Key highlights:

• • • Plans without funding are political theater, not strategy 鈥� Across the G20 and beyond, governments spend about $1 per vulnerable person per year, making the most comprehensive national action plans functionally undeliverable.

    • Corporate forced labor is a crime with no perpetrators 鈥� Despite an estimated tens of millions of victims in global supply chains, there has been only one forced labor investigation ever brought against a Fortune 500 company, exposing a near-total absence of criminal accountability in non-financial industries.

    • Real-time data accountability can work on a shoestring budgets 鈥� Uganda’s TipMap platform, built on a budget of just hundreds of thousands of dollars with NGO and US government support, demonstrates that transparent, publicly accessible prosecution tracking is achievable even for low-income countries 鈥� yet most wealthy nations have yet to replicate this model.

Every year, governments around the world publish sweeping national action plans to combat modern slavery, covering everything from vulnerable children, forced labor, and gender-based violence to prosecution targets and victim support. These action plans are, in many cases, genuinely comprehensive documents, and also in many cases, they are almost entirely unfunded.

That is the central finding of the (MSPI), a new tool developed by Duncan Jepson, Director of Strategy and Operations at . After decades working across supply chains, corporate law, and financial crime compliance in Asia, Jepson grew frustrated with a sector that was generating more conferences and consultants than criminal prosecutions. The MSPI takes a step back from that ground-level work and asks how governments are investing in this problem at a scale that matches their stated ambitions.

The answer, unsurprisingly, is that there is a big gap between plans and funding the execution of those plans. Across the G20 plus additional countries, total government spending on modern slavery prevention amounts to roughly $1.6 billion annually, Jepson notes. When measured against the estimated population of up to 2 billion people living in conditions of poverty and precarity that make them vulnerable to exploitation, the 鈥渋nvestment鈥� by governments works out to approximately $1 per person per year.

Grand plans & empty coffers

The MSPI evaluates governments across four dimensions, which include the context of exploitation within their borders, the comprehensiveness of their national action plan, the funding allocated to that plan, and the measurable outcomes produced. The gap between the second and third dimensions is the point at which the analysis reveals the most confounding gap.

Most national action plans, Jepson notes, look remarkably similar regardless of whether they come from wealthy nations or some of the poorest countries in the world. They include all the right elements; however, the problem is that the ambition of the plan rarely maps onto available resources. “If you see a similar kind of plan in a country which is not providing anywhere near the same investment, maybe only providing $10 million to $20 million,” then they’re clearly not going to be able to build the kind of institutional mechanisms and have them operational to achieve their stated ends, Jepson explains.

When measured against the estimated population of up to 2 billion people living in conditions of poverty, the 鈥渋nvestment鈥� by governments works out to approximately $1 per person per year.

This gap is partly a result of how these plans get written. Policy teams include every desirable outcome, every population group, and every intervention type because comprehensiveness signals seriousness. The result is what Jepson describes as a political product rather than a strategic one because it is detached from realities of resource constraints.

The three Ps framework 鈥� set out in the , which organizes anti-trafficking efforts around prevention, protection, and prosecution 鈥� has drifted from being a planning tool into being a target in itself. Governments check the boxes, publish the plan, and treat that as a win. The actual investment required to deliver outcomes becomes secondary.

Many perpetrators face no accountability

Perhaps the most sobering element of Jepson’s analysis concerns corporate accountability which, outside of healthcare and financial services, is extremely limited for criminal matters such as forced labor. Modern slavery in global supply chains, particularly forced labor in agriculture, manufacturing, fishing, and extractive industries, generates enormous profits. Prosecutions against the corporations involved are nearly nonexistent.

The , which Jepson brought to the U.S. Department of Homeland Security鈥檚 investigations unit a few years ago, remains a rare landmark. When he received a World Customs Organization award for the work, the citation described it as recognition for “the first investigation into a Fortune 500 company.鈥� Indeed, the fact that there is only one successful investigation in the entire history of Fortune 500 enforcement on forced labor is stunning in itself.

The structural reason for this, Jepson argues, is that non-financial industries operate without a criminal legal framework wrapped around their regulatory obligations. Banks are required to identify suspicious transactions, file reports, and de-risk clients connected to illicit activity, all under threat of serious legal regulatory consequence.

Modern slavery in global supply chains, particularly forced labor in agriculture, manufacturing, fishing, and extractive industries, generates enormous profits, while prosecutions against the corporations involved are nearly nonexistent.

Manufacturers, food producers, and commodity traders face no equivalent pressure. Their obligations tend to be framed in the language of sustainability and ethical sourcing, which are voluntary, subjective, and entirely company controlled.

When violations are discovered, the response is typically managed internally through grievance mechanisms, remediation programs, and consultant-led audits. Workers rarely have access to independent legal recourse and access to justice.

What good funding and enforcement should look like

Jepson is careful to point out that meaningful progress exists, even on limited budgets. , developed with support from the Human Trafficking Institute and US funding, provides a real-time, publicly accessible database of trafficking prosecutions and arrests. For a country investing only hundreds of thousands of dollars in this space, the platform demonstrates how transparency and institutional accountability can be achieved without enormous resources.

Italy and Germany both earn recognition for aligning their plans with their investment levels and for building on contextual knowledge. Yet neither country has solved corporate supply chain accountability, even though both demonstrate that coherent strategy tied to realistic resourcing produces better outcomes than aspirational planning without funding.

The US import ban mechanism, developed through U.S. Customs and Border Protection, remains the most significant enforcement tool in the world, although it鈥檚 still largely unique to one country.

The case for realistic investment

What Jepson would like to see instead is relatively straightforward. Governments need to develop a deeper, intentional recognition that their current spending levels are insufficient, he says, adding that investment in prevention also makes economic sense.

Every dollar not spent stopping exploitation upstream generates far greater costs in law enforcement response, victim and social services, and lost economic productivity downstream. Clearly, $1 per vulnerable person per year will not build the necessary infrastructure to protect anyone.

You can find out more about the challenges in combatting force labor in supply chains here

Key insights:

• • • The Panama Papers transformed beneficial ownership 鈥� The release of the Papers in 2016 changed the idea of beneficial ownership from a technical compliance footnote into a global policy imperative, and the pressure has not let up.

    • Regulatory responses have been significant but uneven 鈥� The EU has pushed forward aggressively, while US reforms under the Corporate Transparency Act have been substantially narrowed.

    • For compliance professionals, the enduring lesson is not about any single regulation 鈥� Rather, compliance professionals should have one goal: Maintaining the discipline of asking who, ultimately, is behind the transaction.

When 11.5 million documents from Mossack Fonseca were published on April 3, 2016, compliance teams across financial institutions around the world faced unprecedented pressure from senior leadership to prove they actually knew the true identities of their clients’ beneficial owners. A decade later, establishing that ultimate ownership remains both the most important and the most difficult task in anti-money laundering compliance.

A watershed moment, but not a starting point

It would be a mistake to credit the Panama Papers with inventing beneficial ownership as a compliance concern. The Financial Action Task Force (FATF), an intergovernmental organization created to promote anti-money laundering (AML) activities, had long emphasized the risks of anonymous shell companies. The United Kingdom was already developing its Persons with Significant Control register; and the United States鈥� Treasury Department鈥檚 Financial Crimes Enforcement Network (FinCEN) had a draft of customer due diligence guidance in circulation before a single Mossack Fonseca document was made public.

Yet, what the leak of the Panama Papers did was something more powerful than create law 鈥� it created political will.

The leak showed, with granular specificity, how shell companies, nominee directors, layered trusts, and intermediary accounts could be stacked together to place meaningful distance between regulators and the individuals who actually control the assets. These were not fringe techniques; rather, they were routine services offered at scale to clients in more than 200 jurisdictions. The “gatekeeper problem” 鈥� the tendency of lawyers, accountants, and formation agents to introduce clients without responsibility for verifying who those clients ultimately were 鈥� was no longer theoretical. It was documented, widespread, and systemic.

What the decade of response produced

The regulatory response to the Panama Papers was substantial, even if ultimately uneven in execution.

In the US, FinCEN’s 2016 CDD Final Rule standardized what many institutions were doing selectively: requiring identification and verification of beneficial owners of legal-entity customers using a 25% ownership threshold and a control prong. For the first time, this was an enforceable expectation across covered financial institutions 鈥� not a best practice, but a mandate.

The regulatory response to the Panama Papers was substantial, even if ultimately uneven in execution.

Globally, the momentum was stronger. The European Union moved through successive Anti-Money Laundering Directives, expanding registration requirements and tightening obligations for designated non-financial businesses and professions. Ultimately, the EU established the Anti-Money Laundering Authority (AMLA) in its 2024 package to deliver cross-border supervisory consistency. And the FATF’s revised Recommendation 24 in 2022 raised the bar further, shifting the mission from collecting beneficial ownership data to ensuring it is accurate, current, and verifiable, with timely access for competent authorities. Having a register is not the same as having reliable information, and regulators have spent a decade making that distinction explicit.

The 2020 FinCEN Files added a further dimension. Where the Panama leak exposed the formation agents who were enabling shell company abuse, the FinCEN Files implicated the banks themselves, showing that suspicious activity reports (SARs) were being filed on transactions that institutions continued to process. Together, these successive leaks sustained the political will that the Panama Papers first generated.

The data is only as good as what’s behind it

The Panama Papers exposed that beneficial ownership frameworks could be gamed in ways that left regulators technically satisfied but substantively blind. Nominee arrangements created paper trails that went nowhere, and outdated register entries gave the appearance of compliance while concealing real control.

The lesson that proved most durable is that transparency requires verification, accessibility, and enforcement working together. A register without verification is a filing cabinet, verified data without accessible reporting channels is compliance theater, and accessible data without enforcement consequences for misrepresentation is an honor system.

For compliance professionals today, this translates into a concrete operational expectation. Enhanced scrutiny for complex legal entity customers is not optional. Nominee arrangements, offshore links, unexplained control structures, and identifying a politically exposed person (PEP) are not risk factors to note and move past. They are the scenarios that point to where the framework is most likely to fail, and examiners know it.

Where the picture gets complicated

Today, further progress is real, but uneven. In the US, the Corporate Transparency Act of 2021 was the most ambitious attempt to extend beneficial ownership reporting to companies themselves, not just the financial institutions serving them.

Under FinCEN’s March 2025 interim final rule, that ambition has been significantly narrowed: US-formed entities and US persons are now exempt, with reporting obligations falling primarily on certain foreign entities registered to do business domestically. That outcome followed a prolonged and contentious legal battle, involving multiple conflicting injunctions, a Supreme Court intervention, and sustained pushback from small business and industry groups, which ultimately made a political resolution rather than a judicial one the path of least resistance for the U.S. Treasury Department.

听The core problem shone by the Panama Papers leak in 2016 remains unresolved. A decade of regulatory response has only narrowed it.

Real estate reporting faces its own legal turbulence, with the Residential Real Estate Rule vacated and on appeal; and investment adviser AML coverage has been pushed to 2028, a delay driven in part by industry objections and competing agency priorities. These are not minor footnotes; rather, they are meaningful gaps in a system that was supposed to be closing.

Enforcement outcomes globally have been equally inconsistent. Panama’s own courts in a major Panama Papers-related trial in 2024. And Germany charged , the firm’s co-founder, in 2026. Jurisdiction still matters enormously, which is precisely what offshore structures were designed to exploit.

The durable lesson

Of course, none of this means the decade of reform was without consequence. It simply means the work is not done.

The Panama Papers’ most important legacy is not any specific regulation; rather it鈥檚 a permanently elevated expectation around knowing your customer, not just by name, but by ultimate beneficial owner, control structure, the credibility of information on file, and the ongoing monitoring that keeps that picture current. The most effective AML programs treat beneficial ownership as a living element of the customer relationship, not a checkbox at onboarding.

Still, the core problem shone by the Panama Papers leak in 2016 remains unresolved. A decade of regulatory response has only narrowed it and made it significantly harder to exploit, but as compliance professionals know better than most, the absence of a finding is not the same as the absence of risk.

You can find out more about the challenges of fraud identification and prevention here

Key insights:

• • • Law firms and clients are both redesigning for AI 鈥� Both sides are rethinking how legal work gets done, including thoughts on operating models, talent, technology, and the role of automation in delivering services.

    • There鈥檚 a communication gap despite shared dependence 鈥� Even though each side鈥檚 AI choices directly affect the other, many law firms and legal departments are still planning separately, without enough transparency or coordination.

    • There are 5 critical shared questions they need to address together 鈥� Law firms and their clients need joint conversations about pricing, work allocation, trust, talent development, and wider industry standards to better shape a sustainable future together.

A law firm choosing its 2030 strategic business model without knowing how its clients are evolving is navigating blind 鈥� and vice versa.

And yet, across the legal profession, that is exactly what is happening. Law firms and corporate legal departments are each embarking on significant transformations 鈥� redesigning their operating models, reimagining their talent models, and making decisions about technology. What is striking is how often they are doing so in isolation from each other, retreating into their respective silos at precisely the moment when their futures are most deeply interconnected.

The pace of change raises the stakes. Ninety-one percent of corporate C-Suite leaders say the rise of AI will have a significant impact on their five-year business strategy. Further, AI adoption has nearly doubled across the legal sector over the past 12 months, and half of legal professionals say they expect agentic AI to be central to their workflow within two years.

Clearly, the decisions being made today about talent, technology, pricing, and relationships will lock in outcomes that are hard to reverse.

The AI view from corporate law departments

On the in-house corporate side, General Counsel are contending with broadening mandates, increasing demand and complexity, and a pace of business that shows no signs of slowing. Not surprisingly, AI is increasingly the strategic response: , up from 25% who said that last year. And for most that means AI-enabled capability to do more, faster, and at greater scale.

成人VR视频 Institute鈥檚 GCO 2030 research maps out what the transformed legal department could look like 鈥� from tech-forward functions that scale routine work through automation, to seamlessly integrated teams that blend internal and external expertise, to legal departments that actively supercharge peer functions like HR and Finance.

The common thread through all of this is a shift toward strategic selectivity: Doing more with sharper focus and engaging outside counsel differently as a result.

The AI view from law firms

Among law firm leaders, AI is unavoidable 鈥� in every leadership conversation that 成人VR视频 Institute researchers held with managing partners in recent months, the issue of AI came up. For many, it is seen as a lever for growth, although law firms vary considerably in how far they have moved from consideration to execution.

In fact, our recent research points to four possible models emerging on the horizon that have AI-native disruptors built around agentic automation, elite advisory boutiques in which senior judgment is the product, integrated powerhouses that combine top-tier brand with AI-enabled delivery at scale, and those that hold back from AI adoption (although the research suggests this is a delay, not a strategy). What unites the more progressive scenarios is that strategy requires genuine commitment: A firm simply cannot pursue all models at once, and the choices made about talent, pricing, and client relationships will compound over time.

You can access the full feature article,听The 2030 legal department: 5 ways AI will transform how in-house teams work听here

The problem, of course, is that both sides are designing futures that will inevitably shape the other 鈥� yet two-thirds of GCs say they do not know how their outside firms are approaching AI, and law firms report genuine uncertainty about what their clients want. This shows a clear communication gap at the heart of the legal ecosystem, and it is opening at precisely the moment that demands coordination.

The futures being designed in those silos are not mutually exclusive. When a corporate legal department shifts its model 鈥� whether automating routine work, restructuring how it engages external counsel, or reorienting toward strategic advisory 鈥� it changes the demand profile that law firms face. When a firm repositions itself around premium complexity or agentic delivery, that changes what clients can rely on externally, and therefore what they must build internally. Each side鈥檚 choices narrow or expand the options available to the other.

Addressing 5 critical questions together

Against that backdrop, there are several questions the legal profession cannot answer from within a single organization 鈥� questions that require genuine conversation between firms and the clients they serve.

The first is the question of value and pricing 鈥� In an AI-enabled legal market, how is value defined and paid for, and can the answers be fair to both sides while still encouraging innovation? If AI dramatically accelerates the delivery of advice, does efficiency become the new floor or the new ceiling? Are clients paying for outcomes, risk reduction, speed 鈥� or some combination of all three? And which side absorbs the productivity dividend?

The second question concerns where the work lives 鈥� As both law firms and legal departments expand their AI capabilities, the traditional allocation of work between in-house and external counsel will shift. Determining what genuinely belongs in each place and why 鈥� based on, for example, risk, complexity, relationships, and strategic importance 鈥� is a conversation that requires honesty from both sides.

Third is the question of trust and transparency 鈥� How can firms and their clients build shared frameworks for disclosure, governance, and accountability around AI use in a way that strengthens relationships rather than undermines them? Without these frameworks, AI integration risks eroding the relationship foundations upon which legal advice depends.

Fourth, the talent pipeline question 鈥� As the type of routine work that historically served as the apprenticeship model for past generations of lawyers rapidly disappears, both firms and legal departments face a shared responsibility for how legal talent is trained and developed.

Fifth, and perhaps most structurally significant, is which challenges are ecosystem-wide? 鈥� Data standards, interoperability, shared risk frameworks, and ethics and assurance are not problems any single organization can resolve alone but rather, are ones that require coordinated action across firms, legal departments, technology providers, and academia.

Indeed, none of these questions can be resolved in isolation, and avoiding them does not preserve the status quo, it simply locks in poor defaults. Leadership in this moment doesn鈥檛 mean having all the answers, but it does mean being willing to ask the questions out loud, with the people who need to be in the room.

The firms and legal departments that come to these questions together, rather than arriving at the table with entrenched positions already locked in, will be better positioned to build a future that is resilient, transparent, and sustainable.

To start, pick one of the five questions above and put it on the agenda for your next client or firm meeting. Not as a negotiation, but as an open conversation worth having.

That is how the communication gap between law firms and corporate legal departments gets closed 鈥� one honest conversation at a time.

Start your legal department鈥檚 future planning using our reimagine guide from the Value Alignment Toolkit

Key takeaways:

• • • The 2027 end date is not a runway 鈥� The One Big Beautiful Bill sets a statutory de minimis end date of July 1, 2027, but its own legislative history explicitly preserves the president鈥檚 authority to restrict it before that date. Sellers banking on a two-year transition period are reading the headline, not the fine print.

    • The Supreme Court win didn鈥檛 save the refunds 鈥� The Supreme Court鈥檚 IEEPA decision was real, but the administration switched legal authority to Section 1321 and kept the suspension running. Combined with congressional cover from the One Big Beautiful Bill, the path to recovering tariffs already paid is genuinely uncertain 鈥� not just delayed.

    • The refund clock just reset 鈥� The lead test case for processing refunds through CBP鈥檚 KAPE system, Atmos, just settled, forcing the process to restart with a new test case. Sellers waiting on refunds are further back in the queue than they realize.

Most e-commerce merchants couldn鈥檛 have told you what de minimis meant two years ago 鈥� mostly because they didn鈥檛 need to. It was the invisible infrastructure of cross-border trade, the threshold below which imported goods pass through customs without duties or taxes. And in the United States, that threshold sat at $800. For small online sellers sourcing internationally, it wasn鈥檛 a technicality 鈥� it was their business model. Now, that model is over.

De minimis was deliberate trade policy built on simple logic: the cost of collecting duties on a $25 phone case exceeds the revenue it generates. Let low-value goods flow freely, the thinking went, and e-commerce would grow 鈥� and it did.

The Trump administration鈥檚 first moves targeted Canada, Mexico, and China on fentanyl-related grounds. Then came Executive Order 14324, suspending duty-free de minimis for all countries effective August 29, 2025. Sellers who had never filed a customs entry suddenly had to file informal entries for goods valued up to $2,500 鈥� and pay tariffs on every single one. Last count, that has meant $175 billion in tariffs paid annually, with small shipments accounting for roughly 63% of that.

The legal basis for Trump鈥檚 tariffs 鈥� the International Emergency Economic Powers Act (IEEPA) 鈥� went to the Supreme Court, which constrained presidential authority to pass these tariffs. Many sellers took that as a signal that tariff refunds were coming 鈥� they shouldn鈥檛 have.

Then came the legislative layer that changed everything. The One Big Beautiful Bill Act (OBBBA) 鈥� H.R. 1, now law 鈥� codifies the end of de minimis under Title 19 with a statutory end date of July 1, 2027. Buried in the legislative history, however, is language explicitly stating that nothing in the bill limits the president鈥檚 existing authority to restrict de minimis before that date. The current suspension has congressional cover, meaning that any court challenge faces a much tighter call than it would have had a year ago.

What most sellers are getting wrong

What鈥檚 making matters worse, however, is that many small e-commerce merchants may not fully understand all the nuances of the laws and regulations they are trying to navigate. Indeed, there are certain aspects of the situation that many are getting wrong, including:

The 2027 date is a headline, not a lifeline 鈥� When the ne Big Beautiful Bill passed with a July 1, 2027, , many sellers assumed they had a transition period 鈥� time to adjust pricing, renegotiate supplier terms, and build a compliance infrastructure. Buried in House Report 119-106, however, is language explicitly stating that nothing in the bill limits the president鈥檚 existing authority to restrict de minimis before that date. Congress didn鈥檛 create breathing room; rather, it codified the end while leaving the accelerator fully intact. The 2027 date is when de minimis ends by law. Indeed, it could end sooner 鈥� and effectively already has.

The Supreme Court decision didn鈥檛 unlock refunds 鈥� The Court鈥檚 IEEPA ruling was significant, but the administration鈥檚 response was swift: reimposed the suspension of tariffs under Section 1321 authority as of February 24. The tariff meter never stopped; and now, with the OBBBA鈥檚 legislative history providing congressional cover, the 鈥� which specifically addresses whether sellers are entitled to refunds in the de minimis context 鈥� faces a much harder statutory construction argument than it would have a year ago. This may mean that the Supreme Court win was a legal victory that may not translate into money back.

The refund process just lost its test case 鈥� For sellers hoping to recover duties paid, the most practical path was through the KAPE system run by the U.S. Customs and Border Protection (CBP) 鈥� a workaround allowing refund claims to feed directly into an听听for verification. The lead case proving out that process, , just settled. Now, the trade legal community has to start over with a new test case, and nobody knows how long that is going to take. Sellers who filed protests rather than complaints at the Court of International Trade (CIT) are in a particularly difficult position 鈥� protests have time limits, and the CBP is under court order to re-liquidate open ones. Which legal bucket your entries fall into matters enormously right now.

The bottom line

The de minimis era enabled a generation of small merchants to compete globally on terms that would have been unimaginable 20 years ago. Its sunset doesn鈥檛 mean the end of cross-border e-commerce 鈥� but it does mean the end of operating on assumptions. The 2027 date, the Supreme Court decision, the refund process 鈥� each looked like relief and turned out to be more complicated than the headline suggested.

E-commerce merchants impacted by these de minimis developments need to talk to a trade attorney 鈥� not for the basics, but to understand where your claims stand, whether your protest strategy is still viable, and what the Atmus settlement means for you.

The storm isn鈥檛 over 鈥� and it may be more complicated than most sellers have been told.

For more on this, please tune into the 成人VR视频 Institute鈥檚 recent 鈥淐larity鈥� podcast, featuring , about the challenges facing small e-commerce merchants today

Key insights:

• • • AI is supercharging old fraud schemes听鈥� By making synthetic identities, deepfake scams, and customer fraud faster, more credible, and harder to detect, AI is amplifying fraud and crime.

    • The real vulnerability may be internal silos听鈥� Institutions need to be on the lookout, because what looks like a credit loss, an HR issue, or a payment request may actually be part of a wider multi-vector AI-enabled attack.

    • Institutions already have the tools to respond听鈥� Through KYC and internal and behavioral data, financial institutions have the ability to respond to fraud threats 鈥� but only if teams connect and act together.

Fraud and crime existed long before AI, of course, but today鈥檚 technology delivers an acceleration in speed, scale, and success rate for fraudsters, resulting in billions of dollars in losses for victims. AI-enabled frauds on financial institutions by 2027 in the United States alone, and of detected fraud attempts on financial institutions use AI 鈥� and of these, 29% are successful.

To respond effectively to these threats, institutions need to implement a unified response that brings together departments that may not traditionally be partners. This cross-functional coordination should include not only the institution鈥檚 fraud and financial crime risk teams but also its credit risk, cybersecurity, and human resources functions.

And this response is critical, because today, financial institutions are being targeted by multiple types of AI-enabled attacks, including tactics such as:

• • • use of synthetic identities to circumvent know your customer/customer due diligence (KYC/CDD) controls and perpetrate fraud or launder money;
    • use of deepfake identities to gain employment, particularly by North Korean IT workers;
    • AI-enhanced 鈥淐EO frauds鈥� to deceive staff into taking unauthorized actions; and
    • Bank customers may be targeted by fraud too, presenting further risk to financial institutions.

Let鈥檚 look at these threat vectors individually:

Vector 1: Synthetic identities and KYC/CDD

Synthetic identities can be entirely fabricated or may use combinations of real and fabricated personal information to create a new identity. For example, a fraudster may construct a synthetic identity using a Social Security number exposed during a data breach combined with an AI-generated passport.

This threat is real and happening now: identifies that criminals have already used AI to successfully open accounts using falsified documents, photographs, and videos. And according to , synthetic identities were used to open as many as 3% of US bank accounts, representing millions of identities. Not surprisingly, these illicit accounts are used to commit fraud and launder the proceeds of money laundering.

Vector 2: North Korean IT workers

North Korean individuals have successfully gained employment as remote IT workers at American companies, often passing themselves off as US nationals using AI-generated face-swapping technology combined with proxy computers and false identity documents. North Korean IT workers are almost $800 million annually for the regime.

Institutions deceived into employing these workers are not only against North Korea, but they are also exposing commercially sensitive data and systems to an adversary state, increasing the possibility of theft, cyber-attacks, and extortion.

Vector 3: CEO Fraud

A 鈥淐EO fraud鈥� is a cybercrime in which an attacker impersonates an executive to deceive an employee into taking actions such as sending unauthorized wire transfers or disclosing sensitive information. AI accelerates these frauds by making them more personalized and credible.

In one of the more well-known examples, in an AI-enhanced CEO fraud in 2024 after the fraudster impersonated Arup Engineering鈥檚 CFO and requested a staff member to make several financial transfers. The criminals added credibility to the fraud by using a in which the target recognized many of their colleagues 鈥� unfortunately, all of them were deepfakes.

Vector 4: Frauds targeting customers

Where customers are targets, AI provides the scale, speed, and personalization to allow illicit actors to deliver individualized fraud. For example, whereas romance scams previously used repetitive scripts and re-used the same images of the romantic 鈥減artner,鈥� fraudsters can now use AI-generated messages, images, or videos, continuously adapting the execution of the scam to the target鈥檚 responses and behaviors.

Creating a cross-functional and unified response

The examples above demonstrate the diverse and highly sophisticated uses of AI by illicit actors, both adversary states and criminal networks. Detecting and responding to these illicit activities requires joint action between teams that may not traditionally work closely together.

For example, if an account holder fails to repay a loan, the credit team may consider it to be a default by a legitimate customer and write it off as a credit loss. However, if the account was opened using a synthetic identity, investigation may reveal other accounts that share similar customer data points or transactional patterns. This could reveal a network of accounts that are perpetrating a fraud or money-laundering scheme. To detect and respond effectively, joint action is needed between KYC/CDD on-boarding teams, financial crime investigators, and fraud and credit risk professionals.

Alternatively, for HR teams to effectively identify use of face-swapping videos during a hiring process, knowledge from the organization鈥檚 cybersecurity team, especially of deepfake indicators, would be valuable. If a North Korea IT worker is hired and only later identified, cybersecurity and sanctions teams must be involved in the response to mitigate data, network, and compliance exposures.

Detecting and responding to all illicit activities requires joint action between teams that may not traditionally work closely together.

Finally, all staff may be targeted by deepfake fraud, but those in senior positions or departments with financial authority are the most vulnerable. This means it is essential for institutions to deliver employee training using real-life case studies, 鈥渘ear misses,鈥� and scenarios drawn from across the institution and industry. This type of training will increase vigilance and minimize the likelihood of a successful attack.

For customers, financial institutions are well-positioned to identify indicators of fraud due to their extensive datasets of KYC/CDD records, transactional, and behavioral information. Institutions should enhance their customer relationships (as well as meet applicable regulatory requirements) by taking proactive measures to inform and protect their customers.

While AI has accelerated fraud and crime, financial institutions also hold valuable and relevant assets: the knowledge distributed across their cybersecurity, HR, credit risk, financial crime compliance, fraud, and KYC/CDD teams. By connecting these teams together, even in contexts in which these departments have not traditionally been partners, institutions will be well-positioned to protect both themselves and their customers from illicit actors鈥� sophisticated AI-enabled threats.

You can learn more about the fraud-fighting challenges faced by financial institutions and other organizations here

Key takeaways:

• • • Mandatory compliance mandates are growing 鈥� Pillar 2, DAC6, and other real-time reporting mandates are increasing obligations in dozens of jurisdictions today, and those tax departments without the infrastructure to meet these obligations are already behind.

    • Real-time documentation is critical 鈥� The window between a transaction occurring and a tax authority scrutinizing it is shrinking to near zero in some markets, meaning that documentation must exist at the moment it is generated, not reconstructed afterward.

    • Data quality is compliance quality 鈥� Real-time compliance brings with it heightened pressure to avoid incomplete or inconsistent inputs, because increasingly sophisticated analytics used by tax authorities will find them.

In 2023, a major European manufacturer was hit with a seven-figure penalty not because its tax return was wrong, but because it couldn’t demonstrate how it arrived at the right answer. No documented governance framework, no clear ownership, and no audit trail. The numbers were defensible, but the process wasn’t.

That gap 鈥� between getting the right answer and being able to prove it 鈥� is where corporate tax risk now lives.

Governments and tax authorities worldwide are to self-report accurately. They are building legal frameworks, digital infrastructure, and enforcement mechanisms to verify compliance in real time. And for tax departments accustomed to managing compliance on their own terms, the window for a comfortable transition is closing fast.

A global tightening

Tax governance requirements are intensifying on multiple fronts. In the United States, for example, the IRS’s Large Business & International division has significantly expanded its compliance campaigns, targeting transfer pricing, research & development (R&D) credits, and multinational structures. Section 174 of the 2017 Tax Cuts and Jobs Act now requires companies to amortize R&D expenditures over five or 15 years depending on where research occurs 鈥� a change that many tax departments are still working through while absorbing new obligations on top of it.

Internationally, the pace is faster still. The framework that the Organisation for Economic Co-operation and Development (OECD) created for its base erosion and profit shifting (BEPS) rules has been adopted by more than 135 countries. Pillar 2 鈥� the global 15% minimum corporate tax rate 鈥� is already in effect in dozens of jurisdictions and is actively reshaping how multinationals structure their tax affairs. These are not coming changes 鈥� they are current ones.

Mandatory disclosure regimes have expanded in parallel. The European Union’s DAC6 directive requires intermediaries and taxpayers to report potentially aggressive cross-border arrangements, with penalties in some member states reaching hundreds of thousands of euros. The United Kingdom’s Senior Accounting Officer regime goes even further, placing personal legal accountability on named senior executives for the adequacy of their company’s tax accounting arrangements. Similar regimes are expanding in Australia, Canada, and Brazil.

These are not isolated experiments. They represent that is not going to reverse any time soon.

The real-time reporting challenge

That means, corporate tax departments must respond to this shift because the traditional audit model 鈥� authorities review historical returns and request documentation years later 鈥� is being replaced in a growing number of markets. Spain, Hungary, and South Korea already require taxpayers to submit transactional data directly to tax authorities through mandatory electronic systems. The EU’s Value added tax (VAT) in the Digital Age initiative will extend similar requirements across all 27 member states beginning in 2028.

For tax departments, this reporting compression is the central operational challenge of the next five years. A team that once had 12 to 18 months to reconstruct documentation for an audit now needs that documentation to be accurate and defensible at the moment it is generated. That requires a fundamentally different operating model 鈥� not just better record-keeping, but automated data capture and real-time reconciliation built into core financial systems 鈥� along with the ability to transfer that documentation electronically in real time.

3 actions tax departments must take now

To begin to address this dramatic change, corporate tax departments need to act now, taking steps that include:

1. Building a formal governance framework

Tax departments need written governance frameworks that clearly define what party owns each compliance decision, how decisions are reviewed and approved, and what controls exist to catch errors before filing. This means named ownership of obligations, documented sign-off processes, and regular internal reviews against a compliance calendar.

In the UK, this is already a legal requirement ; and similar standards are emerging in Germany, Australia, and across the EU. A framework should cover at minimum; the ownership of each material filing obligation; the review and approval chain for positions taken; escalation procedures for uncertain tax positions; and a schedule for internal control testing. Without these processes in place, tax departments could face regulatory penalties, personal liability for senior leaders, and reputational damage that may be difficult to recover from.

2. Fixing the data access problem

Tax departments consistently lack reliable, timely access to the financial data they need. This is primarily an organizational problem, not a technology one. Tax functions often sit downstream from finance systems designed without tax requirements in mind 鈥� meaning data often arrives aggregated, reclassified, or stripped of the granularity needed for compliance work.

Solving this requires tax leaders such as finance, IT, and business operations 鈥� not just to request data, but to influence how that data is captured at its source. That means participating in enterprise resource planning implementations, establishing data requirements for new business lines before they launch, and building direct feeds from source systems rather than relying on manual extracts.

3. Treating data hygiene as a compliance control

Tax authorities in the UK, the Netherlands, Germany, and the US are deploying advanced analytics to identify anomalies in corporate filings. Unexplained variances between statutory accounts and tax returns, inconsistencies in intercompany pricing, or mismatches between VAT and corporate income tax data could all trigger closer scrutiny.

Data hygiene must be treated as a compliance control, not an IT issue. In practice that means establishing reconciliation checkpoints between source data and tax inputs, maintaining documented data lineage so any figure in a return can be traced to its source, and conducting data quality reviews before filing deadlines 鈥� not after.

The bottom line

The regulatory trajectory is set, so that means the question for tax leaders whether their department will be ready when tested. Governance, data access, and data quality are no longer back-office concerns 鈥� they are the foundation upon which defensible compliance is now built.

Tax department leaders need to build that foundation now, before the examiner asks.

You can find out more about

Key highlights:

• • • AI governance is hard to prove in practice 鈥� While our research shows that 44% of companies publish an AI strategy, 76% of those same companies show no evidence of having policies to evaluate the quality of data used to train AI systems.

    • Workers are being left under-prepared and under-protected 鈥� Only 14% of companies have policies to mitigate the negative impacts of AI on workers, and only 31% offer any reskilling or training programs around adapting to an AI-integrated workplace.

    • Human rights and ethics appear an afterthought in AI governance 鈥� Almost three-quarters (72%) of companies conduct no AI impact assessments, and less than 1 in 10 companies conduct ethical or human rights assessments.

There is a widening chasm at the heart of corporate AI governance, according to a new report, , published by the 成人VR视频 Foundation and the United Nations Educational, Scientific and Cultural Organization (UNESCO).

The Foundation鈥檚 analyzed publicly available information from nearly 3,000 companies across 11 industry sectors, creating the most comprehensive picture yet of how organizations are managing AI.

Beneath the surface of corporate AI governance mechanisms, divergence between the speed of AI adoption and meaningful human oversight is growing. The report’s findings make clear that this is no longer a gap that organizations can afford to ignore, especially when backlash against is growing and are solidifying among consumers in the United States.

Data highlights the illusion of AI governance

Businesses of different sizes and across multiple sectors are adopting AI technology at a rapid pace. When governance exists only in the wording of a strategy or company vision, however, the people most affected by AI systems 鈥� workers, consumers, and communities 鈥� are left vulnerable. According to the report:

• • • 44% of companies publicly communicate having an AI strategy. However, a gap in AI governance is evident as more than three-quarters of those companies (76%) do not seem to have policies to evaluate the quality of data used to train AI systems.
    • 40% of companies report board- or committee-level oversight of AI. At the same time, strategic signals do not necessarily indicate operational capacity or day-to-day governance. In fact, less than one-third of all sampled companies claim to have an additional team or resource dedicated to AI governance. Moreover, limited information is publicly disclosed on the teams, processes, and accountability mechanisms that translate intent into action.

Workers are being left behind

Research by the International Monetary Fund finds almost , highlighting the acute nature of concerns about job displacement and declining opportunities for some groups. Without sufficient oversight, AI can threaten workers’ rights, amplify bias, and increase surveillance and work intensity, which can enable inhumane decision-making at scale.

The TR Foundation/UNESCO report notes that many companies are adopting AI without the safeguards needed to support workers and help them to adapt to the changes this technology brings. Less than one-third of companies were shown to offer training and reskilling programs for employees who may be adapting to an AI-integrated workplace. Even within the 31% of organizations in which these training programs exist, there is a vast variation in the scope and depth of the training offered.

In fact, many company training programs are not enterprise-wide or structured. Instead, they are ad-hoc or limited to leadership roles. This lack of investment in talent risks undermining the significant investment that companies are making in AI.

Despite growing pressure from regulators, policymakers and social justice campaigners, the ethical impact of AI appears poorly governed, with companies sharing limited information publicly.

The picture on worker protections is equally concerning. Only 14% of companies have public policies in place to mitigate the negative impacts of AI systems on workers, the report shows. This means the majority of companies either have no policies in place or do not publicly communicate them.

What is more troubling is that when workers experience harm, there is almost nowhere for them to turn. Only 2% of companies indicated they had a complaints mechanism 鈥� a critical early warning system for potential concerns. The findings suggest many organizations lack a mechanism for AI-related internal complaints beyond the broad generic complaint channel, and this is compounded by low awareness of the areas in which AI systems may infringe employees’ rights and protections.

Ethics and human dignity as an afterthought

Despite growing pressure from regulators, policymakers and social justice campaigners, the ethical impact of AI appears poorly governed, with companies sharing limited information publicly.

Human rights and ethical use of AI are treated as secondary considerations to compliance, according to our research. The majority of companies (72%) do not conduct any impact assessment with regard to AI. Only 7% publicly communicate conducting a fundamental or human rights impact assessment, and just 5% report conducting an ethical impact assessment.

Among those companies conducting some form of impact assessment, the focus skews sharply toward compliance rather than people. The most prevalent assessments are privacy or compliance-focused, with 18% of those companies that conduct some form of impact assessment reporting that they conducted a data protection impact assessment, and 14% reporting they conducted a privacy impact assessment.

How to center people in AI governance

Closing this governance gap is essential for companies in order to adopt AI responsibly and avoid costly legal, ethical operational, talent-related risks.

To support companies in navigating this challenge, offers a free survey to help companies map the areas in which AI is used across products, operations and services, and then benchmark those against peers their sector.

The report also contains case studies from companies that voluntarily shared their responsible practices with us. For example, German software company SAP intentionally designs and deploys its internal AI systems with a human-in-the-loop in which AI automates repetitive tasks and supports decision-making while final judgment and complex problem-solving remain firmly in the hands of employees.

As AI becomes part of core business infrastructure, companies must move beyond statements of intent and toward measurable AI governance.

In another example, BASF, a German chemical conglomerate, has jointly agreed with its workers’ councils on a general reskilling program that covers technical, hard, and soft skills. Finally, Canadian telecom company TELUS’ Indigenous Advisory Council provides guidance on AI ethics issues that directly affect indigenous communities.

Next steps for companies

The TR Foundation/UNESCO report highlights the most impactful concrete commitments that companies can take now to future proof against AI-related risk, including:

• • • investing in structured, enterprise-wide worker-reskilling programs that measure outcomes, not just participation;
    • establishing enforceable human rights impact assessments as a standard part of AI deployment, not as an optional addition; and
    • creating accessible, AI-specific internal grievance mechanisms so that workers and users have a genuine pathway to raise concerns and seek remedy.

As AI becomes part of core business infrastructure, companies must move beyond statements of intent and toward measurable AI governance. While this data demonstrates clear governance gaps, it also presents an opportunity for companies to take the lead on implementing responsible AI that operates openly in the public interest.

You can learn more about

Key insights:

• • • Define your risk appetite 鈥� A clearly defined fraud risk appetite aligns prevention efforts with strategic objectives and ensures accountability by establishing acceptable levels of fraud risk across the organization.

    • Create a fraud-specialized team 鈥� Dedicated ownership of the vendors that supply fraud solutions by a fraud-specialized team 鈥� rather than by the procurement function 鈥� is critical to maximizing technology performance and adapting to emerging threats.

    • Establish a specialized prevention division 鈥� The rise of sophisticated scams demands the creation of a separate, specialized prevention division to avoid overburdening core fraud teams and ensure targeted, effective responses.

Corporate fraud represents one of the most significant risks facing organizations today. Yet many companies lack the structured governance and technology infrastructure needed to combat fraud effectively.

The solution requires that comprehensive fraud prevention frameworks be built on clear governance, proper technology deployment, and data-driven insights, according to Aaron Frye, Founder & CEO of Lucid Point Consulting. Organizations that implement these five pillars create resilient fraud prevention functions capable of identifying and preventing fraud before it impacts results. These five pillars include:

1. Develop a fraud risk appetite

Effective fraud prevention begins with a well-defined fraud risk appetite that tells the right story to the right stakeholders. Your framework must communicate to your board, executive leadership, and operational teams the level of fraud losses your organization should tolerate, and in which areas you should prioritize fraud prevention investments.

The fraud risk appetite framework must address several key considerations; for example, it should define the level of fraud risk that aligns with the organization’s growth objectives, identify the areas of greatest vulnerability, and evaluate which investments will yield the strongest return. Equally important is the ongoing monitoring and communication of progress through regular reporting on fraud risk metrics, vendor assessments, and investigation outcomes. These actions demonstrate to stakeholders that fraud prevention remains an active priority for the organization and ensures that fraud risk continues to inform organizational decision-making.

2. Establish clear ownership of risk-solution vendors

Many organizations invest significantly in fraud detection tools only to see disappointing returns. The problem often lies not in the tools themselves, but in unclear ownership and accountability for their performance.

Organizations that implement these five pillars create resilient fraud prevention functions capable of identifying and preventing fraud before it impacts results.

If your organization lacks a designated person or team within your fraud strategy function whose job it is to ensure the risk-solution tools you鈥檙e getting from vendors are the best for your enterprise, you likely aren’t getting the most out of your vendors. This dedicated fraud service ownership role must act as your internal champion, evaluating vendor performance, staying current with product enhancements, and ensuring integration with other fraud prevention initiatives.

Critically, procurement, sourcing, and vendor management functions should never own this role. These teams, by the nature of their titles and responsibilities, don’t prioritize fraud. They lack the specialized knowledge required to assess whether your fraud detection technology is performing optimally or adapting to emerging threat landscapes. Without dedicated fraud expertise overseeing your technological investments, advanced tools sit underutilized and critical fraud signals go undetected.

3. Develop a fraud governance function

Every organization should have a dedicated fraud risk governance team within its fraud risk management organization. This governance function serves as your second line of defense, working proactively to reduce operational chaos within your fraud strategy, operations, and investigation groups.

If a non-fraud governance function owns fraud governance, you are guaranteed not to be getting the best form of governance. Fraud is a specialized discipline requiring dedicated expertise and focus; and your governance team must develop policies, establish standards, monitor control effectiveness, and ensure consistent application of fraud prevention practices across the enterprise.

4. Document existing risks and resource gaps

One of the most important responsibilities of your fraud governance function is identifying and documenting the areas related to fraud risk that your current fraud risk teams don’t have time to review. Due to capacity constraints, it is impossible for many fraud risk teams to cover all open gaps. Your organization must understand those open gaps and not be ashamed to address them.

Create an action plan that documents open risk and self-identified issues that your current team cannot adequately address. This transparency demonstrates clear-eyed realism about your organization鈥檚 limitations and creates the business case for requesting additional resources or engaging external consultants to help close these risk gaps.

5. Address the growing scam-prevention challenge

needs its own prevention strategy division within your fraud risk function. Compromised business email, investment scams, and vendor fraud schemes represent an entirely new category of fraud risk that demands specialized attention.

Every organization should have a dedicated fraud risk governance team that serves as its second line of defense, working proactively to reduce operational chaos within corporate strategy, operations, and investigation groups.

There has never been a full manageable grip on fraud prior to the spike in scams. Therefore, you cannot expect your existing fraud risk teams to tackle a new wave of scams as a priority as well as to manage traditional fraud prevention responsibilities. Your core fraud function manages internal control systems, transaction monitoring, and investigation protocols. Adding comprehensive scam prevention to this workload without dedicated resources guarantees that identifying and preventing scams will receive insufficient attention.

Establish a dedicated scam-prevention division focused specifically on emerging scam threats, employee education, scam-specific prevention technology, and response protocols. This specialized approach ensures sophisticated scam schemes receive the expertise and resources necessary while your core fraud function continues addressing traditional fraud prevention requirements.

Going forward into the fight against fraud

In an era of escalating fraud threats, reactive detection is no longer sufficient. Organizations must adopt a proactive stance grounded in strong governance, clear accountability, and strategic resource allocation.

By defining a fraud risk appetite, assigning ownership of fraud prevention tools, strengthening governance, documenting unaddressed risks, and establishing a dedicated scam prevention function, companies can build resilient, forward-looking fraud prevention frameworks. These five pillars enable organizations to anticipate threats, allocate resources effectively, and protect both financial performance and reputational integrity.

Today, the path to fraud resilience begins not with technology alone, but with deliberate, enterprise-wide commitment to proactive risk management.

You can find out more about ways to

Key highlights:

• • • Curriculum听redesign must start now 鈥� One law school鈥檚 approach illustrates the necessity of mapping the entire curriculum to identify which skills to preserve, evolve, or build from scratch.

    • Training faculty in AI use is critical 鈥� Faculty AI training should be a multi-layered approach including hands-on training with specialized legal AI tools, guidance on redesigning curricula, and more.

    • AI simulations may be the key 鈥� Law school leaders need to act now by experimenting with small pilot projects and building simulation-based learning tools to replace the developmental depth that once came naturally in the first years of practice.

The debate about AI consuming most of the work that teaches essential lawyering skills to junior attorneys is forcing a reckoning with the long-held assumption that law schools were never designed to produce practice-ready lawyers and that it was always the profession’s job.

Indeed, AI is forcing that uncomfortable truth into the open faster than anyone anticipated because essential lawyering work 鈥� the document review, contract markup, research memo creation 鈥� dictated how a junior lawyer learned to spot the issue buried on page 47, to sense when a clause was off, and to develop the instinct that no classroom can fully replicate. Now, as more law firms deploy AI to handle precisely those entry-level tasks, the organic training moments that used to define the first two to three years of legal practice are evaporating.

, Executive Dean, Faculty of Law at Bond University, and Co-Chair of the Council of Australian Law Deans, says he sees where this is leading. The ultimate results will be firms hiring fewer junior lawyers today because AI has taken over that entry-level work, James explains, adding that means there will simply be no pipeline of mid-level, experienced lawyers to draw from in three to five years. Indeed, this is a slow-moving crisis, already in motion, and yet to fully arrive.

This crisis lands at the center of what the AI and Future of Legal Practice (AIFLP) initiative exists to address because at the core of this crisis is what does being job-ready really means when the job itself is being redefined. Answering this question requires law schools, law firms, licensing bodies, and technologists to do something they have historically struggled to do 鈥� that is to think and act collaboratively.

Rethinking the curriculum before AI does it for you

leads IE Law School鈥檚 AI initiative and is steering the school鈥檚 efforts to embed AI across the curriculum. To do so effectively, her approach requires going back to a broader set of foundational questions in legal education such as: For what is legal education meant to prepare students? How do students learn to develop legal judgment? What makes legal advice genuinely valuable? And what skills are essential to deliver that value in an AI-enabled profession?

鈥淟ayering AI tools on top of an unchanged curriculum serves no one,鈥� Perez-Llorca explains, adding that without answers to the fundamental questions, 鈥測ou are just adding technology to a structure that was never designed to handle it.鈥�

Check out how one law school professor is building AI simulation tools

IE law school is currently mapping its entire curriculum to determine which skills need to be preserved, which need to evolve, and which need to be built from scratch, while also using the AI-boosted curriculum to train faculty. Perez-Llorca describes the school鈥檚 faculty AI training as a multi-layered approach encompassing university-wide LLM training, substantive AI law curriculum review, hands-on training with specialized legal AI tools, guidance on redesigning curricula, and assessments to reflect students’ growing AI proficiency. Before students can be taught with AI, professors need to understand the tools themselves and how to use them in teaching, in simulation, and in assessment, she adds.

An AI tutor that meets students where they are

Bond University鈥檚 James says he has spent the last several months building an AI tutor designed to walk students through course material the way a patient, attentive instructor would. His vision for the AI teaching assistant supports the professor meeting students where they are. 鈥淚t [the AI tutor] introduces the week’s topic, outlines learning outcomes, guides students through the readings, checks comprehension with short quizzes, and then adapts in real time based on how the student responds,鈥� James explains, adding that the AI tutor will pull any student who is struggling deeper into the material until the learning outcome is achieved. 鈥淭he conversation never stops until the learning does.鈥�

However, James is careful to draw a clear distinction about what the tutor replaces and what it does not, stressing that AI is a substitute for the lecture recording, the static reading list, or the passive video watched at midnight before an exam 鈥� but it chiefly exists to support the law professor. This approach frees up class time, turning it from content delivery to more meaningful the time between the human instructor and students, he adds.

Act by design or default

The approaches by both Perez-Llorca and James point to a way to address the question of disappearing tasks that teach essential lawyering skills as well as shift the center of gravity in legal education toward ways to foster developmental skills and legal judgment. Indeed, inertia is not a strategy, and law school deans and associate deans can be at the forefront of this fight by taking decisive action, including:

• • • Experiment freely 鈥� Investigate with AI on your own by starting small with a pilot project.
    • Strategically assign where AI goes 鈥� Decide where AI belongs in the curriculum, such as in courses focused on legal research and drafting as they become commoditized by AI. Also, determine in which instances AI does not belong, such as counseling clients through ambiguity, navigating ethical complexity, and advocating persuasively. Make sure these all remain led by human lawyers.
    • Focus on skills 鈥� Map your law school鈥檚 curriculum by identifying which skills need to be preserved, which skills need to evolve, and which need to be built from scratch.
    • Build AI-assisted teaching tools 鈥� Make experiential and simulation-based learning central to the curriculum.

鈥淭he choice is between dealing with this crisis by design or by default,鈥� James says, noting that the pipeline problem he described is already in motion while the practitioners, educators, technologists, and licensing bodies that need to solve this together are not yet consistently in the same room.

Watch our recent Clarity podcast to see

Key insights:

• • • UK law firms face a more selective growth market in 2026听鈥� Client demand remains steady, but external legal spend expectations have cooled, with growth concentrated in areas such as Regulatory, Labor & Employment, and international work.

    • Legal expertise alone is no longer enough 鈥� UK legal buyers increasingly favor law firms that combine technical excellence with commercial judgment, business understanding, and practical guidance aligned to client priorities.

    • AI adoption is becoming a client expectation听鈥� Corporate legal teams are moving faster than their outside law firms on GenAI, and many UK legal buyers now expect outside counsel to use AI to improve efficiency, workflows, and the quality of legal work.

The legal market in the United Kingdom today has shifted into a new normal. While law firms saw an explosion of demand and spending immediately following the pandemic, increasing client caution has resulted in a shift in priorities. Today鈥檚 law firms cannot simply rely on their old ways of providing legal service to succeed, as UK clients expect firms to combine expertise, commercial judgment, international reach, and visible AI-enabled improvements in how legal work is delivered.

Jump to 鈫�

2026 State of the UK Legal Market

A new report from the 成人VR视频 Institute, “2026 State of the UK Legal Market,” reveals how the UK legal market is shifting, as more judicious clients are beginning to force law firms to reassess their strategy. Overall anticipated net spend from legal clients has seen declining growth rates in recent years, and while some practices like Regulatory and Labor & Employment continue to see strong demand growth, other practice areas such as Insurance, IP, and Disputes face potential contraction.

This shift is also guided by emerging buyer preferences. The report reveals an increasing commerciality to the UK legal market, one in which clients increasingly favor advisors that combine legal excellence with commercial judgement, and those that are leveraging AI to bolster not only efficiency but improve the overall legal work product.

You can find out more about

Taken as a whole, the report paints a picture of clients that now are moving faster than their outside legal advisors, strengthening their internal capabilities, and setting clearer (and higher) expectations. This means that UK law firms cannot rest on their laurels, as clients increasingly push their outside firms to keep up with new business challenges.

The market is cautious, but opportunity remains

The report reveals that UK legal buyers are more cautious about external legal spend than they have been at any point in the last five years. That may mean law firms can no longer rely on the broad-based demand that defined the post-pandemic period and instead need to be more precise about where opportunity exists 鈥� and where it doesn鈥檛.

The report tracks buyer sentiment through net spend anticipation (NSA), which measures the share of buyers expecting to increase external legal spend over the next 12 months minus those expecting to decrease it. Since its 2021 peak, UK NSA has fallen steadily to +5 percentage points in 2025, returning the market to the more stable, single-digit baseline that was seen before the pandemic.

For those law firms looking to capture increased business, the report makes clear that legal expertise is now the price of entry, not the point of differentiation. The firms that stand out will be those that know how to apply their expertise in ways that reflect the client’s business realities.

Indeed, that is becoming even more important as corporate legal departments face growing pressure to demonstrate their own value to the wider organization, and they鈥檙e increasingly pointing to improvements in their own quality and effectiveness even before mentioning cost savings, efficiency, or time savings. Not surprisingly, more than one-third of UK legal buyers now cite business savviness as a reason they favor a particular law firm.

To help demonstrate their internal value, clients are pushing their outside law firms to leverage advanced technology to improve the overall effectiveness of legal work. Of course, this has resulted in a clear gap, the report notes, between how corporate legal teams are moving and how law firms are responding. For instance, the report shows that more than half of UK corporate legal respondents say their organizations are already using GenAI tools across the business, compared with just about one-third law firm respondents who said this.

That difference in outlook matters because clients increasingly believe AI will become a larger part of how legal work is delivered, and they鈥檙e not content to simply wait and see whether their outside counsel will fully adopt the technology. Indeed, corporate legal departments are expecting their outside law firms to keep pace with how legal work is changing, and they will reward those firms that do.

You can download

a full copy of the 成人VR视频 Institute’s “2026 State of the UK Legal Market” by filling out the form below: