On June 30, 2025, the California Civil Rights Council (CRC) secured final approval for regulations addressing employment discrimination resulting from the use of artificial intelligence and other algorithms it collectively refers to as Automated-Decision Systems. Shortly after that, on July 24, 2025, the California Privacy Protection Agency Board approved its own long-anticipated regulations on cybersecurity
CrowdStrike’s 2025 Threat Hunting Report offers key insights into the current cyber threat landscape. Drawing on data from July 2024 to June 2025, the report showcases how adversaries are becoming more sophisticated, scalable, and business-like in their operations. These “enterprising adversaries” are not only innovating their tactics but also exploiting emerging technologies such as generative
On August 6, 2025, the Assistant Secretary for Technology Policy (ASTP) at ONC publicly announced its release of the TEFCA Organizational Map, a beta search tool that allows users to look up which organizations are participating in the Trusted Exchange Framework and Common Agreement (TEFCA). For the first time, the public can search by
@media screen and (max-width: 1023px){section[data-id=”block_f6e9f9263295d0de839087ee5a063259″]{ }}@media screen and (min-width: 1024px) and (max-width: 1365px){section[data-id=”block_f6e9f9263295d0de839087ee5a063259″]{ }}@media screen and (min-width: 1366px){section[data-id=”block_f6e9f9263295d0de839087ee5a063259″]{ }}
If you use a bot powered by artificial intelligence to interact with consumers, you need to disclose it.
A new law in Maine that goes into effect in September 2025 requires businesses to notify consumers in a clear and conspicuous manner that they are not engaging with a human being.
Not doing so may be
On July 30, 2025, the U.S. Department of Health and Human Services (HHS) Centers for Medicare & Medicaid Services (CMS) announced a new Health Technology Ecosystem Initiative—a collaborative effort between government and industry to unlock innovation by modernizing healthcare data flows among patients, providers, payers, and technology platforms. The new initiative does not contemplate any
The EU AI Act is entering into force in stages. While most of its provisions will not apply until August 2026, key requirements for general-purpose AI (GPAI) models took effect much earlier, starting on August 2, 2025.
In anticipation of this earlier milestone, the Code of Practice for General-Purpose AI Models was published on the
Starting January 1, 2026, health care practitioners in Texas are required to store electronic health records in the United States under a new Act. It applies to all records- regardless of the date on which the record was first prepared. his requirement is found in a recently enacted law that also includes requirements for
The use of AI requires organizations that act as controllers under the GDPR to determine the purposes and means of processing personal data.
In the world of AI, a month is an eternity. In my last article (https://www.stoelprivacyblog.com/2025/06/articles/ai/ai-legislative-developments-early-days-or-tipping-point/), just over a month ago, I wrote about the much-discussed proposed 10-year moratorium on the enforcement of state AI laws. Ultimately, the Senate voted against it, and the House passed the Senate version of the tax and spending