Governor Newsom has vetoed SB 1047 but signed into law three other laws regulating the development and deployment of certain artificial intelligence (AI) tools. As explained in detail in our prior post, California's...more
Last week, the California Legislature passed several bills that, if signed by the governor, will regulate how organizations develop, train, and use artificial intelligence (AI) models, systems, and applications. Of these...more
9/10/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Covered Providers ,
Cyber Attacks ,
Damages ,
Deep Fake ,
Disclosure Requirements ,
Employment Contract ,
Enforcement ,
Incident Response Plans ,
Machine Learning ,
Penalties ,
Proposed Legislation ,
Regulatory Reform ,
Reporting Requirements ,
Risk Assessment ,
Training ,
Transparency
On July 26, NIST released a final version of its Generative Artificial Intelligence Profile (GenAI Profile), a cross-sectoral profile of and companion to the AI Risk Management Framework (AI RMF) (for further detail on the AI...more
8/7/2024
/ Artificial Intelligence ,
Chemical Weapons ,
Child Abuse ,
Data Privacy ,
Deep Fake ,
Environmental Impact Statements ,
Executive Orders ,
Governance Standards ,
Guidance Update ,
Intellectual Property Protection ,
Machine Learning ,
Negligence ,
NIST ,
Nuclear Weapons ,
Risk Mitigation
California agency's proposed regulations for data brokers include clarifications and new definitions -
On July 5, 2024, the California Privacy Protection Agency (CPPA) released a notice of proposed rulemaking and proposed...more
The U.S. Securities and Exchange Commission's (SEC) Division of Corporate Finance (Division) published a statement on May 21, 2024, regarding how public companies may disclose cyber incidents they determined to be immaterial....more
On March 15, 2024, the Bipartisan Senate Artificial Intelligence Working Group (the "AI Working Group")—led by Senate Majority Leader Chuck Schumer (D-N.Y.) and Sens. Mike Rounds (R-S.D.), Martin Heinrich (D-N.M.), and Todd...more
5/24/2024
/ Anti-Discrimination Policies ,
Artificial Intelligence ,
Copyright ,
Data Privacy ,
Department of Energy (DOE) ,
General Elections ,
Innovation ,
Intellectual Property Protection ,
Machine Learning ,
NASA ,
National Security ,
New Rules ,
NIST ,
Policies and Procedures ,
Risk Mitigation ,
Transparency
On March 13, 2024, Utah enacted the Artificial Intelligence Policy Act ("AIPA"), which creates two types of disclosure requirements for a business or person that "uses, prompts, or otherwise causes" generative AI applications...more
On April 1, 2024, the California Privacy Protection Agency (CPPA) issued its first enforcement advisory directing businesses to implement the data minimization principle when responding to consumer requests. The advisory was...more
On November 27, 2023, the California Privacy Protection Agency (CPPA) released draft regulations mandating notice, opt-out, and information access requirements for companies using automated decision-making technology (ADMT)...more
12/8/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Business Entities ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Criminal Justice Reform ,
Cybersecurity ,
Employer Liability Issues ,
Financial Services Industry ,
Healthcare ,
Machine Learning ,
New Rules ,
Notice Requirements ,
Opt-Outs ,
Regulatory Agenda ,
Technology Sector ,
Transparency
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (UK NCSC), along with partner agencies from 17 nations, have released Guidelines for Secure AI System Development (the...more
12/5/2023
/ Artificial Intelligence ,
Asset Protection ,
Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Documentation ,
Executive Orders ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Infrastructure ,
Machine Learning ,
NCSC ,
NIST ,
Popular ,
Risk Management ,
Supply Chain
The CPPA kicked off a first round of rulemaking in May 2022 and finalized that set of rules in March of this year. At the latest California Privacy Protection Agency (CPPA) meeting, the CPRA Rules Subcommittee (Rules...more
8/18/2023
/ Artificial Intelligence ,
Audits ,
Automated Systems ,
California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Criminal Justice Reform ,
Cybersecurity ,
Machine Learning ,
New Regulations ,
Personal Information ,
Popular ,
Privacy Laws ,
Risk Assessment ,
Rulemaking Process
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC or Commission) finalized its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies (the "Final Rule") by a...more
On July 21, the White House announced that seven leading AI companies (Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI) have agreed to make voluntary commitments around three key areas of their AI systems:...more
Swiftly on the heels of the U.S. announcing it fulfilled its commitments for implementing the EU-U.S. Data Privacy Framework (the Framework), the European Commission (the EC) formally recognized that commercial organizations...more
7/14/2023
/ Court of Justice of the European Union (CJEU) ,
Data Security ,
Department of Justice (DOJ) ,
Department of Transportation (DOT) ,
Enforcement ,
EU Data Protection Laws ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Liability ,
Notice Requirements ,
ODNI ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
The U.S. Secretary of Commerce, Gina Raimondo, issued a statement on July 3, 2023, announcing completion of commitments by the U.S. for implementing the Trans-Atlantic Data Privacy Framework (the "Framework"). The Framework...more
7/10/2023
/ Data Collection ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
ODNI ,
Personal Data ,
Policies and Procedures ,
Privacy Framework ,
Safeguards Rule ,
Secretary of Commerce ,
Standard Contractual Clauses
According to its Spring 2023 rulemaking agenda, the U.S. Securities and Exchange Commission (SEC) has delayed issuance of two sets of cybersecurity requirements that previously were expected to be finalized in April 2023. The...more
6/28/2023
/ Broker-Dealer ,
Business Development Companies ,
Corporate Governance ,
Corporate Strategy ,
Cyber Incident Reporting ,
Cybersecurity ,
Investment Adviser ,
Proposed Rules ,
Publicly-Traded Companies ,
Registered Investment Advisors ,
Regulatory Agenda ,
Risk Management ,
Rulemaking Process ,
Securities and Exchange Commission (SEC)
On May 23, the Biden Administration announced several new initiatives to support the development of a National Artificial Intelligence (AI) Strategy. The initiatives focus on: (1) outlining a plan to increase federal...more
6/1/2023
/ Artificial Intelligence ,
Biden Administration ,
EdTech ,
Federal Funding ,
Innovative Technology ,
Machine Learning ,
NTIA ,
OSTP ,
R&D ,
Regulatory Agenda ,
Regulatory Reform ,
Request For Information ,
Research and Development
On April 11, 2023, the Department of Commerce, through the National Telecommunications and Information Administration (NTIA), issued a request for comments (RFC) on AI system accountability measures and policies. The “AI...more
The Colorado Attorney General's Office released the final version of its rules implementing the Colorado Privacy Act (CPA) on March 15. The CPA was enacted on July 7, 2021 and the first draft of the implementing rules were...more
The U.S. Securities and Exchange Commission ("SEC" or the "Commission") has ordered Blackbaud, Inc. ("Blackbaud") to pay $3 million to resolve claims that it made materially misleading statements about a 2020 ransomware...more
3/16/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Hackers ,
Misleading Statements ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
Securities Violations
On January 26, 2023, the National Institute of Standards and Technology (NIST) released the final version of its AI Risk Management Framework (RMF). ...more
The U.S. Securities and Exchange Commission (SEC) appears to have big plans for cybersecurity regulation in 2023....more
On December 21, 2023, the Colorado Attorney General released a second draft of the Colorado Privacy Act Rules, revising the previous draft of the proposed rules. Our analysis of the first draft of the rules can be found here....more
In a significant move toward replacing the invalidated Privacy Shield, the European Commission (EC) released a draft Adequacy Decision on December 13, 2022, concluding that the U.S. legal framework provides an adequate level...more
The New York Department of Financial Services (NYDFS) has proposed significant amendments (Proposed Amendments) to its Cybersecurity Requirements for Financial Services Companies (Cybersecurity Regulation)....more