Key Changes to Upcoming AI, Risk Assessment, and Cybersecurity Regulations
On May 1, 2025, the California Privacy Protection Agency (CPPA) Board met again to discuss updates to the latest draft California Consumer Privacy Act (CCPA) regulations related to automated decision-making technology (ADMT), cybersecurity audits, risk assessments, and an assortment of other updates to existing regulations.…
On April 22, 2025, the EU Commission’s AI Office published draft guidelines to clarify the obligations in the EU AI Act for providers of general-purpose AI models (guidelines). These obligations will be applicable to AI models released in the EU market after August 2, 2025. The guidelines are currently open for public consultation, and the…
On April 4, 2025, the California Privacy Protection Agency (CPPA) Board met to discuss the latest draft California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, risk assessments, automated decision-making technology (ADMT), and an assortment of other updates to existing regulations. These revisions come after the CPPA first released draft regulations on these topics…
On March 25, 2025, Utah Governor Spencer Cox signed HB 452, which establishes new rules for the use of artificial intelligence (AI) mental health chatbots accessible to any “Utah user,” defined as, “an individual located in the state at the time the individual accesses or uses a mental health chatbot.” Digital health companies and…
On February 4, 2025, the European Commission (EC) issued draft guidelines clarifying the AI practices that are prohibited under the European Union’s (EU) Artificial Intelligence (AI) Act. While non-binding, the guidelines offer valuable clarifications and practical examples to help businesses navigate their obligations under the AI Act. The EC has approved the draft guidelines, but…
We are less than a month into the new Trump administration and are seeing an unprecedented wave of activity and major changes at federal agencies. These changes promise to bring significant disruption to the staff and negatively impact the typical activities of numerous agencies, including the nation’s consumer protection watchdog, the Federal Trade Commission (FTC).…
On February 2, 2025, the European Union’s (EU) Artificial Intelligence Act (AI Act) will start to apply in phases. This alert summarizes the new obligations that will apply as of February 2, 2025. It also indicates when companies can expect the first enforcement actions, and what the enforcement regime will look like. For more information…
With Inauguration Day just around the corner, we are likely to see a host of new legislative and enforcement initiatives at the federal level. The Federal Trade Commission (FTC) will shift certain priorities under incoming Chairman Andrew Ferguson’s direction. And at the state level, legislatures and state attorneys general (state AGs) will continue to be…
On December 18, 2024, the European Data Protection Board (EDPB) published its much-anticipated Opinion on the processing of personal data in the context of AI models in light of the EU General Data Protection Regulation (GDPR).…
On December 10, 2024, President-elect Trump named FTC Commissioner Andrew Ferguson as next Chairman of the Federal Trade Commission (FTC), replacing Chair Lina Khan on January 20, 2025. As a Senate-approved sitting Commissioner, he will not need Senate approval to assume the role of Chairman. President-elect Trump also named Mark Meador as a Commissioner to…
