On 19 May 2026, the European Commission published its long-awaited draft, non-binding guidelines on the classification of high-risk AI systems (“HRAIs”) under the EU AI Act (the “Guidelines”). Across three documents—covering general principles, high-risk classification in the context of regulated products (Annex I), and high-risk use cases (Annex III)—the Commission sets out its approach to one of the AI Act’s central questions: when does an AI system fall within the high-risk regime (and, just as importantly, when does it not)?

Continue Reading EU AI Act Update: The European Commission Publishes Draft Guidelines on HRAIs

On May 29, 2026, the Governor of Louisiana signed into law SB 386, the Louisiana Data Privacy Act (“LDPA”). Louisiana joins Alabama and Oklahoma as the third state to enact a comprehensive privacy law this year. The law will take effect on January 1, 2027.

Continue Reading Louisiana Enacts Comprehensive Privacy Law

On June 3, 2026, the President issued an Executive Order (“EO”) entitled “Strengthening Customs Enforcement,” which is likely to have far-reaching consequences for companies that act as importers in the United States.  The EO is expected to have a disproportionate impact on importers that are based outside the United States

Continue Reading New Executive Order Calls for Significant Customs Law Changes, Directs CBP to Crack Down on Foreign Importers and Enhance Penalties

Last month, the Illinois Department of Human Rights (“IDHR”) released draft regulations addressing employers’ use of AI in employment decisions and invited public comment. The IDHR will hold a hearing on the draft regulations on June 10, and the public comment period will close on June 29.

Continue Reading Illinois Department of Human Rights Seeks Public Comment on Draft AI Employment Regulations

On June 2, 2026, the White House issued an executive order titled “Promoting Advanced Artificial Intelligence Innovation and Security” (the “Order”).  The Order reflects the Administration’s stated policy of advancing U.S. leadership in artificial intelligence (“AI”) while addressing national security risks associated with increasingly capable AI systems.  To accomplish these policy goals, the Order outlines two approaches: (1) strengthening U.S. Government and private industry cyber defenses in response to “advanced AI,” and (2) developing voluntary benchmarking and review frameworks for secure development and release of “frontier” AI models.

Continue Reading White House Releases Executive Order on Advanced AI Innovation and Security

On May 27, 2026, the Connecticut governor signed SB 4, an omnibus privacy law, which among other things, amends the Connecticut Data Privacy Act (“CTDPA”), establishes a data broker registry and accessible deletion mechanism, imposes restrictions on the use of price setting devices and surveillance pricing, and creates requirements for direct-to-consumer genetic testing companies.

Continue Reading Connecticut Enacts Omnibus Privacy Law

California’s new autonomous vehicle regulations create the state’s first pathway for testing and deploying heavy-duty AVs while imposing a more rigorous permitting, safety-case, reporting, and enforcement framework for all AV manufacturers.

Finalized by the California Department of Motor Vehicles (the DMV) on April 28, 2026, the regulations (the Regulations) introduce significant new safety and oversight requirements, and expand California’s AV framework to include heavy-duty vehicles over 10,000 pounds, which had previously been excluded. The Regulations do not alter the California Public Utilities Commission requirements that separately apply to AV companies operating robotaxis in the state.

Continue Reading California’s New AV Rules Open Door to Heavy-Duty Deployment While Imposing Significant New Compliance Obligations

On June 3, the European Commission published its Tech Sovereignty Package, a set of legislative and policy initiatives designed to address what the Commission characterizes as Europe’s technological dependencies on non-European suppliers. The Package marks a further step in the evolution of the EU’s technology policy, with initiatives spanning the full tech stack—from chips and infrastructure to software, cloud, and artificial intelligence. Through this “ecosystem” approach, the Commission seeks to reduce supply-side dependencies by strengthening domestic capabilities in Europe and stimulating demand in downstream sectors.

The Package comprises four components: two legislative proposals—(i) the Cloud and AI Development Act (CADA), and (ii) the Chips Act 2.0—as well as two non-legislative initiatives—(iii) the EU Open Source Strategy and (iv) a Strategic Roadmap for Digitalisation and AI in Energy.

Continue Reading EU Tech Sovereignty Package

Earlier this month, the Cybersecurity & Infrastructure Security Agency (CISA), in collaboration with the National Security Agency and other international partners, released guidance for organizations on adopting agentic artificial intelligence systems (i.e., systems composed of one or more agents that fundamentally rely on an AI model, such as an LLM, to interpret and reason about the state of the world and can autonomously make decisions and take actions). The guidance highlights the primary security risks and challenges linked to agentic AI and offers practical guidance for safely designing, implementing, and managing these systems.

Continue Reading CISA Releases Guidance on the Careful Adoption of Agentic AI Services

On 7 May 2026, negotiators from the Council of the European Union, the European Parliament, and the European Commission reached a provisional agreement on the terms of the Digital Omnibus on AI, marking the first set of amendments to the EU AI Act since its adoption in June 2024. The

Continue Reading EU AI Act Update: Timeline Relief, Targeted Simplification, and New Prohibitions