On March 20, 2026, the White House released its National Policy Framework for Artificial Intelligence. This Framework contains a sweeping set of legislative recommendations intended to establish a coherent, nationally unified approach to AI governance. While the Framework does not itself create binding legal obligations, it is likely to shape federal AI legislation in
China’s internet regulatory authority and top prosecutors have recently released a series of enforcement actions and cases, aimed at highlighting enforcement priorities in the data security realm over the last year. In 2025, enforcements under the Chinese Cybersecurity Law, the Data Security Law, the Personal Information Protection Law, and the Regulations on the Security Management
The California Privacy Protection Agency (“CPPA”) discussed at its July 16 meeting new enforcement focuses in addition to current goals. While the new focuses are largely in line with general trends, they also serve as a reminder that specific and nuanced compliance decisions can make a big difference.
As the CPPA has made clear in
Colorado has become the first state to pass legislation (SB24-205) regulating the use of artificial intelligence (AI) within the United States. This legislation is designed to address the influence and implications, ethically, legally, and socially, of AI technology across various sectors.
Any person doing business in Colorado, including developers or deployers of high-risk
On March 7, 2024, a bipartisan coalition of 43 state attorneys general sent to the Federal Trade Commission (“FTC”) a letter urging the FTC to update the regulations (“COPPA Rules”) implementing the Children’s Online Privacy Protection Act (“COPPA”).
Through regulations known as the “COPPA Rule,” state attorneys general are authorized to bring actions as parens
The FTC published guidance warning companies that “[i]t may be unfair or deceptive for a company to adopt more permissive data practices—for example, to start sharing consumers’ data with third parties or using that data for AI training—and only inform consumers of this change through a surreptitious, retroactive amendment to its terms of service or
On February 1, 2024, the Connecticut Office of the Attorney General (“OAG”) submitted to the Connecticut General Assembly its report on the first six months of the Connecticut Data Privacy Act (“CTDPA”). While the report includes important information about its enforcement efforts to date, the most noteworthy aspect may be its recommendation to the legislature
On November 14, 2023, the Colorado Division of Insurance’s AI insurance regulations went into effect. Colorado is now the first state in the nation to adopt regulations specifically aimed at insurance algorithms.
Colorado’s regulation requires life insurance companies to report how they review AI models and use External Consumer Data and Information Sources (ECDIS), which