On July 23, 2025, the White House announced its long-awaited comprehensive AI Action Plan titled “Winning the AI Race: America’s AI Action Plan” (the Plan). The Plan is aimed at positioning the U.S. as the global leader in AI and is a follow up to President Donald Trump’s January 23, 2025, Executive Order on “Removing Barriers to American Leadership in Artificial Intelligence,” which revoked the Biden Administration’s prior AI Executive Order (Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence). The AI Action Plan contains more than 90 policy actions related to three key pillars: 1) Accelerating AI Innovation, 2) Building American AI Infrastructure, and 3) Leading in International AI Diplomacy and Security. This alert touches on all three pillars with a focus on the first, which outlines the Trump Administration’s strategic vision and policy recommendations to drive innovation in the American AI sector.Continue Reading White House Releases America’s AI Action Plan
Doo Lee
Nebraska and Vermont Pass Age-Appropriate Design Codes
By Tracy Shapiro, Christopher Olsen & Doo Lee on
Posted in Cybersecurity
Nebraska and Vermont are the latest U.S. states to join the growing landscape of children’s online safety laws that have swelled in state chambers in recent years. On May 30, 2025, Nebraska Governor Jim Pillen signed the Age-Appropriate Online Design Code Act (the Nebraska AADC). On June 12, 2025, Vermont Governor Phil Scott signed the Vermont Age-Appropriate Design Code Act (the Vermont AADC). In doing so, Nebraska and Vermont join California and Maryland, which in 2022 and 2024, respectively, enacted age-appropriate design code laws of their own. Notably, the ongoing legal challenges1 to the California and Maryland AADCs do not appear to have dissuaded state legislators from enacting AADC-style and other children’s online safety laws. The Nebraska AADC takes effect January 1, 2026 (though the state Attorney General (AG) must wait until July 1, 2026, to seek civil penalties). The Vermont AADC takes effect January 1, 2027.Continue Reading Nebraska and Vermont Pass Age-Appropriate Design Codes
CFPB Releases Final Open Banking Rules: Key Takeaways for Fintech Companies
By Maneesha Mithal, Jess Cheng & Doo Lee on
Posted in Privacy
On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) announced its long-awaited final rule on “Personal Financial Data Rights” (the Final Rule). The Final Rule implements Section 1033 of the Dodd-Frank Act, which provides consumers the right to access and port their financial information between banks and other financial entities. For an analysis of the proposed rule, please see our analysis here.Continue Reading CFPB Releases Final Open Banking Rules: Key Takeaways for Fintech Companies
Subscription and Auto-Renew Offerings Face New Hurdles: FTC Issues Broad “Click-to-Cancel” Rule Imposing Nationwide Requirements
By Maneesha Mithal, Aaron Hendelman, Libby Weingarten, Edward Holman, Brett Weinstein, Kelly Singleton, Rebecca Weitzel Garcia & Doo Lee on
Posted in Regulatory
Companies that automatically renew customers’ subscriptions or memberships, take note. On October 16, 2024, the Federal Trade Commission (FTC) announced sweeping amendments to the Negative Option Rule, which would apply to a host of subscription-based products and services that have an auto-renewal feature (i.e., a negative option offering), including those directed to businesses. The Rule includes specific and prescriptive requirements, such as requirements to 1) obtain consumers’ affirmative consent to an auto renewal feature “separate from any other portion of the transaction,” 2) present all material terms of the transaction “immediately adjacent to” the means of recording consumer consent, and 3) allow for simple cancellation in the same medium the consumer used to consent, noting that a chatbot cancellation method would not be acceptable unless the initial transaction was made through a chatbot. Violations of the Rule would be subject to $51,744 in civil penalties per violation.Continue Reading Subscription and Auto-Renew Offerings Face New Hurdles: FTC Issues Broad “Click-to-Cancel” Rule Imposing Nationwide Requirements
California Appeals Court Moves Up Enforcement Date for Latest CCPA Regulations
By Maneesha Mithal, Tracy Shapiro, Edward Holman & Doo Lee on
Posted in Privacy
On February 9, 2024, the California Third District Court of Appeals in Sacramento overturned a lower court order that postponed enforcement of the California Privacy Protection Agency’s (CPPA) newest rules. The decision restores the authority of the CPPA and California Attorney General to enforce the latest regulations under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) (“updated CCPA regulations”).Continue Reading California Appeals Court Moves Up Enforcement Date for Latest CCPA Regulations
U.S. Privacy Predictions: What to Watch for in 2024
By Maneesha Mithal, Libby Weingarten & Doo Lee on
Posted in Privacy
2023 was one of the busiest years for privacy yet—with more to come in 2024. Five new U.S. state privacy laws (in Texas, Florida, Oregon, Montana, and Washington) will come into effect in 2024. And federal and state regulators are sure to focus on hot areas like artificial intelligence, children’s privacy, and the collection, use, and sharing of consumer health data, among others. Given this backdrop, here are our top 10 predictions for privacy regulation in 2024:Continue Reading U.S. Privacy Predictions: What to Watch for in 2024