Key takeaways:

• • • The FIFA World Cup is a catalyst, not the root cause — Mexico City’s housing affordability crisis predates the coming tournament. Rental prices have been rising uncontrollably for years, displacing thousands of families annually. The World Cup will accelerate and amplify an already existing problem.

    • The 2024 rental reform is a step in the right direction, but it has significant limitations — Capping rent increases at the annual inflation rate was a necessary measure, but its impact has been limited by grey areas in the law.

    • The real battle is formalization — No housing regulation can be fully effective if a large portion of the market operates outside of it. Until authorities find ways to make formal rental agreements genuinely attractive and accessible for both landlords and tenants.

On the eve of the 23^rd playing of the FIFA World Cup, Mexico stands as one of three host countries for one of the most significant sporting events in the world. It will feature matches in Mexico City, Guadalajara, and Monterrey, and it will be co-hosted alongside the United States and Canada.

Organizing such an event carries notable financial benefits, including a surge in tourism, job creation, and substantial foreign investment — all of which generate a local economic spillover that strengthens the national marketplace. At the same time, Mexico’s major capitals— especially its World Cup host cities — have been undergoing a level of urban transformation that has significantly altered the daily lives of its residents. Chief among these changes is the sharp rise in rental costs, which has been pushing residents toward the cities’ outskirts. According to government figures, are displaced each year due to the uncontrolled increase in housing prices in Mexico City alone.

Mexican authorities had to get to work

Legal changes to real estate regulation in Mexico City are not isolated, and what is implemented in the capital often sets a precedent for the rest of the country. Time and again, Mexico City has served as a laboratory for new policies, and when these are proven effective, they become models for nationwide reform.

According to government figures, more than 20,000 households are displaced each year due to the uncontrolled increase in housing prices in Mexico City alone.

That said, in August 2024 — after the city’s head of government noted that rentals costs in none of the boroughs of Mexico City fall below the city’s minimum wage, and that 9 out of 13 boroughs average rents that exceeded twice the minimum wage — the Official Gazette of Mexico City published a decree amending Articles 2448-D and 2448-F of the Civil Code for the Federal District, imposing limits on rent increases for residential properties. Previously, the monthly rent increase could not exceed 10% of the agreed-upon rent. That paragraph was amended to establish that rent increases shall never exceed the inflation rate reported by the Bank of Mexico for the previous year.

It is worth noting that the prior 10% cap was nearly three times the general annual inflation rate calculated by the Bank of Mexico in 2025, which stood at 3.69%.

More than a year after these reforms took effect, however, 2025 closed with an average increase in rental prices of . With the FIFA World Cup approaching, prices are expected to continue rising uncontrollably due to the influx of tourists drawn by the event. This concern is well-founded: Ahead of the 2022 World Cup in Qatar, empowered landlords to raise rents by more than 40%.

Mexico City’s rental reform also introduced additional measures. For example, a digital registry for lease agreements was established, to be immediately authorized and managed by the Government of Mexico City. Landlords now are required to register lease agreements within 30 days of their execution. Furthermore, landlords are prohibited from refusing to rent to tenants on the grounds that they have children or pets.

The registration requirement carries real consequences: Should a landlord fail to register a contract within the stipulated period, their ability to invoke legal protection mechanisms in the event of a dispute with a tenant becomes significantly more complicated.

Regardless of the efforts, it’s not all smooth sailing

That said, the reform contains certain grey areas that limit its scope. For instance, it only applies under specific conditions — most notably when a lease has been in place for three years or more. A landlord can effectively circumvent the cap by choosing not to renew an existing contract and instead requiring the tenant to sign a new one at a higher price.

A separate but equally significant obstacle to the reform’s effectiveness is the rapid growth of short-term rental platforms. In recent years, the proliferation of temporary accommodation services has steadily reduced the supply of traditional long-term rentals, as more properties are listed on platforms such as Airbnb, Vrbo, or others. Indeed, every 48 hours, three housing units in Mexico City are . And from a national perspective, the Tourism Gross Product reached approximately US $151.5 billion, equivalent to 8.7% of Mexico’s GDP.

---

Every 48 hours, three housing units in Mexico City are converted into Airbnb listings.

This problem is further compounded by the scale of informal rental arrangements. According to the National Housing Survey conducted by Mexico’s National Institute of Statistics and Geography (INEGI), there are more than 200,000 informal rental agreements in Mexico City — none of which involve formal contracts.

Forcing the real estate market into formalization

This brings us to the central challenge facing city authorities with regard to housing: The need to incentivize the formalization of the real estate market. This is already complicated by the country’s low tax culture and the requirement for landlords to enter a specific tax regime that raises their tax burden. Additionally, rental contracts are not only essential for protecting tenants’ rights, but they also are equally important for landlords — because without a legally binding agreement, there is no guarantee that the terms of any arrangement will be honored.

Paradoxically, the recent reform may actually push the informal market further underground. By requiring landlords to formally declare their rental income, the regulation inevitably creates a sense of heightened oversight — one that informal landlords may seek to evade rather than comply with.

To the authorities of Mexico City, the message is clear — punitive measures alone will not bring the informal market into the fold. Tax benefits for landlords who register their contracts, streamlined and accessible digital registration processes, and legal protections that make formal agreements genuinely advantageous for both parties could go a long way toward building trust in the system.

The 2026 FIFA World Cup will come and go, of course, but the people of Mexico City will remain. They deserve a housing market that works for them — not one that treats their homes as a commodity to be priced beyond their reach every time the world turns its attention to their city.

You can find out more about the

Key insights:

• • • Nature-related risks underreported — Companies’ nature-related interfaces are underreported across industries, despite being increasingly seen as decision-useful information for investors and regulators.

    • Stricter requirements for disclosure growing — Both voluntary and mandatory frameworks are increasing their requirements for nature-related disclosure.

    • Organizations should be proactive — Getting ahead of disclosure trends means that organizations should be measuring their nature-related interface as well as integrating nature-positive transition planning to their business strategy.

As the impacts of nature loss become more prevalent, companies are on business risk and performance. This is due to both physical nature-related impacts and increasing stakeholder pressure on organizations to integrate long-term nature-positive strategies. Managing nature-related impacts and dependencies is a framework-driven mandate for all boards of directors to consider.

Why nature matters

All businesses impact and depend on the four realms of nature: land, freshwater, ocean, and atmosphere to some extent, with the highest impact sectors being . These dependencies could include the provision of water supply to an organization, or services provided by nature to a business, such as flood mitigation. A could result in a $2.7 trillion GDP decline annually by 2030. In turn, most businesses also positively and negatively impact nature.

Financial flows that were determined to be harmful to biodiversity reached , including private investment in high impact sectors, with only $213.8 billion (€184.6 billion) invested in conservation and restoration. Despite this financing gap, less than 1% of publicly reporting companies currently disclose biodiversity impacts, indicating the need to align incentives and policies with nature-related outcomes.

Indeed, nature does not have a single indicator, like greenhouse gas (GHG) emissions; instead, its measurement involves multiple complex, location-specific factors. Despite this, disclosure of nature-related risks and impacts are increasingly being required by regulators.

Regulatory incentives to disclose

The disclosures being driven by regulatory frameworks include material information on all nature-related risks, particularly those requested by the International Sustainability Standards Board (ISSB) and European Sustainability Reporting Standards (ESRS). The ISSB Biodiversity Ecosystem and Ecosystem Services project (BEES) was initially considered a research workplan but was modified to a standard-setting approach.

Through its work, the ISSB due to: i) the deficiencies in the type of information on nature-related risks and opportunities reported by entities, which are identified as important in investor decision-making; and ii) the requirement of nature-related information that is not included in climate-related disclosures, including location-specific information on nature-related interface and nature-related transition planning.

On Jan. 28, all 12 ISSB members voted to , which included two important implications. One is that standard setting is to cover all material information on nature-related risks and opportunities that could be expected to affect an entity’s prospects. And two, it mandated that entities applying International Financial Reporting StandardsĚýS1 and S2 for climate-related disclosures supplement these with nature-related risks and opportunities disclosures as well.

Similar to the ISSB requirements to report material nature-related risks and opportunities, the ESRS also requires information to be disclosed for material impacts, risks, and opportunities found in an entity’s double-materiality assessment. The Task Force on Nature-related Financial Disclosures (TNFD) and its European counterparts have been in close collaboration since 2022, and all 14 TNFD recommendations have been incorporated throughout the ESRS environmental standards.

Companies that are required to comply with the EU’s sustainability reporting mandate also will be required to collect similar data for their future ESRS data points disclosure.

Alongside regulatory requirements, there are voluntary requirements and investor pressure to consider for many organizations. These include investor coordination initiatives on nature such as Nature Action 100 and considering which investors look at Carbon Disclosure Project (CDP) data.

To use the CDP as an example, 650 investors with $127 trillion in assets they needed in 2025. Further, the CDP is increasing its disclosure requirements for nature-related data in its questionnaire as it progresses to . This includes, for example, requiring disclosures on environmental impacts and dependencies for disclosers, enhancing commodities included in the forests questionnaire, and introducing oceans-related questions in 2026.

All of these heightened requirements underscore the need to measure a company’s nature-related impacts and proximity to its nature-related issues.

Implications for company boards

To align with these additional requirements and investor expectations, corporate decision-makers should consider the questions they are asking related to nature, as well as what data is being collected in relation to the organization’s impact on nature. The following steps can give leaders a starting point for how boards should consider this information:

Track relevant developments in regulatory and investor standards — Ensure there is a management-level understanding of how nature is considered in relevant standards for the company based on its current and anticipated locations of operation and specific industry.

Measure nature-related risks and opportunities — Given that identifying material nature-risks, with a particular focus on location specificity, is a common first step across current mandatory and voluntary regulatory frameworks, organizations should conduct a regularly updated, location-specific assessment on the company’s interface with nature, especially in instances in which these issues are material. Organizational leaders should also produce financial quantification of these risks within an overall materiality assessment and corporate risk register. For guidance, the best practice across these regulatory and disclosure frameworks is to utilize the .

Make further disclosure of any material nature-related information, including financial quantification — Frameworks such as the ESRS require further disclosure of any risks that are found to be material, including financial quantification and scale of the risk.

Integrate mitigation of nature-related risks in business strategies — Upcoming standards and research, such as that from the ISSB, indicates that missing disclosure includes company’s nature-positive transition planning. Consider how to integrate nature into long-term business strategies for full alignment with upcoming regulations and standards, including establishing nature-related governance.

Adopting these processes and integrating nature into corporate decision-making will provide corporations with a more future-proof and resilient business model. The increased adoption of nature within these frameworks is driven by the clear economic impact that our current loss of nature is having. This will only continue to become more of a priority as the impacts of nature loss are increasingly felt worldwide.

You can find out more about theĚýsustainability issues companies are facing around the environmentĚýhere

Key takeaways:

• • • An additional funding stream, not a replacement — Ethical capital has the potential to supplement existing access to justice infrastructure by introducing a justice finance mechanism that can fund cases with measurable social and environmental impact.

    • Technology as trust infrastructure — AI and smart technologies can provide the governance scaffolding required for ethical capital to flow at scale, including standardizing assessment, impact measurement, and oversight.

    • Capital is not scarce; allocation is — The true bottleneck is not the availability of funds; rather it’s the disciplined, investment-grade legal judgment required to evaluate risk, ensure compliance, and measure impact in a way that makes justice outcomes investable.

Kayee Cheung & Melina Gisler, Co-Founders of justice finance platform Edenreach, are co-authors of this blog post

Access to justice is typically framed as a resource problem — the idea that there are too few legal aid lawyers, too little philanthropic funding, and too many people navigating civil disputes alone. This often results in the majority of individuals who face civil legal challenges doing so without representation, often because they cannot afford it.

Yet this crisis exists alongside a striking paradox. While 5.1 billion people worldwide face unmet justice needs, an estimated $3.3 trillion in mission-aligned capital — held in donor-advised funds, philanthropic portfolios, private foundations, and impact investment vehicles — remains largely disconnected from solutions.

Unlocking even a fraction of this capital could introduce a meaningful parallel funding stream — one that’s capable of supporting cases with potential impacts that currently fall outside traditional funding models. Rather than depending on charity or contingency, what if justice also attracted disciplined, impact-aligned investment in cases themselves, in addition to additional funding that could support technology?

Recent efforts have expanded investor awareness of justice-related innovation. Programs like Village Capital’s have helped demystify the sector and catalyze funding for the technology serving justice-impacted communities. Justice tech, or impact-driven direct-to-consumer legal tech, has grown exponentially in the last few years along with increased investor interest and user awareness.

Litigation finance has also grown, but its structure is narrowly optimized for high-value commercial claims with a strong financial upside. Traditional funders typically seek 5- to 10-times returns, prioritizing large corporate disputes and excluding cases with significant social value but lower monetary recovery, such as consumer protection claims, housing code enforcement, environmental accountability, or systemic health negligence.

Justice finance offers a different approach. By channeling capital from the impact investment market toward the justice system and aligning legal case funding with established impact measurement frameworks like the , it reframes certain categories of legal action as dual-return opportunities, covering financial and social.

This is not philanthropy repackaged. It’s the idea that measurable justice outcomes can form the basis of an investable asset class, if they’re properly structured, governed, and evaluated.

Technology as trust infrastructure

While mission-aligned capital is widely available, the ability to evaluate legal matters with the necessary rigor remains limited. Responsibly allocating funds to legal matters requires complex expertise, including legal merit assessment, financial risk modeling, regulatory compliance, and impact evaluation. Cases must be considered not only for their likelihood of success and recovery potential, but also for measurable social or environmental outcomes.

Today, that assessment is largely manual and capacity-bound by small teams. The result is a structural bottleneck as capital waits on scalable, trusted evaluation and allocation.

Without a way to standardize and responsibly scale analysis of the double bottom line, however, justice funding remains bespoke, even when resources are available.

AI-enabled systems can play a transformative role by standardizing assessment frameworks and supporting disciplined capital allocation at scale. By encoding assessment criteria, decision pathways, and compliance safeguards and then mapping case characteristics to impact metrics, technology can enable consistency and allow legal and financial experts to evaluate exponentially more matters without lowering their standards.

And by integrating legal assessment, financial modeling, and impact alignment within a governed tech framework, justice finance platforms like can function as the connective tissue. Through the platform, impact metrics are applied consistently while human experts remain responsible for final determinations, thereby reducing friction, increasing transparency, and supporting auditability.

When incentives align

It’s no coincidence that many of the leaders exploring justice finance models are women. Globally, women experience legal problems at disproportionately higher rates than men yet are less likely to obtain formal assistance. Women also control significant pools of global wealth and are more likely to . Indeed, 75% of women believe investing responsibly is more important than returns alone, and female investors are almost twice as likely as male counterparts to prioritize environmental, social and corporate governance (ESG) factors when making investment decisions, .

When those most affected by systemic barriers also shape capital allocation decisions, structural change becomes more feasible. Despite facing steep barriers in legal tech funding (just 2% goes to female founders), women represent in access-to-justice legal tech, compared to just 13.8% across legal tech overall.

This alignment between lived experience, innovation leadership, and capital stewardship creates an opportunity to reconfigure incentives in favor of meaningful change.

Expanding funding and impact

Justice financing will not resolve the justice gap on its own. Mission-focused tools for self-represented parties, legal aid, and court reform remain essential components of a functioning justice ecosystem. However, ethical capital represents an additional structural layer that can expand the range of cases and remedies that receive financial support.

Impact orientation can accommodate longer time horizons, alternative dispute resolution pathways, and remedies that extend beyond monetary damages. In certain matters, particularly those involving environmental harm, systemic consumer violations, or community-wide injustice, capital structured around impact metrics may identify and enable solutions that traditional litigation finance models do not prioritize.

For example, capital aligned with defined impact frameworks may support outcomes that include remediation programs, compliance reforms, or community investments alongside financial recovery. These approaches can create durable benefits that outlast a single judgment or settlement.

Of course, solving deep-rooted inequities and legal system complexity requires more than new tools and new investors. It requires designing capital pathways that are repeatable, accountable, and aligned with measurable public benefit.

Although justice finance may not be a fit for every case and has yet to see widespread uptake, it does have the potential to reach cases that currently fall through the cracks — cases that have merit, despite falling outside traditional litigation finance models and legal aid or impact litigation eligibility criteria.

You can find other installments of our Scaling Justice blog series here

Key highlights:

• • • Tax credit transferability survived intact— The OBBBA preserved Section 6418 transferability rules despite earlier proposals to sunset or repeal them.

    • AI-driven data center boom may revive renewable energy tax credits— With data centers projected to consume 12% of all US energy by 2028, large operators have strong incentives to advocate for preserving and expanding renewable tax credits to meet massive energy demands through solar, geothermal, and battery storage solutions.

    • 2026 market conditions favor buyers due to supply-demand imbalance—Increased supply of tax credits (particularly Section 45Z clean fuel production credits) combined with reduced buyer competition from provisions like Section 174 and bonus depreciation has created advantageous pricing.

At the start of the current Trump administration, green energy tax credits were expected to be slashed or disappear altogether. In reality, significant changes emerged instead of ceasing to exist. More specifically, the One Big Beautiful Bill Act (OBBBA), passed in July 2025, kept the transferability rules around green energy tax credits intact.

As a result, the market for these credits remains robust in 2026 and 2027, says , an energy tax authority and principal at accounting firm CliftonLarsonAllen (CLA). In addition, multiple credits still have runway, and near-term dynamics in 2026 may favor buyers.

OBBBA’s changes result in shifts in marketplace conditions

When the OBBBA bill passed, the specifics revealed a more optimistic picture than many understand. According to Hill, specific examples include:

• • Wind and solar projects — Developers that begin construction by July 4, 2026, still have a four-year window to complete their projects and still claim credits. Even projects that miss this construction deadline can qualify if they’re placed in service by December 31, 2027.
  • Clean fuel production credits — Clean fuel production credits, detailed in OBBBA’s Section 45Z, received an extended runway through 2029.
  • Tax credit transferability — The tax credit transferability aspect under Section 6418 remained whole, despite previous versions of the bill proposing either a sunset date or outright repeal of transferability. This fact provides a level of marketplace certainty that can act as critical liquidity for developers that typically lack the tax liability to use credits themselves.

In addition, the legislation altered the buyer and seller environment. Provisions including OBBBA’s Section 174 and bonus depreciation generated additional deductions for certain companies, and as a result, reduced those companies’ 2025 corporate tax liability. Simultaneously, Section 45Z clean fuel production tax credits came into force and created a supply-demand imbalance that favors buyers.

Overall, in the latter half of 2025, Hill describes the marketplace as favorable for buyers because of an increased supply of tax credits that were for sale previously with fewer buyers. Into 2026 and beyond, both developers and corporate buyers still have significant opportunities to participate in the tax credit marketplace, explains Hill.

AI-related data center demand may spur new proposals for renewables tax credits

The explosive proliferation of data centers because of the growing AI demand across the United States may become the unexpected champion for renewable energy tax credits. Hundreds of facilities are currently under construction, and the energy demand implications are staggering. In fact, the projects that by 2028, data centers will consume 12% of all US energy.

Renewable energy technologies are emerging as essential solutions to meet these demands. Solar power, as a tried-and-true technology, offers ideal supplementation for data center operations; and geothermal heating and cooling systems directly address the massive temperature control challenges these facilities face. Perhaps most significantly, battery storage is rapidly becoming standard operating procedure, with both grid-based and solar-array-tied battery systems providing critical backup power.

These developments carry substantial policy implications. In fact, large data center operators have incentives to become vocal advocates for preserving and expanding renewable tax credits, says , a leader in federal tax strategies at CLA. “We want our AI, we want our cloud-based services. To do that… we need massive data centers and massive computing demands,” DePrima explains. “And that in turn requires massive amounts of energy consumption, which renewables can certainly supplement.” This, in turn, creates the potential for a renewable energy tax credit “comeback” within two to three years, he adds.

Guidance for buyers and sellers

Looking ahead to 2026 and beyond, both buyers and sellers of renewable energy tax credits should recognize that significant opportunities remain despite regulatory changes. More specifically:

For buyers — Buyers should act now to capitalize on favorable market conditions. With increased credit supply and reduced buyer competition due to provisions like Section 174 and bonus depreciation, pricing has become more advantageous. Buyers of renewable energy tax credits should consider structuring 2026 transactions to directly offset estimated tax payments throughout the year, thereby improving cash flow by making payments to sellers rather than the IRS. Financial institutions remain particularly well-positioned as buyers, as many have explored tax credit carryback opportunities to increase their tax savings even further.

For sellers and developers — Renewable energy tax credits sellers and energy project developers can use tax-credit monetization as a critical component of project financing because the ability to convert credits into immediate cash proceeds is essential for paying down debt and funding new projects. Despite initial concerns, substantial opportunities remain with credits outlined in Sections 45Z, 45X, 48E, and 45Y which are transferable and viable through 2029 and beyond.

In either case, tax credit transferability under Section 6418 offers key opportunities in the marketplace. Whether buyers are looking to reduce their corporate tax burden while supporting clean energy goals, or developers are seeking to monetize renewable projects — tax credits offer incentives to move forward.

The information contained herein is general in nature and is not intended, and should not be construed, as legal, accounting, or tax advice or opinion provided by CliftonLarsonAllen LLP to the reader. The reader also is cautioned that this material may not be applicable to, or suitable for, the reader’s specific circumstances or needs, and may require consideration of nontax and other tax factors if any action is to be contemplated. The reader should contact his or her CliftonLarsonAllen LLP or other tax professional prior to taking any action based upon this information. CliftonLarsonAllen LLP assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.

You can find out more about renewable energy tax credits here

Key highlights:

• • • Map risks before building— Distinguish between foreseeable harms that may be embedded in your product’s design and potential misuse by bad actors.

    • Safety processes need real authority— An AI safety framework is only credible if it has the power to delay launches, halt deployments, or mandate redesigns when human rights risks outweigh business incentives.

    • Triggers enable proactive intervention— Define clear, automatic review triggers such as product updates, geographic expansion, or emerging patterns in user reports to ensure your safety processes adapt as risks evolve rather than reacting after harm occurs.

In recent months, the human cost of AI has become impossible to ignore. after interacting with AI chatbots, while generative AI (GenAI) tools have been weaponized to create that digitally undress women and children. These tragedies underscore that the gap between stated values around AI and actual safeguards remains wide, despite major tech companies publishing responsible AI principles.

, a senior associate at , who works at the intersection of technology and human rights, argues that closing this gap requires companies to: i) systematically assess both foreseeable harms from intended AI use and plausible misuse by bad actors; and ii) build safety processes powerful enough to actually stop launches when risks to people outweigh commercial incentives.

Detailing the two-step framework for anticipating and addressing AI risks

To build effective AI safety processes, companies must first understand what they’re protecting against, then establish credible mechanisms to act on that knowledge.

Step 1: Mapping foreseeable arms and intentional misuse

When mapping AI risks during “responsible foresight workshops” with clients, Richard-Carvajal says she takes them through a process that identifies:

• • foreseeable harms that emerge from a product’s design itself. For example, algorithm-driven recommender systems — which often are used by social media platforms to keep users on the site — are designed to drive engagement through personalized content, and are well-documented in amplifying sensationalist, polarizing, and emotionally harmful content, according to Richard-Carvajal.

• • intentional misuse that involves bad actors who may weaponize technology beyond its purpose. Richard-Carvajal points to the example of Bluetooth tracking devices, which initially were designed to help people find lost items, but were quickly exploited by stalkers, who placed them in victims’ handbags in order to track their movements and in some cases, to follow them home.

Tactically, the role-playing use of “bad actor personas” by Richard-Carvajal and her colleagues can help clients imagine misuse scenarios and help ensure companies anticipate harm before it occurs rather than responding after people have been hurt.

Step 2: Building a credible AI safety process

Once risks are identified, Richard-Carvajal says she advises that companies identify mechanisms to address them.ĚýThe components of a legitimate AI safety framework mirror the structure of robust human rights due diligence by centering on the risks to people.

Indeed, Richard-Carvajal identifies core components of this framework, which include: i) hazard analysis and to anticipate both foreseeable harms and potential misuse; ii) incident response mechanisms that allow users to report problems; and iii) ongoing review protocols that adapt as risks evolve.

Continual evaluation of new emerging risks is needed

As AI capabilities advance and deployment contexts expand, companies must continuously reassess whether their existing safeguards remain adequate against evolving threats to privacy, vulnerable populations, human autonomy, and explainability. Richard-Carvajal discusses each one of these factors in depth.

Privacy — Traditional privacy mitigations, such as removing information that leads to identifying specific individuals, are no longer sufficient as AI systems can now re-identify individuals by linking supposedly anonymized data back to specific people or using synthetic training data that still enables re-identification. The rise of personalized AI — in which sensitive information from emails, calendars, and health data aggregates into comprehensive profiles shared across third-party providers — can create new privacy vulnerabilities.

Children — Companies must apply a heightened risk lens for vulnerable populations, such as children, because young users lack the same capacity as adults to critically assess AI outputs. Indeed, the growing concerns around AI usage and children are warranted because of AI-generated deepfakes involving real children are being created without their consent. In fact, Richard-Carvajal says that current guidance calls for specific child rights impact assessments and emphasizes the need to engage children, caregivers, educators, and communities.

Cognitive decay — A growing concern is that too much AI usage can harm human autonomy and contribute to a decline in critical thinking. This occurs when , and it has the potential to undermine their human rights in regard to work, education, and informed civic participation.

Meaningful explainability — Companies’ commitment to explainability as a core tenet of their responsible AI programs was always a challenge. As synthetic AI-generated data increasingly trains new models, explainability becomes even more critical because engineers may struggle to trace decision-making through these layered systems. To make explainability meaningful in these contexts, companies must disclose AI limitations and appropriate use contexts, while maintaining human-in-the-loop oversight for consequential decisions. Likewise, testing explanations should require engagement with actual rights holders instead of just relying on internal reviews.

Moving forward safely

While no universal checklist exists for AI safety, the systematic approach itself is non-negotiable. Success means empowering engineers to identify and address human-centered risks early, maintaining ongoing stakeholder engagement, and building safety processes that have genuine authority to delay launches, halt deployments, or mandate redesigns when human rights outweigh commercial pressures to ship products.

If your company builds or deploys AI, take action now: Give your engineers and risk teams the authority and resources to identify harms early, keep continuous engagement with affected people and independent stakeholders, and create governance that have the power to keep harm from happening.

Indeed, companies need to make sure these steps go beyond simple best practices on paper and make these protective processes operational, measurable, and enforceable before their next product release.

You can find more about human rights considerations around AI in our ongoingĚýHuman Layer of AI seriesĚýhere

You can read TRI’s latest “Inside the Shift” feature,ĚýThe human side of AI: The growing risks of ubiquitous use of AI on talent here

It’s no exaggeration to say that AI is everywhere in our workplaces right now. It writes our emails, summarizes our meetings, generates slides, and even helps us think through problems. On the surface, this may sound like progress — and in many ways, it is.

However, our latestĚýInside the ShiftĚýfeature, The human side of AI: The growing risks of ubiquitous use of AI on talent by Natalie Runyon, Content Strategist for Sustainability and Human Rights Crimes for the Thomson Reuters Institute, makes a clear and timely point: When AI use becomes excessive and unchecked, it can quietly undermine the very people it’s meant to help.

One major consequence of cognitive decay is the weakening of the brain’s capacity to engage deeply, question systematically, and — somewhat ironically — resist the potential manipulation of AI.

As the article goes into in much greater detail, these harms caused by AI overuse can include a slow erosion of human connections, a loss of a professional’s sense of purpose, and a general sense of feeling overwhelmed in the workplace.

Of course, the solution isn’t to reject AI, it’s to use it better. To this end, the article makes a strong case for organizations to foster hybrid intelligence, a process by which human judgment and creativity work alongside AI capabilities.

In today’s workplace, AI can be a powerful advantage; however, that is only if organizational leaders can remember that technology should enhance the human experience, not replaces the parts of professional life that workers value.

To examine this and many more situations, the Thomson Reuters Institute (TRI) has launched a new feature segment,ĚýInside the Shift, that leverages our expert analysis and supporting data to tell some of the most compelling stories professional services today

Key highlights:

• • • The governance-implementation gap is alarming — While nearly half of companies have AI strategies and 71% include ethical principles, a massive disconnect in execution persists.

    • AI governance is now a material investor risk — AI disclosure among S&P 500 companies jumped to 72% in 2025 from 12% in 2023, and investors are treating AI governance as a critical factor in overall corporate governance.

    • Regional disparities signal competitive risks — European, Middle Eastern, and African companies are leading in AI governance (driven by regulatory pressure), while only 38% of US companies have published AI policies despite being innovation leaders.

of 1,000 companies indicates a between the speed at which businesses are embracing AI and their preparedness to govern it effectively. These findings from , which offers a panoramic view across 13 sectors, are a wake-up call for every CEO, board member, and investor.

Indeed, nearly half (48%) of the companies sampled disclosed that they had AI strategies or guidelines in place, yet significant transparency gaps related to the environmental, social and governance (ESG) impacts of AI adoption remain.

When “ethical” principles lack substance

It is encouraging to see that 71% of companies with an AI strategy include principles around AI that include concepts such as ethical, safe, or trustworthy because this signals an awareness of the critical conversations happening around responsible AI. However, the AICDI data reveals a significant gap between stated principles and actual practice, more specifically:

• • • Environmental blind spots — A staggering 97% of companies failed to consider the environmental impact of their AI systems, such as energy consumption and carbon footprint, when making deployment decisions. As AI models grow in complexity and scale, their energy demands will only increase. In addition, investors are likely to adopt green AI as a non-negotiable concept in the future.

• • • Narrow social lens could open up reputational issues — More than two-thirds (68%) of companies with AI strategies did not adequately assess the broader societal implications of their AI technologies. Failure to understand and mitigate potential negative impacts on communities, vulnerable populations, or democratic processes is a recipe for reputational damage and legal challenges on the full spectrum of the human side of AI. Indeed, investors are growing more sophisticated in their understanding of these systemic risks.
    • Governance on paper and not in practiceĚý— While 76% of companies with an AI strategy reported management-level oversight, only 41% made their AI policies accessible to employees or required their acknowledgement. That means these policies are just words on paper if they are not understood, embraced, and actively practiced by those on the front lines of AI development and deployment. This gap in governance can lead to inconsistencies, unforeseen risks, and a fundamental breakdown in trust, both internally and externally.

Gaps in AI governance exist across regions and sectors

The AICDI data reveals fascinating regional and sectoral differences as well. For instance, companies in Europe, the Middle East, and Africa are generally ahead in publishing AI policies and establishing dedicated AI governance teams — action that is likely driven by the European Union’s looming AI Act. This highlights the proactive stance some regions are taking and offers a glimpse into what might become a global standard.

Despite the United States being a hub for AI innovation, only 38% of companies in the Americas published an AI policy. This discrepancy suggests a potential future competitive disadvantage for those lagging in governance.

Not surprisingly, sectors also varied in corporate oversight of AI initiatives. Financial, communication services, and information technology firms were more likely to have responsible AI teams than companies in energy and materials. This makes sense given their direct engagement with data and often consumer-facing AI applications, but it again points to a broader need for cross-sectoral AI governance best practices.

How companies can meet investor expectations

AI has rapidly become a mainstream enterprise risk. Fully 72% of S&P 500 companies disclosed at least one material AI risk in 2025, up from just 12% in 2023, according to the Harvard Law School Forum on Corporate Governance.

To attract and retain investor confidence, companies need to take concrete steps, including:

1. 1. 1. Conducting a comprehensive AI audit — Companies need a thorough understanding of where AI is currently deployed across their products, operations, and services. The AICDI offers a to help with this, which allows companies to evaluate current AI governance maturity and benchmark themselves against peers.
      2. Establishing robust, transparent, and accessible AI governance frameworks — Companies need to move beyond vague principles by developing clear, actionable policies that address environmental impact, societal implications, data privacy, fairness, and accountability. Critically, these policies must be accessible toĚýallĚýemployees, and their acknowledgement should be a requirement. Training and continuous education are paramount in order to embed these principles into daily operations.
      3. Proactively disclosing AI governance practices —ĚýCompanies should seek to anticipate investors’ concerns by incorporating specific disclosures on AI oversight mechanisms, transparency measures (including environmental and risk assessments), and how they’re preparing for evolving regulatory landscapes. Companies that showcase their commitment to responsible A as a strategic advantage will gain stakeholder trust.
      4. Embracing industry standards and collaboration —ĚýBy using global frameworks, such as the (which grounds the AICDI’s work), companies can strengthen standardization efforts. They should also participate in collaborative efforts and industry forums to share best practices and collectively raise the bar for responsible AI.
      5. Comparing your performance with peers —Companies can benchmark their responses against sector and regional peers. Also, they need to identify leaders and laggards to understand where a company stands and where it needs to improve. AI is an evolving field, and therefore, corporate AI governance frameworks must evolve as well — and the key ingredient for this is responsible innovation.

By any measure, AI is transforming our world; however, its benefits will only be fully realized if companies prioritize their responsible governance. For investors, AI governance is fast becoming a material risk and opportunity. And for companies, it’s no longer an option but rather a strategic imperative that can go a long way toward building trust, mitigating risks, and securing a sustainable future.

You can learn more about the , the corporate foundation of ¶¶ŇőłÉÄę, here

Key takeaways:

• • • Legacy data architectures can’t keep up with modern demands — Traditional, centralized data cores were designed for stable, predictable environments and are now bottlenecks under continuous regulatory change, rapid M&A, and AI-driven business needs.

    • AXTent aims to unify modern data principles for regulated enterprises — The modern AXTent framework integrates data mesh, data fabric, and composable architecture to create a data core built for distributed ownership, embedded governance, and adaptability.

    • A mindset shift is required for lasting success — Organizations must move from project-based data initiatives to perpetual data development, focusing on reusable data products and decision-aligned outcomes rather than one-off integrations or platform refreshes.

This article is the second in a 3-part blog series exploring how organizations can reset and empower their data core.

For more than a decade, enterprises have invested heavily in data modernization — new platforms, cloud migrations, analytics tools, and now AI. Yet, for many organizations, especially in regulated industries, the results remain underwhelming. Data integration is still slow because regulatory reporting still requires manual remediation, M&A still exposes hidden data liabilities, and AI initiatives struggle to move beyond pilots because trust and reuse in the underlying data remains fragile.

The problem is not effort, it is architecture. Since 2022, the buildup around AI has been something out of science fiction — self learning, easy to install, displace workers, autonomous, even Terminator-like. Moreover, while AI may indeed revolutionize research, processes, and profits, the fundamental challenge is not the advancing technology, rather it is the data used to train and cross-connect these exploding capabilities.

Most data cores in use today were designed for an earlier operating reality — one in which data was centralized, reporting cycles were predictable, and governance could be applied after the fact. That model breaks down under the modern pressures of continuous regulation, compressed deal timelines, ecosystem-based business models, and AI systems that consume data directly rather than waiting for curated outputs.

So, why is the AI hype not living up to the anticipated benefits? Why is the data that underpinned process systems for decades failing to scale across interconnected AI solutions? The solution requires not another platform refresh, but rather, a structural reset of the data core itself.

That reset uses data meshes, data fabrics, and modern composable architecture as a single, integrated system, and aligns it to the AXTent architectural framework, which is designed explicitly for regulated, data-intensive enterprises.

Why the traditional data core no longer holds

Legacy data cores were built to optimize control and consistency. Data flowed inward from operational systems into centralized repositories, where meaning, quality, and governance were imposed downstream. That approach assumed there were stable data producers, limited use cases, human-paced analytics, and periodic regulatory reporting.

Unfortunately, none of those assumptions hold today. Regulatory expectations now demand traceability, lineage, and auditability at all times (not just at quarter-end). M&A activity requires rapid integration without disrupting ongoing operations. And AI introduces probabilistic decision-making into environments built for deterministic reporting, with business leaders expecting insights in days, not months.

The result is a growing mismatch between how data is structured and how it is used. Centralized teams become bottlenecks, pipelines become brittle, and semantics drift. Compliance then becomes reactive, and the cost of change increases with every new initiative.

The AXTent framework starts from a different premise: The data core must be designed for continuous change, distributed ownership, and machine consumption from the outset. Indeed, AXTent is best understood not as a product or a platform, but as an architectural framework for reinventing the data core. It combines three design principles into a coherent operating model:

1. 1. 1. Data mesh — Domain-owned data products
      2. Data fabric — Policy- and metadata-driven connectivity
      3. Data foundry — Composable, evolvable data architecture

Individually, none of these ideas are new. What is different — and necessary — is treating them as a single system, rather than independent initiatives as conceptually illustrated below:

Fig. 1: The AXTent model of operation

The 3 operating principles of AXTent

Let’s look at each of these three design principles individually and how they interact with each other.

Data mesh: Reassigning accountability where it belongs

In regulated enterprises, data problems are rarely technical failures. Instead, they are accountability failures. When ownership of data meaning, quality, and timeliness sits far from the domain that produces it, errors propagate silently until they surface in regulatory filings, audit findings, or failed integrations.

A structured framework applies data mesh principles to address this directly. Data is treated as a product, owned by business-aligned domains that are then accountable for semantic clarity, quality thresholds, regulatory relevance, and consumer usability.

This is not decentralization without guardrails, however. AXTent enforces shared standards for interoperability, security, and governance, ensuring that domain autonomy does not fragment the enterprise. For executives, the benefit is practical: faster integration, fewer semantic disputes, and clearer accountability when things go wrong.

Data fabric: Embedding control without re-centralization

However, distributed ownership alone does not solve enterprise-scale problems. Without a unifying layer, decentralization simply recreates silos in new places.

A proper framework addresses this through a data fabric that operates as a control plane across the data estate. Rather than moving data into a single repository, the fabric connects data products through shared metadata, lineage, and policy enforcement.

This allows the organization to answer critical questions continuously, such as:

• • • Where did this data come from?
    • Who owns it?
    • How has it changed?
    • Who is allowed to use it — and for what purpose?

In this way, governance is no longer a downstream reporting activity; rather, it is embedded into how data is produced, shared, and consumed. Compliance becomes a property of the architecture, not a periodic remediation effort.

And in M&A scenarios, the fabric enables incremental integration, which allows acquired data domains to remain operational, while being progressively aligned rather than forcing immediate and costly consolidation.

Composable architecture: Designing for evolution, not stability

The third pillar of the AXTent model is a modern data architecture that’s designed to absorb change rather than resist it. Traditional architectures usually rely heavily on rigid pipelines and tightly coupled schemas. While these work when requirements are stable, but they may collapse under regulatory change, new analytics demands, or AI-driven consumption.

AXTent replaces pipeline-centric thinking with composable services, including event-driven ingestion and processing, API-first access patterns, versioned data contracts, and separation of storage, computation, and governance.

This approach supports both human analytics and machine users, including AI agents that require direct, trusted access to data. The result is a data core that evolves without constant re-engineering, which is critical for organizations operating under continuous regulatory scrutiny or frequent structural change. AXTent allows acquired entities to plug into the enterprise architecture as domains while preserving context and enabling progressive harmonization.

The architectural compass

This framework exists for one purpose: to provide a practical, business-oriented methodology for building a reusable, decision-aligned, compliance-ready data core. It is not a product nor a platform. It is a vocabulary that’s backed by building blocks, patterns, and repeatable workflows — and it’s one that executives can use to organize data around outcomes instead of systems.

Overall, the AXTent model prioritizes data clarity over system modernization, decision alignment over model sophistication, continuous compliance over intermittent remediation, reusable data products over disconnected pipelines, and enterprise knowledge codification over one-off integration work.

In essence, organizations should move away from project thinking and toward perpetual data development, in which every output contributes to a compound knowledge base. This is the mindset shift the industry has been missing as it prioritizes AI engineering over business purpose.

In the final post in this series, the author will explain how to shift from “build and operate” to “build and evolve” via a data foundry. You can find more blog postsĚýby this author here

Key insights:

• • • ESG is becoming more operationalized — ESG is being conducted with a lower public profile while also playing an increasingly strategic role in supplier governance frameworks.

    • Data collection remains widespreadand robust — Companies continue to collect comprehensive ESG data from their suppliers.

    • Technology usage in ESG is increasing — Greater investment in automation demonstrates continuing commitment to effectively managing ESG.

Environmental, social and governance (ESG) issues have played an increasing role in global trade operations in recent years. As the United States government sharply pulled back its role in encouraging ESG in global trade in 2025, concerns were raised over whether that would impact ESG efforts globally.

However, ESG-related efforts in global trade have not diminished, although they are evolving in form and positioning, according to the Thomson Reuters Institute’s recent 2026 Global Trade Report. In fact, the report’s survey respondents said that ESG data collection from suppliers is now largely structurally embedded in trade operations, although at the same time, it is being carried out with a lower public profile than in previous years.

ESG management remains a core trade function

Managing ESG remains one of the most widespread responsibilities among trade professionals. Almost two-thirds (62%) of those surveyed said their role includes ensuring ESG compliance throughout the supply chain. That represents a higher percentage than for other responsibilities, such as procurement and sourcing, supplier management, trade systems management, risk management, customs clearance, and regulatory compliance. The only more widespread role being done by those global trade professionals surveyed is business strategy for global trade and supply chain.

More importantly, ESG remains integral and nearly universal when it comes to the supplier selection process. All respondents in the Asia-Pacific region (APAC), Latin American and the European Union-United Kingdom, as well as 99% of US respondents, report that ESG considerations remain moderately important, important, or very important in influencing their decisions around using a supplier. And overwhelming 78% say it is an important or very important consideration.

Clearly, as the report demonstrates, ESG remains a core component of the trade function for most businesses.

ESG moves toward structural governance frameworks

Only a very small proportion of respondents — 3% in the US and 4% globally — said they stopped ESG-related data collection entirely in 2025. Meanwhile, ESG data collection has increased across several major metrics.

As companies move to embed ESG expectations directly into their supplier governance frameworks, they are shifting these efforts from being a publicly declarative initiative to becoming operationalized as a permanent compliance and sourcing discipline alongside other operational considerations.

Businesses are focusing on supplier information in areas that have direct operational relevance. For example, companies collecting data on Free Trade Agreement (FTA) eligibility status for ESG purposes can also leverage the data to reduce costs, ensure supply chain security through Customs Trade Partnership Against Terrorism (CTPAT) participation, and better maintain compliance with country-of-origin requirements. Similarly, Country of Origin (COO) and Authorized Economic Operator (AEO) status are both classified under ESG but are also highly trade operations specific. These metrics merge the lines, representing areas in which ethical considerations intersect with practical trade strategy.

Supplier data collection is shifting to operational relevance as well. Indeed, the scope of supplier data being gathered remains broad and reflects a holistic view of the supply chain. The most common areas for ESG data collection in 2025 were: i) environmental metrics, such as water usage, waste management, energy management, and carbon emissions, including Scope 3 emissions; ii) social metrics, such as health and safety, labor standards, human rights including modern slavery or indentured service, and diversity in employees; and iii) governance and compliance, including data privacy, business ethics, and anti-corruption.

Data collection from suppliers

Meanwhile, ESG data collection has been scaled back in areas such as trade evaluation, AEO/CTPAT status in some jurisdictions, diversity in ownership, and anti-corruption assessments. The most cited reason for the pullbacks was insufficient cost-benefit return for collecting data in areas in which customer scrutiny was minimal. This trade-off reflects a rational reprioritization: companies are focusing their ESG diligence in areas in which regulatory risk is more material rather than reputational.

Integrating ESG into broader trade workflows

The report also shows that businesses are leveraging ESG to make it more operationally effective, drive greater efficiency, reduce costs, and add greater value for the organization. ESG is becoming less of a marketing and brand building exercise, and more of a compliance and sourcing discipline that factors into strategic decision-making — it is subject to the same analytical rigor as financial or operational risks.

To this end, organizations are less prone to make a string of bold public goals and commitments, or issue standalone ESG reports, updates, or scorecards that tout their progress. Instead, ESG data is being seamlessly embedded into supplier evaluation and selection alongside non-ESG business metrics and other considerations. As such, organizations are using ESG to quietly build the structural frameworks, data infrastructure, and management approaches they’ll need for more strategic planning.

ESG is shifting to strategically supporting business growth and away from reputational focus

Helping this shift along, the report shows, is that the use of technology to manage ESG has accelerated significantly in 2025. One-third of respondents said their organizations use automated ESG solutions, a major increase from only 20% in 2024. This provides a clear indication that more organizations are not only continuing but strengthening their commitment to effectively managing ESG.

And this provides a boost, because greater automation can improve the efficiency and ability of trade professionals to manage ESG efforts, further enhancing the integration of ESG data into other operational workflows as organizations incorporate ESG data to drive greater value.

What lies ahead for ESG

ESG practices and organizations’ embrace of them remain near-universal across trade operations. This continuation presents a clear indication that there is no widespread retreat from ESG management. For trade professionals, ESG is here to stay and is evolving into an operational discipline to help grow their business.

For organizations to have continued success in this evolving ESG environment, they should take several steps that require strategic thinking, including:

• • • Identify which metrics truly matter — Connect ESG metrics that affect trade operations, particularly those that impact supply chain cost, efficiency, and reliability.
    • Invest in the technology infrastructure — Improve efficiency in tracking and analyzing key ESG metrics.
    • Articulate ESG value — Develop the ability to demonstrate the value of ESG to the trade function and communicate it in business terms to senior management.

The shift of ESG towards operational trade management may represent a more sustainable long-term path forward than the earlier wave of ESG enthusiasm — embedding ethical considerations into core business processes rather than treating them as separate compliance exercises. By focusing on metrics that genuinely matter to business operations, companies are building practices that will persist regardless of any political winds or public relations trends.

Those corporate trade departments that can skillfully navigate this evolving environment will be positioned to more effectively leverage ESG considerations as a strategic asset and competitive differentiator. And in an increasingly complex and volatile global trading landscape, they will find themselves playing a more central role in their organizations’ success.

You can download a copy of the Thomson Reuters Institute’s 2026 Global Trade Report here

Key highlights:

• • • Fragmented protection creates vulnerability —Current US privacy laws operate as a patchwork system without comprehensive national standards, leaving children and other users exposed to data exploitation across state lines and international borders.

    • Body data collection opens future manipulation potential —Virtual reality platforms collect granular biometric information through sensors that can reveal deeply sensitive information about users.

    • Use-based regulations outlast technology changes — Restricting harmful applications of data provides more durable protection than the current regulatory approach, which relies on categorizing rapidly evolving data types.

Virtual reality (VR), social media, and gaming companies have long avoided robust content moderation, largely out of concern over implementation costs and the risk of alienating users. This reluctance stems from platforms wanting to have the widest pool of users as possible. Yet, the shortsightedness of this decision has consequences, including insufficient protection of children and long-term cost to companies’ bottom-lines.

The child exploitation crisis in digital spaces requires better laws and a reimagining of how VR, gaming, and social medial companies balance privacy, safety, and accountability across diverse platform architectures, according to , an expert in child exploitation methods in digital spaces and Policy Advisor at the NYU Stern Center for Business and Human Rights.

Limitations of existing regulatory frameworks

The current regulatory landscape is insufficient to protect children online. The lack of a comprehensive national privacy law in the United States, the use of consent mechanisms, and the haphazard rollout of age verification all expose protection gaps and come with economic and psychological costs, according to Olaizola Rosenblat. For example, some of the dangers include:

Gaps in patchwork of regulations leave children vulnerable — Regulatory demands for child safety often collide with privacy protections, creating contradictory obligations that platforms cannot realistically satisfy. In the absence of unified standards, however, companies operate in a jurisdictional maze that leaves most users, including children, exposed to data exploitation across borders.

America’s regulatory landscape remains especially fragmented, with no comprehensive national privacy law to provide consistent protection. comes close to establishing meaningful safeguards, according to Olaizola Rosenblat, yet it still permits companies to collect data even after users opt out of the sale or sharing of their data.

Federal reform attempts, including the , collapsed amid conflicts between states demanding stronger protections and tech lobbyists aligned with conservative representatives seeking weaker standards. In addition, child-specific laws, such as the , provide protection only for those under 13, which leaves older minors and adults vulnerable.

“Once users turn 13, they fall off a regulatory cliff,” says Olaizola Rosenblat. “There is no federal child-specific data protection regime, and existing state-level safeguards are patchy and largely ineffective for teens.”

Internationally, the European Union’s (GDPR), although considered the gold standard for regulation, suffers from a persistent gap between its ambitious text and its uneven enforcement.

Age verification tensions — These regulatory shortcomings also are evident in debates over age verification. Protecting children requires collecting data to determine user age, yet privacy advocates frequently oppose such measures. Without pragmatic guidance acknowledging these inherent trade-offs, platforms often face contradictory obligations they cannot simultaneously fulfill.

Current consent frameworks offer little protection — Current consent mechanisms offer users an illusory choice that fails to protect children from data exploitation. Even relatively robust frameworks like the GDPR rely on consent models in which refusal means exclusion from digital spaces essential to modern life. This approach proves particularly inadequate for younger users. Indeed, that about one-third of Gen Z respondents expressed indifference to online tracking.

VR data collections may allow future exploitation

VR platforms differ fundamentally from traditional gaming spaces and social media platforms. Users with VR headsets embody avatars that move through thousands of interconnected experiences. While no actual touching occurs, the experiences feel visceral. Indeed, the psychological and physiological responses can mirror aspects of real-world experiences, which include sexual exploitation, even though no physical contact occurs.

Olaizola Rosenblat explains that the data collected from the sensors can open up the potential for future exploitation. “The inferences that can be drawn from your body-based data collected by these sensors is granular and often intimate,” she explains. “The power that gives to companies is pretty remarkable in terms of knowing things about you that you might not even know yourself.”

Recommended actions to address challenges

Addressing the child exploitation crisis in digital spaces requires coordinated action, according to Olaizola Rosenblat, and that needs to include:

Universal protection standards — Corporate action in partnership with legislators is necessary for effective reform that protect all users rather than fragmenting safeguards by age or vulnerability status. Current approaches that shield only younger children create dangerous gaps and leave adolescents and adults exposed once they age out of protected categories.

Enforce existing regulations — Even well-crafted legislation proves meaningless without robust enforcement mechanisms. Commitment by government agencies along with the appropriate levels of funding is the most meaningful approach to achieve desired outcomes.

Technology-agnostic use regulation — Rather than attempting to categorize rapidly evolving data types, companies in the VR, gaming, and social media sectors must work with legislators to restrict harmful uses of data such as manipulation, exploitation, and unauthorized surveillance, regardless of technical collection methods. Regulating data use — rather than the current method of regulation based on categories of data, which include personally identifiable information — is the right approach.

Public mobilization is essential — Citizens must understand that the stakes of data exploitation beyond corporate collection also include hacking vulnerabilities and manipulative deployment. Without consumer demand for better protection and the willingness for legislators to pass the laws, regulation will not happen.

The path forward

The digital exploitation of children demands immediate action that transcends partisan divides and corporate interests. Only through coordinated regulatory reform, meaningful enforcement, and sustained public pressure can we create digital spaces in which innovation thrives without sacrificing our privacy and safety. The cost of continued inaction grows steeper each day we delay.

You can find out more on how organizations and agencies are fighting child exploitation here