Artificial intelligence (AI) companion apps have been in the news, with Commissioner Melissa Holyoak of the Federal Trade Commission calling for a study on AI companions earlier this month, and lawmakers at the state and federal level voicing concerns about the technologies. In response, New York has enacted the first law requiring safeguards for AI companions. Scheduled to come into effect on November 5, 2025, the law requires operators of AI companions to implement safety measures to detect and address users’ expression of suicidal ideation or self-harm and to regularly disclose to users that they are not communicating with a human. Here are some answers to the key questions about the law:Continue Reading New York Passes Novel Law Requiring Safeguards for AI Companions

On June 5, 2025, Nevada Governor Joe Lombardo signed AB 406, a law regulating the use of artificial intelligence (AI) for mental and behavioral healthcare. AB 406 comes as other states, such as Utah and New York, have taken steps to regulate AI chatbots, including AI chatbots providing mental health services. AB 406 prohibits offering AI systems designed to provide services that constitute the practice of professional mental or behavioral healthcare (such as therapy) and prohibits making representations that an AI system can provide such care. In addition, AB 406 limits how mental and behavioral healthcare professionals can use AI systems.[1] AB 406 takes effect on July 1, 2025.Continue Reading Nevada Passes Law Limiting AI Use for Mental and Behavioral Healthcare

On June 4, 2025, the U.S. Department of Health and Human Services (HHS) announced the appointment of Paula M. Stannard as the Director of the Office for Civil Rights (OCR). As Director, Stannard will lead the enforcement of the Privacy, Security, and Breach Notification Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as federal civil rights laws.Continue Reading HHS Announces New Director of Office for Civil Rights: What to Watch from the New Health Privacy Leader

On April 28, 2025, Congress passed the “TAKE IT DOWN Act.” In addition to criminalizing intentional publication of non-consensual intimate imagery, including computer-generated intimate imagery (collectively, NCII), the bill requires “covered platforms” to develop a process for removing NCII within 48 hours of a valid report. Covered platforms are those that primarily provide a public forum for user-generated content. The term does not include ISPs, email providers, online services that consist primarily of non-user-generated content, or services for which chat, comment, or interactive functionality is directly related to the provision of non-user-generated content. The bill now awaits President Trump’s signature and is expected to be signed in light of receiving bipartisan support and an endorsement from the First Lady.

A summary of the bill’s key provisions are highlighted below.Continue Reading The “TAKE IT DOWN Act” Goes Up to President Trump’s Desk for Signature

On April 22, 2025, the EU Commission’s AI Office published draft guidelines to clarify the obligations in the EU AI Act for providers of general-purpose AI models (guidelines). These obligations will be applicable to AI

Continue Reading EU AI Office Clarifies Key Obligations for AI Models Becoming Applicable in August

On April 21, 2025, the Federal Trade Commission (FTC) announced that it had filed a complaint against Uber Technologies, Inc. and Uber USA LLC (collectively, Uber), a rideshare and delivery company. Among other things, the FTC alleges in its complaint that Uber violated Section 5 of the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA) by charging consumers for its Uber One subscription service without their consent and making it difficult for users to cancel the service despite its “cancel anytime” promises.Continue Reading FTC Files Consumer Protection Complaint Against Uber for Deceptive Billing and Cancellation Practices

On April 24, 2025, the UK’s Office of Communications, commonly known as Ofcom—the regulator responsible for enforcing the UK’s Online Safety Act (OSA)—issued its Protecting Children from Harm Online Statement. The statement requires online services to conduct and document a children’s risk assessment in accordance with the OSA by July 24, 2025. Services will be required to implement measures to protect children from content that is harmful to them by July 25, 2025.Continue Reading The UK’s Online Child Safety Duties Are Coming into Force: Steps to Take Now