Managing partners of some of Ireland’s top firms tell LawPLUS about the biggest legal challenges that businesses should be aware of this year

Lisa Broderick, managing partner of DAC Beachcroft

Several key legal risks and compliance challenges are expected to emerge in 2025 and it is crucial for businesses to proactively address these issues to mitigate potential impacts.

The rapid adoption of emerging technologies, such as generative artificial intelligence (AI) and blockchain, will present new regulatory challenges for businesses this year.

Navigating evolving regulatory environments and ensuring ethical use of technology and data, are critical things for businesses to consider.

Regulated entities should be aware of the Central Bank’s enforcement priorities and supervisory outlook for 2025 — this has been shaped in response to fast-paced development and digitalisation in regulated sectors.

The focus on consumer risks and operational resilience will continue this year.

The Central Bank has also responded to the exponential growth in the volume and variety of data used by businesses, with data and AI being a key risk focus this year.

Jonathan Sheehan, managing partner of Walkers’ Ireland office

Introduced in December 2023, the Individual Accountability Framework (IAF) strengthens governance and accountability for Irish financial services firms by establishing new conduct standards.

We have launched an e-learning IAF training programme to help clients implement the required changes, including responsibility maps and policy reviews.

With the implementation of the Digital Operational Resilience Act (Dora) in January this year, we have been supporting clients operating in the financial services industry in preparing ICT resilience frameworks and updating policies.

Additionally, with the Markets in Crypto-Assets Regulation (MiCAR) now applicable since December 30, establishing a harmonised EU regulatory framework for crypto-assets, we are assisting with crypto-asset service provider (CASP) authorisations and providing guidance on token classifications as MiCAR or MiFID instruments.

John White, managing partner of Beauchamps

There is no doubt that the regulatory burden is increasing with environmental, social, and governance (ESG) and sustainability reporting expanding, and the EU AI Act introducing new compliance and transparency obligations.

Our ESG team and commercial and technology teams have been working with clients on an ongoing basis to audit, analyse gaps and navigate these developments.

While regulatory compliance and cyber risk remain major issues, the central risk, which is not specific to the legal industry, is geopolitical instability and unpredictability.

Stephen Keogh, managing partner of William Fry

The volume of regulatory change is a significant concern for many businesses.

Different businesses will have different priorities and challenges depending on the sectors in which they operate.

In addition to the challenging Corporate Sustainability Reporting Directive (CSRD) reporting obligations that apply to large businesses and that will in the future apply to many companies, some sectors are likely to see significant growth in legal and regulatory obligations.

For example, the construction and real estate sectors can expect new obligations such as the statutory licensing regime being introduced by the soon-to-be-enacted Licensing of Construction Activity Bill, and the anticipated changes to the energy performance of buildings as a result of the transposition of the revised Energy Performance of Buildings Directive (recast).

An early, proactive response to ongoing and developing compliance challenges is the best way to minimise the financial and legal impact of those changes on a business.

Orlaith O’Brien, partner at OBH Partners

In addition to the threat of US tariffs across Europe, changes in US corporate tax policies and re-shoring pressures could affect Ireland’s attractiveness for foreign direct investment.

Protectionist trade policies and disruptions in global supply chains may pose significant risks.

Monitoring these developments and adapting strategies accordingly with clients is important.

With the increasing sophistication of cyberattacks, businesses must ensure they are compliant with data protection regulations.

Businesses should invest in advanced cybersecurity measures, conduct regular data protection audits and provide ongoing training for employees on data privacy best practices.

Changes in employment law, including regulations around remote work and employee rights, require businesses to stay updated and compliant.

Businesses need to stay informed about changes in employment law, update company policies accordingly and provide training for HR and management teams on compliance requirements.

Jennifer Fay, partner in charge of Clark Hill’s Dublin office

Increased cybersecurity threats pose significant risks for companies in a variety of areas, from data privacy breaches and AI-driven cyberattacks to simple email vulnerabilities.

The global nature of our business requires that companies not only know the cybersecurity regulations of their home nation, but the major policies of other countries as well.

Companies must ensure that they have adequate cybersecurity compliance policies and insurance in place to protect them when their systems are compromised.

Donnacha O’Connor, managing partner of Dillon Eustace

The amount of regulation affecting businesses in the EU continues to increase and the volume and pace of change is the major challenge, particularly for small or medium sized firms.

There are signs that overregulation may be peaking and this would be very welcome.

There will be material changes in the area of digital regulation this year, particularly with Dora, MiCA and the AI Act having become effective.

The CSRD will impact certain companies this year. For financial services firms operating in the retail market, the new Consumer Protection Code will result in material changes to the existing regime.

For employers, auto-enrolment is scheduled to begin later this year and will require significant preparation to implement.

Getting a good high-level overview of the various developments and then using an adviser for specific detail and interpretation, and to help you design a compliance plan, is probably the most efficient approach.

The downside risk to going it alone and getting it wrong can be very high.

Adam Griffiths, partner at Taylor Wessing and head of Dublin office

Political uncertainties, particularly shifts in trade policies, sanctions, and tariffs, will impact businesses with international operations.

Companies will need to stay agile and adjust to these evolving dynamics.

Separately, as cyberattacks become more sophisticated, businesses will need to continuously evolve security measures to mitigate risks.

Also, ESG issues, particularly climate-related risks, remain critical.

Many businesses are grappling with whether to adapt or abandon their sustainability goals in light of political and economic uncertainties.

Despite these pressures, companies must align their strategies to manage climate risks while remaining resilient.

Finally, automation, AI and the rise of remote work are reshaping workforce structures.

Companies will need to rethink their talent strategies, focusing on adapting to new ways of working and addressing labour laws and employee rights.

William Carmody, managing partner of Mason Hayes

In 2025, compliance won’t be a box to tick — it will be a business necessity.

Companies that treat legal risk as an afterthought will struggle. Those that embed it into their strategy will thrive.

The biggest pressures will come from tighter AI, cybersecurity and ESG rules, along with greater scrutiny on cross-border investments.

Regulators are watching, and the cost of getting it wrong — in fines, reputational damage, and lost deals — is only going up.

The solution? Get ahead.

Businesses need to hardwire compliance into their operations, not just react when issues arise.

That means keeping pace with regulatory changes, tightening governance, and using tech to track risks and automate processes.

Joe O’Malley, managing partner of Hayes Solicitors

Legal risk and compliance present an ever-increasing challenge and cost burden for businesses.

Cyber threats to the security of data and finance systems in particular are constant and growing threats to businesses and require continual high priority and investment to ensure robust systems are in place and regular staff training is conducted to mitigate these risks.