Legislation

New Artificial Intelligence Laws in Effect in Utah

June 13, 2025 By Jennifer Everett, Daniel Felz and Anna von Spakovsky

Utah Governor Spencer J. Cox signed three state AI bills into law that took effect May 7, 2025. These laws require businesses to make “you’re talking to a bot” disclosures and comply with privacy requirements when using AI in connection with consumer transactions, mental health chatbots, and certain content used for advertising, fundraising or endorsements. […]

NY Passes Law Governing Personalized Algorithmic Pricing; AI Companions

June 11, 2025 By Jennifer Everett, Jennifer Pike and Dorian Simmons

[THIS POST HAS BEEN UPDATED TO REFLECT CHANGES TO THE LEGISLATION PRIOR TO SIGNING.] On May 9, 2025, New York Governor Kathy Hochul signed Assembly Bill A3008 into law. The omnibus legislation mandates transparency in personalized algorithmic pricing. The new law also requires operators of AI companions to implement safety protocols and disclose bot usage […]

CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period

May 9, 2025 By Dorian Simmons

On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), insurance, and updates to the existing CCPA regulations. The revisions were informed by comments received by the CPPA during the formal public […]

2025 State Cybersecurity Legislation Focuses on Financial Services

April 18, 2025 By Kim Peretti and Scott Hilsen

Eight years ago, on March 1, 2017, the New York Department of Financial Services enacted its landmark cybersecurity regulation covering financial services companies, 23 NYCRR Part 500, known as “Part 500.” Part 500 was the first state regulation to enumerate, in great detail, the elements of a cybersecurity program that a covered financial service company […]

Virginia Legislature Passes Second US AI Governance Act behind Colorado: Comparing the AI Acts

March 4, 2025 By Alex Brown, Jennifer Everett, Daniel Felz, Ashley Miller and Dorian Simmons

On February 20, 2025, the Virginia legislature passed the High-Risk Artificial Intelligence Developer and Deployer Act (House Bill 2094, the “VA AI Act”) that mandates developers and deployers of high-risk artificial intelligence systems (“HRAI systems”) to adhere to specific governance requirements. The VA AI Act will come into effect on July 1, 2026 (if Virginia […]