IT Trends 2025: Key Challenges for CIOs

The year 2024 was marked by several major regulatory developments at the European level, which now feature prominently on the 2025 roadmap for CIOs. In the cloud sector, 2025 will see the rise of “trusted cloud” or “sovereign cloud” solutions, along with a strong focus on optimizing costs. The fight against Shadow IT and challenges related to AI deployment will also be major structuring topics for 2025.

What exactly will be the key challenges for CIOs in 2025 when it comes to digital transformation? Here’s an overview of the IT trends to watch in 2025.

The Rise of “Trusted Cloud” and “Sovereign Cloud” Solutions

In its report “Cloud Migration: Progress Update”, published in November 2024, CIGREF noted that demand for trusted cloud and sovereign cloud solutions increased significantly in 2024. Regulatory requirements for the protection and control of sensitive data have been strengthened across key sectors, including banking, finance, industry, and energy.

Faced with stricter regulations and growing cybersecurity threats, organizations handling critical data are increasingly turning to sovereign solutions. These solutions allow them to leverage the benefits of cloud computing without compromising data security. Storing data within France ensures protection against extraterritorial laws.

Cloud Cost Optimization

Optimizing cloud spending—through strategies such as FinOps—is also one of the key IT trends for 2025. As a response to escalating cloud costs, FinOps helps organizations control expenses while maintaining high service quality.

In 2025, CIOs will also benefit from exploring additional approaches to reduce cloud-related expenses. GreenOps—which monitors and optimizes the energy consumption of cloud services—and the multicloud strategy, which enables better workload distribution across different providers, are among the solutions gaining traction.

Implementing Regulatory Changes in Cybersecurity

From a regulatory perspective, CIOs will need to focus on two major legislative frameworks in 2025: the DORA regulation and the NIS 2 directive.

DORA: Strengthening Digital Operational Resilience

CIOs in financial institutions will likely have their attention fixed on DORA (Digital Operational Resilience Act) in 2025. Organizations must comply with its requirements by January 17, 2025, when the regulation officially takes effect in France. With an estimated 22,000 affected entities in France, DORA introduces stringent operational resilience standards for financial institutions.

The regulation focuses on:

• Managing IT and communication technology risks, including third-party risks
• Incident classification, reporting, and management
• Conducting digital operational resilience testing

The goal is to enhance financial entities’ ability to withstand, respond to, and recover from disruptions linked to IT and communication systems.

NIS 2: Enhancing Cybersecurity Across Critical Sectors

In 2025, organizations will also need to work on compliance with the NIS 2 (Network and Information Security) directive. This EU directive aims to raise and standardize cybersecurity levels across member states, enhancing the resilience of critical infrastructure sectors such as finance, healthcare, public services, and defense.

While NIS 2 officially came into force at the end of 2024, affected entities have three years to fully comply. Compliance efforts will focus on:

• Strengthening governance and cyber risk management
• Securing supply chains
• Reducing risks associated with third-party providers

As regulatory pressure increases, CIOs must ensure their organizations not only meet compliance deadlines but also adopt a proactive approach to cyber resilience and risk mitigation.

Rationalizing and Securing Collaboration and Data-Sharing Tools

Shadow IT remains a significant concern for 2025. According to the 2024 CESIN Barometer, Shadow IT was the second leading cause of security incidents, just behind opportunistic cyberattacks. Orange Cyberdefense further confirms this trend in its “Security Navigator 2025” report, stating that internal sources now account for 47.35% of security incidents, almost on par with external threats (47.61%).

Organizations face an urgent need to streamline their collaboration and data-sharing tools while also raising awareness about the risks of using unauthorized consumer-grade applications (e.g., video conferencing tools, collaborative platforms, file transfer services, electronic signature solutions) without CIO approval. Many of these tools lack sufficient security guarantees, making their rationalization and protection a critical challenge for IT leaders.

AI Integration: Balancing Innovation and Infrastructure

AI deployment is another priority on CIOs’ 2025 roadmap. Employees are eager to harness AI’s potential, creating significant pressure for rapid adoption. However, integrating AI into enterprise environments is far from straightforward. AI workloads place heavy demands on IT infrastructure, and most current enterprise networks lack the flexibility and scalability to support these workloads effectively.

Beyond infrastructure challenges, AI implementation requires well-defined use cases while considering ethical concerns and data governance. Successful AI adoption depends on deploying models within secure and isolated environments, often requiring private cloud solutions rather than relying on standard public cloud services. Ensuring data security and regulatory compliance will be essential for AI-driven transformation in 2025.

2025 is set to be a highly strategic and complex year for IT leaders. They must strike a balance between security and productivity, regulation and innovation, while keeping digital transformation costs under control. Their guiding principle? Building a trusted digital environment that safeguards critical data while enabling teams to remain productive.