Skip to content
Home

18 December 2024 | 5 min

New Laws 2025: Impact on GRC and Recommendations for Action for Companies

In 2025, several important laws and regulations will come into force in the EU, Germany and Switzerland that will significantly impact the governance, risk and compliance (GRC) management of companies. These new regulations affect areas such as sustainability, supply chains, financial stability and digitalization. Companies must adapt their processes early on to minimize risks and remain compliant with the law. Below is an overview of the most important laws, ordered by their entry into force date.

1. Electronic invoicing requirement in the EU

Entry into force: January 1, 2025

From January 1, 2025, electronic invoicing between companies in the EU will gradually become mandatory. The previously valid PDF invoice is no longer sufficient. Instead, structured data formats such as XML must be used, which enable automated processing. Companies must therefore ensure that their accounting systems and ERP software are compatible and can both receive and create e-invoices.

Impact on GRC:

– Governance: Internal policies must be updated to meet the new requirements.

– Risk management: Companies risk fines and delays in invoice processing if they fail to comply.

– Compliance: Systems must be converted in accordance with legal requirements in order to provide invoice formats that comply with the law.

Recommended action: Companies should review their IT and accounting systems and convert them if necessary. It is advisable to offer training for employees and start pilot projects for the electronic invoice process.

2. Corporate Sustainability Reporting Directive (CSRD)

Entry into force: January 1, 2025 (reporting obligation for the 2024 financial year)

The EU-wide CSRD significantly expands sustainability reporting obligations. In the future, companies will have to disclose extensive information on environmental, social and governance factors (ESG) in their annual reports. The directive will apply to large companies and, in the future, also to medium-sized companies with over 250 employees or a turnover of over 40 million euros.

Impact on GRC:

– Governance: Companies must develop ESG strategies and make them transparent. – Risk management: Lack of or inadequate reporting poses legal and financial risks.

– Compliance: Reports must be auditable and prepared in accordance with the new standards (e.g. ESRS).

Recommended action: Companies should develop a sustainability strategy and optimize reporting processes. The introduction of suitable reporting tools and external audits can help to meet the requirements.

3. EU Supply Chain Act (Corporate Sustainability Due Diligence Directive – CSDDD)

Entry into force: mid-2025 at the earliest

The EU Supply Chain Act obliges large companies to analyze, prevent and reduce human rights and environmental impacts along their entire value chain. The due diligence obligations apply to both their own activities and those of suppliers. Swiss companies that operate in the EU or generate high sales there are also affected.

Impact on GRC:

– Governance: Supply chains must be documented and audited. – Risk management: Companies must identify risks at an early stage and implement measures to minimize risk.

– Compliance: Strict liability regulations threaten in the event of misconduct or insufficient documentation.

Recommended action: Companies should analyze supply chain processes and carry out risk analyses. Digital tools for supply chain monitoring can help ensure compliance with the directive.

4. EU Deforestation Regulation

Entry into force: December 30, 2025

The new EU Deforestation Regulation is intended to ensure that products such as palm oil, wood, soy or cocoa have not contributed to deforestation or forest damage. Companies must prove that their products are deforestation-free and that no clearing has taken place for their production since 2020.

Impact on GRC:

– Governance: Companies must implement new due diligence processes for origin control.

– Risk management: Violations can lead to high penalties and reputational damage.

– Compliance: Companies must submit due diligence declarations in order to retain market access in the EU.

Recommended course of action: Companies should already review their supply chains and create transparency about raw material sources. Certification systems such as FSC or RSPO can provide support.

5. Finalization of Basel III in Switzerland

Entry into force: January 1, 2025

The final Basel III rules are intended to further strengthen the stability of the banking system. Banks must optimize their risk management processes, particularly with regard to the calculation of operational risks and capital requirements orders.

Impact on GRC:

– Governance: Banks must adapt their risk management guidelines.

– Risk Management: New methods for risk identification and assessment are necessary.

– Compliance: Compliance with the stricter capital and liquidity requirements.

Recommendation for action: Banks should revise their internal models and carry out comprehensive tests on risk-bearing capacity.

Conclusion

The year 2025 will bring numerous new laws and regulations that will affect companies in the EU and Switzerland and put GRC management to the test. From electronic invoicing to sustainability reports to supply chain control – companies must act in a timely manner to remain compliant with the law and minimize risks. Early analyses, implementation of IT solutions and training of employees are essential to meet the requirements and maintain the trust of stakeholders.

Share

Related posts

The Importance of Risk Control Self-Assessment (RCSA)
06 August 2024 | 5 min

The Importance of Risk Control Self-Assessment (RCSA)

 The Importance of Risk Control Self-Assessment (RCSA) Businesses can enjoy many benefits when they conduct a Risk Control Self-Assessment (RCSA) to identify vulnerabilities in their operations. To help you understand what a RCSA entails and the benefits it provides, we’ll explain the details of these assessments in this guide. From combating security issues to refining<a href="https://zazoon.com/risk-control-self-assessment-rcsa/">Continue reading <span class="sr-only">"The Importance of Risk Control Self-Assessment (RCSA)"</span></a>
Read more
The US-China trade dispute Europe and GRC
21 May 2024 | 3 min

The US-China trade dispute Europe and GRC

 The trade dispute between the USA and China is having a profound impact on the global economy. We would like to shed light on what consequences this could have for Europe and what GRC measures European companies should take to best prepare for the challenges. Background to the trade conflict The trade conflict began in<a href="https://zazoon.com/the-us-china-trade-dispute-europe-and-grc/">Continue reading <span class="sr-only">"The US-China trade dispute Europe and GRC"</span></a>
Read more
The EU Inc initiative: A new impetus for European startups
05 November 2024 | 8 min

The EU Inc initiative: A new impetus for European startups

 The European startup scene has developed considerably in recent years and is increasingly playing an important role in global competition. However, despite promising innovation and creativity, startups in Europe often face major challenges, especially when they want to expand their business across national borders. The EU Inc initiative was launched to address these challenges and<a href="https://zazoon.com/the-eu-inc-initiative-a-new-impetus-for-european-startups/">Continue reading <span class="sr-only">"The EU Inc initiative: A new impetus for European startups"</span></a>
Read more