Future-Proofing Compliance in Grant Management: What Funders Need to Know for 2025–2027

Compliance, particularly in the Public Sector, is no longer a background task. For funders in the UK and EU, regulations around artificial intelligence, data, procurement, accessibility, and cybersecurity are reshaping how grant management systems (GMS) must be designed, delivered, and governed. Choosing the right system today is about future-proofing for tomorrow’s obligations.

Artificial Intelligence Act (EU)

The EU’s AI Act is the world’s first major legal framework for AI. Prohibited AI practices have been banned since February 2025. Obligations for general-purpose AI models take effect in August 2025, and duties for high-risk AI systems (such as tools used in funding decisions) apply from August 2026.

Impact on grantmakers: any AI-supported scoring, triage or monitoring must be explainable, logged, and overseen by people. Human-in-the-loop review and auditable decision trails will become standard.

Data Act (EU)

The EU Data Act, applicable from September 2025, strengthens rights around data portability, access, and cloud switching.

Impact on grantmakers: systems must allow secure data export, support contractually defined exit strategies, and avoid vendor lock-in.

UK Procurement Act 2023

In force since February 2025, this act reforms how public bodies procure and manage contracts. A new regime of notices and transparency duties now applies across the grant lifecycle.

Impact on grantmakers: GMS solutions must generate audit-ready data and align to standardised notice requirements.

Accessibility

Accessibility has moved up the compliance agenda.

WCAG 2.2 standards are expected of all UK public sector digital services.

The European Accessibility Act (EAA) becomes enforceable in June 2025, requiring consumer-facing platforms to meet accessibility requirements.

Impact on grantmakers: public portals must be designed inclusively, with accessibility testing and statements embedded.

Cybersecurity & Resilience

NIS2 Directive: enforced nationally from October 2024, applies to many public and research funders.

Cyber Resilience Act (CRA): phased requirements from September 2026 (vulnerability disclosure) and December 2027 (full obligations for digital products).

Impact on grantmakers: expect stricter due diligence on software suppliers, requirements for SBOMs (software bills of materials), and stronger incident reporting.

Identity & Trust

The eIDAS 2.0 regulation requires EU Member States to make the EU Digital Identity Wallet (EUDI) available by the end of 2026, enabling strong, portable digital identities.

Impact on grantmakers: GMS platforms should plan to support secure login via EUDI and other government/enterprise identity providers.

How to Prepare: A Buyer’s Checklist for Grant Management Systems (2025–2027)

When evaluating grant management systems, funders should ensure their platform offers:

Feb 2025 – EU AI Act (Prohibited AI practices banned): Ensure any AI-assisted functions in grant assessment or reporting comply with new restrictions.

Feb 2025 – UK Procurement Act 2023 (Transparency obligations in force): Systems must generate audit-ready exports, aligned with the new notice and transparency regime.

Jun 2025 – European Accessibility Act (EAA): Public-facing portals must comply with accessibility standards; design inclusively (WCAG 2.2 AA).

Aug 2025 – EU AI Act (GPAI obligations): Prepare for controls around general-purpose AI models; ensure explainability and logging.

Sep 2025 – EU Data Act (Applicable): Guarantee secure data portability and cloud exit strategies; avoid vendor lock-in.

Aug 2026 – EU AI Act (High-risk system duties): Implement human-in-the-loop governance, risk management, and full decision audit trails.

Sep 2026 – Cyber Resilience Act (Early obligations): Plan for vulnerability disclosure processes and supplier due diligence.

End 2026 – EU Digital Identity Wallet (EUDI): Prepare for strong, portable identity verification; support government and enterprise IdPs.

Dec 2027 – Cyber Resilience Act (Full obligations): Meet secure-by-design requirements, software bills of materials (SBOMs), and full CRA compliance.

At AIMS, compliance isn’t an add-on. We embed configurable workflows, strong audit trails, accessibility, and integration flexibility so funders can adapt with confidence. Future-proofing your GMS means aligning with both today’s needs and tomorrow’s rules.

• 

  How to | News

  One Platform, Many Programmes: Scaling Multi-Agency Grant Administration with a Single Grant Management System

  ByThomas O'Connell 27th February 202611th March 2026

  How can multiple agencies collaborate effectively when managing shared funding programmes? This article explores how a multi-agency grant management platform can centralise applications, evaluations, reporting and oversight, enabling organisations to coordinate funding programmes more efficiently and transparently.

• 

  News

  Grants in a Corporate ERP Transformation: Five Architecture Considerations Before You Decide

  ByThomas O'Connell 12th February 202611th March 2026

  ERP transformation programmes are reshaping corporate systems across finance, HR and operations. This article explores five key architectural considerations when integrating grant administration into an ERP-led environment, and how organisations can avoid embedding long-term complexity into their funding systems.

• 

  News

  What is grant management software?

  ByThomas O'Connell 11th February 202611th February 2026

  Grant management software is used by grant makers and administrators to help manage grants, funding, accreditation, corporate giving, scholarships and other awards programmes.

  Grant management software cuts down on administration time for grant makers, ensures transparency and accountability in grant giving, and allows funders to measure the impact of their grant giving by providing simple access to data.

  If you are at the beginning of your journey to find the right software solution, you may feel that you don’t know the right questions to ask. Feel free to get in touch to find out what you should be asking a prospective grant management software supplier.

  Let us help you get what you need.

• 

  Feature focus

  Whole-of-Government Grant Management: Three Shared Service Models That Work

  ByThomas O'Connell 28th January 202612th February 2026

  Across government, grant management is under pressure from every direction: rising demand, tighter assurance requirements, higher expectations of transparency, and the practical challenge of running dozens (sometimes hundreds) of schemes across departments, agencies and arm’s-length bodies. A common theme sits underneath most of these challenges: fragmentation. The Problem: Why Public Sector Grant Management Is Fragmented The […]

• 

  News

  Compliance Across the Grant Management Landscape: Different Sectors, Different Challenges

  ByThomas O'Connell 1st December 202512th February 2026

  Compliance in grant management isn’t one-size-fits-all. While public funders face statutory regulations like the AI Act, Data Act, or Procurement Act, other grantmakers — from medical charities to family foundations — operate under different governance, ethical, and regulatory pressures. Understanding these variations is key when selecting or configuring a grant management system (GMS). Education & […]

• 

  News

  Compliance Beyond the Public Sector: Challenges for Research, NGOs and International Development

  ByThomas O'Connell 3rd November 202512th February 2026

  When we think about compliance in grant management, most attention falls on public sector obligations like the AI Act, Data Act, Procurement Act, or NIS2. But for research councils, charities, and international development agencies, sector-specific compliance frameworks are just as critical — and sometimes more complex. Research Sector NGOs & Charities International Development Cross-Cutting Themes […]