Artificial Intelligence (AI)

On December 16, 2025, the U.S. National Institute of Standards and Technology (“NIST”) published a preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence (“Cyber AI Profile” or “Profile”).  According to the draft, the Cyber AI Profile is intended to “provide guidelines for managing cybersecurity risk related to AI systems [and] identify[] opportunities for using AI to enhance cybersecurity capabilities.”  The draft Profile uses the existing voluntary NIST Cybersecurity Framework (“CSF”) 2.0 — which “provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks” — and overlays three AI Focus Areas (Secure, Detect, Thwart) on top of the CSF’s outcomes (Functions, Categories, and Subcategories) to suggest considerations for organizations to prioritize when securing AI implementations, using AI to enhance cybersecurity defenses, or defending against adversarial uses of AI.  This draft guidance will likely be familiar to organizations that already leverage the CSF 2.0 in their cybersecurity programs and might be complimentary to existing frameworks that organizations already have in place.  Even so, the outcomes are designed to be flexible such that a range of organizations (with mature or novel programs) can leverage the guidance to help manage AI-related cybersecurity risk.  Continue Reading NIST Publishes Preliminary Draft of Cybersecurity Framework Profile for Artificial Intelligence for Public Comment

On December 19, New York Governor Kathy Hochul (D) signed the Responsible AI Safety & Education (“RAISE”) Act into law, making New York the second state in the nation to codify public safety disclosure and reporting requirements for developers of frontier AI models.  Prior to signing, Governor Hochul secured several

Continue Reading New York Governor Signs Frontier AI Safety Legislation

The European Commission (“Commission”) recently launched two stakeholder consultations under the EU AI Act. The first (see here), closing on 9 January 2026, relates to the copyright-related obligations for General Purpose AI (“GPAI”) providers under the AI Act and GPAI Code of Practice. The second (see here)

Continue Reading European Commission Launches Consultations on the EU AI Act’s Copyright Provisions and AI Regulatory Sandboxes

On December 11, President Trump signed an Executive Order on “Ensuring a National Policy Framework for Artificial Intelligence” (“AI Preemption EO”), the culmination of months of efforts by Republican lawmakers to assert federal primacy over AI regulation.  The AI Preemption EO, which follows the release of a draft version in

Continue Reading President Trump Signs Executive Order to Block State AI Laws

On December 1, the Washington State AI Task Force (“Task Force”) released its Interim Report with AI policy recommendations to the Governor and legislature. Established by the legislature in 2024, the Task Force is responsible for evaluating current and potential uses of AI in Washington and recommending regulatory and legislative

Continue Reading Washington State AI Task Force Releases AI Policy Recommendations for 2026

On September 24, 2025, Covington’s tech industry experts explored what legal teams, government affairs professionals, and business leaders at tech companies need to know during this pivotal period and offered insights into anticipated challenges and emerging opportunities in the year ahead. Eight Covington attorneys shared their insights during a 60-minute session moderated by Covington partner Holly Fechner. Key takeaways from the Forum are outlined below.Continue Reading Covington Tech Briefing Spotlight: Impact of Latest Policy Developments on the Tech Industry

On 19 November 2025, the European Commission (“Commission”) officially presented its Digital Omnibus Package (see here and here). The initiative represents a comprehensive update to the EU’s digital regulatory landscape, which the Commission frames as a competitiveness and simplification initiative aimed at reducing administrative burdens and enhancing legal certainty for businesses. Although the final text is likely to evolve during negotiations with the European Parliament and the Council of the EU (“Council”), the package, if adopted in its present form, would introduce significant changes to data protection obligations, cookie rules, cybersecurity regulations and the EU AI Act.

The Digital Omnibus Package consists of two proposed regulations: a “Digital Omnibus” that would amend, amongst other legislation, the General Data Protection Regulation (GDPR), ePrivacy Directive, NIS2 Directive and Data Act, and a “Digital Omnibus on AI” that would amend the EU AI Act. We outline below key proposals from the Digital Omnibus that have particular significance for organizations operating in the EU.

A summary of amendments affecting the Data Act and the key proposals in the Digital Omnibus on AI will be addressed in subsequent blog posts.Continue Reading European Commission Proposes Revisions to GDPR and Other Digital Rules Under Digital Omnibus Package

According to reports published on November 19, the White House has prepared a draft Executive Order to preempt state AI regulations in lieu of a uniform national legislative framework, marking a significant escalation in federal efforts to assert control over AI regulation.  The draft Executive Order, titled “Eliminating State

Continue Reading White House Drafts Executive Order to Preempt State AI Laws

Over the past few months, Chinese regulators have taken steps to update the country’s cybersecurity framework, with a particular focus on artificial intelligence (AI) safety and clarifying incident reporting obligations for onshore infrastructure. These developments reflect a broader trend toward more proactive AI and cyber governance and could signal priorities for the year ahead.Continue Reading China Amends Cybersecurity Law and Incident Reporting Regime to Address AI and Infrastructure Risks

The Commerce Department today published a Request for Information (RFI) inviting the public to submit comments on U.S. artificial intelligence exports.  The RFI asks stakeholders to weigh in on aspects of the Department’s new “American AI Exports Program,” an initiative intended to “promot[e] the export of full-stack American AI technology

Continue Reading Commerce Department Solicits Feedback on AI Exports Program