Photo of Anna Hevia

Anna Hevia

Subscribe to Anna Hevia's Posts

Anna Hevia is an associate in the firm’s Washington, DC office, where she practices in the International Trade Practice Group and Communications and Media Industry Group. She also maintains an active pro bono practice.

As part of her international trade practice, Anna advises clients on U.S. sanctions administered by the Treasury Department’s Office of Foreign Assets Control and export controls administered by the State Department’s Directorate of Defense Trade Controls and the Commerce Department’s Bureau of Industry and Security.

Anna’s work for the Communications and Media Industry Group involves counseling clients on accessibility compliance, broadband connectivity, technology policy, broadcast and other media, transactions, and other issues regulated by the Federal Communications Commission and other federal agencies. In these matters, Anna brings to bear her experience working for five years in the office of U.S. Representative Tony Cárdenas (CA-29), a member of the U.S. House of Representatives Committee on Energy and Commerce.

As senior policy advisor in Rep. Cárdenas' office, Anna worked on telecommunications, technology, judiciary, and consumer protections issues, including drafting legislation, meeting with a wide variety of stakeholders, liaising with federal agencies, and preparing the Congressman for Energy and Commerce Committee hearings.

During law school, Anna worked as a legal intern in the office of then-FCC Commissioner (now Chairwoman) Jessica Rosenworcel.

Contact: Email

This quarterly update summarizes key legislative and regulatory developments in the fourth quarter of 2022 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity.

Artificial Intelligence

In the last quarter of 2022, the annual National Defense Authorization Act (“NDAA”), which contained AI-related provisions, was enacted into law.  The NDAA creates a pilot program to demonstrate use cases for AI in government. Specifically, the Director of the Office of Management and Budget (“Director of OMB”) must identify four new use cases for the application of AI-enabled systems to support modernization initiatives that require “linking multiple siloed internal and external data sources.” The pilot program is also meant to enable agencies to demonstrate the circumstances under which AI can be used to modernize agency operations and “leverage commercially available artificial intelligence technologies that (i) operate in secure cloud environments that can deploy rapidly without the need to replace operating systems; and (ii) do not require extensive staff or training to build.” Finally, the pilot program prioritizes use cases where AI can drive “agency productivity in predictive supply chain and logistics,” such as predictive food demand and optimized supply, predictive medical supplies and equipment demand, predictive logistics for disaster recovery, preparedness and response.

At the state level, in late 2022, there were also efforts to advance requirements for AI used to make certain types of decisions under comprehensive privacy frameworks.  The Colorado Privacy Act draft rules were updated to clarify the circumstances that require controllers to provide an opt-out right for the use of automated decision-making and requirements for assessments of profiling decisions.  In California, although the California Consumer Privacy Act draft regulations do not yet cover automated decision-making, the California Privacy Protection Agency rules subcommittee provided a sample list of related questions concerning this during its December 16, 2022 board meeting.

Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022

This quarterly update summarizes key federal legislative and regulatory developments in the second quarter of 2022 related to artificial intelligence (“AI”), the Internet of Things, connected and automated vehicles (“CAVs”), and data privacy, and highlights a few particularly notable developments in U.S. state legislatures.  To summarize, in the second quarter of 2022, Congress and the Administration focused on addressing algorithmic bias and other AI-related risks and introduced a bipartisan federal privacy bill.

Artificial Intelligence

Federal lawmakers introduced legislation in the second quarter of 2022 aimed at addressing risks in the development and use of AI systems, in particular risks related to algorithmic bias and discrimination.  Senator Michael Bennet (D-CO) introduced the Digital Platform Commission Act of 2022 (S. 4201), which would empower a new federal agency, the Federal Digital Platform Commission, to develop regulations for online platforms that facilitate interactions between consumers, as well as between consumers and entities offering goods and services.  Regulations contemplated by the bill include requirements that algorithms used by online platforms “are fair, transparent, and without harmful, abusive, anticompetitive, or deceptive bias.”  Although this bill does not appear to have the support to be passed in this Congress, it is emblematic of the concerns in Congress that might later lead to legislation.

Additionally, the bipartisan American Data Privacy and Protection Act (H.R. 8152), introduced by a group of lawmakers led by Representative Frank Pallone (D-NJ-6), would require “large data holders” (defined as covered entities and service providers with over $250 million in gross annual revenue that collect, process, or transfer the covered data of over five million individuals or the sensitive covered data of over 200,000 individuals) to conduct “algorithm impact assessments” on algorithms that “may cause potential harm to an individual.”  These assessments would be required to provide, among other information, details about the design of the algorithm and the steps the entity is taking to mitigate harms to individuals.  Separately, developers of algorithms would be required to conduct “algorithm design evaluations” that evaluate the design, structure, and inputs of the algorithm.  The American Data Privacy and Protection Act is discussed in further detail in the Data Privacy section below.

Continue Reading U.S. AI, IoT, CAV, and Data Privacy Legislative and Regulatory Update – Second Quarter 2022

On June 6 and June 9, 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) issued additional guidance on the sanctions that prohibit U.S. persons from making a “new investment” in Russia and from providing accounting, trust and corporate formation, and management consulting services to any person located in Russia.

Separately, from June 15, 2022, the UK Office of Financial Sanctions Implementation (“OFSI”) gained new powers to impose financial penalties for breaches of UK sanctions regulations (including, but not limited to, the UK sanctions regulations with respect to Russia) on a strict liability basis and to publish reports of cases where it is satisfied that a breach of financial sanctions has occurred but where no penalty is imposed.

This alert summarizes these new sanctions developments.

New U.S. Sanctions Developments

Guidance on the Prohibitions on “New Investment” by U.S. Persons in Russia

On June 6, 2022, OFAC issued guidance in the form of responses to new frequently asked questions (“FAQs”) to clarify certain aspects of the prohibitions on “new investment” in Russia by U.S. persons that were imposed under the following executive orders (“E.O.s”):

  • E.O. 14066, issued on March 8, 2022 (prohibiting new investment by U.S. persons in the energy sector of the Russian Federation, as described in our March 10 alert); 
  • E.O. 14068, issued on March 11, 2022 (prohibiting new investment by U.S. persons in any sector of the Russian Federation economy as may be determined by the Secretary of the Treasury, in consultation with the Secretary of State); and 
  • E.O. 14071, issued on April 6, 2022 (prohibiting “all new investment in the Russian Federation by U.S. persons, wherever located” as well as “any approval, financing, facilitation, or guarantee by a U.S. person, wherever located, of a transaction by a foreign person where the transaction by that foreign person would be prohibited by E.O. 14071 if performed by a U.S. person or within the United States,” as described in our April 11 alert.


Continue Reading Recent Developments in U.S. and UK Sanctions: OFAC Guidance on “New Investment” and Prohibition on the Provision of Certain Services to Any Person in Russia; UK Sanctions Enforcement Developments

On November 15, 2021, the Infrastructure Investment and Jobs Act (“IIJA”) became law, authorizing $65 billion in federal broadband investments with the goal of connecting all Americans to reliable, high speed, and affordable broadband.  The IIJA directed the National Telecommunications and Information Administration (“NTIA”) to oversee the distribution of $48.2 billion in infrastructure grants to