Cybercrime Source Booklet:
Regulatory and policy developments
2025 Edition

​
Fincrime, AML, cybercrime, cybersecurity, neurocrime & neurosecurity
1. Research conducted by individuals, companies, associations and universities
1.1. January
1.1.1. International
1.2. February
1.2.1. International
1.2.2. Europe
1.2.2.1. European Union
1.3. March
1.3.1. International

• Rocco Alfonzetti et al., Data Security within AI Environments, Cloud Security Alliance (CSA), March 2025, accessible here; 

1.3.2. Europe
1.3.2.1. United Kingdom
1.4. April
1.4.1. International
1.4.2. Europe
1.4.2.1. European Union
1.5. May
1.5.1. International

• Laurence Van der Loo & Sebastian Jerome Chin, Synergy In Cybersecurity, FutureMatters, Global Finance & Technology Network (GFTN), May 2025, accessible here; 

1.6. June
1.6.1. International
1.7. July
1.7.1. International
1.8. September
1.8.1. International
1.9. October
1.9.1. International
1.10. November
1.10.1. International
1.11. December
1.11.1. International
2. Reports, guidelines, recommendations and other documents published by regulatory and supervisory authorities, international organizations, and other public institutions and agencies
2.1. February
2.1.1. International
2.1.2. Europe
2.1.2.1. European Union
2.1.2.2. United Kingdom
2.2. March
2.2.1. International
2.2.2. Europe
2.2.2.1. European Union
2.2.3. North America
2.2.3.1. United States of America
2.3. April
2.3.1. Europe
2.3.1.1. United Kingdom
2.3.2. North America
2.3.2.1. United States of America
2.4. May
2.4.1. International
2.4.2. Europe
2.4.2.1. European Union
2.4.2.2. Italy
2.5. June
2.5.1. International​

• United Nations Educational, Scientific and Cultural Organization (UNESCO), Synthesis Report: Addressing Illicit Trafficking of Cultural Property in the Digital Era - UNESCO Conference, 26 June 2025, June 2025, accessible here; 

2.5.2. Europe
2.5.2.1. European Union
2.5.2.2. Germany
2.5.3. Asia
2.5.3.1. United Arab Emirates
2.5.4. Africa
2.6. July
2.6.1. Europe
2.6.1.1. European Union
2.6.1.2. United Kingdom
2.6.2. North America
2.6.2.1. United States of America
2.7. August
2.7.1. International
2.7.2. Europe
2.7.2.1. European Union

• Opinion of the European Economic and Social Committee – Communication from the European Commission to the European Parliament, the Council of the European Union, the European Economic and Social Committee and the European Committee of the Regions action plan on the cybersecurity of hospitals and healthcare providers, August 2025, accessible here; 

2.7.3. North America
2.7.3.1. United States of America
2.7.4. Asia
2.7.4.1. India
2.8. September
2.8.1. Europe
2.8.1.1. European Union
2.8.2. Asia
2.9. October

2.9.1. International

• Egmont Group of Financial Intelligence Units, Financial Action Task Force (FATF), INTERPOL & United Nations, Effective informal operational and strategic information exchange - A practical guide for FIUs, October 2025, accessible here; 

2.9.2. Europe
2.9.2.1. European Union
2.10. November
2.10.1. International
2.10.2. Europe
2.10.2.1. European Union
2.11. December

2.11.1. International

• Federal Office for Information Security (BSI), Evasion Attacks on LLMs - Countermeasures in Practice: A Guide to face Prompt Injections, Jailbreaks and Adversarial Attacks, November 2025, accessible here; 

• Janet Martha Blatny & Søndergaard Steen, Cognitive Warfare, NATO Science & Technology Organization (STO), NATO Chief Scientist Research Report, December 2025, accessible here;

• International Telecommunication Union (ITU), World Bank, et al., Guide to Developing a National Cybersecurity Strategy, Strategic Engagement in Cybersecurity, 3rd Edition, Creative Commons Attribution-NonCommercial 3.0 IGO licence (CC BY-NC 3.0 IGO), December 2025, accessible here & here;

• Financial Action Task Force (FATF), Horizon Scan: Artificial Intelligence and Deepfakes - Impacts on Money Laundering, terrorist Financing and Proliferation Financing, December 2025, accessible here; 

2.11.2. Europe
2.11.2.1. European Union

• Vaida Gineikytė et al., European Software and Cyber Dependencies, Policy Department for Transformation, Innovation and Health of the Directorate-General for Economy, Transformation and Industry of the European Parliament, December 2025, accessible here;

• European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA), & European Securities and Markets Authority (ESMA), Online financial frauds and scams in an Artificial Intelligence world - Stay alert and protect yourself, December 2025, accessible here;

• European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA) & European Securities and Markets Authority (ESMA), Crypto fraud and scams: stay alert and protect yourself, December 2025, accessible here; 

2.11.2.2. Estonia

2.11.3. North America
2.11.3.1. United States of America

• Katerina Megas et al., Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile), NIST IR 8596 (Initial Preliminary Draft), National Institute of Standards and Technology (NIST), December 2025, accessible here; 

• Stephen Quinn et al., Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight, National Institute of Standards and Technology (NIST), NIST Interagency Report NIST IR 8286Cr1, December 2025, accessible here; 

2.11.4. Asia

2.11.4.1. United Arab Emirates

• UAE Financial Intelligence Unit (FIU), Misure of Virtual Assets in Financial Crime - Evolving Trends and Risks, Research and Strategic Analysis Section, December 2025, accessible here; 

3. Legislations, regulations, & other legislative instruments
3.1. December
3.1.1. Europe
3.1.1.1. European Union

• Draft Commission Delegated Regulation (EU) …/... of 11.12.2025 supplementing Regulation (EU) 2024/2847 of the European Parliament and of the Council by specifying the terms and conditions for applying the cybersecurity-related grounds in relation to delaying the dissemination of notifications, European Commission, December 2025, accessible here;

​​