We have been writing about the California Invasion of Privacy Act (CIPA) for a while now (and, earlier this year, we predicted this law would continue to be a major issue in 2026).

From demand letters flooding our clients’ inboxes to the wave of litigation targeting standard website tracking tools, this 1967 wiretapping statute has proven uniquely susceptible to claims that bear little resemblance to the covert surveillance it was designed to prevent. On July 1, 2026, the California Assembly Committee on Privacy and Consumer Protection passed an amended version of Senate Bill 690, and the result is both encouraging and incomplete.

Continue Reading California Legislature Takes Aim at CIPA Abuse

On June 22, 2026, President Trump issued two Executive Orders entitled “Ushering the Next Frontier of Quantum Innovation” (Quantum EO) and “Securing the Nation Against Advanced Cryptographic Attacks” (Cryptographic EO) demonstrating the increasing focus of the administration on quantum. 

Quantum technology is a rapidly growing technology using quantum-mechanical principles to process data in ways not possible with classical computers. Quantum computers and quantum technologies like photonics and sensors are undergoing significant research and development efforts that will impact every industry. One of the most immediately impactful issues related to quantum computers is their ability to break even the best classical computer encryption protocols. As a result, the United States and many other countries and large companies are dedicating significant funds to quantum research in an effort to ensure the protection of critical encrypted data. Quantum is both an amazing new technology and an imminent security threat.

Continue Reading Quantum Homework for Everyone: New Executive Orders on Quantum Technology

The California Information Privacy Act (CIPA) has become a go‑to vehicle for plaintiffs’ counsel attacking website tracking technologies, such as cookies, pixels, beacons, chat bots, and video or session replay tools.

Over the last few years, website operators have been hit with a wave of demand letters claiming CIPA violations. But the tide may be shifting – marking smoother sailing for website operators. A recent decision from a California court narrows CIPA to telephonic communications and significantly undercuts the viability of CIPA claims against commercial websites.

Continue Reading Changing Tides: A Los Angeles Court Delivers a Major CIPA Defense Win

Last week, I had the pleasure of taking the main stage at CincyAI Week in Cincinnati, Ohio to talk with entrepreneurs, business leaders, academics, and artificial intelligence enthusiasts about the current state of AI policy, privacy, and compliance across the United States.

Here are the key takeaways from the presentation.

Continue Reading The State of AI Policy, Privacy, and Compliance in the United States

On June 4, 2026, Representatives Jay Obernolte and Lori Trahan released a discussion draft of the Great American Artificial Intelligence Act of 2026 (GAAIA). The GAAIA is the latest federal attempt at timely and coherent technology-based regulations.

This bill, however, takes a notably different approach. Narrow enough to be effective, GAAIA sidesteps the pitfalls that have plagued federal privacy law efforts by limiting scope and preemption. Not yet formally introduced, this nearly 270-page discussion draft seems to mostly target the big players (the large AI companies building foundational AI models) and is centered around transparency and innovation.

This article covers the key provisions of GAAIA, what organizations are actually in the crosshairs, and how it fits alongside the June 2nd Executive Order related to artificial intelligence.

Continue Reading The Great American Artificial Intelligence Act: An Attempt to Federally Regulate AI

Connecticut’s Governor Ned Lamont announced on May 29, 2026 that he had ratified sweeping artificial intelligence legislation in Senate Bill 5, titled “An Act Concerning Online Safety.” The law is unique in its breadth among the growing list of state AI laws, in that it regulates several distinct applications or categories of AI.

Specifically, the law addresses: 1) subscription-based AI services; 2) frontier AI models; 3) automated employment-related decision technology; 4) AI companions; and 5) AI in social media. Below, we summarize certain requirements pertaining to each regulated topic.

Continue Reading Connecticut Enacts Sweeping AI Legislation

In February 2026, a public-private partnership headed by the U.S. Department of the Treasury concluded an investigative process aimed at strengthening cybersecurity and risk mitigation for AI in the financial services sector.

The partnership consisted of executives from over 100 financial institutions, U.S. and international agencies, federal and state financial regulators, and other key stakeholders. One of the partnership’s key deliverables announced at the conclusion of the investigation is the Financial Services AI Risk Management Framework (Financial Services AI RMF), which adopts and expands the AI Risk Management Framework provided by the National Institute of Standards and Technology (NIST Framework) for specific application to the financial services industry.

Continue Reading Financial Services AI Risk Management Framework: Expanded Controls for the Financial Services Industry

On May 14, 2026, Colorado Governor Jared Polis signed SB 26-189, the new Colorado artificial intelligence statute which goes into effect January 1, 2027.  SB 26-189 replaces SB 24-205, the  controversial AI statute that had not yet become effective.

SB 26-189 was the result of several years of negotiations between groups seeking more regulation of AI, particularly with respect to consumer protection, and those concerned that SB 24-205 would impose significant costs and burdens on companies with employees, customers or other stakeholders in Colorado. 

Many technology industry participants would rather kiss a Wookiee than comply with SB 24-205 and expressed concern that SB 24-205 would cause technology companies to avoid Colorado due to its burdensome requirements.

Continue Reading Colorado Act Legislation: The AI Strikes Back

Among the growing number of state AI statutes, multiple states have now enacted laws governing the use of artificial intelligence technology by health insurers when determining whether or not to cover claims.

This article outlines some considerations for insurers, focusing on Nebraska, Georgia and Colorado statutes. 

Continue Reading AI and Insurance Claims: Beware Fully Automated Decision Making

Last week, on May 8, 2026, the public comment period for New York City’s own version of the “click-to-cancel rule” closed. The proposed rule (NYC Subscription Rule) was issued following an Executive Order from January 2026 by New York City Mayor, Zohran Mamdani, which focuses on ensuring New Yorkers are not forced to remain in unwanted subscriptions.

This Executive Order focuses on ensuring New Yorkers are not stuck with subscriptions. Under the Executive Order, NYC’s Department of Consumer and Work Protection (DCWP) will prioritize monitoring, investigating and taking enforcement action against subscription-related practices that deceive or mislead consumers.

Continue Reading Click‑to‑Cancel Comes to NYC: The Big Apple Cracks Down on Bad Apples (i.e., Bad Subscription Practices)