Compliance: more than ticking legal boxes

February 20, 2025
Reading time: 10 minutes
Category: team.blue

We sat down with Andrea Giannangelo, Founder of iubenda, one of Europe's leading providers of e-compliance solutions and a team.blue brand, to discuss why compliance can make or break a business, what businesses should prioritize in 2025 and how AI is shaping the future of the industry.

You’re now a leader in e-compliance – but how did it all begin?

Back in 2010 I was an Economics student building websites in my spare time and realized there was no easy way to generate the legal documents websites needed. Privacy laws were relatively simple, yet no service automated this process - so I pioneered my own solution: consolidating multiple laws into a single document adaptable to specific business needs. This approach was a breakthrough at the time and became the foundation of our products.

At the time, many believed privacy was becoming obsolete, but I had the intuition that the tide would turn. Now compliance is a critical business priority. The landscape shifted dramatically over the years, with GDPR and other international regulations. What began as a personal need quickly evolved into a broader vision: to simplify e-compliance for businesses.

Why is the e-compliance sector growing so rapidly?

Regulation is only tightening, and each wave of regulation brings greater demand for compliance solutions. We’ve gone from simple privacy policies to cookie banners, GDPR, and now accessibility requirements. By mid-2025, businesses in Europe must ensure website accessibility, mirroring U.S. regulations.

This pattern isn’t unique to privacy—new technologies often start unregulated, followed by increasing oversight. AI is a perfect example. Right now, enthusiasm is high, but as risks emerge, stricter regulations will follow. Businesses must prepare for this evolving landscape by staying proactive with compliance.

AI is on everyone's mind right now. How is it transforming e-compliance and how does iubenda approach it?

We’ve deliberately chosen not to integrate AI into our compliance tools. The reason is simple: compliance requires certainty. AI, particularly LLMs, introduces an element of unpredictability that we cannot afford when providing legally binding solutions.

That said, businesses must be mindful of AI-related privacy risks. Many unknowingly expose sensitive data by feeding it into AI tools without understanding how that data is used or stored. We’re in the "wild west" phase of AI, but regulation will inevitably catch up. Major AI platforms like Google’s Gemini and Microsoft’s Copilot have already introduced privacy safeguards.

You’ve supported thousands of businesses on their compliance journey. What is your advice to a business that’s just starting out?

Businesses often assume that compliance begins and ends with a cookie banner, but that’s just one piece of the puzzle. A robust solution must ensure technical compliance beyond surface-level measures. Compliance isn’t just about avoiding penalties—it’s about protecting core business assets.

Our team always highlights often overlooked requirements that can make or break a business – for example, obtaining consent before tracking or creating an email marketing list. While fines for improper consent management in email marketing are frequent and severe, you could lose access to the database and importantly the legal ability to send emails to those contacts if you can’t prove lawful consent. This can cripple an online business far more than any fine.

Why should businesses care about e-compliance, beyond ticking the legal box?

Businesses care about risk mitigation, and compliance is key here, but they also care about efficiency. That’s why at team.blue we focus on making compliance as painless as possible, with a range of solutions – iubenda, consentmanager, complianz, and CookieFirst. These are customisable tools that check all necessary boxes with minimal disruption, whether you’re a microbusiness in Italy or a Europe-wide enterprise that needs to manage compliance at scale.

But I often tell my team and our customers that there is more to compliance, that it helps protect and enhance user rights. The next chapter of e-compliance – accessibility – is a great example of this. Ensuring that digital platforms are accessible and usable for all isn’t just about avoiding penalties - it’s about creating a better more inclusive digital world for everyone. I’m excited we can do this now that Acessiway, Europe’s leading digital accessibility provider, is part of iubenda and team.blue.

What your three e-compliance must-haves - aside from cookie banners and privacy policies?

Terms & Conditions – Without proper terms, online sellers in Europe may be forced to offer extreme return policies, like one-year refunds.
Proof of Consent Storage – Storing verifiable consent, especially for email marketing, is critical to avoid penalties and critical operational disruptions.
Website Accessibility – The upcoming EU Accessibility Act, in force from mid-June, will bring major new compliance requirements. Demand for solutions is already skyrocketing.

What should businesses watch out for in 2025, beyond accessibility compliance?

Data Residency & Geopolitical Risk – Increased scrutiny over where and how data is stored.
AI Governance – Pressure to align AI usage with evolving regulatory frameworks.

Conclusion

E-compliance is no longer optional—it’s fundamental to operating online. Businesses that prioritize compliance now will be best positioned for success in an increasingly regulated digital world. Find out more about how to navigate this at iubenda.

Share this article

Are you sure your business is safe online? The must-haves for digital security
Are you sure your business is safe online? The must-haves for digital security
January 28, 2025
Reading time: 8 minutes
Read more
Sustainability: a non-negotiable in Tech
Sustainability: a non-negotiable in Tech
December 5, 2024
Reading time: 6 minutes
Read more

Blog overview