For our 10th anniversary, we’ve unpacked our crystal ball and come up with 10 predictions for the future of Contact Centres. This 4th prediction explores the significant changes we’re likely to see in regulation and compliance.

Compliance will target memory, not just security

For decades, compliance was about protecting what you stored and used. In the not too distant future, it will be about governing how your systems operate and what they remember.

By the early 2030s, regulation will move beyond passwords, firewalls, and privacy notices to scrutinise the inner workings of machine intelligence; the data it learns from, the biases it encodes, and the decisions it makes. As AI becomes the backbone of CX, every conversation, model, and micro-decision will have to be explainable and ethical. The regulators of tomorrow won’t just ask “Did you keep it safe?” They’ll ask “Can you prove it thinks fairly and safely?”

The shift explained

Until relatively recently, the contact centre simply processed data. Increasingly, customer data has been used intelligently. But now it’s not just using intelligently, but generating intelligence. Every call, click, and chat adds to the corporate memory – a growing library of behavioural, emotional, and contextual cues. That memory fuels better service (see prediction 5), but it also creates new exposure.

Regulators, rightly, are catching up. PCI DSS and GDPR were the first wave, focused on data protection. The next wave – already emerging in AI acts, algorithmic accountability bills, and digital ethics frameworks – will focus on memory protection. Who owns the model? Who trained it? Who can explain its outputs, correct its course, and erase what it should never have learned?

What’s more, in a world that is increasingly stretching the limits of the planet, we should expect regulators to monitor and potentially limit the energy it uses.

All of which has consequences for governance.

Without proportionate governance, CX could easily tip from personalisation to surveillance, from empathy to emotional manipulation. When customer intelligence becomes predictive, it must also remain transparent and provable.

What it means for CX leaders

• Design for explainability. “Because the model said so” won’t pass a regulator’s test. Build systems that can describe their reasoning in human terms.
• Audit the invisible. Start mapping where data becomes decision – from model training to post-interaction learning. If you can’t trace it, you can’t defend it.
• Rethink retention. The future question isn’t how long you keep data, but how responsibly your systems remember. Forgetfulness, done safely, may become a virtue.
• Govern like it’s coming – because it is. The organisations that embed responsible-AI guardrails now will be the ones regulators – and customers – point to later as exemplars.

Our perspective

At Customer Contact Panel, we see a new category emerging: compliance for intelligence. It’s no longer just about encryption or data masking, it’s about transparency, traceability, and trust in the age of synthetic decisions.

We help organisations anticipate this shift by:

• Building auditability and model governance into operating models.
• Partnering with delivery networks that understand ethical AI in practice, not theory.
• Translating complex compliance frameworks into plain English, so leaders can act before enforcement catches up.

Compliance used to follow technology. In the next decade, it will shape it. Those who treat governance as an accelerator – not a constraint – will move faster, safer, and with greater confidence.

Closing thoughts

Tomorrow’s regulators won’t ask where your data lives – they’ll ask what it remembers, who trained it, and whether it can explain itself. Lest we end up with Surveillance CX and Emotional Hacking, the time to act is now.

Sources & further reading

EU AI Act | UK AI Regulation White Paper 2025 | PCI DSS v4.0 | Forrester Responsible AI Trends 2025 | Gartner CX Compliance Radar 2026

Do you think the regulation of the next decade can keep up? Keep us humans safe?

Let us know in 50 words or less and we’ll publish the most interesting and thought-provoking perspectives below.