Category: Policy & Legislation
AI Act Enters Into Force
On 12 July 2024, the long-awaited Artificial Intelligence Act (AI Act) was published in the Official Journal of the European Union (OJEU), meaning that 20 days from this date it will enter into force and will apply from 2 August 2026, bringing certainty regarding the timeline for its applicability, which […]
Utah, Colorado Pave Way for AI-Specific State Laws – Is Your Company Ready for the Impending Regulation Wave?
The regulation of artificial intelligence (AI) has drawn significant interest from policymakers in the US, particularly at the state level. There has been a recent slew of legislative activity with respect to comprehensive AI bills across various states. We expect to see this new wave of comprehensive AI regulation at […]
EU Collective Redress Directive: What Services Companies Need to Know (Part One)
This article is the first in a three-part series on collective claims and class actions in the EU and the US. As collective claims become more prevalent in the EU, companies offering platforms, products, and services in both jurisdictions will benefit from implementing and maintaining a coordinated global class action […]
Understanding Washington’s My Health My Data (MHMD) Act: Applicability, Scope and Requirements
On January 31, 2024, Cooley lawyers Brooke Fritz and Andrew Epstein led a virtual presentation on Washington state’s My Health My Data (MHMD) Act. Below are some key highlights from the discussion. The MHMD Act’s origins and purposes:In an effort to close the “gap” that exists between consumer knowledge and […]
CISA Opens Notice and Comment Process on CIRCIA Draft Regulations
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security published a long-awaited notice of proposed rulemaking (NPRM) pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Signed into law in 2022 by President Joe Biden, CIRCIA required CISA to […]
Washington State’s My Health My Data Act FAQ, Part Three – Enforcement Risks
In Part Three of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to the MHMD Act’s enforcement risks – including the much-feared private right of action. Given the MHMD Act’s broad scope, its private right of action, the potential for large certified […]
New Hampshire and New Jersey Pass Comprehensive Consumer Privacy Laws
The proliferation of state consumer privacy laws continues into 2024. On March 6, 2024, New Hampshire Gov. Chris Sununu signed SB255, the New Hampshire Privacy Act (NHPA), making New Hampshire the 14th state to enact a comprehensive privacy law. Similarly, on January 16, 2024, New Jersey Gov. Phil Murphy signed […]
NIST Unveils Cybersecurity Framework 2.0
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the long-awaited second version of the Cybersecurity Framework (CSF). Dubbed “CSF 2.0,” it contains a few significant changes: As we noted in a July 2023 blog post, NIST was required by the White House’s National Cybersecurity Strategy […]
UK Government Sets Out Approach to AI Regulation
On Tuesday, 6 February 2024, the UK government released its consultation response to its March 2023 white paper titled ‘A pro-innovation approach to AI regulation’. The response provides further details on the UK government’s approach to artificial intelligence regulation.