On 26 October 2025, the United States and Vietnam concluded a framework agreement aimed at establishing reciprocal, fair, and balanced trade relations. The final commitments are expected to be signed and ratified by both parties before the end of 2025.
This framework introduces comprehensive commitments across digital trade, services and investment, intellectual property, labor, environment, customs and trade facilitation, regulatory practices, and state-owned enterprise conduct. It includes reciprocal tariff arrangements, preferential market access for US exports, and the removal of technical barriers affecting US goods. These developments reflect a strategic effort to deepen bilateral economic cooperation while aligning regulatory standards and market access terms.

On 17 October 2025, Taiwan’s Legislative Yuan passed amendments to the Personal Data Protection Act (PDPA), establishing the Personal Data Protection Commission (PDPC) as the new supervisory authority for personal data matters.
These changes respond to a 2022 Constitutional Court ruling and aim to strengthen independent oversight while enhancing data protection standards across both public and private sectors.
Key updates include mandatory appointment of Data Protection Officers (DPOs) for government agencies, new breach notification and reporting obligations for non-government entities, expanded inspection powers for the PDPC, and a six-year transition period for certain supervisory functions.
The PDPC will also issue baseline security regulations and serve as the appeals body for administrative decisions. The effective date will be set by the Executive Yuan, with implementation expected in 2026.

On 22 September 2025, draft Law No. 14062 proposing the introduction of a foreign direct investment (FDI) screening regime was registered with the Ukrainian Parliament.
The draft law aligns with the European Union’s FDI Regulation 2019/452 and aims to safeguard national security by establishing a formal review process for investments in critical sectors such as infrastructure, strategic minerals, and defense. It introduces a notification requirement for qualifying transactions, a multi-stage review process, and sanctions for non-compliance, while also integrating with Ukraine’s merger control framework.

CEO fraud is evolving with artificial intelligence, shifting from mass phishing to highly targeted attacks that are harder to detect. Deepfake technology and hyper-realistic scenarios demand stronger compliance programs, ISO 37003-based fraud control systems, and proactive protocols to protect organizations against this rising threat.