top of page

Cybercrime Source Booklet:
Regulatory and policy developments
2025 Edition


Fincrime, AML, cybercrime, cybersecurity, neurocrime & neurosecurity
1. Research conducted by individuals, companies, associations and universities
1.1. January
1.1.1. International

  • World Economic Forum (WEF) & Accenture, Global Cybersecurity Outlook 2025, January 2025, accessible here;

  • OWASP Foundation, GenAI Red Teaming Guide - A Practical Approach to Evaluating AI Vulnerabilities, V.1.0, January 2025, accessible here;

  • Oleh Harasymchuk et al., Modern methods of ensuring information protection in cybersecurity systems using artificial intelligence and blockchain technology, Technology Center, January 2025, accessible here;

  • Karen Allen & Christopher Nehring, AI-Generated Disinformation in Europe and Africa - Use Cases, Solutions and Transnational Learning, Konrad-Adenauer-Stiftung, January 2025, accessible here;

1.2. February

1.2.1. International

  • TRM Labs, 2025 Crypto Crime Report - Key trends that shaped the illicit crypto market in 2024, February 2025, accessible here;

  • OWASP Foundation, Agentic AI - Threats and Mitigations - OWASP Top 10 for LLM Apps and Gen AI Agentic Security Initiative, February 2025, accessible here;

  • Chainalysis, The 2025 Crypto Crime Report - The rising role of cryptocurrency in all forms of crime and how its transparency is creating unique opportunities for investigation, February 2025, accessible here;

  • OWASP Foundation, LLM Exploit Generation - Claude, Deepseek, OpenAI, February 2025, accessible here;

  • Paris Peace Forum, Forging Global Cooperation on AI Risks Cyber Policy as a Governance Blueprint, February 2025, accessible here;

  • European Criminal Bar Association (ECBA), Position on the Digitalisation of Justice, February 2025, accessible here;

1.2.2. Europe

1.2.2.1. European Union

  • Filippo Bagni & Fabio Seferi (eds.), Regulatory sandboxes for AI and Cybersecurity - Questions and answers for stakeholders, Cybersecurity National Lab and Fondazione SERICS (Security and Rights in the CyberSpace), February 2025, accessible here;

1.3. March
1.3.1. International

  • Rocco Alfonzetti et al., Data Security within AI Environments, Cloud Security Alliance (CSA), March 2025, accessible here

  • World Economic Forum (WEF), The Intervention Journey: A Roadmap to Effective Digital Safety Measures, March 2025, accessible here;

  • Centre for Finance Innovation and Technology (CFIT), Fighting Economic Crime Through Digital Verification - The Case for Adopting Digital Company ID in the UK, February 2025, accessible here;

  • Hollie Hennessy, Consumer IoT Device Cybersecurity Standards, Policies, and Certification Schemes 2025, Omdia, March 2025, accessible here;

1.3.2. Europe

1.3.2.1. United Kingdom

  • Joe Burton, Ardi Janjeva, Simon Moseley and Alice, AI and Serious Online Crime, The Alan Turing Institute, March 2025, accessible here;

  • Anna Knack, Nandita Balakrishnan & Timothy Clancy, Applying AI to Strategic Warning Modelling instability risks and stabilisation factors for intelligence and national security, Centre for Emerging Technology and Security (CETaS), Special Competitive Studies Project (SCSP), March 2025, accessible here

1.4. April

1.4.1. International

  • World Economic Forum (WEF) & University of Oxford, The Cyber Resilience Compass Journeys Towards Resilience, April 2025, accessible here;

  • Cloud Security Alliance, Top Threats to Cloud Computing Deep Dive 2025, April 2025, accessible here;

1.4.2. Europe

1.4.2.1. European Union

  • European Crypto Initiative, The AML Handbook - A Guide for Crypto Activities, April 2025, accessible here;

1.5. May
1.5.1. International

  • Laurence Van der Loo & Sebastian Jerome Chin, Synergy In Cybersecurity, FutureMatters, Global Finance & Technology Network (GFTN), May 2025, accessible here

  • Jay Cheng & Royce Lu, AI Agents are Here - So Are the Threats, Unit 42, Palo Alto Network, May 2025, accessible here;

  • World Economic Forum (WEF), Growing Cyber Talent Through Public–Private Partnerships, May 2025, accessible here;

  • Cloud Security Alliance, Agentic AI Red Teaming Guide, May 2025, accessible here;

  • Rand Waltzman, Emerging Cognitive Threats - Future Challenges to Cognitive Superiority, Irregular Warfare Center, May 2025, accessible here;

1.6. June

1.6.1. International

  • Merkle Science, The Ultimate Guide to Tracing Stolen Crypto in 2025, June 2025, accessible here;

  • The Prism Project & Acuity Market Intelligence, Biometric Digital Identity Deepfake and Synthetic Identity - A new paradigm for the emerging digital identity ecosystem, June 2025, accessible here;

  • Jacob Smith et al., Landscape Study of Generative Artificial Intelligence in the Criminal Justice System, National Institute of Justice (NIJ), Criminal Justice Technology Testing and Evaluation Center - A Program of the National Institute of Justice, June 2025, accessible here;

1.7. July

1.7.1. International

  • Elliptic, The state of crypto scams 2025 - Risks, trends, and using behavioral detection to stop fraudsters, July 2025, accessible here;  

  • International Business Machines Corporation (IBM), Cost of a Data Breach Report 2025 - The AI Oversight Gap, July 2025, accessible here

1.8. September

1.8.1. International

  • Emily Harding, Julia Dickson & Aosheng Pusztaszeri, A Playbook for Winning the Cyber War, Center for Strategic and International Studies (CSIS), September 2025, accessible here

1.9. October

1.9.1. International

  • World Economic Forum (WEF), Elevating Cybersecurity: Ensuring Strategic and Sustainable Impact for CISOs, October 2025, accessible here

1.9.2 Europe

1.9.2.1. United Kingdom

  • Sam Stockwell & Rosamund Powell, Age Assurance Technologies and Online Safety, The Alan Turing Institute, Centre for Emerging Technology and Security (CETaS), October 2025, accessible here

1.10. November

1.10.1. International

  • Ronit Ghose, Sophia Bantanidis, Prag Sharma, Kaiwan Master, & Ronak Shah, AI Deepfakes - When Seeing and Hearing Can’t be Trusted, November 2025, accessible here

1.11. December

1.11.1. International

  • World Economic Forum (WEF) & Institute for Security and Technology (IST), Fighting Cyber-Enabled Fraud: A Systemic Defence Approach, December 2025, accessible here

1.11.2. Europe

1.11.2.1. United Kingdom

  • Connor Attridge, AI and Advanced Materials: Strategic and Security Implications, The Alan Turing Institute, Centre for Emerging Technology and Security (CETaS), December 2025, accessible here

2. Reports, guidelines, recommendations and other documents published by regulatory and supervisory authorities, international organizations, and other public institutions and agencies
2.1. February
2.1.1. International

  • Programa COPOLAD III (Cooperation Programme between Latin America, the Caribbean and the European Union on Drug Policies), Financial Investigations and Analysis for Emerging Money Laundering Risks Criminal Use of Cryptocurrency, February 2025, accessible here;

  • World Bank Group, Cyber risks in fast payment systems, Finance for Development, Project FASTT, February 2025, accessible here;

2.1.2. Europe

2.1.2.1. European Union

  • Europol, Assessing technologies in law enforcement a method for ethical decision-making, Innovation Lab, European Claearing Board, Strategic Group on Technology and Ethics, February 2025, accessible here;

  • European Commission, Proposal for a Council Recommendation for an EU Blueprint on cybersecurity crisis management, COM(2025) 66 final, February 2025, accessible here;

2.1.2.2. United Kingdom

  • Dylan Sherman & Simon Brawley, AI, disinformation & cyber security, UK Parliament, Horizon scanning, January 2025, accessible here;

2.2. March

2.2.1. International

  • Ravikumar Rangachary, Strengthening Cybersecurity Lessons from the Cybersecurity Survey, International Monetary Fund, TNM/2025/06, March 2025, accessible here;

2.2.2. Europe
2.2.2.1. European Union

  • Europol, European Union Serious and Organised Crime Threat Assessment – The changing DNA of serious and organised crime, Publications Office of the European Union, March 2025, accessible here;

  • European Union Agency for Cybersecurity (ENISA), ENISA NIS360 2024 ENISA Cybersecurity Maturity & Criticality Assessment of NIS2 sectors, March 2025, accessible here;

2.2.3. North America

2.2.3.1. United States of America

  • Apostol Vassilev et al., Adversarial Machine Learning - A Taxonomy & Terminology of Attacks & Mitigations, National Institute of Standards and Technology (NIST), NIST Trustworthy and Responsible AI, NIST AI 100-2e2025, March 2025, accessible here;

2.3. April

2.3.1. International

  • Law Commission of Ontario, AI in Criminal Justice Project, April 2025, accessible here;

  • Simon Moseley, Automating Deception: AI’s Evolving Role in Romance Fraud, The Alan Turing Institute, Centre for Emerging Technology and Security (CETaS), April 2025, accessible here

2.3.2. Europe

2.3.2.1. United Kingdom

  • Department for Science, Innovation & Technology & National Cyber Security Centre (NCSC), Cyber Governance Code of Practice, April 2025, accessible here;

  • National Cyber Security Centre (NCSC), Cyber Security Toolkit for Boards - Resources to help Boards implement the actions outlined in the Cyber Governance Code of Practice, April 2025, accessible here

  • European Telecommunications Standards Institute (ETSI), Securing Artificial Intelligence (SAI) Baseline Cyber Security Requirements for AI Models & Systems, ETSI TS 104 223 V1.1.1 (2025-04), April 2025, accessible here;

2.3.3. North America

2.3.3.1. United States of America

  • U. S. Congress, Select Committee on the Chinese Communist Party, Deepseek Unmasked exposing the CCP's latest tool for spying, stealing & subverting U.S. export control restrictions, April 2025, accessible here;

  • Alex Nelson et al., Incident Response Recommendations & Considerations for Cybersecurity Risk Management - A CSF 2.0 Community Profile, National Institute of Standards and Technology (NIST), NIST Special Publication 800, NIST SP 800-61r3, April 2025, accessible here;

2.4. May

2.4.1. International

  • National Security Agency Artificial Intelligence Security Center (AISC), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), Government Communications Security Bureau National Cyber Security Centre New Zealand (NCSC-NZ) & National Cyber Security Centre United Kingdom (NCSC-UK), AI Data Security - Best Practices for Securing Data Used to Train & Operate AI Systems, May 2025, accessible here;

2.4.2. Europe

2.4.2.1. European Union

  • European Union Agency for Cybersecurity (ENISA), Handbook for Cyber Stress Tests, June 2025, accessible here;

2.4.2.2. Italy

  • Direzione Centrale per la Polizia Scientifica e la Sicurezza Cibernetica & KPMG, Quaderno di Polizia Cibernetica Nr. 1 Anno 2025 Prevenire – Contrastare – Proteggere (Cyber ​​Police Notebook. 1 - Year 2025 - Prevent – ​​Counter – Protect), May 2025, accessible here;

2.5. June
2.5.1. International

  • United Nations Educational, Scientific and Cultural Organization (UNESCO), Synthesis Report: Addressing Illicit Trafficking of Cultural Property in the Digital Era - UNESCO Conference, 26 June 2025, June 2025, accessible here

  • North Atlantic Treaty Organization (NATO), Virtual Manipulation Brief 2025 - From War & Fear to Confusion & Uncertainty, NATO Strategic Communications Centre of Excellence, June 2025, accessible here;

  • Bank for International Settlements (BIS) & Bank of England, Project Hertha Identifying financial crime patterns in real-time retail payment systems, BIS Innovation Lab, June 2025, accessible here;

  • Financial Action Task Force (FATF), Targeted Update on Implementation of the FATF Standards on Virtual Assets & Virtual Asset Service Providers, June 2025, accessible here;

  • Interpol & United Nations Interregional Crime and Justice Research Institute (UNICRI), Artificial Intelligence & Robotics for Law Enforcement, June 2025, accessible here;

  • Financial Action Task Force (FATF), Best Practices Travel Rule Supervision, June 2025, accessible here;

2.5.2. Europe

2.5.2.1. European Union

  • Enrico Glerean, Fundamentals of Secure AI Systems with Personal Data, Training curriculum on AI and data protection, European Data Protection Board (EDPB), Support Pool of Expert Programme, June 2025, accessible here;

  • European Union Agency for Cybersecurity (ENISA), Annual Report Trust Services Security Incidents 2024, June 2025, accessible here;

  • European Union Agency for Cybersecurity (ENISA), Technical Implementation Guidance - On Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024 laying down rules for the application of NIS2 Directive as regards technical and methodological requirements of cybersecurity risk-management measures, Version 1.0, June 2025, accessible here;

  • Hendrik Mildebrath & Bente Daale, TikTok and EU regulation Legal challenges & cross-jurisdictional insights, European Parliament, European Parliamentary Research Service (EPRS), PE 775.837, June 2025, accessible here;

  • European Data Protection Board (EDPB), EDPB Comments on the draft guidelines on protection of minors online under the Digital Services Act (DSA), June 2025, accessible here;

  • European Union Agency for Cybersecurity (ENISA), Cybersecurity roles & skills for NIS2 Essential and Important Entities, June 2025, accessible here;

  • Europol, AI bias in law enforcement A practical guide, June 2025, accessible here;

  • Commission Nationale de l'Informatique et des Libertés (CNIL), Cybersecurity The Economic Benefits of GDPR, June 2025, accessible here;

2.5.2.2. Germany

  • Federal Office for Information Security (BSI), Kriterienkatalog des BSI zur Integration von extern bereitgestellten generativen KI-Modellen in eigene Anwendungen (BSI criteria catalogue for the integration of externally provided generative AI models into own applications), June 2025, accessible here;

2.5.3. Asia

2.5.3.1. United Arab Emirates

  • Dubai Financial Services Authority (DFSA), Cyber and Artificial Intelligence Risk in Financial Services - Strengthening Oversight Through International Dialogue, June 2025, accessible here;

2.5.4. Africa

  • Interpol, Interpol Africa Cyberthreat Assessment Report, 4th Edition, June 2025, accessible here;

2.6. July
2.6.1. Europe
2.6.1.1. European Union

  • Mar Negreiro, Children and deepfakes, European Parliament, European Parliamentary Research Service (EPRS), PE 775.855, July 2025, accessible here

  • European Commission, Communication from the Commission - Guidelines on measures to ensure a high level of privacy, safety and security for minors online, pursuant to Article 28(4) of Regulation (EU) 2022/2065, C/2025/6826, July 2025, accessible here;

  • European Securities and Markets Authority (ESMA), Operational and cyber risks in EU financial markets: measurement and stress simulation, ESMA TRV Risk Analysis, Financial Stability, ESMA50-1949966494-3823, July 2025, accessible here;

  • European Banking Authority (EBA), Opinion of the European Banking Authority on money laundering and terrorist financing risks affecting the EU’s financial sector, July 2025, accessible here

2.6.1.2. United Kingdom

  • Office of Financial Sanctions Implementation (OFSI) - HM Treasury, Cryptoassets - Threat Assessment, July 2025, accessible here

2.6.2. North America

2.6.2.1. United States of America

  • National Institute of Standards and Technology (NIST) & the National Cybersecurity Centre of Excellence (NCCoE), NIST Special Publication 1800-44A - Secure Software Development, Security, and Operations (DevSecOps) Practices, July 2025, accessible here

  • Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Department of Health & Human Services & Multi-State Information Sharing and Analysis Center (MS-ISAC), #StopRansomware: Interlock, July 2025, accessible here

2.7. August

2.7.1. International

  • Iñaki Aldasoro et al., An approach to anti-money laundering compliance for cryptoassets, BIS Bulletin No 111, Bank for International Settlements (BIS), August 2025, accessible here;

2.7.2. Europe
2.7.2.1. European Union

  • Opinion of the European Economic and Social Committee – Communication from the European Commission to the European Parliament, the Council of the European Union, the European Economic and Social Committee and the European Committee of the Regions action plan on the cybersecurity of hospitals and healthcare providers, August 2025, accessible here

  • European Banking Authority (EBA), Report on the use of AML/CFT SupTech tools, EBA/Rep/2025/23, August 2025, accessible here

  • Romina Cachia et al., Cyberbullying: Considerations towards a common definition, European Commission, Joint Research Centre (JRC), JRC143340, Publications Office of the European Union, August 2025, accessible here

2.7.3. North America

2.7.3.1. United States of America

  • U.S. Department of the Treasury, Request for Comment on Innovative Methods To Detect Illicit Activity Involving Digital Assets, Federal Register, Vol. 90, No. 157, August 2025, accessible here

2.7.4. Asia
2.7.4.1. India

  • Rajya Sabha of the Parliament of India, Cyber Crime - Ramifications, Protection and Prevention, Department-related Parliamentary Standing Committee on Home Affairs, August 2025, accessible here;

2.8. September

2.8.1. Europe

2.8.1.1. European Union

  • Juan Manuel Aguilar Antonio, Use of Artificial Intelligence by High Risk Criminal Networks, EL PAcCTO 2.0, Zenodo, September 2025, accessible here;

2.8.2. Asia

  • United Nations (UN), Emerging threats The intersection of criminal and technological innovation in the use of automation and artificial intelligence in the cybercrime landscape of Southeast Asia, Office on Drugs and Crime, September 2025, accessible here;

2.9. October

2.9.1. International

  • Egmont Group of Financial Intelligence Units, Financial Action Task Force (FATF), INTERPOL & United Nations, Effective informal operational and strategic information exchange - A practical guide for FIUs, October 2025, accessible here

2.9.2. Europe

2.9.2.1. European Union

  • European Banking Authority (EBA), Report on tackling ML/TF risks in crypto-asset services through supervision, EBA/REP/2025/28, October 2025, accessible here;

2.10. November

2.10.1. International

  • Financial Action Task Force (FATF), Asset Recovery Guidance and Best Practices, November 2025, accessible here;

2.10.2. Europe

2.10.2.1. European Union

  • Autoriteit Persoonsgegevens (AP), AI systems for making risk assessment regarding criminal offences - Summary of responses and next steps, November 2025, accessible here;

  • Mar Negreiro, Online protection of minors, European Parliament, European Parliamentary Research Service (EPRS), PE 779.205, November 2025, accessible here;

  • Santiago Iglesias Escudero, The Future of Anti-Money Laundering in the European Union - Institutional and legal dimensions of AMLA within the 2024 AML/CFT framework, European Parliament, European Parliamentary Research Service (EPRS), Economic Governance and EMU Scrutiny Unit (EGOV), Directorate-General for Economy, Transformation and Industry (DG ECTI), PE 773.721, November 2025, accessible here;

2.11. December

2.11.1. International

  • Federal Office for Information Security (BSI), Evasion Attacks on LLMs - Countermeasures in Practice: A Guide to face Prompt Injections, Jailbreaks and Adversarial Attacks, November 2025, accessible here

  • Janet Martha Blatny & Søndergaard Steen, Cognitive Warfare, NATO Science & Technology Organization (STO), NATO Chief Scientist Research Report, December 2025, accessible here;

  • International Telecommunication Union (ITU), World Bank, et al., Guide to Developing a National Cybersecurity Strategy, Strategic Engagement in Cybersecurity, 3rd Edition, Creative Commons Attribution-NonCommercial 3.0 IGO licence (CC BY-NC 3.0 IGO), December 2025, accessible here & here;

  • Financial Action Task Force (FATF), Horizon Scan: Artificial Intelligence and Deepfakes - Impacts on Money Laundering, terrorist Financing and Proliferation Financing, December 2025, accessible here

2.11.2. Europe
2.11.2.1. European Union

  • Vaida Gineikytė et al., European Software and Cyber Dependencies, Policy Department for Transformation, Innovation and Health of the Directorate-General for Economy, Transformation and Industry of the European Parliament, December 2025, accessible here;

  • European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA), & European Securities and Markets Authority (ESMA), Online financial frauds and scams in an Artificial Intelligence world - Stay alert and protect yourself, December 2025, accessible here;

  • European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA) & European Securities and Markets Authority (ESMA), Crypto fraud and scams: stay alert and protect yourself, December 2025, accessible here

  • Polona Car, Cybersecurity Act review What to expect, European Parliament, European Parliamentary Research Service (EPRS), PE 779.252, December 2025, accessible here;

2.11.2.3. Estonia

  • Estonian Financial Intelligence Unit (FIU), Nested Services in Virtual Currency Exchanges, December 2025, accessible here;

2.11.3. North America
2.11.3.1. United States of America

  • Katerina Megas et al., Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile), NIST IR 8596 (Initial Preliminary Draft), National Institute of Standards and Technology (NIST), December 2025, accessible here

  • Stephen Quinn et al., Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight, National Institute of Standards and Technology (NIST), NIST Interagency Report NIST IR 8286Cr1, December 2025, accessible here

2.11.4. Asia

2.11.4.1. United Arab Emirates

  • UAE Financial Intelligence Unit (FIU), Misure of Virtual Assets in Financial Crime - Evolving Trends and Risks, Research and Strategic Analysis Section, December 2025, accessible here

3. Legislations, regulations, & other legislative instruments
3.1. November
3.1.1. Europe
3.1.1.1. European Union

  • Case C-57/23, Policejní prezidium (Storage of biometric and genetic data): Judgment of the Court (Fifth Chamber) of 20 November 2025 (request for a preliminary ruling from the Nejvyšší správní soud – Czech Republic) – JH v Policejní prezidium (Reference for a preliminary ruling – Protection of natural persons with regard to the processing of their personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data – Directive (EU) 2016/680, C/2026/262, November 2025, accessible here;

3.2. December
3.2.1. Europe
3.2.1.1. European Union

  • Draft Commission Delegated Regulation (EU) …/... of 11.12.2025 supplementing Regulation (EU) 2024/2847 of the European Parliament and of the Council by specifying the terms and conditions for applying the cybersecurity-related grounds in relation to delaying the dissemination of notifications, European Commission, December 2025, accessible here;

bottom of page