On June 3, 2026, the European Commission (EC) released its first draft of a proposed Cloud and AI Development Act (Proposal or CADA), marking a significant step forward in the EU’s efforts to strengthen its digital infrastructure and reduce strategic dependence on non-EU cloud providers.
Continue Reading European Commission Publishes Proposal for Act to Reduce Reliance on Foreign Cloud and AI
The European Commission has published draft guidelines (Draft Guidelines) to clarify the classification of high-risk AI systems under the European Union’s Artificial Intelligence Act (EU AI Act). This classification is crucial, as it determines whether an AI system will be subject to the EU AI Act’s most burdensome obligations. The Draft Guidelines provide general principles which inform if an AI system is high-risk, as well as a non-exhaustive list of examples of high-risk AI systems across various sectors. Organizations can provide feedback on the Draft Guidelines via this survey until June 23, 2026.
Continue Reading Draft Guidelines Clarify Which AI Systems Are “High-Risk” Under EU AI Act
While the EU Artificial Intelligence (AI) Act has set forth a relatively uniform framework for AI regulation in the EU, U.S. AI regulation has so far primarily consisted of a patchwork of state laws—which continue to evolve at a rapid pace. Despite the Trump administration calling for Congress to pass AI legislation that would preempt overly burdensome state laws in its National Policy Framework for Artificial Intelligence, many states appear to be actively moving ahead with new legislation. Here are the top areas the states are targeting, followed by some key takeaways:
Continue Reading Recent AI Regulatory Developments in the United States
The Federal Communications Commission (FCC) recently issued a unanimous Notice of Proposed Rulemaking and Notice of Inquiry targeting the use of AI-related technologies for communicating with consumers.1 In the proposed rule, the FCC seeks to impose a broad definition for AI technologies subject to the requirements of the Telephone Consumer Protection Act (TCPA). Companies using technology falling within the FCC’s proposed definition would be required to make certain disclosures under the TCPA to notify consumers that they are communicating with AI-technology. This proposal is the latest move by the FCC to tackle its largest source of consumer complaints: unwanted and illegal robocalls and robotexts.2 The proposed new rule may require companies to modify their current approach in engaging with consumers through AI-generated calls and/or texts, including potentially altering their current practices in collecting consent where necessary.
Continue Reading FCC Issues Notice of Proposed Rulemaking Regarding the Use of AI-Generated Technologies for Consumer Communications
Significant New CCPA Compliance Requirements Likely on the Way
On August 29, 2023, the California Privacy Protection Agency (CPPA) posted discussion drafts of its forthcoming regulations on cybersecurity audits and risk assessments as part of the materials for its September 8, 2023, public board meeting. These draft regulations are expected to eventually become part of the CPPA’s second rulemaking package under the California Consumer Privacy Act (CCPA) since the CCPA’s amendment by the California Privacy Rights Act. The CPPA has not yet started its formal rulemaking process for cybersecurity audits and risk assessments, and it has made clear that these draft regulations are meant to facilitate CPPA Board discussion and public participation. Nevertheless, the obligations set forth in the draft rules are extensive and provide an initial window into the onerous new compliance requirements. Notable requirements put forth for discussion under the draft regulations include:
Continue Reading CPPA Posts Draft Rules on Cybersecurity Audits and Risk Assessments