Effective January 1, 2026, new legislation in California and Oklahoma will introduce important updates to each state’s breach notification requirements. These changes may significantly impact breach response obligations for businesses operating in or handling data related to residents of these states. Below is a summary of the key provisions under each law. California – Senate […]
Legislation
The EU Data Act Comes Into Force
The EU officially adopted the Data Act in January 2024, and it came into force on September 12, 2025. The Data Act builds on existing laws like the General Data Protection Regulation and the Data Governance Act. Now that the legislation is active, companies that fall under its scope must proactively review its provisions and […]
Texas Expands Data Broker Act Requirements
On September 1, 2025, the amendments to the Texas Data Broker Act (the Act) became effective. The Act, which originally came into effect on September 1, 2023, defines “data brokers” as business entities that derive their principal source of revenue from collecting, processing, or transferring personal data that they did not collect directly from consumers. […]
Compliance Deadline for Colorado AI Act Delayed Until June 30, 2026
On August 28, 2025, Colorado Governor Jared Polis signed Senate Bill 25B-004 (Bill) into law, extending the compliance deadline of the Colorado Artificial Intelligence Act (CAIA) from February 1, 2026, to June 30, 2026. The Bill does not alter the CAIA’s substantive requirements. But it remains uncertain whether the Colorado legislature will introduce further amendments […]
Texas Enacts Responsible AI Governance Act
On June 22, 2025, Texas Governor Greg Abbott signed House Bill 149, the Texas Responsible Artificial Intelligence Governance Act (“TRAIGA”), into law. TRAIGA imposes on businesses and governmental entities obligations and prohibitions for certain uses of artificial intelligence (“AI”), amends the Texas Capture or Use of Biometric Identifier Act (“CUBI”) to include certain exemptions, and […]