Highlights

*All PCI DSS 4.0 requirements become mandatory on 31 March 2025.

*Eight new U.S. data privacy laws will go into effect in the new year, including five in January.

*Microsoft will end support for Windows 10 in October 2025.

Overview

Significant changes are on the horizon for 2025, requiring hoteliers to act now to stay ahead of the cybersecurity and compliance challenges they may pose.

In this week’s feature of the VENZA Echo, we explore the key developments looming in the new year, including the PCI DSS 4.0 deadline, evolving data privacy legislation, and the end of Windows 10 support.

1. PCI DSS 4.0

All requirements of the Payment Card Industry Data Security Standard (PCI DSS) version 4.0 will take full effect and become mandatory on 31 March 2025.

PCI DSS 4.0 introduced 64 new requirements in phases, with 13 becoming effective in 2024. By the end of March, the remaining 51 best practices will transition into mandatory requirements for compliance.

These changes focus on:

*Risk-based, customized security approaches.

*Multi-factor authentication (MFA) and encryption.

*Monitoring and testing to proactively detect vulnerabilities.

While many of these updates have been addressed in previous VENZA Echo features, several requirements of PCI DSS 4.0 will demand a more nuanced and strategic approach.

We strongly recommend that organisations work with a Qualified Security Assessor (QSA) such as VENZA to thoroughly review these requirements.

2. U.S. Data Privacy Law

In the absence of federal legislation, state-level regulations are rapidly expanding across the U.S., creating a patchwork of requirements that now impact over 43% of the population.

In 2025, eight new privacy laws will take effect in the following states:

*Iowa
*Delaware
*Nebraska
*New Hampshire
*New Jersey
*Tennessee
*Minnesota
*Maryland

While similar in structure, each law has unique applicability criteria, often based on revenue or data volume. Companies must first assess whether they fall under these regulations, as some states, like Tennessee, impose specific revenue thresholds, such as $25 million annually.

3.Windows 10 Support Ending

Microsoft will end support for Windows 10 on 14 October 2025, leaving systems still operating on this version potentially vulnerable to security risks. Without regular patches and updates, unsupported systems can become an easy target for cyberattacks like ransomware.

To prepare for this, hoteliers should:

*Identify all devices that are still running Windows 10.

*Upgrade systems to Windows 11 or alternative platforms.

*Assess legacy systems and third-party software compatibility to avoid operational disruptions.

Conclusion

With important changes ahead in the coming year, hospitality must act now to prepare for the significant changes in the year ahead.

Feeling overwhelmed? Don’t worry. As the leading experts in hospitality cybersecurity and data protection, VENZA offers tailored solutions for defense, ensuring your hotels stay secure, compliant, and ready for the challenges of 2025 and beyond.