Key Takeaways

  • CB Financial Services, Inc. filed the first SEC Form 8-K under Item 1.05 triggered by an  unauthorized use of an artificial intelligence (AI) tool, not an external cyberattack.
  • A cybersecurity incident caused by insider misuse of AI (known as Shadow AI) should be assessed for disclosure under SEC rules.
  • The four-business-day disclosure clock under Item 1.05 starts at the materiality determination, not at detection of the incident.
  • Shadow AI should be considered as a cybersecurity risk as part of a company’s enterprise risk management framework.
  • Financial institutions face layered exposure: federal banking guidance, state breach notification laws, and class action litigation.
  • Suggested actions companies could take in reaction to Shadow AI developments are included below.
Continue Reading “Shadow AI” Triggers First SEC Form 8-K for Unauthorized AI Use: What Financial Institutions and Public Companies Need to Know

The European Commission has published draft guidelines (Draft Guidelines) to clarify the classification of high-risk AI systems under the European Union’s Artificial Intelligence Act (EU AI Act). This classification is crucial, as it determines whether an AI system will be subject to the EU AI Act’s most burdensome obligations. The Draft Guidelines provide general principles which inform if an AI system is high-risk, as well as a non-exhaustive list of examples of high-risk AI systems across various sectors. Organizations can provide feedback on the Draft Guidelines via this survey until June 23, 2026.

Continue Reading Draft Guidelines Clarify Which AI Systems Are “High-Risk” Under EU AI Act

In its first year under the Trump-Vance administration, the Federal Trade Commission (FTC) has aggressively enforced consumer protection and privacy laws and initiated new rulemakings. Although the new rulemaking activity is somewhat surprising in a Republican administration, the FTC has expressed its intent to conduct a more rigorous economic analysis of the effects of any new regulations. Based on the FTC’s activity over the past year, we have identified the issues below as top FTC priorities and provided takeaways for companies to help steer clear of regulatory scrutiny.

Continue Reading Consumer Protection Update: Insights into the First Year of the Trump-Vance FTC

While the EU Artificial Intelligence (AI) Act has set forth a relatively uniform framework for AI regulation in the EU, U.S. AI regulation has so far primarily consisted of a patchwork of state laws—which continue to evolve at a rapid pace. Despite the Trump administration calling for Congress to pass AI legislation that would preempt overly burdensome state laws in its National Policy Framework for Artificial Intelligence, many states appear to be actively moving ahead with new legislation. Here are the top areas the states are targeting, followed by some key takeaways:

Continue Reading Recent AI Regulatory Developments in the United States

Developments in law, regulatory guidance, and enforcement practice across Europe are leading to meaningful changes in how online services are offered to minors. A steady stream of announcements in recent months makes clear that this area will continue to develop at pace, requiring providers of online services to keep their approach to age assurance under regular review.

Continue Reading What’s Next for Age Assurance Laws in Europe?