Non-Functional Requirements: Trends, Challenges and Best Practices for 2025

Kevin Greer

on

Non-functional requirements (NFRs) have always played a critical role in the success of digital projects, providing the foundation for performance, security, usability, and scalability.

In 2020, Box UK’s guide to non-functional requirements laid out some types and examples, offering invaluable insights for organisations navigating the complexities of product development.

Today, the digital landscape has evolved significantly, bringing new trends, challenges, and opportunities that demand a fresh look at NFRs.

In this article, we revisit the topic to explore how non-functional requirements have changed in recent years and provide updated insights to help your teams meet modern demands.

The Evolution of Non-Functional Requirements

Over the past five years, digital projects have been shaped by rapid advancements in technology. Artificial intelligence/Machine Learning (AI/ML), cloud computing, the Internet of Things (IoT), and blockchain have introduced new complexities that make addressing NFRs more crucial than ever. 

At the same time, users and regulators are demanding higher standards for security, privacy, and accessibility.

These developments simply reinforce the need to consider and embed NFRs early and iteratively in the development process to ensure robust, future-proof solutions.

Recent Trends in Non-Functional Requirements

1. Security and Privacy as Top Priorities

With an increasing number of cyber threats (too many to mention!), tighter regulations (GDPR) and more exacting industry standards (ISO), security and privacy have become dominant NFRs and are ignored or de-prioritised at your peril! Some best practices emerging out of this new landscape include:

  • Zero-Trust Architectures: Implementing stringent authentication and access controls such as 2FA.
  • Secure APIs: Ensuring data exchange between systems is encrypted and tamper-proof.
  • Privacy-By-Design: Embedding data minimisation and consent mechanisms into applications from the outset.

2. Sustainability and Green IT

Despite some notable exceptions, many countries are seeing sustainability emerging as a key consideration in tech, driven by environmental awareness and corporate social responsibility. NFRs now include:

  • Optimising software for energy efficiency.
  • Selecting cloud providers with renewable energy commitments.
  • Designing applications to minimise hardware resource consumption.

In the public sector, progressive legislation that was still finding its feet in 2020, such as the Well-being of Future Generations (Wales) Act 2015 in Wales, is now beginning to have real impact on public sector digital projects. Paying lip service to sustainability in public procurement tenders can alone mean the difference between success and failure.

3. Interoperability and Open Standards

In a world where systems must seamlessly integrate across platforms, interoperability has gained prominence. This is particularly crucial for industries like healthcare and finance, where data exchange across systems is vital. Open data standards and format-agnostic APIs enable greater flexibility and reduce vendor lock-in.

4. Scalability for Modern Architectures

The rise of microservices, serverless architectures, and edge computing (the next evolution of cloud computing) has amplified the need for scalability. Scalable systems must handle:

  • Increasing user demands without degradation in performance.
  • Big data workloads, especially in AI/ML-driven projects.
  • Global availability with low latency using content delivery networks (CDNs).

5. AI/ML-Specific NFRs

AI is everywhere these days and with AI and machine learning embedded into more applications, unique non-functional requirements are emerging:

Performance: Optimising models for fast inference times without sacrificing accuracy.

Ethicality: ensuring the data on which the AI service is modelled has been created or sourced in accordance with legislation and/or company policy.

Explainability: Ensuring AI decision-making is transparent and understandable so that the quality of outputs can be tested.

Fairness: Minimising bias in algorithms to avoid inadvertent impact on protected characteristics.

Talk to one of our digital experts

Tom Houdmont

Head of Business Solutions

Do you have a great idea for a project you need support with?

Tom leads Box UK’s Business Solutions team and has over 15 years experience in the web industry. Tom is passionate about creating impactful solutions that solve real problems and deliver the outcomes our clients need.

Book a meeting with Tom

Or call us on 020 8098 2093

Integrating NFRs into Agile

Box UK employs the Agile methodology for all digital products delivered for clients. You can read more on our website about Box UK’s use of Agile but in summary, Agile demands that NFRs are:

1. Shifted Left

NFRs must be considered early in the development lifecycle to identify potential challenges and risks upfront. Collaborative workshops involving cross-functional teams help prioritise these requirements effectively. Waiting to consider NFRs downstream can result in significant delays and increased costs.

2. Continuously Validated

Testing (automated and manual) ensures NFRs like performance, security, and reliability are tested and met at every stage of development. For example:

  • Load testing tools (e.g. K9) to ensure scalability.
  • Static and dynamic security analysis tools to address vulnerabilities.

3. Dynamically Refined

As projects evolve, so do the NFRs. Agile processes allow for iterative refinement of requirements, ensuring they adapt to new user needs and technical challenges.

Updated Examples of Non-Functional Requirements

Here are some modern examples of NFRs relevant to current and near future digital projects:

Performance

  • Real-time applications (e.g. chat support or live dashboards) must deliver data updates within 100 milliseconds to meet user expectations.
  • AI-powered features, like recommendation engines or voice assistants, must provide responses in less than 1 second.

Security

  • Applications must support adaptive authentication mechanisms that assess risk dynamically (e.g. based on user behavior).
  • Quantum-resistant encryption to prepare for potential threats from advancements in quantum computing.

Sustainability

  • Integrate tools to track and report digital carbon footprint as part of sustainability initiatives.  
  • AI and big data solutions must be designed with energy-efficient algorithms to align with corporate social responsibility goals.

Privacy

  • Implement privacy-enhancing technologies, like differential privacy and homomorphic encryption.
  • User data collection must support fine-grained consent, allowing users to specify which data can be shared and with whom.

Ethical AI

  • Deploying AI for sensitive use cases (e.g. hiring or lending) will need to comply with anticipated AI accountability and transparency regulations.
  • AI systems must include continuous monitoring to detect and mitigate biases as data evolves.

Addressing Modern Challenges in NFRs

Ensuring NFRs are not overlooked can be challenging. Several factors contribute to pressure on Product Owners to deprioritise NFRs in favour of often more tangible deliverables. Awareness of these pressures and an understanding of how to manage them is critical to good project governance and positive project outcomes.

Examples of some of those pressures are:

1. Balancing Speed and Quality

The need for rapid delivery often conflicts with the complexity of providing solutions for NFRs. Organisations can mitigate this by:

  • Prioritising critical NFRs based on user needs and business impact. See our previous article for guidance on prioritisation of NFRs.
  • Leveraging reusable components and libraries that meet established standards.

2. Technical Debt and Legacy Systems

Maintaining NFRs in legacy systems is a significant challenge. Management strategies include:

  • Incremental refactoring to modernise codebases.
  • Using middleware to bridge gaps between legacy and modern systems.

3. Evolving Standards and Regulations

Compliance requirements, regardless of industry/sector, change frequently. Mitigation tactics include:

  • Using risk logs / traceability matrices to capture key compliance requirements and monitor impact on solution development.
  • Carrying out regular audits to ensure requirements backlogs and solutions are mindfully updated enabling continued alignment with new standards.

Conclusion

Non-functional requirements are not just a “nice-to-have”; they are integral to the success of digital projects. By addressing security, scalability, sustainability and other NFRs early and iteratively, teams can build robust, user-centered systems that meet the demands of today and tomorrow.

Looking ahead, emerging technologies like Artificial Intelligence, quantum computing, Web3, and advancements in edge computing will introduce new NFRs. Organisations must remain agile and proactive, leveraging tools like AI-driven monitoring and self-healing systems to address these challenges.

As the digital world continues to evolve, Box UK remains committed to providing insights and expertise to help your projects succeed. If you’d like to discuss how we can support your organisation in defining and implementing effective NFRs, get in touch with us today!

Kevin Greer

Senior Product Owner

Kevin is a former practising solicitor who made the switch to Digital Product Owner over 15 years ago. Having worked on a wide range of projects during that time, Kevin is passionate both about delivering exceptional products and providing outstanding client care.

Want to chat more?

This field is hidden when viewing the form

You may withdraw this permission at any time. All information will be processed in accordance with our privacy policy and will never be sold on.

This field is for validation purposes and should be left unchanged.

You might also be interested in…