AI governance and tougher regulatory enforcement around data and privacy are among eight key data law trends that are impacting businesses, according to a new report from Freshfields.

The 2025 Data Law Trends Report found that amid a greater focus on AI governance, 13% of S&P 500 companies have at least one director with AI expertise, rising to 30% for IT companies in the index and 60% for automotive-related businesses. By contrast, 18% of FTSE 100 companies have at least one director with AI expertise. This comes as a number of countries including the UK, US, Australia, Russia and Japan, among others, have implemented policies designed to streamline AI regulation nationally.

To that end, Freshfields says companies must prioritise accountability and transparency to align with regulatory expectations.

Cat Greenwood-Smith, a partner at Freshfields, said: “While lawsuits and investigations concerning AI are currently based on existing regimes, we expect to see a real influx of new cases once new legislation specifically targeting AI comes into effect.”

Another data law trend high on the agenda is the stricter enforcement backdrop, which is reshaping data and privacy compliance.

Giles Pratt, a Freshfields partner, said: “Data privacy regulators across the world are focused on AI. Businesses need to ensure that they are developing and deploying AI systems compliantly including, where appropriate, engaging closely with regulators as they do so.”

Data disputes are also growing through class action litigation in the EU, and while opt-out mass claims alleging UK GDPR infringements are much harder to bring post the Lloyd v Google judgment (where the UK Supreme Court ruled against mass class actions for data claims), case law is still developing. Similarly in the US, data breaches are leading to an increase in class action claims.

New global regulations are also changing digital operations, such as the EU Digital Services Act and the UK Online Safety Act.

Freshfields partner Rachael Annear said: “The debate over online safety is just beginning; emerging technologies and processes that are being developed now may well fundamentally change our expectations of the way we participate in life online.” 

Other trends flagged by Freshfields include an increased focus on international data transfers, a new wave of cyber threats, expanding US state consumer privacy laws, maturing privacy laws in Asia and new data access regulations in the EU. Freshfields notes that these trends are more than just legal changes, they are strategic opportunities for businesses that are ready to act.