Insights
Search Results
Alerts
5.19.26
Colorado Legislature Repeals and Replaces Colorado AI Act: What SB 189 Means for Your Business
On May 14, 2026, Colorado Governor Jared Polis signed SB 189 into law, which repeals and replaces the Colorado Artificial Intelligence Act (CAIA). SB 189 goes into effect on January 1, 2027.
Alerts
2.13.26
South Carolina Becomes Fifth State to Enact Age-Appropriate Design Code Law
On February 5, 2026, South Carolina Governor Henry McMaster signed H. 3431, Age-Appropriate Code Design (SC AACD) into law, becoming the fifth state to enact an age-appropriate design code law after California, Maryland, Nebraska, and Vermont.1 The law, which went into immediate effect upon the governor’s signature, adds to the steadily increasing patchwork of teens’ and children’s online safety legislation in the U.S. Notably, covered online services are liable for treble damages incurred as result of a violation of the statute. Further, officers and employees may be held personally liable for “wil[l]ful and wanton” violations of the SC AACD. The law is already facing a legal challenge by a trade association.
Alerts
1.13.26
2026 Year in Preview: AI Regulatory Developments for Companies to Watch Out For
In 2026, businesses will face an increasingly complex regulatory environment for Artificial Intelligence (AI). With new state laws and various federal action on the horizon, here’s our top 10 list of what businesses should watch out for in the AI regulatory space in 2026:
Alerts
1.06.26
2026 Year in Preview: U.S. Data, Privacy, and Cybersecurity Predictions
As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on this year. Below are the top U.S. data, privacy, and cybersecurity issues to watch out for in 2026:
Alerts
10.16.25
California Enacts Nearly a Dozen Key Privacy and AI Bills into Law
On October 13, 2025, California concluded a busy legislative term by enacting a slew of key privacy and AI-related bills, aimed at enhancing consumer protection and regulating emerging AI technology applications. These measures address a range of critical issues, including consumer opt-out signals, data broker transparency requirements, age assurance, minors’ safety, companion chatbots, and AI development. We summarize some of the most significant of these privacy and AI bills that were signed into law by California Governor Gavin Newsom, below.
Alerts
10.02.25
California Enacts Major AI Safety Legislation for Frontier AI Developers
On September 29, 2025, California Governor Gavin Newsom signed into law Senate Bill 53, the Transparency in Frontier AI Act (TFAIA), the first-of-its-kind AI legislation in the U.S. that will require large AI developers to publicly disclose how they plan to mitigate potentially “catastrophic risks” posed by advanced frontier AI models. The law builds on recommendations from the June 2025 report from the Joint California AI Policy Working Group and is a pared-back successor to last year’s unsuccessful Senate Bill 1047, which was vetoed amidst industry opposition. Most provisions of SB 53 will be effective starting January 1, 2026.
Alerts
9.10.25
State AGs Unveil Investigation Sweep Targeting Businesses Ignoring Consumer Opt-Out Signals
On September 9, 2025, the attorneys general of California, Colorado, and Connecticut and the California Privacy Protection Agency (CPPA) announced a joint investigative sweep of potential failures by businesses to honor consumers’ rights to opt out of the sale and sharing of their personal information and targeted advertising under state comprehensive privacy laws. Notably, the sweep takes specific aim at whether companies are fulfilling consumer opt out requests sent via Global Privacy Control (GPC) signals.
Alerts
9.04.25
U.S. Federal Court Allows CIPA Class Action Against AI Customer Service Provider to Proceed
On August 11, 2025, the U.S. District Court for the Northern District of California denied a motion to dismiss a California Invasion of Privacy Act (CIPA) class action lawsuit filed against ConverseNow Technologies, Inc.
Alerts
7.25.25
White House Releases America’s AI Action Plan
On July 23, 2025, the White House announced its long-awaited comprehensive AI Action Plan titled “Winning the AI Race: America’s AI Action Plan” (the Plan). The Plan is aimed at positioning the U.S. as the global leader in AI and is a follow up to President Donald Trump’s January 23, 2025, Executive Order on “Removing Barriers to American Leadership in Artificial Intelligence,” which revoked the Biden Administration’s prior AI Executive Order (Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence). The AI Action Plan contains more than 90 policy actions related to three key pillars: 1) Accelerating AI Innovation, 2) Building American AI Infrastructure, and 3) Leading in International AI Diplomacy and Security. This alert touches on all three pillars with a focus on the first, which outlines the Trump Administration’s strategic vision and policy recommendations to drive innovation in the American AI sector.
Alerts
6.24.25
Nebraska and Vermont Pass Age-Appropriate Design Codes
Nebraska and Vermont are the latest U.S. states to join the growing landscape of children’s online safety laws that have swelled in state chambers in recent years. On May 30, 2025, Nebraska Governor Jim Pillen signed the Age-Appropriate Online Design Code Act (the Nebraska AADC). On June 12, 2025, Vermont Governor Phil Scott signed the Vermont Age-Appropriate Design Code Act (the Vermont AADC). In doing so, Nebraska and Vermont join California and Maryland, which in 2022 and 2024, respectively, enacted age-appropriate design code laws of their own. Notably, the ongoing legal challenges1 to the California and Maryland AADCs do not appear to have dissuaded state legislators from enacting AADC-style and other children’s online safety laws. The Nebraska AADC takes effect January 1, 2026 (though the state Attorney General (AG) must wait until July 1, 2026, to seek civil penalties). The Vermont AADC takes effect January 1, 2027.
Alerts
11.04.24
CFPB Releases Final Open Banking Rules: Key Takeaways for Fintech Companies
On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) announced its long-awaited final rule on “Personal Financial Data Rights” (the Final Rule). The Final Rule implements Section 1033 of the Dodd-Frank Act, which provides consumers the right to access and port their financial information between banks and other financial entities. For an analysis of the proposed rule, please see our analysis here.
Alerts
10.17.24
Subscription and Auto-Renew Offerings Face New Hurdles: FTC Issues Broad “Click-to-Cancel” Rule Imposing Nationwide Requirements
Companies that automatically renew customers’ subscriptions or memberships, take note. On October 16, 2024, the Federal Trade Commission (FTC) announced sweeping amendments to the Negative Option Rule, which would apply to a host of subscription-based products and services that have an auto-renewal feature (i.e., a negative option offering), including those directed to businesses. The Rule includes specific and prescriptive requirements, such as requirements to 1) obtain consumers’ affirmative consent to an auto renewal feature “separate from any other portion of the transaction,” 2) present all material terms of the transaction “immediately adjacent to” the means of recording consumer consent, and 3) allow for simple cancellation in the same medium the consumer used to consent, noting that a chatbot cancellation method would not be acceptable unless the initial transaction was made through a chatbot. Violations of the Rule would be subject to $51,744 in civil penalties per violation.