An unsettled regulatory environment is the greatest risk for senior enterprise risk executives in Q1 2025, according to research published today. Increasing compliance complexity and costs due to regulatory authority changes moved from the third most cited spot in the second half of 2024, according to the Gartner study.

In addition to the unsettled regulatory and legal environment after the US election, Europe and other regions are preparing for consequential elections that could also reshape regulatory landscapes. These political transitions carry the potential to redefine compliance frameworks, posing challenges for businesses striving to adapt to new legal realities, Gartner said.

“The global political arena is seeing transformative shifts, driven by elections that have ushered new governments into power across key economies, making the issue one that executives want to better understand and address before they face real consequences,” commented Gamika Takkar, director of research and key initiative leader for the Gartner Risk and Audit Practice.

To effectively navigate these challenges, organisations should assess their risk exposure to trade, tariffs and supply chain disruptions; regulatory and legal volatility; the shifting geopolitical landscape; and immigration and workforce changes.


Top emerging risks of Q1 2025 (Source: Gartner)

Unsettled regulatory and legal environment: The risk of increasing compliance complexity or costs associated with legal and compliance matters from regulatory authority changes following court decisions and elections.

AI-enhanced malware: The increased risk of high-impact and frequent cyber attacks from the use of Gen AI technologies that enable malware to autonomously modify and mutate its code.

IT vendor criticality: The risk that overreliance or unknown reliance on third- or nth-party IT vendors may result in operational IT risk, such as outages or data loss.

Tariff and trade policy uncertainty: The risk that instability in international tariff and trade policies can impact global markets, disrupting organisations' supply chains and substantially increasing the cost of doing business globally.

Information governance-driven AI risks: Risks relating to weak information governance policies or practices that lead to unintended data feeding AI models, causing inaccurate results, legal or policy breaches and privacy failures.

---