Insights
Search Results
Newsletters
1.29.26
All Eyes on AI: Regulatory, Litigation, and Transactional Developments - Q3/Q4 2025
Wilson Sonsini’s All Eyes on AI: Regulatory, Litigation, and Transactional Developments closely follows the evolving regulatory landscape for artificial intelligence (AI) in the U.S., new EU regulations for AI, international developments, litigation, recent deals highlights, firm publications, and other AI and machine learning highlights. This latest Q3/Q4 2025 edition features:
Newsletters
9.09.25
All Eyes on AI: Regulatory, Litigation, and Transactional Developments - Q2 2025
The latest edition of All Eyes on AI addresses the White House’s AI Action Plan, the USPTO’s plan to accelerate patent review, the EC’s details of the EU AI Act for GPAI requirements, and the Japanese market’s study on generative AI markets.
Alerts
7.25.25
White House Releases America’s AI Action Plan
On July 23, 2025, the White House announced its long-awaited comprehensive AI Action Plan titled “Winning the AI Race: America’s AI Action Plan” (the Plan). The Plan is aimed at positioning the U.S. as the global leader in AI and is a follow up to President Donald Trump’s January 23, 2025, Executive Order on “Removing Barriers to American Leadership in Artificial Intelligence,” which revoked the Biden Administration’s prior AI Executive Order (Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence). The AI Action Plan contains more than 90 policy actions related to three key pillars: 1) Accelerating AI Innovation, 2) Building American AI Infrastructure, and 3) Leading in International AI Diplomacy and Security. This alert touches on all three pillars with a focus on the first, which outlines the Trump Administration’s strategic vision and policy recommendations to drive innovation in the American AI sector.
Alerts
6.25.25
Nevada Passes Law Limiting AI Use for Mental and Behavioral Healthcare
On June 5, 2025, Nevada Governor Joe Lombardo signed AB 406, a law regulating the use of artificial intelligence (AI) for mental and behavioral healthcare. AB 406 comes as other states, such as Utah and New York, have taken steps to regulate AI chatbots, including AI chatbots providing mental health services. AB 406 prohibits offering AI systems designed to provide services that constitute the practice of professional mental or behavioral healthcare (such as therapy) and prohibits making representations that an AI system can provide such care. In addition, AB 406 limits how mental and behavioral healthcare professionals can use AI systems.[1] AB 406 takes effect on July 1, 2025.
Alerts
6.11.25
HHS Announces New Director of Office for Civil Rights: What to Watch from the New Health Privacy Leader
On June 4, 2025, the U.S. Department of Health and Human Services (HHS) announced the appointment of Paula M. Stannard as the Director of the Office for Civil Rights (OCR). As Director, Stannard will lead the enforcement of the Privacy, Security, and Breach Notification Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as federal civil rights laws.
Alerts
5.09.25
The “TAKE IT DOWN Act” Goes Up to President Trump’s Desk for Signature
On April 28, 2025, Congress passed the “TAKE IT DOWN Act.” In addition to criminalizing intentional publication of non-consensual intimate imagery, including computer-generated intimate imagery (collectively, NCII), the bill requires “covered platforms” to develop a process for removing NCII within 48 hours of a valid report. Covered platforms are those that primarily provide a public forum for user-generated content. The term does not include ISPs, email providers, online services that consist primarily of non-user-generated content, or services for which chat, comment, or interactive functionality is directly related to the provision of non-user-generated content. The bill now awaits President Trump’s signature and is expected to be signed in light of receiving bipartisan support and an endorsement from the First Lady.
Alerts
4.16.25
CPPA Board Grapples with Public Concerns: Key Updates on Upcoming AI, Risk Assessment, and Cybersecurity Regulations
On April 4, 2025, the California Privacy Protection Agency (CPPA) Board met to discuss the latest draft California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, risk assessments, automated decision-making technology (ADMT), and an assortment of other updates to existing regulations. These revisions come after the CPPA first released draft regulations on these topics in July 2024 and initiated the formal rulemaking in November 2024, as analyzed in a prior alert. The board meeting turned out to be quite contentious, with board member Alastair Mactaggart emphasizing some of the serious concerns raised in the unusually large volume of public comments—totaling 630 comments and 1,664 pages of feedback—expressing his own concerns that those comments lay out “the very explicit blueprints” for others to challenge the constitutionality of the draft regulations. Ultimately, the Board provided extensive feedback on the draft regulations to CPPA staff, going beyond the issues that staff had prepared for discussion.
Alerts
3.19.25
Lessons from the CPPA’s $632,500 Settlement with Connected Vehicle Manufacturer
On March 12, 2025, the California Privacy Protection Agency (CPPA) announced a settlement with American Honda Motor Co. (Honda) over alleged violations of the California Consumer Privacy Act (CCPA). The CPPA investigated Honda as part of its investigative sweep into the data privacy practices of connected vehicles and related technologies, announced in July 2023. The CPPA specifically alleged, among other things, that Honda engaged in practices that made it difficult for Californians to exercise their out-opt rights and shared consumers’ personal information with ad tech service providers without proper contractual protections.
Alerts
3.12.25
CPPA Votes Out Proposed Delete Request and Opt-Out Platform (DROP) Data Broker Regulations
On March 7, 2025, the California Privacy Protection Agency (CPPA) Board met to discuss its proposed data broker regulations concerning the Delete Request and Opt-Out Platform (DROP) and voted to authorize CPPA staff to advance the regulations to formal rulemaking. As mandated by the Delete Act (discussed in a previous alert), the DROP will allow California residents to submit a single request to delete all personal information held by all data brokers operating in the state via an accessible mechanism. Data brokers would be required to access the DROP for updates every 45 days and delete the personal information of any state resident that matched the data broker’s records unless a deletion exception set forth in the California Consumer Privacy Act (CCPA) applies. These regulations also follow the CPPA’s November 2024 meeting, during which CPPA staff provided an update on the development of the DROP.
Alerts
12.19.24
Shaping Consumer Protection: What to Expect from Incoming Chairman Ferguson's FTC
On December 10, 2024, President-elect Trump named FTC Commissioner Andrew Ferguson as next Chairman of the Federal Trade Commission (FTC), replacing Chair Lina Khan on January 20, 2025. As a Senate-approved sitting Commissioner, he will not need Senate approval to assume the role of Chairman. President-elect Trump also named Mark Meador as a Commissioner to fill the slot currently occupied by Chair Khan. Meador is a former staff member for Senator Mike Lee (R-UT). He has experience serving at the FTC, having spent five years at the beginning of his career working on antitrust cases at the agency.
Alerts
12.12.24
CFPB Issues Proposed Rule to Cover Data Brokers Under the Fair Credit Reporting Act
On December 3, 2024, the Consumer Financial Protection Bureau (CFPB) announced its highly anticipated and controversial proposed rule that primarily aims to bring data brokers within the scope of the Fair Credit Reporting Act (FCRA). Data brokers have long argued that they do not furnish “consumer reports,” and thus do not constitute “consumer reporting agencies” subject to the FCRA’s obligations. The CFPB catalogues the harms that have resulted from such a stance; namely, risks to national security, financial well-being, and personal safety when data brokers sell information to countries of concern, scammers, or stalkers. The proposed rule seeks to cover data brokers by clarifying key provisions within the definition of “consumer report.” The proposed rule also aims to shore up consumer protections under the FCRA by interpreting the definition of “consumer reporting agency” more broadly and permissible purposes for furnishing consumer reports more narrowly, such as consumer consent and legitimate business needs. The CFPB seeks public comment on the proposed rule, which must be received on or before March 3, 2025.
Alerts
11.23.24
Proposed Rulemaking Issued by the DOJ Covering Data Export Transactions with Entities from Countries of Concern
On October 21, 2024, the U.S. Department of Justice (DOJ) issued a Notice of Proposed Rulemaking (NPRM) to implement Executive Order 14117, which authorizes the Attorney General to prohibit or restrict transactions by U.S. persons that could result in the transfer of government-affiliated or bulk U.S. sensitive data to countries of concern or covered persons, and to provide safeguards around other activities that may otherwise provide access to such data.