Alston & Bird Privacy, Cyber & Data Strategy Blog

FBI Launches Operation Winter SHIELD in Effort to Advance Cyber Resilience Across Critical Sectors

February 4, 2026 By Kim Peretti, Lance Taubin and Andrew Rice

On January 28, 2026, the Federal Bureau of Investigation (FBI) announced the launch of Operation Winter SHIELD, a coordinated initiative designed to promote adoption of core defensive measures that are shown to mitigate common intrusion vectors. Operation Winter SHIELD identifies ten priority actions the FBI views as important in improving organizational cyber resilience. The FBI also stated that these are controls that organizations can take “right now, to defend against cyberattacks.” These … [Read more] about FBI Launches Operation Winter SHIELD in Effort to Advance Cyber Resilience Across Critical Sectors

FTC Reverses Rytr Consent Order Amid Push for Federal AI Standards

February 3, 2026 By Kathleen Benway, Alex Brown, Jennifer Everett, Daniel Felz and Lili Song

On December 22, 2025, the Federal Trade Commission (FTC) set aside its 2024 consent order against Rytr, a generative AI-powered company, concluding that the original complaint “failed to satisfy the legal requirements of the FTC Act” and that the … [Read more] about FTC Reverses Rytr Consent Order Amid Push for Federal AI Standards

California Attorney General Announces Investigative Sweep into “Surveillance Pricing”

January 29, 2026 By Daniel Felz, Dorian Simmons and Christian Seremetis

On January 28, 2026, California Attorney General (“AG”) Rob Bonta announced an investigative sweep targeting “surveillance pricing” practices among businesses in the retail, grocery, and hotel sectors. The investigation focuses on companies that use … [Read more] about California Attorney General Announces Investigative Sweep into “Surveillance Pricing”

European Commission Publishes Guidance For Companies Implementing the EU Cyber Resilience Act

January 29, 2026 By Paul Greaves, Kelly Hagedorn and Wim Nauwelaerts

On December 3, 2025, the European Commission published its first set of technical FAQs on the EU Cyber Resilience Act (‘CRA’). The CRA is an EU-wide law which lays down cybersecurity requirements for ‘products with digital elements’ (‘PDEs’), … [Read more] about European Commission Publishes Guidance For Companies Implementing the EU Cyber Resilience Act

New York Regulates Large Artificial Intelligence Models

January 21, 2026 By Kim Peretti, Jennifer Everett, Scott Hilsen, Dorian Simmons and Santi Villar

On December 19, 2025, just eight days after President Trump issued an executive order titled “Ensuring a National Policy Framework for Artificial Intelligence” to challenge burdensome state laws that regulate artificial intelligence (the “December … [Read more] about New York Regulates Large Artificial Intelligence Models