2025 technology industry outlook

Some of the themes we expect to play a significant role in the coming year and beyond include:

• Protecting the future by elevating risk management: The technology industry continues to navigate an increasingly complex risk landscape shaped by cybersecurity threats, geopolitical tensions, and climate-related challenges. With vast amounts of valuable intellectual property and customer data, tech firms can be prime targets for cybercriminals. The rapid adoption of gen AI also introduces new vulnerabilities, especially since less than one-quarter of AI initiatives are thought to be adequately secured.⁸ Geopolitical dynamics may drive some tech companies to diversify their supply chains to other countries. Tech firms are also likely to assess their suppliers’ locations to help manage climate-related risks.
• Tackling trust to boost gen AI adoption and benefits: Gen AI is fueling transformative changes for businesses, in back- and front-office operations, product development and engineering, and product and service offerings. According to recent Deloitte surveys, business and IT leaders are getting pragmatic about deriving real business value, and workers are beginning to report productivity gains.⁹ At the same time, trust issues—relating to data privacy and security, data quality, bias, and accuracy—pose a barrier for both enterprise and consumer gen AI adoption.¹⁰ Tech leaders should be mindful of these potential challenges and consider ways to shore up trust and boost adoption.
• Transforming software through the use of gen AI: Tech leaders surveyed are more optimistic about the transformative potential of gen AI tools than leaders in other industries.¹¹ One reason may be that tech companies outpace others in their use of gen AI assistants to help human developers write and test code—which could be worth billions of dollars in productivity gains in the United States.¹² The next advance in software development may involve “agentic AI”—autonomous gen AI agents that are able to complete complex tasks with minimal human oversight.¹³ Gen AI isn’t just transforming software creation; it’s poised to revamp the nature of software user interfaces—from forms and fields and point-and-click to conversational experiences.
• Reigniting interest in private cloud: As businesses implement data-intensive gen AI initiatives, better management of cloud spending is likely to become critical. At the same time, it will be important to ensure data security and comply with regulations—particularly as gen AI models may train on confidential or proprietary data. These are two reasons we believe companies may renew their interest in private cloud over the next year. As businesses reevaluate their public-private cloud mix, tech providers should respond with easy-to-implement solutions for hybrid environments.
• Adapting to enterprise customer needs with mergers and acquisitions (M&A) and partnerships: Enterprises increasingly require end-to-end solutions that address their multi-faceted business priorities. Challenges include the need to integrate across complex, multicloud infrastructures and to support specialized business processes with custom-tailored apps. As tech leaders aim to meet these fast-evolving customer needs, many have indicated they’re anticipating an increase in higher-value deals (such as acquisitions) in the coming year.¹⁴ Some are also turning to alternatives to traditional M&A, such as joint ventures and strategic partnerships—combining forces to offer more comprehensive solutions.
• Addressing new tax and regulatory changes: In 2025, the tech industry will likely face several challenges as new global tax regulations take effect. Global minimum tax requirements, country-by-country reporting, and e-invoicing regulations are designed to increase transparency and combat tax evasion. These regulations will compel many multinational tech companies to adapt their transaction recording and reporting practices, primarily by upgrading and enhancing their enterprise resource planning (ERP) solutions.¹⁵ Companies that report sales in a country should also demonstrate compliance with that jurisdiction’s privacy and content regulations, necessitating an increased focus on data governance and resilience.¹⁶

The tech industry is innovating and evolving rapidly. By prioritizing security, reliability, and trust—both internally and for customer-facing solutions—tech companies have an opportunity to improve their own operations and drive growth throughout the coming year.

Protecting the future by elevating risk management

In 2025, tech companies will likely continue to grapple with challenges related to risk management. Escalating cybersecurity threats, geopolitical tensions, and sustainability considerations will likely shape technology strategies.

Cybersecurity is expected to be a critical tech priority as the attack surface continues to widen—driven by Internet of Things, generative AI, and cloud computing. In 2025, the global cost of cybercrime is projected to reach US$10.5 trillion.²¹ At the same time, the global market for security products is growing rapidly and is expected to reach US$200 billion by 2028, reflecting its critical role in securing digital initiatives.²²

With its wealth of intellectual property, trade secrets (heightened by export restrictions), and customer data, the tech industry should continue to prioritize proactive and multilayered cybersecurity.²³ Cloud environments, for example, should be protected with robust encryption and Zero Trust architectures that require continuous verification of user and device identities.²⁴

Another important task for tech companies is to reinforce code and digital asset security. Because their products, services, and intellectual property are often digital, tech companies can be especially susceptible to attacks. Hackers can exploit code vulnerabilities to infiltrate networks, manipulate software, or steal sensitive data. Additionally, threat actors may exploit abandoned, unmonitored, or overly privileged cloud-based applications with insecure credentials to access valuable resources.²⁵ Tech organizations can face “security debt” (analogous to technology debt) due to developers enabling broad permissions or embedding credentials in code during development, which may remain uncorrected before release.²⁶ Attackers can discover sensitive credentials like passwords or certificates in repositories, exposing organizations to significant risks.²⁷ Tech companies should adopt secure development practices, such as minimizing permissions, securing test environments, retiring unused applications and tenants, and considering the use of a privileged access management system.²⁸

Emerging technologies like generative AI and quantum computing can introduce new vulnerabilities. A recent report highlighted that while 82% of surveyed executives believe secure, trustworthy AI is essential, only 24% of current gen AI projects are secured—potentially leaving sensitive data and models exposed.²⁹ At the same time, gen AI holds promise for helping organizations better protect themselves. According to Deloitte’s State of Generative AI in the Enterprise Q4 report, 36% of executives surveyed said their gen AI-based cybersecurity initiative is integrated into their organization’s work processes to a large extent—the highest level of integration among their advanced gen AI initiatives.³⁰

Another emerging technology, quantum computing, presents both an opportunity and a challenge. Preparing for the quantum era will likely drive tech companies to adopt quantum-resistant cryptography to safeguard sensitive data from potential quantum attacks, and spending on that is expected to quadruple in 2025 over 2023 levels.³¹

In 2025, tech companies will continue to navigate a multifaceted landscape of escalating geopolitical risks and trade tensions—and should work to strengthen their defenses against sophisticated actors who may aim to leverage global instability.³² Governments worldwide are seeking technological autonomy through export controls, trade barriers, and industrial policies, disrupting supply chains and alliances.³³ In light of these developments, tech companies should consider diversifying suppliers and manufacturing operations to reduce dependency on restricted regions and mitigate potential risks. Some big tech companies are expanding production to nations like India and Vietnam, or considering doing so, with the stated aim of reducing dependence on Chinese manufacturing.³⁴ Tech companies may consider integrating geopolitical risk factors into their business strategies and monitoring the regulatory landscape to anticipate policy shifts.

Challenges related to sustainability and energy consumption are also intensifying. Gen AI and digital transformation are driving a surge in energy consumption by data centers: By 2026, electricity consumption by data centers is expected to reach 681 TWh globally (40% of that coming from US data centers), accounting for 2.5% of total consumption.³⁵ Tech companies are under increasing scrutiny for their environmental impact, particularly as they strive to meet carbon neutrality goals by 2030.³⁶ Tech companies can prioritize energy-efficient data center technologies (such as innovative cooling methods), optimize operations to reduce their carbon footprint, and explore alternative energy sources such as modular nuclear reactors.

Many tech firms are also evaluating suppliers’ and their own locations to better understand the potential impact of climate risks on operational reliability. Severe weather events, such as hurricanes, floods, and droughts, can cause prolonged power outages, disrupting cloud servers and data center operations.³⁷ Companies may choose to relocate facilities to less vulnerable regions and design infrastructure with elevated platforms, flood barriers, reinforced structures, and plentiful energy supplies.³⁸ They may also opt for geographically diverse data centers to ensure the continuity of critical services during disasters.³⁹

Strategic questions for tech leaders to consider

• How are we identifying and mitigating emerging cyber threats before they materialize?
• Are we leveraging advanced technologies like AI for real-time threat detection and response?
• Do our cloud environments adhere to Zero Trust principles and adequately monitor access and permissions? Are we addressing security debt in our development processes?
• Has our company developed a dynamic risk assessment model that continuously evaluates geopolitical risks and their potential impact on global operations? Are we proactively anticipating and adapting to policy changes?
• How well do we understand and mitigate climate-related risks in our own operations and our supply chain, especially those affecting critical components? Do we have a strategy to optimize operations and reduce our carbon footprint while maintaining operational efficiency?

Tackling trust to boost gen AI adoption and benefits

Gen AI is driving transformational changes for businesses, in back- and front-office operations, product development and software engineering, and product and service offerings. Tech organizations are adopting gen AI faster than other industries. Nearly a third of tech leaders surveyed by Deloitte report rapid adoption of gen AI by their companies—compared with 11% of leaders in other industries—and gen AI tools and applications are widely available to their workforces (figure 1).⁴⁰ In tech companies, at-scale implementations are progressing fastest in IT (including cybersecurity), followed by product development and research and development—outpacing nontech organizations.⁴¹

Despite this uptake, tech leaders surveyed revealed several factors that could slow their organization’s efforts over the next two years. Top impediments to gen AI adoption in the near future include fears of costly errors, worries that gen AI may not achieve its expected value, and concerns about a potential loss of trust stemming from bias, hallucinations, and inaccuracies.⁴² Tech leaders’ ability to trust that gen AI will produce accurate, unbiased output appears to be a prerequisite for continued fast adoption.

Some adopters are not leaving trust to chance but are taking actions to help make their gen AI implementations more trustworthy. Deloitte’s analysis of companies adopting gen AI has identified a group of “trust builders” that place greater emphasis on data, governance, and security capabilities; reducing algorithmic hallucinations; prioritizing employee transparency about goals and potential impacts; and showing empathy and kindness across tool adoption.⁴³ In this analysis, 40% of tech companies fall into the proactive trust builder category—versus 27% of nontech companies. Attention to trust appears to pay off: Trust builders are 18 percentage points more likely than other organizations to rank in the top third of companies achieving expected benefits from gen AI (including improving products and services, spurring innovation and growth, improving productivity and efficiency, reducing costs, enhancing customer relationships, and increasing revenue).⁴⁴

Just as trust appears to influence gen AI adoption and benefits in the enterprise, it’s similarly important to consumers. Analysis of Deloitte’s 2024 Connected Consumer Study revealed that the cohort of gen AI adopters who report high or very high trust that their gen AI tech providers will keep their data secure are more likely to say they use gen AI daily and that it “significantly exceeds” their expectations (figure 2).⁴⁵ Higher trust also appears to boost purchasing. When asked whether new AI functionality being embedded into devices will impact their upgrade plans, high trust adopters are almost four times more apt to say they’re “very likely” to upgrade their smartphone sooner than planned, versus the low trust cohort. A similar trend holds for laptop upgrades.⁴⁶

A major factor for building consumer trust appears to be how well gen AI providers manage and provide control over the data they collect.⁴⁷ The Deloitte Connected Consumer Survey found that only 17% of gen AI adopters feel that their technology providers supply “very clear” data privacy and security policies and give them “very easy” control over their data.⁴⁸ But in this group, 69% report high or very high trust that their gen AI providers will keep their data secure, while only 8% report low or very low trust. In contrast, among the 83% of gen AI adopters who don’t consider their providers’ privacy and security policies to be very clear or who find it hard to control their data, only 16% report a high or very high level of trust, while 44% report low or very low trust. This disparity highlights a path forward for gen AI providers: To help earn user trust and broader acceptance of gen AI technologies, they should not only enhance the security features of their offerings but also work to ensure that data policies are communicated clearly and that it’s easy for users to manage their data (for example, to limit or customize what data gets collected).

Strategic questions for tech leaders to consider

• Does our company have an organizational strategy for building trust in gen AI? Are we enhancing our data, governance, and security capabilities and ensuring that our gen AI algorithms are reliable, accurate, and unbiased?
• Are we being transparent with employees about the goals and potential effects of our gen AI initiatives, and providing adequate training and encouragement to use gen AI?
• Are we taking adequate steps to nurture user trust in the gen AI products and services our company sells? Are we strengthening data security and clarifying our data collection and utilization policies? Are we enhancing user control over the information we gather and use, including engaging them at suitable moments to permit informed decisions regarding their data?

Transforming software through the use of gen AI

In the United States, as of late 2024, technology companies were outpacing others on AI adoption: Over 18% of tech organizations surveyed were already using AI to produce goods or services—more than double the rate of almost all other industries.⁴⁹ Executives at tech companies that use generative AI tools are also more optimistic about their transformative power than execs outside of tech: Forty-one percent of tech leaders surveyed believe that gen AI is already transforming their organization or will within the next year, versus 26% of nontech leaders (figure 3).⁵⁰

There are two notable ways in which tech companies differ from nontech companies in how they’re leveraging gen AI—both of which could be contributing to their stronger belief in gen AI’s transformational potential. As figure 3 shows, tech executives are much more likely to report that their companies use gen AI tools to write and test software (56% vs. 33%), and nearly twice as likely to say that their company is exploring the use of autonomous agents to a large or very large extent (44% vs. 23%).

Software coding tools are an important early use case for gen AI—especially in an industry that has the greatest need for software development.⁵¹ Practitioner use of AI code generators may be even higher than executives are aware of: In a 2024 global survey of software developers, 62% said they use AI coding tools.⁵² Another global developer survey revealed that nearly half (49%) of those who employ AI-powered coding assistants use them daily.⁵³ Developers use these tools to help them write boilerplate or routine code, learn new skills, debug and document code, and write test cases,⁵⁴ and they anticipate increased productivity, faster learning, and greater efficiency.⁵⁵ In the United States alone, the productivity gain from generative AI coding could be worth US$12 billion annually.⁵⁶ Despite the promise, gen AI coding assistants aren’t perfect: Estimates of the generated code that developers approve range between 30% to 40% at the low end and 50% to 80% at the high end—but accuracy is expected to improve over time.⁵⁷

The next advance in software development (and many other enterprise workflows) may involve a shift from coding assistance to coding autonomy. Generative AI agents with greater independence—agentic AI—promise to complete complex tasks with minimal human supervision.⁵⁸ Here, too, tech is outpacing other industries, experimenting with autonomous agents to a greater degree (figure 3). With agentic AI, a human coder can enter ideas for software through a prompt, and the agentic AI “software engineer” converts those ideas into executable code, automating multiple steps in the development process.⁵⁹ Agentic AI software engineers still make too many errors to complete jobs without human oversight, but big tech companies and startups are aiming to improve their reliability so that they can be trusted to handle some development workloads with minimal human intervention.⁶⁰

This ability to work intuitively and independently isn’t just transforming software creation; it’s poised to revamp the nature of software interfaces. Generative AI has the potential to customize user interfaces in real time, providing highly personalized and context-aware experiences. As gen AI learns a user’s preferences and behaviors, it can adjust interface elements dynamically—potentially making the experience more intuitive and responsive.⁶¹ And as gen AI adoption becomes mainstream, traditional point-and-click interfaces with forms and fields may gradually give way to conversational experiences in which users interact with software through natural language.⁶²

Strategic questions for tech leaders to consider

• Has our company evaluated where and how we can use gen AI coding assistants?
• If we are using them, are we ensuring that our developers get the right guidance and training to ensure that productivity gains and software quality are maximized?
• Have we considered how the use of gen AI coding tools might affect the mix of software talent we recruit? In the long term, these tools might entail rethinking career progression and engineering talent models.
• Have we established a framework to ensure that the generated code is accurate and free of bias? Do we have a human review process for decisions made by AI (known as “human on the loop”)?
• Are there software systems we use internally—or produce for the external market—that could be improved with gen AI–driven natural language interfaces, or interfaces that adapt dynamically to user behaviors and preferences?

Reigniting interest in private cloud

Global spending on public cloud services was projected to reach US$805 billion in 2024, and to double by 2028—driven in part by widespread adoption of cloud technology across industries and accelerating AI innovation.⁶³ Spending on public cloud has outpaced spending on private cloud infrastructure by more than three to one in recent years—fueled by perceived benefits including cost savings, operational efficiency, scalability, and the ability to innovate rapidly.⁶⁴ In the coming year, however, it’s likely that businesses will reassess the benefits of private cloud and focus on hybrid environments that include both public and private cloud resources.⁶⁵

One factor behind the renewed interest in private cloud relates to pressure from unanticipated public cloud costs.⁶⁶ A global survey of IT decision-makers found that a majority had surpassed their budget for cloud storage, due to migrating more apps and data to the public cloud than planned.⁶⁷ The top reasons given for exceeding budgets were high storage use and growth, unexpected egress fees, and API call fees.⁶⁸ Another recent worldwide study revealed that businesses’ public cloud spending exceeded budgets by an average of 15% and that 27% of public cloud costs were considered “wasted spend.”⁶⁹ In some cases, infrastructure is already provisioned and paid for, but remains idle due to lower usage than anticipated.⁷⁰

Private clouds, on the other hand, enable companies to assign IT resources based on real-time storage and workload needs, avoiding overprovisioning and offering better cost predictability.⁷¹ Optimizing IT infrastructure through the use of private clouds will likely become more critical as businesses pilot and implement gen AI initiatives, which require dynamic handling of vast volumes of model training data.⁷²

Another factor that may fuel a resurgence of private clouds is the need to keep data secure and comply with regulations—particularly as gen AI models train on sensitive customer or corporate data.⁷³ Companies may turn to private clouds (on-premises or hosted by trusted providers) to boost security and control over their data.⁷⁴ Companies should also be mindful of evolving regulatory frameworks in the countries where their data resides; sovereign cloud systems can be used to keep data within a specific country’s borders in order to comply with local data privacy regulations.⁷⁵

Edge computing applications—which support automation, real-time data access and analytics, and immersive customer experiences—may also foster increased adoption of private clouds.⁷⁶ Positioning private cloud resources near customer and branch endpoints can help minimize network delays and the number of data hops to and from servers, enabling real-time applications.⁷⁷

Recent research suggests that many businesses are already implementing private clouds with the help of virtualization and private cloud management.⁷⁸ Some are also aiming for software-defined storage and API-consistent hardware to enable seamless integration of different infrastructure components and to build a hybrid environment.

Despite advantages, expanding one’s private cloud deployments can bring its own challenges. For example, building a private cloud internally that’s well-equipped to run compute-intensive applications like gen AI requires extensive hardware, supported by power and cooling resources.⁷⁹ It also requires the necessary skill sets to build and maintain such infrastructure amid a cloud talent shortage.⁸⁰ And shifting some workloads and data to private clouds without a well-thought-out hybrid strategy could lead to operational complexity, unanticipated costs, and innovation barriers.⁸¹

To help minimize these challenges, some tech providers are offering platform solutions, including hardware, software, GPUs, and AI services, that run within customers’ own data centers—providing the flexibility to scale up infrastructure (for example, for gen AI implementations), while giving enterprises greater control over their data.⁸² Others are building specialized, industry-focused gen AI agents for customers with the help of private cloud AI platforms.⁸³

The renewed interest in private clouds isn’t likely to diminish the continued importance of public clouds. But it’s likely that, going forward, businesses will seek to adopt the right hybrid blend of cloud infrastructures that fit their specific needs—balancing ease of implementation, flexibility, data security and control, and data sovereignty considerations. Tech providers that can help businesses tap into open-source AI models and deploy them on-premises securely will help bring the best of public and private cloud worlds to enterprises.⁸⁴

Strategic questions to consider

For cloud adopters:

• Has our organization established a FinOps strategy to optimize our cloud infrastructure, based on usage visibility, usage prediction, and associated costs? Are we holding departments financially accountable and involving them in our cloud cost-reduction strategy?
• Do we have an approach to determine which data and workloads to place on private clouds versus public clouds, taking into consideration IT infrastructure demands, end use cases, data security, and sovereignty? Have we assessed the comparative costs (in infrastructure, talent, other operational requirements) of each?
• Have we considered a “hybrid-by-design” approach and identified which IT elements need to be re-architected and third parties involved? Do we have a plan for migrating data and systems?

For tech providers:

• Have we evaluated what offerings we can provide that can help enterprises shift some workloads on-premises or to private data centers easily? Do we have solutions that can address concerns about using public cloud for specific business cases?
• Are we building capabilities that are easy to deploy and use on private cloud or are agnostic to IT environments? How well can such solutions be integrated with customers’ existing cloud architectures?
• How are we planning to navigate cloud sovereignty requirements?
• Have we considered building ecosystems and partnerships with other tech providers to provide a comprehensive and interoperable tech stack for businesses that are planning to shift to private clouds?

Adapting to enterprise customer needs with M&As and partnerships

A recent forecast projects 14% annual growth for software globally over the next year (the second fastest-growing IT segment, behind data center systems).⁸⁵ To help maximize their part in the software growth wave, tech providers are likely to re-evaluate their current product portfolios and workforces. Success likely involves first understanding the complexities that enterprises face as they adopt new technologies such as gen AI, and then finding the right mix of approaches to deliver and optimize value for customers.

Across industries, enterprises have fast-evolving needs and increasingly require solutions that address their multifaceted business priorities holistically. Challenges include the need to integrate across complex, multicloud infrastructures and to support specialized business processes with custom-tailored apps.⁸⁶ Adding to the complexity, the growing gap between estimated and actual cloud costs is prompting businesses to adopt tools and FinOps strategies to help optimize their cloud usage and spending.⁸⁷ Moreover, sustainability reporting requirements are driving companies to seek software and systems that can evaluate the carbon footprint of all their business operations (including their supply chain and data centers) in a streamlined and transparent way.⁸⁸

How can technology providers keep up with these complex, ever-shifting enterprise needs? Agility and speed-to-market are important, but providers should also be able to deliver solutions in a way that streamlines adoption and interoperability for their customers.⁸⁹ Tech providers appear to be feeling the build-or-buy tension more acutely than ever, as developer talent remains in high demand.⁹⁰ However, as borrowing costs have moderated, they may increasingly consider acquisitions as a way to secure innovative and specialized capabilities.⁹¹ Over the past couple of years, high interest rates, reduced tech spending, and a stricter regulatory landscape slowed down tech sector M&As.⁹² But now that trend may be shifting: Forty percent of technology companies now expect the average number of their deals to increase significantly over the next year—versus 26% of nontech companies (figure 4).⁹³

2024 witnessed some major technology deals aimed at combining strengths in domains such as infrastructure, software, security, network technologies, and data centers, empowering customers to tap into AI capabilities.⁹⁴ For instance, Cisco completed a US$28 billion acquisition of the software company Splunk. This merger integrated Cisco’s networking capabilities with Splunk’s data analytics platform, providing organizations with a more holistic perspective of their digital environment that aims to enhance cybersecurity, observability, and threat detection and response capabilities.⁹⁵ Other deals are also shaping up, involving both large and small tech companies, that could help them expand into new markets and enhance their portfolios in areas such as AI, hybrid IT, and cybersecurity.⁹⁶

Besides traditional M&A, the tech sector is also pursuing alternative deal financing, such as joint ventures and strategic partnerships, which can be especially attractive in times of economic, regulatory, and operational headwinds.⁹⁷ In the 2025 Deloitte M&A Trends survey, nearly half (49%) of the business leaders surveyed from technology companies reported that their firm had either engaged in alternate structures to traditional M&A (for example, joint ventures and strategic partnerships) in the past year or were planning to do so within the next year.⁹⁸

Tech providers are partnering to bring together their strengths in AI and gen AI infrastructure, software (including energy management and reporting), security, and professional services.⁹⁹ As one example, Dell and NVIDIA have partnered to offer a comprehensive, end-to-end AI solution that combines Dell’s computing, storage, and security capabilities with NVIDIA’s AI infrastructure, helping enterprises to deploy and scale AI applications.¹⁰⁰ On the talent front, some tech companies have been exploring nontraditional methods like “reverse acqui-hiring” to quickly assemble the specialized skill sets they need, without going through the regulatory process of a conventional acquisition.¹⁰¹

Tech partnerships have many potential benefits. For customers, the availability of end-to-end solutions can reduce the complexities and costs of procuring and assembling standalone technologies, acquiring necessary skills, and building and running AI solutions.¹⁰² Other potential advantages include more seamless integration of data and experiences, stronger data governance, and industry-specific offerings.¹⁰³ For tech providers, partnerships can help them improve product offerings, leverage the resources and expertise of others, and drive business by expanding their customer base.¹⁰⁴

As tech companies assess where and how to acquire or partner, they will also likely evaluate which business units are no longer a good fit with their growth strategies.¹⁰⁵ This continuous evaluation is important for identifying divestiture opportunities and reallocating resources to strengthen core businesses and priorities.

Strategic questions for tech leaders to consider

• Has our company evaluated opportunities to combine our strengths with those of other organizations to achieve a stronger portfolio infused with gen AI and other emerging technologies?
• Has our company identified how to join forces to shift away from providing specialized, stand-alone tools to more holistic platform offerings, integrating capabilities across cloud value chains and suppliers?
• Does our company periodically assess product portfolios to identify non-core assets as potential divestiture candidates? Do we have a strategy for aligning internal stakeholders, managing separation costs and expectations, and identifying opportunities to leverage technology for a more efficient process?

Addressing new tax and regulatory changes

Over the next year and a half, the tech industry will likely face several challenges as new tax regulations take effect. These regulatory trends may prompt many tech companies to reevaluate their data capture, governance, and enterprise resource planning strategies.

On the global front, the Organisation for Economic Co-operation and Development has issued guidance on Pillar Two, which aims to ensure that certain defined multinational enterprises pay a minimum tax rate of 15%. Pillar Two compliance requires companies to demonstrate their effective tax rates across jurisdictions and provide detailed disclosures on global income, taxes paid, and economic activities.¹⁰⁶ As part of this effort, many countries have adopted country-by-country reporting and local qualifying domestic minimum top-up tax requirements, compelling some multinational enterprises to maintain detailed financial and tax information for each country in which they operate, and to furnish it across jurisdictions. 

These rules give companies an opportunity to demonstrate global minimum tax compliance and enhance their operational strategies.¹⁰⁷ Pillar Two requirements have far-reaching implications for tech companies, specifically as they may transact with customers and partners through multiple intermediary platforms around the world, strategize about where to locate operations and facilities, and consider local-jurisdiction intellectual property guidance.¹⁰⁸

Digital platform companies face additional reporting responsibilities under the EU Directive on Administrative Cooperation in the field of taxation (DAC 7), which covers platforms based outside the European Union that facilitate transactions involving EU sellers or service providers. Platforms that act as marketplaces for multiple sellers, service providers, and rental operations should report income earned, fees charged, and other relevant transaction details. This data should be captured and stored securely, to comply with European data privacy regulations.¹⁰⁹

Several European countries have adopted e-invoicing requirements as well, pushing companies to generate, send, and process invoices in standardized digital formats.¹¹⁰ The structured nature of e-invoices helps with automated processing and can reduce manual data entry and limit errors.

This type of granular visibility—complete with centralized, exportable, current-state data that reflects “one source of truth” across the organization—can be a daunting task for many companies. EU Digital Service Tax regulations, for example, require companies to track gross receipts based on customer IP addresses; others, like value-added tax, may be based on the billing address of the purchasing party.¹¹¹ Sales records may not reconcile with payment process records and accounts receivable, especially when conducted across multiple geographies.¹¹²

Tech companies should be able to demonstrate to auditors where and how different revenue amounts and costs are assigned. If data sources are siloed, enterprises and auditors may be limited to analyzing gross figures and using allocation logic and a sampling of transaction data to arrive at a general demonstration of compliance. One solution may be upgraded enterprise resource planning (ERP) systems with AI, which deliver the ability to parse every transaction based on all the applicable criteria, centralize and standardize reporting data, and then generate regime-specific reports.¹¹³

Another emerging regulatory area of particular importance for tech companies involves content regulation. Tech companies that report sales or even serve advertisements in a country should demonstrate compliance with that jurisdiction’s privacy, consumer protection, and content regulations. For some entities, this can create a need for increased focus on data collection and governance practices, security, and real-time monitoring.¹¹⁴

Compliance with some content regulations may become particularly challenging as generative AI becomes a standard tool for tech companies and the products they bring to market. Global tech companies that develop and use AI will have to demonstrate compliance with the EU’s AI Act, which classifies AI projects into four categories based on risk: unacceptable, high, limited, and low. The “unacceptable risk” provisions (which prohibit AI implementations considered exploitative and biased) are obligatory as of February 2025, while most compliance obligations for high-risk AI systems will not take effect until August 2026.¹¹⁵

Strategic questions for tech leaders to consider

• What investments should we explore in ERP, cybersecurity, and data governance to prepare for compliance with privacy and reporting regulations?
• How can we model potential tax scenarios now to inform operational decisions for the near term?
• Have we identified every jurisdiction in which we may operate and the rules applicable in each?
• How can we work to confirm that our AI implementations adhere to high standards of transparency, explainability, and accountability, while avoiding ethical and operational risks?