The European Data Protection Supervisor (EDPS) AI guidance for EU institutions has lessons for businesses. This includes when inputting personal information into these tools. The recommendations from the guidance fall into five categories, which businesses can take as potential principles. Namely:Continue Reading Protecting Personal Data in the Age of AI: Lessons from the Latest EDPS Guidance
Illinois employers are reminded that a law addressing the use of AI in the workplace is set to take effect January 1, 2026.Continue Reading Illinois AI Employment Law Goes Live Soon: Are Your Hiring Practices Compliant?
Italy became the first EU country to enact a comprehensive national AI law when its AI law (Law No. 132/2025) took effect last month. The law is intended to work with the existing EU AI Act, but with more details and specific obligations. In fact, it mirrors many of the themes that are being implemented in US AI laws (like those in Texas, Virginia (vetoed), and Colorado). This may be one of many similar laws we see coming out of Europe this year, and the potential for a fragmented AI regulatory patchwork in the EU.Continue Reading When in Rome—Make Your AI Do As the Regulators Do
Starting January 1, 2026, health care practitioners in Texas are required to store electronic health records in the United States under a new Act. It applies to all records- regardless of the date on which the record was first prepared. his requirement is found in a recently enacted law that also includes requirements for practitioner’s AI use.Continue Reading New Texas Law Requires Storage of Electronic Health Records in U.S.
Texas recently enacted a pair of laws aimed at AI governance in the public sector and in healthcare. Starting September 1, 2025, there will be statutory authorization for health care practitioners (HCPs) in Texas to use AI for care-related purposes. This includes a practitioner’s ability to develop courses of treatment and to diagnose patients.Continue Reading New Texas Law Permits Use of AI In Health Care
Texas is getting into the AI action, with a new law (the Texas Responsible Artificial Intelligence Governance Act) that will place restrictions not only on AI use by government agencies, but businesses as well. In particular, it will apply to businesses (a) operating in Texas, (b) those that have products or services used by those in the state, or (c) those that develop or deploy AI systems in Texas. The requirements of the law will take effect January 1, 2026. Some things for companies to keep in mind about the law’s requirements:Continue Reading Countdown to 2026: What Will the Texas AI Law Mean for Businesses?
California appears to be changing its approach to how it regulates artificial intelligence, likely reflecting its reaction to challenges seen recently in other states. Namely, the California Privacy Protection Agency recently released an update to its draft regulations which change how the Agency plans to regulate Automated Decisionmaking Technology, or ADMT. This comes after the Agency’s original proposal faced intense opposition from industry groups, state lawmakers and Governor Newsom.Continue Reading California Regulator Releases Updated Draft Regulations, Scales Back Proposed AI Privacy Rules
The FTC’s settlement with Cleo AI gives some indication as to what we might see from the agency in the coming months. The FTC alleged, among other things, that Cleo AI’s actions violated Section 5 of the FTC Act. In particular, as reported in our sister blog, Cleo AI required people to enroll in a paid subscription plan, even though they marketed their services as free. It also made it difficult for people to cancel their subscription and made it hard to stop recurring charges. The company also failed to disclose material terms.Continue Reading Lessons from the FTC: The Cleo AI Settlement
Virginia’s Governor, Glenn Youngkin, vetoed a bill this week that would have regulated “high-risk” artificial intelligence systems. HB 2094, which narrowly passed the state legislature, aimed to implement regulatory measures akin to those established by last year’s Colorado AI Act. At the same time, Colorado’s AI Impact Task Force issued concerns about the Colorado law, which may thus undergo modifications before its February 2026 effective date. And in Texas, a proposed Texas Responsible AI Governance Act was recently modified.Continue Reading US State AI Legislation: Virginia Vetoes, Colorado (Re)Considers, and Texas Transforms
The Oregon AG’s Office, along with the state’s Department of Justice, issued guidance late last year on how state laws apply to the ways businesses use AI. The guidance may be two months old, but the cautions are still timely. The guidance seeks to give companies direction on times when AI uses might be regulated by existing state laws.Continue Reading Oregon’s AI Guidance: Old Laws in Scope for New AI
The New Jersey AG and the Division on Civil Rights’ new guidance on algorithmic discrimination explains how AI tools might be used in ways that violate the New Jersey Law Against Discrimination. The law applies to employers in New Jersey, and some of its requirements overlap with new state “comprehensive” privacy laws. In particular, those laws’ requirements on automated decisionmaking. Those laws, however, typically do not apply in an employment context (with the exception of California). This New Jersey guidance (which mirrors what we are seeing in other states) is a reminder that privacy practitioners should keep in mind AI discrimination beyond the consumer context.Continue Reading New Jersey Discrimination Law Guide: Applicability of Existing Laws to AI Tools