On September 20, 2024, California Governor Newsom signed into law SB 976, the Protecting Our Kids from Social Media Addiction Act (the “Act”). The Act defines and prohibits an “addictive internet-based service or platform” from providing an “addictive feed” to a minor unless the platform has previously obtained verifiable parental consent. The Act will take effect on January 1, 2025, and the California Attorney General will promulgate regulations on age assurance and parental consent by January 1, 2027. This post summarizes the law’s key provisions. The law includes several technical definitions and exceptions, which are explained at the end of this post.Continue Reading California Passes Law to Protect Minors from “Addictive Feeds”
Internet of Things (IoT)
FCC Adopts Order Establishing Voluntary IoT Labeling Program
On July 30, 2024, the Federal Register published the Federal Communications Commission (the “FCC”) Report and Order (the “Order”) creating a voluntary cybersecurity labeling program for Internet of Things (“IoT”) devices. As reported in our blog post issued shortly before the Order was approved on March 14, 2024, this program…
Continue Reading FCC Adopts Order Establishing Voluntary IoT Labeling ProgramCPPA Executive Director Remarks on Policy and Enforcement Priorities
A new post on the Covington Inside Privacy blog discusses remarks by California Privacy Protection Agency (CPPA) Executive Director Ashkan Soltani at the International Association of Privacy Professionals’ global privacy conference last week. The remarks covered the CPPA’s priorities for rulemaking and administrative enforcement of the California Consumer Privacy Act…
Continue Reading CPPA Executive Director Remarks on Policy and Enforcement PrioritiesThe EU’s Cyber Resilience Act Has Now Been Agreed
Yesterday, the European Commission, Council and Parliament announced that they had reached an agreement on the text of the Cyber Resilience Act (“CRA”). As a result, the CRA now looks set to finish its journey through the EU legislative process early next year. As we explained in our prior…
Continue Reading The EU’s Cyber Resilience Act Has Now Been AgreedFramework for the Future of AI: Senator Cassidy Issues White Paper, Seeks Public Feedback
On September 6, Senator Bill Cassidy (R-LA), the Ranking Member of the U.S. Senate Health, Education, Labor and Pensions (HELP) Committee, issued a white paper about the oversight and legislative role of Congress related to the deployment of artificial intelligence (AI) in areas under the HELP Committee’s jurisdiction, including health and life sciences. In the white paper, Senator Cassidy disfavors a one-size-fits-all approach to the regulation of AI and instead calls for a flexible approach that leverages existing frameworks depending on the particular context of use of AI. “[O]nly if our current frameworks are unable to accommodate . . . AI, should Congress look to create new ones or modernize existing ones.” The Senator seeks public feedback on the white paper by September 22, 2023. Health care and life sciences stakeholders should consider providing comments.
This blog outlines five key takeaways from the white paper from a health care and life sciences perspective. Note that beyond health and life sciences issues, the white paper also addresses considerations for other areas, such as use of AI in educational settings and labor/employment implications created by use of AI.
5 Key Takeaways for AI in Health Care and Life Sciences
The white paper – entitled “Exploring Congress’ Framework for the Future of AI: The Oversight and Legislative Role of Congress Over the Integration of Artificial Intelligence in Health, Education, and Labor” – describes the “enormous good” that AI in health care presents, such as “the potential to help create new cures, improve care, and reduce administrative burdens and overall health care spending.” At the same time, Senator Cassidy notes that AI presents risks that legal frameworks should seek to minimize. Five key takeaways from the white paper include:Continue Reading Framework for the Future of AI: Senator Cassidy Issues White Paper, Seeks Public Feedback
Comments Due August 31 on FCC’s Proposal to Step Up Review of Foreign Ownership in Telecom Carriers and Establish Cybersecurity Requirements
Updated August 8, 2023. Originally posted May 1, 2023.
Last week, comment deadlines were announced for a Federal Communications Commission (“FCC”) Order and Notice of Proposed Rulemaking (“NPRM”) that could have significant compliance implications for all holders of international Section 214 authority (i.e., authorization to provide telecommunications services from points in the U.S. to points abroad). The rule changes on which the FCC seeks comment are far-reaching and, if adopted as written, could result in significant future compliance burdens, both for entities holding international Section 214 authority, as well as the parties holding ownership interests in these entities. Comments on these rule changes are due Thursday, August 31, with reply comments due October 2.
Adopted in April, the FCC’s item proposing the new rules also includes an Order requiring all holders of international Section 214 authority to respond to a one-time information request concerning their foreign ownership. Although last week’s Federal Register publication sets a comment deadline for the proposed rules, the reporting deadline for the one-time information request has not yet been established. However, because the FCC has fulfilled its statutory obligations regarding the new information collection presented by the one-time reporting requirement, carriers — as well as entities holding an ownership interest in these carriers — should prepare for the announcement of the reporting deadline.
The FCC’s latest actions underscore the agency’s ongoing desire to closely scrutinize foreign ownership and involvement in telecommunications carriers serving the U.S. market, as well as to play a more active role in cybersecurity policy. These developments should be of interest to any carrier that serves the U.S. market and any financial or strategic investor focused on the telecommunications space, as well as other parties interested in national security developments affecting telecommunications infrastructure.
Proposed Rule Changes for International Section 214 Authority
The FCC’s proposed changes to its regulation of international Section 214 authorizations generally concern additional compliance, disclosure, and reporting requirements. The FCC’s proposed rule changes are far-reaching, but the most notable of the proposals concern the following:Continue Reading Comments Due August 31 on FCC’s Proposal to Step Up Review of Foreign Ownership in Telecom Carriers and Establish Cybersecurity Requirements
FCC Chairwoman Rosenworcel Announces Proposed Voluntary Cybersecurity Labeling Program for Smart Devices
On July 18, 2023, Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel announced that she has circulated a proposal to the FCC’s commissioners to create “a voluntary cybersecurity labeling program that would provide consumers with clear information about the security of their Internet-enabled devices.”
According to the text of her announcement…
Continue Reading FCC Chairwoman Rosenworcel Announces Proposed Voluntary Cybersecurity Labeling Program for Smart DevicesU.S. Tech Legislative & Regulatory Update – Second Quarter 2023
This quarterly update summarizes key legislative and regulatory developments in the second quarter of 2023 related to key technologies and related topics, including Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), data privacy and cybersecurity, and online teen safety.
Artificial Intelligence
AI continued to be an area of significant interest of both lawmakers and regulators throughout the second quarter of 2023. Members of Congress continue to grapple with ways to address risks posed by AI and have held hearings, made public statements, and introduced legislation to regulate AI. Notably, Senator Chuck Schumer (D-NY) revealed his “SAFE Innovation framework” for AI legislation. The framework reflects five principles for AI – security, accountability, foundations, explainability, and innovation – and is summarized here. There were also a number of AI legislative proposals introduced this quarter. Some proposals, like the National AI Commission Act (H.R. 4223) and Digital Platform Commission Act (S. 1671), propose the creation of an agency or commission to review and regulate AI tools and systems. Other proposals focus on mandating disclosures of AI systems. For example, the AI Disclosure Act of 2023 (H.R. 3831) would require generative AI systems to include a specific disclaimer on any outputs generated, and the REAL Political Advertisements Act (S. 1596) would require political advertisements to include a statement within the contents of the advertisement if generative AI was used to generate any image or video footage. Additionally, Congress convened hearings to explore AI regulation this quarter, including a Senate Judiciary Committee Hearing in May titled “Oversight of A.I.: Rules for Artificial Intelligence.”
There also were several federal Executive Branch and regulatory developments focused on AI in the second quarter of 2023, including, for example:
- White House: The White House issued a number of updates on AI this quarter, including the Office of Science and Technology Policy’s strategic plan focused on federal AI research and development, discussed in greater detail here. The White House also requested comments on the use of automated tools in the workplace, including a request for feedback on tools to surveil, monitor, evaluate, and manage workers, described here.
- CFPB: The Consumer Financial Protection Bureau (“CFPB”) issued a spotlight on the adoption and use of chatbots by financial institutions.
- FTC: The Federal Trade Commission (“FTC”) continued to issue guidance on AI, such as guidance expressing the FTC’s view that dark patterns extend to AI, that generative AI poses competition concerns, and that tools claiming to spot AI-generated content must make accurate disclosures of their abilities and limitations.
- HHS Office of National Coordinator for Health IT: This quarter, the Department of Health and Human Services (“HHS”) released a proposed rule related to certified health IT that enables or interfaces with “predictive decision support interventions” (“DSIs”) that incorporate AI and machine learning technologies. The proposed rule would require the disclosure of certain information about predictive DSIs to enable users to evaluate DSI quality and whether and how to rely on the DSI recommendations, including a description of the development and validation of the DSI. Developers of certified health IT would also be required to implement risk management practices for predictive DSIs and make summary information about these practices publicly available.
Continue Reading U.S. Tech Legislative & Regulatory Update – Second Quarter 2023
Political Agreement Reached on the European Data Act
Late yesterday, the EU institutions reached political agreement on the European Data Act (see the European Commission’s press release here and the Council’s press release here). The proposal for a Data Act was first tabled by the European Commission in February 2022 as a key piece of the European…
Continue Reading Political Agreement Reached on the European Data ActCommerce Seeks Comments on Regional Tech Hubs Program
In August 2022, the Chips and Science Act—a massive, $280 billion bill to boost public and private sector investments in critical and emerging technologies—became law. We followed the bill from the beginning and anticipated significant opportunities for industry to inform and influence the direction of the new law’s programs.
One such opportunity is available now. The U.S. Department of Commerce recently published a request for information (RFI) “to inform the planning and design of the Regional Technology and Innovation Hub (Tech Hubs) program.” The public comment period ends March 16, 2023.
Background
The Chips and Science Act authorized $10 billion for the U.S. Department of Commerce to establish a Regional Technology and Innovation Hub (Tech Hubs) program. Specifically, Commerce was charged with designating at least 20 Tech Hubs and awarding grants to consortia composed of one or more institutions of higher education, political subdivisions, state governments, and “industry or firms in relevant technology, innovation, or manufacturing sectors” to develop and deploy critical technologies in those hubs. $500 million has already been made available for the program, and Commerce will administer the program through the Economic Development Administration (EDA).Continue Reading Commerce Seeks Comments on Regional Tech Hubs Program