines; MAS enhances Technology Risk Management Guidelines for Financial Institutions | Singapore’s Monetary Authority released enhanced Technology Risk Management Guidelines, raising expectations for board oversight, third-party controls, and incident reporting across financial institutions. |
| Feb 2021 | Australia News Media Bargaining Code Enacted | Australia | Treasury Laws Amendment (News Media and Digital Platforms Mandatory Bargaining Code) Act 2021; News media bargaining code | Australia established a mandatory bargaining and arbitration regime for digital platforms and eligible news businesses, forcing negotiations over remuneration, data access, and algorithm change notice obligations. |
| Feb 2021 | India Intermediary Guidelines & Digital Media Code Issued | India | Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021; Press release on the Intermediary Guidelines and Digital Media Ethics Code | India’s Ministry of Electronics and Information Technology issued due diligence, grievance redressal, and traceability obligations for social media intermediaries and OTT publishers with 3–6 month compliance windows. |
| Mar 2021 | SEC Climate and ESG Task Force Launch | United States | SEC press release announcing Climate and ESG Task Force; SEC leadership statement on ESG enforcement priorities | The U.S. SEC formed a Climate and ESG Task Force in the Division of Enforcement on March 4, 2021 to police misstatements and governance gaps in sustainability disclosures. |
| Mar 2021 | UK Restoring Trust in Audit Consultation | United Kingdom | Restoring Trust in Audit and Corporate Governance consultation; Government tackles big business audit failures with comprehensive reforms | The UK government issued its Restoring Trust in Audit and Corporate Governance white paper on March 18, 2021, outlining sweeping reforms for directors, auditors, and regulators following the Brydon, Kingman, and CMA reviews. |
| Mar 2021 | EU DAC7 Digital Platform Reporting Directive | European Union | Directive (EU) 2021/514 of 22 March 2021; Council adopts rules to ensure tax is paid where profits are made in the digital economy | EU finance ministers adopted the DAC7 directive, obligating digital platforms to report seller revenues to tax authorities from the 2023 reporting period. |
| Mar 2021 | Basel Principles for Operational Resilience | Basel Committee on Banking Supervision | Principles for Operational Resilience; Revised Principles for the Sound Management of Operational Risk | The Basel Committee finalised operational resilience and risk management principles for banks, forming part of Zeph Tech’s governance benchmarks. |
| Apr 2021 | EU AI Act Legislative Proposal | European Union | Europe fit for the Digital Age: Commission proposes new rules and actions for excellence and trust in Artificial Intelligence; Proposal for a Regulation laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act) | The European Commission proposed the Artificial Intelligence Act, a risk-based regulatory framework that bans unacceptable AI practices and imposes obligations on high-risk and general-purpose systems. |
| Apr 2021 | UK National Security and Investment Act Passed | United Kingdom | National Security and Investment Act 2021; Landmark national security legislation passes through Parliament | The UK created a mandatory and voluntary investment screening regime for 17 sensitive sectors, establishing the Investment Security Unit ahead of the 4 Jan 2022 commencement. |
| May 2021 | SEBI BRSR Reporting Mandate | India | Circular No. SEBI/HO/CFD/CMD-2/P/CIR/2021/562; SEBI press release on BRSR | India’s Securities and Exchange Board mandated Business Responsibility and Sustainability Reporting for the top 1,000 listed entities starting FY 2022–23. |
| Jun 2021 | Germany Supply Chain Due Diligence Act | Germany | Lieferkettensorgfaltspflichtengesetz; BMWK overview of the Act | Germany’s Bundestag passed the Supply Chain Due Diligence Act on June 11, 2021, imposing human-rights risk management, complaint mechanisms, and supervisory reporting for large companies. |
| Jun 2021 | EU European Digital Identity Wallet Proposal | European Union | Proposal for a Regulation establishing a framework for a European Digital Identity; European Digital Identity | The Commission proposed eIDAS 2.0, requiring member states to offer EU digital identity wallets and expanding trust service supervision for high-assurance credentials. |
| Jun 2021 | Tokyo Stock Exchange Corporate Governance Code Revision | Japan | Japan Corporate Governance Code (2021 revision); JPX news release on governance reforms | The Tokyo Stock Exchange revised its Corporate Governance Code on June 11, 2021, heightening expectations on board independence, diversity, and sustainability disclosures ahead of the Prime Market launch. |
| Jun 2021 | EU Updates Standard Contractual Clauses for Data Transfers | European Union | Commission Implementing Decision (EU) 2021/914; Commission adopts new tools for safe EU–US data flows | The European Commission replaced legacy SCCs with modular clauses covering controller-to-processor and processor-to-processor transfers, triggering 18-month migration plans for exporters processing EU personal data. |
| Jul 2021 | Colorado Privacy Act Signed | United States (Colorado) | SB21-190 Colorado Privacy Act; SB21-190 - Consumer Protection for Data Privacy | Colorado created omnibus consumer privacy rights, universal opt-out recognition, and rulemaking authority for the attorney general ahead of the 1 Jul 2023 effective date. |
| Aug 2021 | Brazil LGPD Sanctions Enforcement Begins | Brazil | ANPD Resolution on Administrative Sanctioning Process; LGPD entrou em vigor | Brazil’s General Data Protection Law entered its administrative sanction phase, empowering the ANPD to levy fines and corrective orders for non-compliance. |
| Aug 2021 | China Personal Information Protection Law Passed | China | China adopts the Personal Information Protection Law; Personal Information Protection Law of the People’s Republic of China | China’s National People’s Congress Standing Committee passed the Personal Information Protection Law, establishing comprehensive consent, localisation, and cross-border transfer rules effective November 1, 2021. |
| Sep 2021 | China Data Security Law Takes Effect | China | Data Security Law of the People’s Republic of China; Notice on the Implementation of the Data Security Law | China’s Data Security Law entered into force, introducing graded data classification, cross-border review triggers, and heightened penalties for mishandling critical data. |
| Oct 2021 | FTC Safeguards Rule Modernization | United States | FTC strengthens security safeguards for consumer financial information; Federal Register — Standards for Safeguarding Customer Information | The U.S. Federal Trade Commission approved amendments to the Gramm-Leach-Bliley Act Safeguards Rule on October 27, 2021, imposing risk assessments, encryption, testing, and incident response obligations on financial institutions and service providers handling consumer financial data. |
| Nov 2021 | SGX Climate Reporting and Board Diversity Rules | Singapore | Consultation conclusions on climate and diversity disclosures; SGX raises governance standards with mandatory climate reporting and board diversity disclosures | Singapore Exchange Regulation mandated climate-related disclosures and board diversity policy reporting on November 11, 2021, setting phased timelines for mandatory TCFD reporting across key sectors. |
| Nov 2021 | UNESCO Recommendation on the Ethics of AI | UNESCO | Recommendation on the Ethics of Artificial Intelligence; Historic agreement on Artificial Intelligence ethics | UNESCO’s General Conference unanimously adopted the first global standard on the ethics of artificial intelligence, setting principles for human rights, fairness, and sustainability. |
| Dec 2021 | HKEX Corporate Governance Code Overhaul | Hong Kong | HKEX consultation conclusions — Review of Corporate Governance Code; HKEX news release on Corporate Governance Code enhancements | Hong Kong Exchanges and Clearing published consultation conclusions on December 10, 2021, overhauling its Corporate Governance Code and Listing Rules to tighten board independence, diversity, and ESG oversight effective January 2022. |
2022 policy backlog
| Month | Focus area | Jurisdiction | Primary source(s) | Coverage notes |
|---|---|---|---|---|
| Jan 2022 | UAE Personal Data Protection Law Commences | United Arab Emirates | Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data; The UAE Personal Data Protection Law | The United Arab Emirates’ Federal Decree-Law No. 45 of 2021 on Personal Data Protection became effective, activating consent, purpose limitation, and controller registration obligations across the mainland. |
| Feb 2022 | EU Corporate Sustainability Due Diligence Directive Proposal | European Union | Proposal for a Directive on corporate sustainability due diligence; Commission proposes Corporate Sustainability Due Diligence Directive | The European Commission proposed the Corporate Sustainability Due Diligence Directive on February 23, 2022, imposing mandatory human-rights and environmental due diligence and climate transition plans on large companies. |
| Feb 2022 | EU Chips Act Package Proposed | European Union | Proposal for a Regulation establishing a framework of measures for strengthening Europe’s semiconductor ecosystem; European Chips Act: securing supply and resilience | The Commission proposed the European Chips Act, combining state aid, joint undertakings, and crisis response tools to expand EU semiconductor capacity and secure advanced chip supply chains. |
| Feb 2022 | EU Data Act Proposal | European Union | Data Act: Commission proposes measures for a fair and innovative data economy; Proposal for a Regulation on harmonised rules on fair access to and use of data (Data Act) | The European Commission proposed the Data Act to unlock industrial data sharing, mandate fairness in cloud switching, and clarify data access for training AI systems. |
| Mar 2022 | SEC Cybersecurity Disclosure Proposal | United States | SEC Press Release 2022-39 — SEC Proposes Rules to Enhance and Standardize Cybersecurity Disclosures; Proposed Rule — Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure | The U.S. Securities and Exchange Commission proposed rule amendments on March 9, 2022 requiring public companies to disclose material cybersecurity incidents within four business days and describe governance, risk management, and board oversight practices. |
| Mar 2022 | Strengthening American Cybersecurity Act | United States | Senate Passes Strengthening American Cybersecurity Act; S.3600 — Strengthening American Cybersecurity Act of 2022 | The U.S. Senate unanimously passed the Strengthening American Cybersecurity Act, bundling CISA incident reporting mandates, FISMA modernization, and a statutory FedRAMP program. |
| Mar 2022 | SEC Climate Disclosure Proposal | United States | SEC Proposes Rules to Enhance and Standardize Climate-Related Disclosures; Fact Sheet: Enhancement and Standardization of Climate-Related Disclosures for Investors | The U.S. SEC proposed climate-related disclosure rules requiring public companies to report emissions, governance, and risk data in registration statements and annual reports. |
| Mar 2022 | UK Online Safety Bill Introduced | United Kingdom | Online Safety Bill (HC Bill 285); Ground-breaking Online Safety Laws move a step closer | The UK government introduced the Online Safety Bill, empowering Ofcom to enforce illegal content, child-safety, and transparency duties with fines up to 10% of global turnover. |
| Mar 2022 | China Algorithm Recommendation Regulation Takes Effect | China | 互联网信息服务算法推荐管理规定; State Council bulletin on algorithm recommendation provisions | China’s CAC brought its algorithm recommendation provisions into force, imposing filing, transparency, and content control duties on providers of personalised feeds and ranking services. |
| Apr 2022 | Australia SLACIP Act Receives Royal Assent | Australia | Security Legislation Amendment (Critical Infrastructure Protection) Act 2022; Department of Home Affairs — Critical Infrastructure Reforms | Australia’s Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 received Royal Assent, expanding critical infrastructure coverage and introducing enhanced cyber incident reporting duties. |
| Apr 2022 | Japan APPI Amendments Enter into Force | Japan | Act on the Protection of Personal Information (as amended in 2020); PPC announcement on enforcement of amended APPI | Japan’s Personal Information Protection Commission commenced the amended APPI, introducing cross-border transfer consent, pseudonymised data rules, and mandatory breach reporting across the unified national privacy regime. |
| Apr 2022 | India CERT-In Incident Reporting Directions | India | Directions under sub-section (6) of section 70B of the IT Act, 2000; Mandating compliance with CERT-In Directions | India’s CERT-In issued binding cybersecurity incident reporting directions, mandating six-hour notifications, expanded log retention, and local time synchronization for covered entities. |
| May 2022 | EU DORA Provisional Agreement | European Union | Council of the EU — Digital finance: Council and Parliament reach provisional agreement on DORA; European Parliament — Deal on the Digital Operational Resilience Act | EU co-legislators reached a provisional agreement on the Digital Operational Resilience Act, harmonising ICT risk management, incident reporting, and third-party oversight for financial entities. |
| Jun 2022 | EU Data Governance Act Takes Effect | European Union | Official Journal of the European Union — Regulation (EU) 2022/868; European Commission — Data Governance Act | The European Union’s Data Governance Act (Regulation (EU) 2022/868) took effect on June 23, 2022, establishing trusted data intermediaries, new reuse rules for public-sector data, and oversight mechanisms that impact data-sharing platforms operating in the EU. |
| Jun 2022 | Canada Reintroduces Digital Charter Implementation Act | Canada | Bill C-27: Digital Charter Implementation Act, 2022; Digital Charter Implementation Act, 2022 backgrounder | Canada tabled Bill C-27 to create the Consumer Privacy Protection Act, Artificial Intelligence and Data Act, and new enforcement tribunal with order-making powers for systemic digital regulation. |
| Jul 2022 | EU Digital Markets Act Adopted | European Union | Regulation (EU) 2022/1925 (Digital Markets Act); Digital Markets Act: Council gives final approval | The Council gave final approval to the Digital Markets Act, setting enforceable gatekeeper obligations on large online platforms with six-month compliance windows after designation. |
| Jul 2022 | UK FCA Consumer Duty Final Rules | United Kingdom | PS22/9: A new Consumer Duty; FCA confirms new Consumer Duty to ensure higher and clearer standards | The UK Financial Conduct Authority published PS22/9 finalising the Consumer Duty, requiring firms to evidence good customer outcomes across products, price, service, and support. |
| Jul 2022 | UK Data Protection and Digital Information Bill Introduced | United Kingdom | Data Protection and Digital Information Bill [HL] (2022-23); Government introduces Data Protection and Digital Information Bill | The UK government laid the DPDI Bill before Parliament to reshape UK GDPR, PECR, and identity verification rules while creating a digital verification services trust framework. |
| Aug 2022 | U.S. CHIPS and Science Act Enacted | United States | Fact Sheet: CHIPS and Science Act Will Lower Costs, Create Jobs, Strengthen Supply Chains, and Counter China; CHIPS and Science Act of 2022 | President Biden signed the CHIPS and Science Act into law, authorising tens of billions for semiconductor incentives and advanced research programs that fund national AI research institutes, regional technology hubs, and NIST testbeds. |
| Aug 2022 | FTC Commercial Surveillance Rulemaking ANPR Issued | United States | Trade Regulation Rule on Commercial Surveillance and Data Security; FTC explores rules to crack down on harmful commercial surveillance | The FTC launched an advance notice of proposed rulemaking on commercial surveillance and data security, opening a broad docket on civil penalties, automated decision-making transparency, and biometric data governance. |
| Sep 2022 | EU Cyber Resilience Act Proposal | European Union | European Commission — New rules to make digital products more secure; Proposal for a Regulation on horizontal cybersecurity requirements for products with digital elements | The European Commission proposed the Cyber Resilience Act to mandate baseline cybersecurity requirements, vulnerability handling, and transparency obligations for products with digital elements sold in the EU. |
| Sep 2022 | EU AI Liability Directive Proposal | European Union | Artificial intelligence liability directive: adapting liability rules to the digital age; Proposal for a Directive on adapting non-contractual civil liability rules to artificial intelligence | The European Commission proposed the AI Liability Directive to ease the burden of proof for victims seeking compensation from AI-related harm. |
| Sep 2022 | California Age-Appropriate Design Code Act Signed | United States (California) | AB-2273 The California Age-Appropriate Design Code Act; Governor Newsom Signs Sweeping Legislation to Protect Online Privacy for California Children | California enacted AB 2273, requiring child-focused services to complete DPIAs, limit profiling, and configure privacy-by-default settings ahead of the July 2024 start date. |
| Sep 2022 | FinCEN Beneficial Ownership Reporting Final Rule | United States | Beneficial Ownership Information Reporting Requirements; FinCEN Issues Final Rule for Beneficial Ownership Information Reporting | FinCEN issued the final beneficial ownership information reporting rule under the Corporate Transparency Act, setting January 2024 filing obligations for millions of U.S. entities. |
| Oct 2022 | U.S. Blueprint for an AI Bill of Rights | United States | Blueprint for an AI Bill of Rights; Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People | The White House OSTP issued a non-binding AI Bill of Rights blueprint, defining five responsible AI principles that now inform federal procurement, civil rights enforcement, and agency governance playbooks. |
| Oct 2022 | Indonesia Personal Data Protection Law Promulgated | Indonesia | Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi; Siaran Pers No. 300/HM/KOMINFO/09/2022 tentang UU PDP | Indonesia enacted its first comprehensive personal data protection law, establishing consent rules, cross-border transfer approvals, and an independent supervisory authority with administrative sanctions. |
| Nov 2022 | EU Council Adopts CSRD | European Union | Corporate sustainability reporting: Council gives final approval to new rules; Directive (EU) 2022/2464 of the European Parliament and of the Council | The Council of the European Union formally adopted the Corporate Sustainability Reporting Directive, expanding ESG reporting to roughly 50,000 companies with phased implementation from 2024. |
| Dec 2022 | EU AI Act Council General Approach | European Union | Artificial intelligence act: Council reaches agreement on a general approach | EU telecom ministers adopted a general approach on the AI Act, finalising the Council’s negotiating mandate for trilogues. |
Forward cadence — July 2024 through December 2025
The following schedule locks one policy briefing per month across 2024 Q3–Q4 and 2025 Q1–Q4. Each item cites the primary legal instrument or regulator notice that will anchor Zeph Tech’s coverage.
| Month (publish) | Focus area | Jurisdiction | Primary source(s) | Coverage notes |
|---|---|---|---|---|
| Jul 2024 | Digital ID Act commencement design | Australia | Digital ID Act 2024 (No. 45, 2024); Digital ID (Transitional and Consequential Provisions) Act 2024 | Map accreditation requirements, privacy safeguards, and regulator oversight ahead of staged commencements. |
| Aug 2024 | IT governance master direction rollout | India | RBI Master Direction on IT Governance, Risk, Controls and Assurance Practices, 2024 | Detail board oversight, assurance cadence, and April 2025 compliance checkpoints for regulated entities. |
| Sep 2024 | Artificial Intelligence and Data Act (AIDA) regulations consultation | Canada | Artificial Intelligence and Data Act: Consultation on the initial set of regulations | Summarise proposed obligations, risk tiers, and expected Canada Gazette timeline to prep compliance teams. |
| Oct 2024 | NIS2 Directive transposition deadline | European Union | Directive (EU) 2022/2555 (NIS2) Art. 41 | Catalogue member-state readiness, supervisory architectures, and cross-border supply chain obligations due Oct 17. |
| Nov 2024 | Digital Markets, Competition and Consumers Act activation | United Kingdom | Digital Markets, Competition and Consumers Act 2024 | Explain CMA Digital Markets Unit designation process, consumer protection upgrades, and platform compliance prep. |
| Dec 2024 | Cybersecurity (Amendment) Bill passage monitoring | Singapore | Public Consultation on the Proposed Cybersecurity (Amendment) Bill 2024 | Track sector expansion, new licensing classes, and reporting thresholds expected as Parliament concludes debate. |
| Jan 2025 | EU AI Act unacceptable-risk ban countdown | European Union | Regulation (EU) 2024/1689 (AI Act) Arts. 5 & 113(2)(a) | Publish decommissioning plans for prohibited systems before the six-month transition window closes on Feb 2. |
| Feb 2025 | EU AI Act prohibited-practice enforcement day | European Union | Regulation (EU) 2024/1689 (AI Act) Art. 5 enforcement date | Document evidence packs for Article 5 attestations and supervisory engagement on day-one compliance. |
| Mar 2025 | RBI IT governance full compliance milestone | India | RBI Master Direction on IT Governance, Risk, Controls and Assurance Practices, 2024 | Report on NBFC-Upper Layer and payment operator readiness as 31 Mar cut-off approaches. |
| Apr 2025 | Personal Data Protection (Data Portability) commencement | Singapore | PDPC consultation on Data Portability regulations | Outline data portability technical requirements and joint enforcement expectations prior to Apr 15 start. |
| May 2025 | EU Data Act cloud switching readiness | European Union | Regulation (EU) 2023/2854 (Data Act) Arts. 23–26 | Assess contract, telemetry, and exit planning demanded for the May 2025 portability rehearsal deadline. |
| Jun 2025 | EU Data Act data altruism supervision | European Union | Regulation (EU) 2023/2854 (Data Act) Chapter IV | Benchmark authorised data altruism organisations’ governance evidence before first audit cycle. |
| Jul 2025 | Operational risk management standard go-live | Australia | Prudential Standard CPS 230 Operational Risk Management | Detail how ADIs, insurers, and significant financial institutions evidence tolerance statements and scenario testing from 1 Jul. |
| Aug 2025 | EU AI Act general-purpose AI obligations commence | European Union | Regulation (EU) 2024/1689 (AI Act) Arts. 53–55 & 113(2)(b) | Break down model evaluation, systemic risk reporting, and documentation requirements that apply to GPAI providers at the 12-month mark. |
| Sep 2025 | EU Data Act application date | European Union | Regulation (EU) 2023/2854 (Data Act) Art. 50 | Cover product data-sharing duties, smart-contract safeguards, and public-sector request handling as the regulation becomes applicable on 12 Sep. |
| Oct 2025 | Delete Act universal deletion mechanism build-out | United States (California) | California SB 362 (2023) — Delete Act §1798.99.86 | Audit broker inventories, opting-out pipelines, and API design work ahead of the CPPA’s 1 Jan 2026 global deletion portal launch. |
| Nov 2025 | Colorado Artificial Intelligence Act compliance runway | United States (Colorado) | Colorado SB24-205 §§6-1-1705 & 1706 | Document impact assessment, risk-management, and notice controls enterprises must finalise before the 1 Feb 2026 effective date. |
| Dec 2025 | CSRD first-wave sustainability statements | European Union | Directive (EU) 2022/2464 (CSRD) Art. 5(2) & Annex I | Review FY 2024 sustainability reports from large EU public-interest entities to extract assurance practices and data architecture patterns. |
Execution notes
- Primary-source cadence. Each scheduled briefing is anchored to regulator legislation, directives, or consultation dockets so the Policy desk can cite the authoritative text while drafting.
- Regional balance. The calendar alternates between EU, UK, India, Canada, Australia, Singapore, and U.S. state-level milestones to even out coverage across North America, Europe, and Asia-Pacific through 2025.
- Dependency tracking. RBI compliance, EU Data Act deliverables, and AI Act staging appear multiple times to monitor implementation checkpoints, not just initial issuances.