Artificial intelligence is no longer a future concern for employment lawyers and HR teams. It is already embedded in how many organizations recruit, manage and restructure their workforces. Regulators in California and Connecticut are responding with concrete legislative proposals and executive action that would impose new compliance obligations on employers who use these tools. Employers with UK or EU operations should also be watching parallel developments, as workplace AI is increasingly being regulated through a combination of AI-specific rules, data protection law, equality law and employment consultation obligations.
Unpacking the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection Hearing on AI Security
On June 4, 2026, the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection held a hearing on “The AI Security Landscape: How Frontier Models, Agentic AI, and AI Coding Tools Are Reshaping Cybersecurity and Critical Infrastructure Resilience.” The hearing focused on how advanced AI systems are changing both sides of the cybersecurity equation: giving defenders new tools to identify, prioritize and remediate vulnerabilities, while also giving adversaries the ability to scale vulnerability discovery, exploitation, reconnaissance and malware development.
In “House Homeland Security Hearing Highlights Growing Cybersecurity and Critical Infrastructure Risks of AI,” colleagues Shruti Bhutani Arora, Brian Finch and Nathan Banks identify the key takeaways from the hearing, potential policy and rulemaking signals, and the main issue areas for clients developing, deploying or relying on AI-enabled cybersecurity, coding or infrastructure tools.
California AG Announces Largest CCPA Penalty to Date in First Data Minimization Case
On May 8, 2026, California Attorney General Rob Bonta, joined by district attorneys from San Francisco, Los Angeles, Napa and Sonoma counties, announced a proposed $12.75 million settlement with a connected vehicle services provider over alleged CCPA violations involving the collection, retention, use and disclosure of vehicle data. The California Privacy Protection Agency’s Enforcement Division assisted in the investigation, which followed a broader CPPA sweep of connected vehicle privacy practices.
Email-Tracking Technology: Emerging Compliance Expectations in the U.S., EU and Beyond
The use of email-tracking technology is drawing heightened regulatory scrutiny and has become a growing target of litigation. For many organizations, these technologies, which could be in the form of a “pixel,” “beacon” or URL tracking parameters embedded in links, sit quietly in the background of marketing and operational messages. Yet from a legal and compliance perspective, they raise the same kinds of questions as online tracking tools such as cookies. This article explains what is happening and why it matters, and offers some pragmatic options for organizations to consider when relying on email engagement data.
FTC Issues COPPA Policy Statement to Encourage Age Verification Technologies
The Federal Trade Commission (FTC) has issued a significant policy statement announcing that it will not bring enforcement actions under the Children’s Online Privacy Protection Rule (COPPA Rule) against certain website and online service operators that collect, use, and disclose personal information solely for the purpose of determining a user’s age via age verification technologies.
A New Era of Data Deletion: Inside California’s DROP System
On January 1, 2026, the California Privacy Protection Agency (CalPrivacy, as it is now known) will launch the Data Rights Opt-out Platform (DROP System), an online tool enabling California residents to send a single request to over 500 data brokers requiring them to delete their personal information.
The Data Security Program Compliance Guide Is Released by the DOJ
On January 8, 2025, the U.S. Department of Justice (DOJ) issued its final rule (28 C.F.R. Part 202) implementing former President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” The guide outlines the requirements of a newly implemented Data Security Program (DSP) designed to prevent China, Russia and other foreign adversaries designated by the DOJ from accessing American’s sensitive personal data and U.S. government-related data.
In “DOJ Releases Its Data Security Program Compliance Guide,” colleagues Tony Phillips, Shruti Bhutani Arora, Sahar J. Hafeez, Christine Mastromonaco and Sheetal Misra discuss the key components of the DSP and offer thoughts about compliance.
Apple’s $500B U.S. Manufacturing Push and New AI Server Facility in Houston: What It Means for Data Centers
As we covered previously, President Trump has made clear that the U.S. is focused on increasing investments into building, scaling and speeding the development of AI infrastructure and data centers in the U.S., and Big Tech is responding in kind.
UK Online Safety Act: New Obligations for Digital Service Providers Targeting the UK
The UK’s Online Safety Act 2023 (OSA) is a comprehensive piece of legislation designed to regulate social media companies and search services and to increase protections for individuals online. It draws comparisons to the EU’s Digital Services Act, with both laws include provisions relating to safety and transparency—seeking to balance the need to protect people online with fundamental rights such as the right to freedom of expression and privacy. Importantly, it applies not just to digital service providers in the UK but to any service with links to the UK.
California’s Significant AI laws Go into Effect
January 1, 2025, marked the start of a series of significant AI laws going into effect in California. California’s 18 new AI laws represent a significant step toward regulating this space, establishing requirements regarding deepfake technology, AI transparency, data privacy and use of AI in the health care arena. These laws reinforce the state’s desire to be a pioneer in this space.
In California’s AI Laws Are Here—Is Your Business Ready?, Christine Mastromonaco, Shruti Bhutani Arora, Andrew Caplan, Erin Choo, Mia Rendar, Anne M. Voigts, Shani Rivaux, Johnna Purcell and Dayo Feyisayo Ajanaku provide a detailed look at the enacted legislation, addresses compliance timelines and serves as a guide for businesses as they navigate compliance with California’s evolving AI landscape.


