As we begin 2026, Kentucky has officially enacted the Kentucky Consumer Data Protection Act (KCDPA), a comprehensive privacy statute that took effect on January 1, 2026. As with Indiana, is KCDPA is modeled on the now‑familiar Virginia‑style framework. The KCDPA establishes consumer data rights, imposes governance obligations on businesses, and grants exclusive enforcement authority to the Kentucky Attorney General.
New York’s RAISE Act vs. California’s TFAIA: What Companies Need to Know
As states continue to grapple with establishing regulatory frameworks for the most powerful artificial intelligence (“AI”) systems, New York has joined California in targeting frontier AI models with the Responsible AI Safety and Education Act (the “RAISE Act” or the “Act”).[1] Signed into law on December 19, 2025 by Governor Hochul, the Act creates a comprehensive regulatory framework for developers of the most advanced AI systems, marking New York’s entry into the vanguard of state AI safety regulation.
ESG and Sustainability Insights: 10 Things That Should Be Top of Mind in 2026
This year we expect ESG/sustainability to be influenced by several macro trends, including technology, geopolitics, and capital markets.
By Paul A. Davies, Betty M. Huber, and Michael D. Green
In 2026, we expect that business and legal leaders who successfully disentangle and separate economic, political, and legal risk with a clear strategic focus
Happy New Year! Now Get to Work — Areas Where Employers Should Think About Compliance for 2026
Employers should be thinking about whether to address the following areas of workplace compliance in 2026. These items on the employer to-do list are not all for the month of January, but don’t forget to come back to them throughout the year.
New year, same SALT: Lightning round on 2025’s biggest topics
In this episode of the SALT Shaker Podcast, SALT Partners Jeremy Gove and Chelsea Marmor kick off 2026 with a lightning round of their favorite SALT issues from 2025. They cover market-based sourcing, tax base expansions, remote worker litigation, and the classification of streaming services as tangible property. The conversation also touches on federal intervention
CMMC for AI? Defense Policy Law Imposes AI Security Framework and Requirements on Contractors
In an important first, the yearly defense policy law, the National Defense Authorization Act (NDAA) for Fiscal Year 2026, directs the Department of Defense (DoD) to develop and implement a framework addressing the cybersecurity and physical security of artificial intelligence and machine learning technologies (AI/ML) acquired by the Pentagon.
Recap of the Top Read Blog Posts in 2025
Happy New Year! 2025 was a busy year for the Insider authors—we published 271 posts throughout 2025. To kick-off 2026, in case you missed them last year, we are providing the articles from 2025 that were the most interesting to our readers across various categories.
We hope you enjoy them and look forward to another
CES 2026 And Agentic AI In Legal: It’s Not Going To Happen — Until It Does
I’ve been an agentic AI skeptic. But after this week at CES, trying ChatGPT Atlas to book my flights and hearing Nvidia CEO Jensen Huang explain why 2026 might be the year of agents, I’m at least convinced legal can’t ignore this technology or the blessings and curse it could bring.
In any event, the
UNESCO Adopts First Global Framework on Neurotechnology Ethics
On November 12, 2025, UNESCO’S General Conference adopted its Recommendation on the Ethics of Neurotechnology (“the Recommendation”)–the first attempt at establishing a global legal framework for the ethical development and use of neurotechnology. The Recommendation aims to set out a comprehensive rights-based framework for the entire life cycle of neurotechnology, from the design of neurotechnology products and services to their disposal.
While not legally-binding, the Recommendation states that its provisions should be considered by, among others, UNESCO Member States, research organizations, and private companies involved in neurotechnology, and that they establish how best to honor fundamental human rights in the development, deployment and disposal of this technology. It is therefore possible that in the future, they may be a starting point for binding legislation, or could be used as persuasive authority to support enforcement actions arising under existing legislation protecting fundamental human rights, e.g., the GDPR and other privacy laws around the world. In that regard, it is notable that the EU AI Act was inspired, at least in part, on UNESCO’s November 2021 Recommendation on the Ethics of Artificial Intelligence. There is, therefore, a real possibility that private sector companies developing neurotechnologies will be subject to rules specifically regulating such technologies in the future.
2026 Year in Preview: European Digital Regulatory Developments for Companies to Watch Out For
As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on in the months ahead.
Below are the top European digital regulatory issues to watch out for in 2026: