On 19 March 2026, Advocate-General Capeta issued an opinion in the case of Elisa Eesti AS v Estonian Government Security Committee (C-354/24). This case concerned, among other things, whether a 2022 order from the Estonian Government for Elisa Eesti AS—a 5G network operator—to remove Huawei components from its network for national security reasons was subject to EU law, constituted a lawful restriction on the right to offer an electronic communications network, and amounted to a “deprivation of property” requiring compensation.

AG Capeta concluded that the relevant Estonian regime was within scope of EU law—specifically the European Electronic Communications Code (“EECC”)—even though that regime allowed for the imposition of orders on electronic communications network (“ECN”) providers for national security reasons. She also concluded that the requirement to obtain prior authorization from the Estonian government for use of network equipment constituted a restriction on the freedom to provide an ECN, but that this could be justified on national security grounds if the decision was based on a genuine risk assessment that meets the requirements for proportionality under EU law. She stated that this determination should be left to the referring court. Finally, she concluded that the Estonian Government’s order did not amount to a “deprivation” of property for which compensation would be required, as it was instead a mere “restriction” on the use of property.

Below, we describe these non-binding conclusions in more detail. The Court’s final ruling in this case will have significant implications for the European Commission’s proposed revisions to the EU Cybersecurity Act, which as drafted would—among other things—allow the Commission to require ECN providers to remove and cease using components from designated high-risk jurisdictions in their networks. See our prior blog post on the proposal for a revised Cybersecurity Act here.Continue Reading CJEU Advocate-General indicates that communications network operators can lawfully be required to remove Chinese components, and that compensation is not required

In late December 2025, the FCC updated its “Covered List” to add foreign-produced Uncrewed Aircraft Systems (“UAS”) and their critical components. In early January 2026, the FCC narrowed that action by creating a temporary exception for certain UAS and critical components, including those on the Department of War’s Blue UAS

Continue Reading FCC Updates Covered List to Conditionally Approve the Use of Certain Drones

On March 17, Colorado Governor Jared Polis released a draft bill that would substantially overhaul the Colorado AI Act, replacing its core requirements with a narrower regime focused on disclosure, recordkeeping, and consumer notice requirements for “automated decision-making technology” (“ADMT”).  The proposal, which is still in draft form and

Continue Reading Colorado Officials Push to Repeal and Replace the Colorado AI Act

On 18 March 2026, the European Parliament’s Committee on the Internal Market and Consumer Protection (“IMCO”) and the Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) adopted their joint negotiating position on the European Commission’s proposed Digital Omnibus on AI (which we previously analysed here). The position will now proceed to a plenary vote, expected on 26 March 2026. The Council of the EU had previously adopted its negotiating position on 13 March 2026. This sets up trilogue negotiations between the Parliament, Council, and Commission.Continue Reading MEPs Adopt Joint Position on Proposed Digital Omnibus on AI

On March 13, 2026, President Trump issued an Executive Order (EO) titled “Adjusting Certain Delegations Under the Defense Production Act.”  As we have covered in prior blog posts, the Defense Production Act (DPA) has traditionally been considered the primary federal means to manage and support defense production. 

The March 13th EO seeks to clarify and define certain aspects of two prior DPA-related EOs—EO 13603, “National Defense Resources Preparedness,” dated March 16, 2012, and EO 14156, “Declaring a National Energy Emergency,” dated January 20, 2025.  As such, the new EO is best understood in light of these two prior, related EOs.Continue Reading “Adjusting Certain Delegations”:  New Executive Order Aims to Streamline and Clarify Delegated Authorities Under the Defense Production Act

On March 12, 2026, the Italian Data Protection (“Garante”) adopted a decision concerning the transfer of personal data of banking customers from Intesa Sanpaolo S.p.A. (the “Bank”) to Isybank S.p.A., a newly established digital bank within the same corporate group.  The Garante found that the Bank’s processing in connection with the transfer of approximately 2.4 million customers to Isybank was unlawful.

We set out the decision’s key findings below.Continue Reading Italian DPA Fines Bank over the Transfer of Customer Data in the Context of a Corporate Transaction

As artificial intelligence (AI) technologies continue to advance and states increasingly pass legislation to regulate AI development and use, Congress and the White House are proposing comprehensive nationwide laws.

New proposals from the White House Office of Science and Technology Policy (OSTP) and Senator Marsha Blackburn (R-TN) offer comprehensive approaches

Continue Reading White House, Blackburn Introduce Visions of Comprehensive Federal AI Policy

Covington is pleased to announce that it has revised and updated its comprehensive 50-state survey of political laws for 2026.

Corporations, trade associations, non-profits, other organizations, and individuals face significant penalties and reputational harm if they violate federal or state laws governing corporate and personal political activities, the registration of

Continue Reading Covington Announces Political Law Survey (2026 Edition)

Covington is pleased to announce that it has revised and updated its comprehensive 50-state survey of pay-to-play laws for 2026.

Companies doing business with the federal government or state and local governments and companies operating in regulated industries are subject to a dizzying array of “pay-to-play” rules. These rules effectively

Continue Reading Covington Announces Pay-to-Play Survey (2026 Edition)

On March 2, 2026, the UK Department for Science, Innovation and Technology (“DSIT”) launched its consultation, titled “Growing up in the online world: a national conversation”. The consultation is open until 26 May 2026, after which the government will publish a summary of responses and its proposed approach. DSIT has indicated that it intends to move quickly on the consultation’s findings, drawing on newly granted powers that allow for accelerated implementation of online safety measures.

The consultation seeks views on a wide range of potential measures to strengthen children’s safety and wellbeing online, including more robust age‑assurance mechanisms, a statutory minimum age for social media, raising the UK’s age of digital consent, restrictions on certain features (such as livestreaming and disappearing messages), and new obligations for AI chatbots and generative‑AI services.

DSIT’s proposals could significantly expand regulatory expectations beyond the Online Safety Act 2023 (“OSA”)—including potential age‑based access limits (including differing safeguards as between teens and younger children), feature‑level restrictions, and enhanced duties for AI‑enabled services. Early engagement will be important to ensure that the government takes account of the views of affected service providers and understands the operational and technical implications of the measures proposed.Continue Reading UK Government Launches Consultation on Children’s Online Experiences, Including New Obligations for AI