COMPLIANCE OPERATION & ORGANIZATION
Voxius Compliance Management Regien Haarbosch
“COMPLIANCE IS NO LONGER A CHECKLIST, IT’S A COMPASS. IN A WORLD OF SHIFTING RISKS AND RISING EXPECTATIONS, IT GUIDES THE BUSINESS FORWARD.”
“FORCE
LEADERS TO MAKE CLEAR COMPLIANCE CHOICES”
Participant quote
A deeper look into the compliance landscape
We proudly present the second edition of the Voxius Compliance Trend Report 2025. In 2023, we published the first edition in response to requests from participants of the Compliance Round Tables. These participants, senior professionals with ultimate responsibility for Compliance within major multinational organizations, expressed a clear need to gain greater insight into each other’s challenges, ambitions, and priorities. As a recognized expert in the field, Voxius took the initiative to meet this need by launching a broad-based Compliance Survey.
A shifting compliance environment
Two years on, the compliance landscape looks notably different, shaped by internal developments, external pressures, and shifting expectations has once again sparked the demand for a better understanding of the current state of Compliance within the Dutch corporate sector.
Our second round of research shows that most organizations are steadily advancing the maturity of their compliance programs. Among companies that participated in both surveys, we observed marked shifts in organizational support: some strengthening their commitment, while in other cases, interest in compliance had faded surprisingly quickly. These fluctuations often reflect broader business dynamics, regulatory changes, and (geo-)political influences. It underlines how compliance is increasingly influenced by forces beyond the compliance function itself.
Why a compliance trend report matters
In a world where regulations shift rapidly and risks continue to evolve, staying ahead is more important than ever. Organizations face growing pressure to invest time, money, and people into compliance, often at the expense of short-term gains. That makes every decision count.
Understanding ethics and compliance trends provides business with practical insights into what’s happening in the field, what’s working, what’s changing and where the greatest challenges lie. Instead of navigating in isolation, you can benchmark your approach, detect blind spots early, and learn from proven strategies used by peers. For example, companies that adopt AI and regulatory tools can adjust their operations while staying ahead of regulatory requirements.
For compliance, risk, and business leaders alike, this report is more than just a snapshot. It’s a tool to spark better conversations, smarter investments, and stronger alignment across the organization. By learning from one another, we raise the bar for compliance and help build more resilient, future-ready businesses.
What to expect in this report
This Compliance Trend Report presents key insights, recurring themes, and practical takeaways drawn from in-depth conversations and interviews. The findings are organized thematically to provide a clear overview of current perspectives and challenges within the compliance landscape. It is intended to serve as a mirror, a source of inspiration, and a strategic compass for professionals navigating the ever-evolving world of compliance.
Voxius: your compliance ally
At Voxius, we believe that strong compliance drives strong business. That’s why we don’t just follow trends; we help shape them. As a trusted partner in executive search and compliance advisory since 1997, we have been working closely with top-tier organizations to connect strategy, people, and purpose. With a dedicated focus on Compliance since 2008, we have witnessed this field’s transformation into a cornerstone of corporate resilience and reputation.
The Compliance Trend Report is our way of giving back to the community, by turning real-world dialogue into clear insights. We listen to what’s happening on the ground, identify what matters most, and share what works. Our goal? To empower compliance leaders with the tools, talent, and perspective they need to move forward: smarter and stronger.
On behalf of Voxius Compliance Management
Regien Haarbosch
Amsterdam, September 2024 - June 2025
2. Survey Methodology
In-depth and confidential
This report is based on 54 in-depth interviews with compliance leaders across a wide range of industries in the Netherlands, conducted between October 2024 and May 2025. Each interview included a comprehensive questionnaire of 44 questions, addressing both current challenges and emerging trends. To ensure full confidentiality, all responses were shared exclusively during one-on-one, personal interviews. All findings presented in this report are anonymized.
Qualitative insights over quantitative analysis
We intentionally chose a qualitative, interviewbased approach rather than a quantitative survey. The level of compliance maturity varies significantly by industry, geography, and company size, making broad statistical comparisons less meaningful in this context.
Instead, we prioritized personal, in-depth conversations to better understand how compliance is interpreted, implemented, and integrated into each organization’s unique culture. This approach offers richer, contextdriven insights that go beyond surfacelevel metrics and highlight how compliance truly operates within today’s business environments.
Nearly three-quarters of respondents (73%) are from organizations headquartered in the Netherlands, and 80% work at companies with over 1,000 employees. All participants hold responsibility for ethics and compliance, representing a diverse spectrum of sectors, from industry and manufacturing to media and financial services.
The interviews explored both the current state and two-year outlook in the following key areas:
Culture and Strategy
Regulatory Changes and External Developments
Technology
Effectiveness and Measurability Future Trends
These conversations revealed not only today’s key trends and focus areas but also the specific goals companies are setting in response. A full overview of the participating organizations can be found at the end of this report.
Note: When comparing data from the 2023 and 2025 reports, please bear in mind that direct comparisons may be imprecise. The participant group has evolved, and the questionnaire was updated to reflect developments in the field. These changes improve the relevance of our findings but may limit longitudinal comparability.
3. The voice of Compliance: Our Participants
A MIX OF OWNERSHIP
(Semi-) government Private equity participation 5% 5% 10%
Other (e.g., private limited, joint ventures, etc.)
45% 20% 15%
Subsidiary within a Group
Listed Family owned business
The
voice
of compliance: our
participants
Voxius conducted a survey of 54 ethics and compliance professionals to gain insight into current practices, key challenges, and how organizations are adapting to remain fit for the future. The companies represented in our survey vary widely in size, structure and international reach.
A mix of ownership models
Nearly half (45%) of the companies are publicly listed, bringing with them the structure and scrutiny of formal governance. The rest include family-owned firms and subsidiaries of larger groups, organizations that often have different priorities and decision-making approaches.
Large employers
Most of the companies have between 1,000 and 50,000 employees. These are large, complex businesses where compliance plays a central role in keeping operations running smoothly.
Rooted in the Netherlands, active worldwide
While 73% are headquartered in the Netherlands, their reach extends far beyond. On average, they operate in around 20 countries where they also employ staff, with half active in 20 or more markets.
Company global presence categories:
Single-Country Operations: Companies operating in only 1 country
Limited International Presence: Companies operating in 10 countries
Regional Presence: Companies operating in 11-30 countries
Significant Global Presence: Companies operating in 31-75 countries
Extensive Global Network: Companies operating in more than 75 countries.
COMPANIES BY CATEGORY
0–1.000 employees
11 companies
1.001–10.000 employees
23 companies
10.000+ employees
20 companies
36%
All corners of the economy
The companies span a wide range of industries, including transport, logistics & mobility (24%), industry & manufacturing (33%), construction & building (11%), and technology & software (11%).
18 13 6 6 5 5 3 3 1
Industry & Manufacturing (18)
Transport, Logistics & Mobility (13)
Construction & Building (6)
Technology & Software (6)
Financial & Business Services (5)
Trade, Retail & E-commerce (5)
Consumer Goods (FMCG) & Food (3)
Healthcare & Pharmaceuticals (3)
Media & Communications (1)
Note: please keep in mind that the results in the chart above should not be interpreted as exclusive industries. Some participating companies operate in more than one sector. Therefore, the numbers do not add up to 54.
Revenue ranges that matter
The survey includes a good mix of companies of different sizes. Just over half of the participants have a revenue below €5 billion, while 40% are large companies earning more than €5 billion. This variety gives a broad view of how compliance is handled and also proves that compliance matters at every scale.
PARTICIPANTS TURNOVER (2024)
are responsible for one or more regions. 14% of respondents oversee compliance for the entire company or group. 84% focus on specific legal entities. 2%
Lean compliance teams
The size of the various compliance departments has not changed significantly over the past two years. About one third of the companies have fewer than five full-time compliance professionals. This is similar to what we found in 2023, and it highlights how many compliance teams are still relatively small, even as their responsibilities grow.
Compliance: In the loop, but not always in the room
4. The Compliance Landscape in 2025
COMPLIANCE INTEGRATION
Integration of compliance in business operations
It requires a holistic approach toward managing compliance in an organization. In order to be effective, compliance programs should align with business objectives to minimize disruption. However, the extent of integration varies:
At first glance, the results shown in the visual appear somewhat contradictory. When asked whether compliance is sufficiently integrated into the business, 27% say it is well integrated, 29% say it is partially integrated, and 44% say it is not integrated at all. Regarding compliance’s involvement in the business
plans of internal customers, 38% indicate that they are involved early, while 29% say they are informed upon request. This suggests that compliance is often aware of developments, they peek through the window but are not actively participating in decision-making processes.
Compliance involvement vs. Perceived integration
PERCEIVED COMPLIANCE INTEGRATION IS COMPLIANCE INFORMED ABOUT IN BUSINESS PLANS INTERNAL CLIENT?
To better embed compliance into the business, the participants suggest focusing on:
1. Automate Tasks: reduce manual work to boost efficiency.
2. Enhance Communication: align compliance with key business decisions.
3. Embed in Operations: integrate compliance into procurement and logistics.
4. Stay Informed: keep abreast of new laws and business plans.
5. Invest in Resources: allocate sufficient personnel and tools.
6. Establish Ethics Committees: incorporate ethics into leadership and culture.
7. Train
8. Drive Cultural Change: foster
Reporting lines, mandate, and budget
Reporting lines
The way a company organizes its compliance function, and who it reports to, can have a big impact on how effective it is. Most respondents believe that compliance should report directly to the CEO, ideally with a dotted or direct line to the Supervisory Board or Audit Committee. This setup helps ensure both independence and visibility.
In practice, however, the compliance function often reports to the General Counsel which may limit its perceived independence. The ideal structure strikes a balance: it should offer enough independence to be credible, without isolating the function.
CFO/EXECUTIVE COMMITTEE(EXCO)
CEO/GENERAL MANAGER
GENERAL COUNCEL/VP LEGAL
GENERAL COUNCEL (GC)
CFO/FINANCIAL DIRECTOR
SUPERVISORY BOARD/AUDIT COMMITTEE
CHIEF COMPLIANCE OFFICER/COMPLIANCE DIRECTOR
CHIEF COMPLIANCE OFFICER/ETHICS COMMITTEE
MIXED/DUAL REPORTING
MANAGEMENT/OTHER FUNCTIONS
SUPERVISORY BOARD/BOARD MEMBER
NO CLEAR PREFERENCE/CONTEXT DEPENDENT
OTHER EXECUTIVES/FUNCTIONS
CRITICAL NOTES(E.G. INDEPENDENCE, VISIBILLITY)
GLOBAL /REGIONAL COMPLIANCE ROLES
Note: Some participants have dual reporting lines and therefore provided two responses Prefered reporting lines
Reporting lines in practice
“COMPLIANCE ISN'T A DEPARTMENT. IT'S A WAY OF LIFE”
Participant quote
Team size and resources
Many compliance departments continue to run lean, with a small core team supported by regional officers or ambassador networks. Common challenges in reporting include unclear responsibilities, vague scopes, and difficulties coordinating with decentralized teams.
Mandate and budget
The overwhelming majority of respondents (over 91%) believe that the compliance function has the necessary mandate, up from 86% in 2023.
However, the figures regarding the budget allocated to properly fulfill the compliance program have also remained largely unchanged and remain concerning. Only 50% feel they have a sufficient budget, similar to 53% in 2023. Many describe their budgets as ad hoc or insufficient for specific needs like staffing or tools.
Independence and structure of the compliance function
The structure and independence of the compliance function are vital for its effectiveness. Most respondents agree that compliance should ideally report directly to the CEO, with a dotted or direct line to the Supervisory Board or Audit Committee. In practice, however, compliance often reports to the General Counsel, especially in organizations where compliance is closely tied to financial risk. Only a few companies have a dedicated Chief Compliance Officer. In many cases, compliance is still embedded within legal or finance departments, which can limit its perceived independence.
When asked whether the compliance officer should be fully independent, the majority of respondents said yes. The majority believe that conflicts of interest between competing compliance and non-
compliance responsibilities may compromise independence. However, interpretations of “independence” vary. For some, it means having dismissal protection or a separate budget. For others, it’s about having direct access to senior leadership or simply feeling mentally independent.
Interestingly, several respondents emphasized that independence is not just structural, it’s also cultural. Some noted that independence is not necessary in their specific company
culture, relying on organizational trust. Still, the consensus is clear: independence, whether formal or informal, remains crucial for credibility.
Internal reporting and incidents
A strong (internal) reporting system, like a whistleblower hotline, is essential for spotting risks early. Most participants (85%) say their system works well, but 15% say it doesn’t. Still, the numbers tell a more complex story.
Over half (51%) of the respondents receive few or no internal reports, which could signal that employees aren’t speaking up, even when they should. That raises an important question: how do you really know your system is effective? If there are almost no reports, it might not mean everything is fine, it could mean problems are going unreported.
These numbers suggest that while the setup may look good on paper, it doesn’t always translate to real-world impact. A wellfunctioning system depends not just on having the right tools, but on trust, accessibility, and a culture where people feel safe to speak up.
Although direct comparisons between the 2023 and 2025 compliance reports are tricky due to changes in the survey and a changed participant base, the numbers do show improvement. In 2023, this topic was ranked 7th in importance among compliance issues, but it has now moved up to 4th place. While more organizations might be adopting internal reporting programs compared to last year, the numbers in this survey are still worryingly low.
Here’s how participants described the flow of internal reports in their organization:
Incident trends and crisis readiness
In 2025, 85% of participating companies reported experiencing at least one compliance incident, a noticeable increase compared to 71% in 2023. The most frequently mentioned types of incidents include competition law violations, fraud, bribery, and safety breaches.
Encouragingly, 79% of respondents have a crisis communication plan in place for significant compliance incidents, and 60% have implemented crisis management training. Although incidents seem to be occurring more frequently, companies are responding with greater proactivity and preparedness. However, there is still room for improvement, especially in ensuring that crisis plans are regularly tested and that training reaches all levels of the organization. This will not only help mitigate damage but also reinforce trust with regulators, employees, and the public.
Evolving strategic approaches
The survey highlights an accelerating shift toward risk-based compliance. By 2025, 85% of respondents report adopting a risk-driven approach: up from just 56% in 2023. It’s evident that organizations are moving beyond traditional compliance checklists and embracing smarter, more strategic ways to manage regulatory challenges. See visual Compliance strategy p. 30
Risk-based approach
This strategy is clearly on the rise. By prioritizing risks and allocating resources where they have the most impact, its adoption has grown from 64% in 2023 to a remarkable 85% in 2025.
2025-85% 2023-64%
Rule-based approach
While this method offers clarity by strictly following rules, it has proven too rigid in today’s dynamic environment. Its popularity has dropped sharply from 22% to just 6%.
2025-6% 2023-22%
Principle-based approach
Focused on ethical values and moral guidance, this approach has remained relatively stable. Organizations continue to value it, though growth has been modest.
2025-25% 2023-26%
Other strategies
Still a minor category, but its usage has doubled.
2025-4% 2023-1%
Note: please keep in mind that the results in the chart above should not be interpreted as exclusive categories. Compliance strategies such as risk-based, rule-based, and principle-based can overlap when, for example, a company may adopt both a risk-based and a principle-based approach. Therefore, the percentages do not add up to 100%, as multiple strategies may apply simultaneously.
INCIDENT TRENDS
“WE SUCCEED TOGETHER, AND THAT INCLUDES FOLLOWING THE RULES TOGETHER”
Participant quote
5. Culture & Leadership
“TRUST IS EARNED IN DROPS AND LOST IN BUCKETS”
Participant quote
What defines compliance culture in 2025?
When asked to rank key components of compliance culture, respondents emphasized elements that encourage daily, practical applications such as clear communication, regular training, and a shared sense of responsibility.
Below are the most frequently mentioned responses about the most common compliance practices and culture in the respective organizations
Good communication of policies and expectations throughout the business
A collective understanding of risk affecting the organization
Integration of compliance into daily business prosesses
Awareness of the regulartory compliance regulations
Creating an intuitive incident reporting and case management process
Encouraging compliant behaviour (e.g. incentives, career-prerequisites
Effective compliance technology to facilitate the culture (1= most important, 8=least important)
The results show that a strong compliance culture is built on people and practices, not just systems. Interestingly, technology and incentives, while helpful, are ranked lower.
The most valued elements are those that help employees understand and apply compliance in their daily work, like continuous training, clear communication, and shared awareness of risks. This suggests that compliance isn’t something you install, it’s something you live. In short, effective compliance is not just about knowing the rules, it’s about making them part of how people think, act, and collaborate every day.
How to build a stronger culture?
Culture doesn’t change overnight but it can evolve with intention. When asked how to strengthen their compliance culture, participants shared a wide range of ideas. From these, several core themes emerged.
Leaders and professionals alike are looking for a more human, connected, and practical approach to compliance. Top priorities include raising awareness, improving communication, and setting the right tone from leadership. Breaking down silos, modernizing tools, and fostering intrinsic motivation are also seen as key to building a culture where compliance is a shared responsibility, not just a checklist.
“ NURTURE DILEMMAS, BECAUSE AT LEAST THEN THEY ARE CONSIDERED”
Participant quote
Supporters argue that when compliance is tied to performance incentives, it sends a strong signal: ‘doing the right thing and doing things right’ matters. For example, tracking training completion, incident-free records, adherence to values, and following the code of conduct can be a fair way to reward ethical conduct. In their view, bonuses can make compliance feel like a shared priority, not just a back-office concern.
But not everyone is convinced. Critics worry that linking compliance to financial rewards risks turning it into a “check-the-box” exercise. They argue that true compliance should come from within. Money cannot and should not motivate integrity. Some warn that this approach could even backfire, encouraging minimal effort just to qualify for the bonus.
Ultimately, the response suggests that incentives can support a compliance culture, but it should be part of a broader cultural effort, not a quick fix.
Are compliance professionals and management on the same page?
To understand how closely compliance professionals align with their executive leadership, we asked them what drives their decisions, and what they believe drives their executive teams. The differences reveal a gap in priorities and mindset.
COMPLIANCE BE TIED TO BONUSES?
Elements that are most important for you (compliance professional) and the
(management) when making compliance decisions.
1=Most important, 8=Least important.
What this chart clearly shows is that compliance professionals place intrinsic motivation at the top of their list (1.15), showing a deep-rooted commitment to ethics and integrity.
Executive leaders, on the other hand, are slightly more pragmatic. While they value ethics (2.08), they’re more focused on reputational risks (1.81) and financial consequences like fines, costs, and lost revenue.
Interestingly, compliance professionals care less about ‘getting caught’ or about the marketing perks of compliance: they are in it for the principle, not the PR.
Bottom line: Compliance professionals lead with values, while management leans into risk and return. This gap in mindset could explain why strategic and operational compliance sometimes feel out of sync.
To make this even more insightful we compared:
How often compliance officers and executive management had 6 or 7 identical rankings (high alignment).
How often they had 2 to 5 identical rankings (moderate alignment).
How often there were 6 or 7 differences in rankings (low alignment).
71% 15% 14% 6 or 7 differing rankings 2 to 5 identical rankings 6 or 7 identical rankings
This shows that in most cases, compliance officers and their perception of management are partially aligned, but rarely fully aligned or completely different. Given that results are consistent with those from 2023, this pattern appears to be stable over time.
“RESPECT FOR PEOPLE, RESPECT FOR LAWS”
Participant quote
Bridging the say-do gap
Most compliance officers believe it’s important to be aligned with leadership. This doesn’t mean that everyone has to agree on everything all the time. What matters most is being aligned on the big decisions, the ones that shape how the company handles risk, ethics, and long-term integrity.
Open and honest conversations are key. They help both sides understand each other better, spot potential issues early, and make better choices. Even though compliance and management often have different roles and perspectives, they need to work toward the same goals.
A healthy culture is one where people can speak up, challenge ideas respectfully, and collaborate to find the best solutions. That kind of culture is essential for resolving disagreements and building trust across the organization.
Different priorities, same goal
Our findings show that compliance professionals and management don’t always see eye to eye when it comes to what makes a compliance program successful.
The visual shows us that compliance officers and management sometimes have different priorities. Management focuses more on avoiding problems, while compliance officers emphasize embedding compliance into the culture, encouraging ownership, and building trust.
Both sides agree that being proactive and tracking measurable results is important, but they weigh these aspects differently.
Compliance: What’s rising, what’s evolving?
As compliance challenges grow more complex, organizations are sharpening their focus. Compliance is no longer just about following the rules, it’s about building resilience, acting responsibly, and preparing for what’s ahead. This chapter highlights the key topics that are shaping compliance agendas in 2025. From the enduring importance of the Code of Conduct to the rapid rise of Cybersecurity, ESG and AI.
“ETHICS IS KNOWING WHAT YOU DO AND WHAT IS RIGHT TO DO”
Participant quote
Top priorities in 2025
The landscape of compliance is evolving rapidly, but some foundations remain strong: As in 2023, the Code of Conduct remains the most frequently mentioned compliance priority. It continues to serve as the cornerstone for setting expectations and guiding ethical behavior within organizations. A typical Code of Conduct outlines an organization’s core values, standards, and behavioral guidelines. It often includes topics such as whistleblowing procedures, fair business practices (e.g., anti-corruption), and compliance with laws and regulations (e.g., insider trading). It’s no surprise, then, that compliance professionals continue to rely on the Code of Conduct as their guiding compass.
Cybersecurity & IT compliance has climbed rapidly in importance on the compliance leaderboard, officially earning second place as a top worry across industries. It is taking second place in 2025. This reflects a growing awareness of data security risks, especially in a world shaped by AI and digital transformation.
Note: The Code of Conduct includes a variety of topics. Some organizations focused mainly on one or two of these areas, while others considered the entire Code equally important. We gave participants the flexibility to reflect their own priorities in their responses. Because of this, the results offer useful insights into general trends, but they may not represent a fully consistent view across all respondents
ESG
Environmental, Social & Governance( ESG) has seen a remarkable surge. In 2023, only 3% of participants placed ESG among their top two priorities. By 2025, that number has skyrocketed to 74%. While the participant group has changed, and external factors like geopolitics may have influenced the shift, the message is clear: ESG is now a daily operational concern, not just a reporting exercise.
Cybersecurity & IT compliance
Cybersecurity has emerged as a major concern across all industries and now ranks second place. In 2023, it didn’t even make the top 25 of most important compliance topics for the survey participants. The rise of AI-driven threats, increasing regulation, and the need for data protection are key drivers. Companies are responding by investing in:
Continuous monitoring Crisis response planning Employee training
Compliance plays a key role in bridging the gap between IT, legal, and business, translating technical risks into strategic decisions. Visual met vergelijking toevoegen
Whistleblowing
Whistleblowing has jumped from 7th place in 2023 to 4th in 2025. Most organizations (85%) say their internal reporting mechanisms work well. Yet the relatively low number of actual reports suggests a deeper issue: Do employees truly feel safe and supported in speaking up?
A robust whistleblower procedure is important, but it’s not enough. Organizations must build a culture of trust where people feel secure in raising concerns without fear of retaliation.
Technology & AI: From automation to prediction
Compliance is becoming smarter and more strategic, thanks to technology. Digital tools help shift compliance from manual and reactive to strategic and predictive, freeing up time for highervalue work.
ENVIRONMENTAL, SOCIAL & GOVERNANCE
3%
ESG & Sustainability: From Reporting to Strategy. Despite some resistance on the geopolitical stage, ESG is becoming a central compliance focus in the EU and beyond. It is no longer limited to annual reports; it’s now a framework for how companies operate every day. New regulations like the Corporate Sustainability Due Diligence Directive require companies to be more transparent, especially regarding their supply chains. ESG now ranks 7th overall, marking its transition from a ‘nice to have’ to a core compliance pillar.
MEASURING COMPLIANCE EFFECTIVENESS HAS DOUBLED IN 2025
Technology-driven compliance
From automating routine monitoring tasks to enabling risk assessments and data analytics, digital tools are helping organizations automate their compliance programs. As regulatory environments become more complex, leveraging technology is no longer a luxury but a necessity for staying ahead and ensuring ethical business practices.
Most compliance departments use software tools to manage regulatory requirements, industry standards and internal policies. Privacy and screening tools are the most commonly used categories by our respondents. Whistleblowing tools (like Navex) are also widely used, showing a strong focus on ethical reporting and compliance infrastructure.
Monitoring & automation
Measuring effectiveness
In 2023, 35% of compliance leaders wanted to measure the effectiveness of their programs. Doing so would help demonstrate to management how well risks are being managed and how the program is perceived across the organization. In 2025, that number has risen to an impressive 70% reflecting a maturing approach to compliance.
During our interviews, we explored the different mechanisms companies use to evaluate the effectiveness of their compliance efforts. Below the variety of tools, they use to track impact:
Around 70% use basic KPI’s, such as incident counts, training participation, and suspicious activity reporting.
A smaller group (20%) is moving advance based metrics such as culture surveys, board reporting or greenwashing metrics, This shows signs of compliance program maturity.
About 10% are still in the early stages, with informal or underdeveloped KPI frameworks.
The trend is clear: compliance teams are increasingly expected to demonstrate value, not just track activity.
Automation
Our comparison of automation priorities between the 2023 survey and the current one shows a significant shift. More companies are automating routine compliance tasks, like monitoring and reporting, yet only a few have fully embraced regulatory technology for tracking changes.
Nearly half (47%) of respondents believe technology will positively transform their compliance departments, enhancing efficiency and easing administrative burdens. However, a small segment (9%) expresses concern that automation could weaken the human aspect and its relevance to behavior-driven compliance.
AI, from emerging topic to essential tool
One of the most game-changing compliance trends in 2025 is the increasing reliance on AI to detect risks earlier, monitor employee behavior, personalize training and identify patterns. What was a niche topic just two years ago, is now at the heart of compliance innovation.
The EU’s Artificial Intelligence Act is setting global standards. It requires strict transparency and accountability, especially in high-risk industries. Non-compliance can result in serious fines and reputational damage.
But there’s a gap between ambition and readiness.
30% of organizations show high maturity, with dedicated AI teams and clear governance.
35%
operate at a medium level, using legal or IT oversight without a unified strategy.
35% are still in early stages, relying on ad hoc approaches without formal processes.
As AI becomes embedded in compliance, clear ownership, ethical safeguards, and structured oversight are essential.
Conclusion: Compliance is growing up
Across all topics, one trend stands out: compliance is becoming more proactive, data-driven, and strategic. What used to be a rules-based function is now a dynamic part of business resilience. The organizations that lead in 2025 will be those that embrace change, invest in trust, and integrate technology without losing sight of culture.
Strategic outlook for 2025 and beyond
8.
Shaping
the
Future
of Compliance
Understanding the shifting regulatory landscape
Compliance functions operate within a complex and rapidly evolving environment. Staying abreast of new regulations (EU and national) and understanding their impact is a significant challenge. Based on our research, the most frequently cited regulatory developments expected to reshape compliance programs in the coming years include the following:
ESG regulations: CSRD and CSDDD take the lead
As ESG gains momentum, regulations like the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD) are becoming more prominent.
CSRD is the most frequently cited, requiring companies to report not only on their own operations but also consider their entire value chain, including environmental impact, sourcing practices, and human rights. While compliance teams are sometimes involved, sustainability departments (28%) or other teams (36%) usually take the lead. Common challenges include data collection, scoping, and integrating new requirements.
The CSDDD is also drawing attention, as it introduces a legal duty to act. Though it takes effect later than the CSRD, it’s being closely watched, especially in relation to ethical tech and supply chain practices.
Since President Trump’s return in early 2025, ESG efforts have encountered headwinds in the U.S., with rollbacks on environmental and social policies. Some Dutch companies with U.S. ties have scaled back their ESG initiatives, though most European organizations remain committed. Even in Europe, however, requirements are being eased: in February 2025, the European Commission approved a delay to the CSRD and a softening of the CSDDD through a ‘stop-the-clock’ directive. This directive postpones key reporting and due diligence obligations, giving companies more time to prepare and legislators more room to simplify the rules.
The EU AI Act: Balancing innovation and oversight
Under the EU AI act, all companies involved with AI systems must comply with the regulation, but the specific requirements vary based on the risk level of the AI system. One of the immediate requirements is ensuring that employees working with AI have adequate training to identify risks and use AI responsibly. While some provisions are already in effect, most compliance obligations roll out through 2025 and 2026.
AI is viewed with both interest and caution; potential benefits lie in automating administrative tasks, enhancing due diligence and monitoring. Concern persists regarding reliability, ethics, and the need for human oversight (human in the loop).
Cybersecurity: A rising priority
New and updated regulations (e.g. DORA, data privacy, AI, whistleblower protection), require organizations to implement more rigorous cybersecurity controls. There’s a growing focus on how organizations handle personal data, which means compliance teams are working more closely with IT and legal experts. On top of that, they need to keep a close eye on third-party vendors to make sure everyone in the supply chain meets security standards. And because regulations vary so much between regions, like stricter rules in the EU and looser ones in the U.S., global companies need to stay flexible and adapt their approach depending on where they operate.
Other regulatory developments
Sanctions, ESG mandates, whistleblower protections, data governance laws, and financial directives are also top of mind, especially in light of ongoing geopolitical tensions and rapid digital transformation.
Note: These insights are drawn from participants across diverse industries. Interpretations of regulatory priorities may vary accordingly.
Frequency of emeging regulations impacting compliance programs
Quality
Accessibility
External trends
Beyond Regulation: Broader Forces Shaping Compliance
When asked about future trends or risks not yet fully recognized in the compliance field, participants identified a broad and diverse range of emerging issues. Most of these topics were already covered in the previous chapter. In addition, a number of other developments are highlighted that are expected to have a significant impact on Dutch businesses, and, by extension, their compliance departments.
A.I. & AUTOMATION REGULATORY COMPLEXITY & DIVERGENCE
ORGANIZATIONAL & ROLE EVOLUTION
CHANGING WORK ENVIRONMENTS
BEHAVIORAL & CULTURAL SHIFTS
BEHAVIORAL & HUMAN RIGHTS & ETHICAL SUPPLY CHAINS SHIFTS
GEOPOLITICAL RISKS DATA ETHICS & PRIVACY
CYBERSECURITY & DIGITAL INFRASTRUCTURE
Data ethics & privacy
Artificial
Changing work environments
Regulatory complexity & divergence
Behavioral & cultural shifts
Environmental & sustainability risks
Geopolitics takes center stage
Geopolitical risks top the list, with respondents pointing to global tensions, sanctions, and shifting trade routes. It’s clear that international instability is keeping compliance teams on their toes, especially when it comes to supply chains and staying on the right side of fast-changing rules.
Compliance gets a human touch
Compliance is no longer just about rules and regulations. There’s a growing focus on people: how they behave, how they work, and how teams are built. Think hybrid work, diverse skill sets, and a broader role that includes ESG and integrity. It’s compliance with a human face.
Complexity is the name of the game
One thing’s for sure: the compliance landscape isn’t getting any simpler. With different rules across regions and a steady stream of new regulations, many teams are feeling the pressure. Navigating overlapping standards and keeping up with ESG reporting is becoming a full-time job in itself.
9. Findings
From rulebook to risk radar
Findings
Compliance is undergoing a major transformation: from a traditionally rule-based, legal-focused function to a dynamic, risk-oriented discipline that incorporates technology, ethics, geopolitics, and human behavior. Organizations that proactively embrace this broader perspective, particularly in areas like AI, data governance, and geopolitical strategy, will be better equipped to navigate emerging risks.
This report provides a multitude of insights from recent interviews painting a picture of a compliance landscape growing in complexity. This is largely driven by new regulations (especially around ESG), rapid technological developments (notably AI), and shifting expectations from stakeholders. Key priorities for compliance leaders include building a strong compliance culture, adopting risk-based approaches, ensuring sufficient resources and organizational support, and making smart use of technology.
Our research shows that many organizations are making progress with compliance, though challenges remain in data management, tracking KPIs, allocating resources, and fully integrating compliance into daily operations and culture. Still, the insights gathered will hopefully offer a valuable benchmark and snapshot of where compliance stands today and where it’s headed next.
Participating companies
Asta Aleskute
Astrid Amelink
Anonymous
Irina Barmina
Marieke Bax
Lonneke de Beer
Bram Beliën
Wendy Belt Berenbak
Legal Director – Corporate and Global Compliance
Ethics & Compliance Director
Director Legal & Compliance
Ethics & Compliance Director EUANZ
Group Ethics & Compliance Officer
Corporate Director Legal and Ethics & Compliance/General Counsel
sized pharma company
Chief Legal &Compliance Officer & DPO Yusen Logistics Europe
Chief Compliance & Privacy Officer
Arthur Biesheuvel VP Legal & Compliance
Samantha Boel
Emma Keulen & Meghann van Boven
Bart Braat
Hugues Brunet
Director Ethics & Compliance
Senior Manager Compliance & Ethics (Emma), Compliance & Ethics Advisor (Meghann)
Manager Legal & HSE, General Counsel
Group Compliance Director
Adriaan Buyserd Sr. Principal Legal Specialist & Global Regions Center of Excellence
Marcel La Croix
Schiphol Group
Efteling
Director, Senior Compliance Officer & Teamlead Company Integrity
Elaine David General Counsel a.i.
Arjan Denekamp
Pascal Dijkens
Cherieke Doek
Querijn Evers
Guido Febus
Carl Messemaeckers van de Graaff
Machteld Groeneveld
Sabine de Haardt
Selma Hendriksen
Geerte Hesen
Miriam van Heyningen
Ilona Hüppler
Egge De Jong
Sanna Jordens
Wim Kokkedee
Remco Koster
Helene Millenaar
Cyriel Mintjens
Cassandra Moons
Ruud Van Outersterp
Tobias Oversteegen
Jorn Palm
Ronald Pasanea
Evelien Pol,
Henk-Anne Rijpma
Sjoerd Oosterhuis & Kristel Pluk Sanders
Directeur Integriteit en Risk & Compliance
Director Risk & Compliance Van Ameyde International
Director Global Compliance Program Management
Group Compliance Manager
Director Corporate Compliance & Ethics
Global Head of Ethics, Risk & Compliance
Chief Compliance Officer & Legal Affairs
Chief Ethics Officer
BAM Group
NXP Semiconductors
Head of Ethics & Compliance Mammoet
Chief Legal & Compliance Officer
Head of Legal Compliance
Ferrovial
Tata Steel Nederland
Head of Corporate Ethics & Compliance KIWA
Head of Compliance
Group Manager Integrity & Compliance
Ethics & Compliance Officer
Director Compliance
Risk & Compliance Director
Ethics & Compliance Officer
Royal Van Leeuwen
De Heus Animal Nutrition
NPM Capital
DAF Trucks / PACCAR
Trivium Packaging
One Dyas
Head of Compliance & DPO TomTom
Chief Ethics & Compliance Officer, General Counsel Pharming
General Counsel Renewi
General Counsel
General Counsel & Chief Compliance Officer LYNX
Global Compliance Director
Global Head of Risk & Compliance
Head of Legal (Sjoerd), Compliance Manager (Kristel)
Inter IKEA Group
Interfood Group
Claire de Schepper Head of Group Legal & Company Secretary
Diederik Slijkerman Chief Compliance Officer
Frank Van Sluis
General Counsel & Company Secretary
Marcel Stijnders Group Legal Counsel
Henriette Strating Head of Compliance & Integrity
Tekla Surguladze Senior Compliance Manager
Iskander Timman
Director Compliance Counsel (Global)
Matthijs Veenema Global Business Conduct Director
Nelise van Helden & Wendy van der Velden Deputy Co. Sec. & Comp. Officer (Nelise), Group Comp. & Integrity Advisor (Wendy) Eneco
Nicole Verheij
Björn Schep & Marjolein Wagemans
Willem-Jan Wieland
De Jong Bouw
Connect with us: www.voxius.nl/compliance Regien Haarbosch compliance@voxius.nl
This report was designed by © Abracadabra Creative Studio Nicolaas Gallois www.abracadabra-creative.com