TMT 2025

TMT Global Overview 2025

The global technology, media, and telecommunications (TMT) landscape continues to be reshaped by significant regulatory and legal changes. These shifts reflect the growing interplay between technological innovation and the evolving needs of society, with lawmakers striving to balance the imperatives of economic growth, security and public trust.

Rather than briefly touching upon all regulatory and legal topics that are expected to be of importance in 2025, this chapter focuses on four pressing issues that we predict will stir the TMT sector in 2025. Of course, the full range of topics will be discussed in this guide by the country experts.

The further legalisation of cyber-incident response: balancing risk, accountability and compliance

Cybersecurity has moved from being a technical concern to a legal priority, with lawmakers across jurisdictions codifying obligations around incident prevention, response and reporting. This trend, also referred to as the juridification of cyber-incident response, underscores the criticality of cybersecurity to economic stability and national security.

Laws such as the EU’s Network and Information Security Directive (the “NIS2 Directive”) and the General Data Protection Regulation mandate specific actions for responding to cyber-attacks, including stringent reporting timelines, robust incident management processes and enhanced collaboration with regulators. In the US, frameworks like the Securities and Exchange Commission’s rules on reporting material cybersecurity incidents, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “CIRCIA”), and state data breach laws also impose reporting requirements, reflecting a global shift towards regulated cyber-resilience. In addition, many of these laws also require a notification of the security incident to customers.

As a result, companies must navigate complex liability landscapes, especially where third-party service providers and multiple jurisdictions are involved.

The increased legal scrutiny raises critical questions, such as:

• what constitutes a legally sufficient response to a cyber-attack?
• how can organisations balance legal compliance with operational realities during a crisis?
• to what extent are “active defence” measures (eg, hack-backs) permissible under existing laws?
• can the various reporting requirements coexist or is there an order of precedence?

For TMT players, compliance now demands not only robust cybersecurity measures but also legally informed incident response plans and clear contractual risk-sharing arrangements with partners.

Expanding contractual obligations for technology providers: the downstream impact of new legislation

As technology becomes integral to critical sectors such as finance, healthcare and energy, lawmakers are introducing regulations that place increased responsibility on technology providers to manage systemic risks. The EU’s Digital Operational Resilience Act (the “DORA”) is a prime example, requiring financial entities to ensure the operational resilience of their technology providers and subcontractors. The DORA requires financial institutions to impose contractual obligations on their ICT services providers to adhere to stricter standards for risk management and operational continuity.

This legislative shift raises significant considerations for technology providers. These considerations are:

• compliance readiness: many small and mid-sized providers may struggle to meet the complex requirements of new laws like the DORA;
• contractual realignments: providers must re-evaluate contracts to address new liabilities and allocate risk appropriately across supply chains; and
• global implications: multi-jurisdictional compliance becomes a pressing challenge for providers operating in markets with divergent regulatory regimes.

These developments signal the need for TMT companies to adopt proactive compliance strategies, enhance internal governance and foster transparent relationships with clients and partners.

Telecommunications: the backbone of modern society and its increasing obligations

The telecommunications sector has evolved from being a critical utility to a societal backbone, underpinning essential services such as healthcare, education and emergency response. This evolution has brought with it heightened regulatory scrutiny and obligations, particularly under frameworks like the EU’s NIS2 Directive.

As telecom networks are central to societal and economic resilience, regulators are demanding that providers implement robust risk management and cybersecurity measures. Key obligations include:

• conducting mandatory risk assessments and adopting stricter incident reporting standards;
• ensuring the security of supply chains, particularly in the context of geopolitical tensions and the reliance on third-party technology vendors; and
• enhancing collaboration with governmental authorities to prevent and mitigate systemic risks.

Telecom providers must now balance commercial imperatives with their role as stewards of societal stability. This balancing act requires significant investment in technology, stronger internal controls and a willingness to collaborate with regulators to shape the future of the sector.

Regulating Big Tech’s role in society

The influence of Big Tech platforms such as Google, X (formerly Twitter), Facebook and Instagram on democratic processes has emerged as a critical issue for policymakers. Allegations of disinformation campaigns, algorithmic bias and foreign interference have led to increased scrutiny of these platforms’ role in elections and democratic processes. Scrutiny also continues to increase regarding the distribution of child sexual abuse material (CSAM), the impact of these media on children and the propagation of (fake) news via Big Tech platforms about a wide range of other topics that may adversely influence society, including politics, public health and national security.

Regulatory efforts to address these challenges include the following.

Transparency in political advertising

Laws like the EU’s Digital Services Act (the “DSA”) and proposed US legislation require platforms to disclose political ad spending and targeting criteria.

Content moderation standards

Governments are pushing platforms to implement stricter policies to combat misinformation and hate speech during election cycles.

Algorithmic accountability

Some jurisdictions are mandating transparency in how algorithms prioritise content, with a focus on minimising the spread of divisive or false information.

Enhanced protection of minors on social media platforms

Enhanced protection of minors on social media platforms includes age verification systems, bans on social media platforms for minors under a specific age (eg, 14) and monitoring of conversations and file exchanges on messaging services (potentially even those subject to end-to-end encryption).

The legal landscape is fraught with challenges, including balancing freedom of speech with content moderation, addressing platform accountability across jurisdictions and ensuring that regulations are both effective and enforceable. The biggest challenge might well be not to over-regulate and thereby smother innovation.

For Big Tech, the stakes are high. Companies must not only comply with new regulations but also adopt a proactive stance on ethical practices, transparency and public engagement to maintain trust in their platforms and mitigate societal risks.

Conclusion

The TMT sector is at the forefront of regulatory transformation, with technology, media, and telecommunications playing increasingly pivotal roles in shaping global economies and societies. From managing cybersecurity risks to ensuring operational resilience, fostering democratic integrity and meeting heightened societal expectations, the sector faces complex challenges and opportunities.

This guide aims to equip legal practitioners and businesses with the insights needed to navigate these developments effectively. Leading experts from their respective jurisdictions will provide relevant legal insight into the following topics: social media; the digital economy; cloud and edge computing; artificial intelligence; the internet of things, audiovisual media services; telecommunications; challenges with technology agreements; trust services and digital entities; and the gaming industry. By understanding the regulatory landscape and its implications, stakeholders can position themselves to lead in an era defined by rapid technological and legal change.