United States

Authors: Jennifer Johnson, Jayne Ponder, August Gweon, Analese Bridges

State lawmakers are considering a diverse array of AI legislation, with hundreds of bills introduced in 2025.  As described further in this blog post, many of these AI legislative proposals fall into several key categories: (1) comprehensive consumer protection legislation similar to the Colorado AI Act, (2) sector-specific legislation on automated decision-making, (3) chatbot regulation, (4) generative AI transparency requirements, (5) AI data center and energy usage requirements, and (6) frontier model public safety legislation.  Although these categories represent just a subset of current AI legislative activity, they illustrate the major priorities of state legislatures and highlight new AI laws that may be on the horizon.

  • Consumer Protection.  Lawmakers in over a dozen states have introduced legislation aimed at reducing algorithmic discrimination in high-risk AI or automated decision-making systems used to make “consequential decisions,” embracing the risk- and role-based approach of the Colorado AI Act.  In general, these frameworks would establish developer and deployer duties of care to protect consumers from algorithmic discrimination and would require risks or instances of algorithmic discrimination to be reported to state attorneys general.  They would also require notices to consumers and disclosures to other parties and establish consumer rights related to the AI system.  For example, Virginia’s High-Risk AI Developer & Deployer Act (HB 2094), which follows this approach, passed out of Virginia’s legislature this month.
  • Sector-Specific Automated Decision-makingLawmakers in more than a dozen states have introduced legislation that would regulate the use of AI or automated decision-making tools (“ADMT”) in specific sectors, including healthcare, insurance, employment, and finance.  For example, Massachusetts HD 3750 would amend the state’s health insurance consumer protection law to require healthcare insurance carriers to disclose the use of AI or ADMT for reviewing insurance claims and report AI and training data information to the Massachusetts Division of Insurance.  Other bills would regulate the use of ADMT in the financial sector, such as New York A773, which would require banks that use ADMT for lending decisions to conduct annual disparate impact analyses and disclose such analyses to the New York Attorney General.  Relatedly, state legislatures are considering a wide range of approaches to regulating employers’ uses of AI and ADMT.  For example, Georgia SB 164 and Illinois SB 2255 would both prohibit employers from using ADMT to set wages unless certain requirements are satisfied.

Continue Reading Blog Post: State Legislatures Consider New Wave of 2025 AI Legislation

Close Up of Test Tubes_CovLibrary-MD-1000px

The UK’s Medicines and Healthcare products Regulatory Agency (“MHRA”) is seeking industry feedback on its new draft guideline on individual messenger ribonucleic acid (“mRNA”) cancer immunotherapies (the “Draft Guidance”).  Building on the success of mRNA vaccine technology in response to the Covid-19 pandemic, the technology is now being adapted to target diseases such as cancer.  The MHRA aims to provide a streamlined robust regulatory framework for the approval of such personalised mRNA-based cancer vaccines without compromising safety.

The Draft Guidance covers the regulatory classification of these novel cancer treatments, product design and manufacture, non-clinical and clinical development, pharmacovigilance and the distribution of information to the wider public.  Notably, the MHRA explicitly acknowledges that the regulatory and scientific principles discussed in the Draft Guidance could broadly apply to other disease indications or technologies that could benefit from personalisation or individualisation.  Therefore, industry should be aware that the scope of the Draft Guidance may be extended in the future beyond mRNA cancer immunotherapies that use lipid nanoparticle delivery systems to other delivery systems and disease areas.  Manufacturers, developers, patient organisations and other stakeholders have until 31 March 2025 to comment on the Draft Guidance.

We explore some of the interesting regulatory considerations arising from the Draft Guidance below.

Regulatory Classification

The classification of a medicinal product is key to determining what requirements and guidelines apply to the development, manufacture and delivery of that product.  For example, advanced therapy medicinal products (“ATMPs”) have specific Good Manufacturing Practice (“GMP”) requirements (see e.g., ‘Guidelines on Good Manufacturing Practice specific to Advanced Therapy Medicinal Products’), strict traceability requirements and additional pharmacovigilance requirements.

Currently, individual mRNA cancer immunotherapies are classified under the Human Medicines Regulations 2012 (as amended) (“HMRs”) as ATMPs and are sub-classified as gene therapies.  However, current mRNA therapies do not fit neatly under the ‘gene therapy’ umbrella because, unlike conventional gene therapies, which are designed to edit a person’s genome to treat or cure a disease, mRNA therapies do not involve integration into the host genome.

The Draft Guidance reveals that “a new ATMP sub-classification for nucleic acids that do not edit the patient’s genome is being considered.”  A practical advantage of a new sub-classification would be the opportunity to create bespoke and risk proportionate requirements and guidelines for mRNA therapies.  This would avoid overburdensome risk mitigations for these products as compared to similar products such as COVID-19 vaccines.

The Draft Guidance also predicts that mRNA therapies could be chemically synthesised (i.e., not manufactured by biotechnology).  Such therapies would fall outside the scope of the current definition of a gene therapy as they would not be a biological product.  The MHRA is considering the classification of relevant chemically synthesised mRNA therapies as ATMPs.Continue Reading MHRA Consultation on Individualised mRNA Cancer Immunotherapies – Unique opportunity for a streamlined risk based regulatory framework?

On February 6, the White House Office of Science & Technology Policy (“OSTP”) and National Science Foundation (“NSF”) issued a Request for Information (“RFI”) seeking public input on the “Development of an Artificial Intelligence Action Plan.”  The RFI marks a first step toward the implementation of the Trump Administration’s January

Continue Reading Trump Administration Seeks Public Comment on AI Action Plan

On January 29, Senator Josh Hawley (R-MO) introduced the Decoupling America’s Artificial Intelligence Capabilities from China Act (S. 321), one of the first bills of 119th Congress to address escalating U.S. competition with China on artificial intelligence.  The new legislation comes just days after Chinese AI company DeepSeek

Continue Reading Senator Hawley Introduces Sweeping U.S.-China AI Decoupling Bill

On February 1, President Trump issued three executive orders (“EOs”) imposing broad tariffs on U.S. imports from CanadaMexico, and China, initially to be effective on February 4. Invoking Presidential authority under the International Emergency Economic Powers Act (“IEEPA”), the EOs expand the national emergency declared by

Continue Reading Trump Administration Imposes Tariffs on Imports from Canada, Mexico, and China

On January 10, 2025, the U.S. Department of the Treasury and U.S. Department of State intensified sanctions against Russia with new measures targeting Russia’s energy sector. According to the Treasury Department’s press release, these measures are intended “to fulfill the G7 commitment to reduce Russian revenues from energy” and “substantially increase the sanctions risks associated with the Russian oil trade.”

The new U.S. sanctions include a determination by the U.S. Department of the Treasury authorizing the imposition of property-blocking sanctions against any person who is determined by the Treasury Secretary or Secretary of State (in consultation with one another) to operate or have operated in the Russian energy sector, and a determination issued by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) prohibiting—effective February 27, 2025—the provision of “petroleum services” from the United States or by a U.S. person to any person located in Russia. In addition, OFAC and the U.S. Department of State collectively designated for property-blocking sanctions more than 400 individuals, entities, and vessels from various countries involved in Russia’s energy sector, including two of Russia’s most significant oil producers and exporters—Public Joint Stock Company Gazprom Neft (“Gazprom Neft”) and Surgutneftegas, along with more than two dozen of their subsidiaries. The designations included more than 180 vessels, many of which are part of Russia’s “shadow fleet” of vessels involved in the trade of Russian oil, as well as several Russian energy executives, oil traders, oilfield service providers, and financial and insurance entities associated with Russia’s energy sector. The designations also covered two active Russian liquefied natural gas (“LNG”) projects and a Russian oil project.

On January 15, 2025, the U.S. Department of the Treasury and U.S. Department of State designated or re-designated under additional sanctions authority nearly 250 individuals and entities for property-blocking sanctions, including actors based in China.

OFAC also issued multiple general licenses related to the above designations, including a general license authorizing until February 27, 2025, transactions ordinarily incident and necessary to the wind down of transactions involving Gazprom Neft and Surgutneftegas, their designated subsidiaries, and entities that they own 50 percent or more, directly or indirectly, individually or in the aggregate, subject to certain conditions. In addition, OFAC revoked a general license that had authorized transactions with certain vessels subject to U.S. property-blocking sanctions due to their ownership, and amended two existing general licenses. One of these amended general licenses, General License 8L (which supersedes General License 8K), significantly narrows the scope of permissible energy transactions involving certain blocked financial institutions to include only wind-down transactions until March 12, 2025.Continue Reading New U.S. and UK Sanctions, Including Related to Russia’s Energy Sector

Technology companies will be in for a bumpy ride in the second Trump Administration.  President-elect Trump has promised to adopt policies that will accelerate the United States’ technological decoupling from China.  However, he will likely take a more hands-off approach to regulating artificial intelligence and reverse several Biden Administration policies related to AI and other emerging technologies.Continue Reading Tech Policy in a Second Trump Administration: AI Promotion and Further Decoupling from China

Abstract Connection Concept_jpg

This update focuses on how growing quantum sector investment in the UK and US is leading to the development and commercialization of quantum computing technologies with the potential to revolutionize and disrupt key sectors.  This is a fast-growing area that is seeing significant levels of public and private investment activity.  We take a look at how approaches differ in the UK and US, and discuss how a concerted, international effort is needed both to realize the full potential of quantum technologies and to mitigate new risks that may arise as the technology matures.

Quantum Computing

Quantum computing uses quantum mechanics principles to solve certain complex mathematical problems faster than classical computers.  Whilst classical computers use binary “bits” to perform calculations, quantum computers use quantum bits (“qubits”).  The value of a bit can only be zero or one, whereas a qubit can exist as zero, one, or a combination of both states (a phenomenon known as superposition) allowing quantum computers to solve certain problems exponentially faster than classical computers. 

The applications of quantum technologies are wide-ranging and quantum computing has the potential to revolutionize many sectors, including life-sciences, climate and weather modelling, financial portfolio management and artificial intelligence (“AI”).  However, advances in quantum computing may also lead to some risks, the most significant being to data protection.  Hackers could exploit the ability of quantum computing to solve complex mathematical problems at high speeds to break currently used cryptography methods and access personal and sensitive data. 

This is a rapidly developing area that governments are only just turning their attention to.  Governments are focusing not just on “quantum-readiness” and countering the emerging threats that quantum computing will present in the hands of bad actors (the US, for instance, is planning the migration of sensitive data to post-quantum encryption), but also on ramping up investment and growth in quantum technologies. Continue Reading Quantum Computing: Developments in the UK and US

This update focuses on how growing quantum sector investment in the UK and US is leading to the development and commercialization of quantum computing technologies with the potential to revolutionize and disrupt key sectors.  This is a fast-growing area that is seeing significant levels of public and private investment activity.  We take a look at how approaches differ in the UK and US, and discuss how a concerted, international effort is needed both to realize the full potential of quantum technologies and to mitigate new risks that may arise as the technology matures.

Quantum Computing

Quantum computing uses quantum mechanics principles to solve certain complex mathematical problems faster than classical computers.  Whilst classical computers use binary “bits” to perform calculations, quantum computers use quantum bits (“qubits”).  The value of a bit can only be zero or one, whereas a qubit can exist as zero, one, or a combination of both states (a phenomenon known as superposition) allowing quantum computers to solve certain problems exponentially faster than classical computers. 

The applications of quantum technologies are wide-ranging and quantum computing has the potential to revolutionize many sectors, including life-sciences, climate and weather modelling, financial portfolio management and artificial intelligence (“AI”).  However, advances in quantum computing may also lead to some risks, the most significant being to data protection.  Hackers could exploit the ability of quantum computing to solve complex mathematical problems at high speeds to break currently used cryptography methods and access personal and sensitive data. 

This is a rapidly developing area that governments are only just turning their attention to.  Governments are focusing not just on “quantum-readiness” and countering the emerging threats that quantum computing will present in the hands of bad actors (the US, for instance, is planning the migration of sensitive data to post-quantum encryption), but also on ramping up investment and growth in quantum technologies. Continue Reading Quantum Computing: Developments in the UK and US

June 18, 2024, Covington Alert

On June 12, 2024, the U.S. Department of the Treasury, Office of Foreign Assets Control (“OFAC”) and the U.S. Commerce Department, Bureau of Industry and Security (“BIS”) issued additional measures to counter Russia’s continued aggression in Ukraine. The measures, announced in advance of the G7 summit in Italy last week, are intended to “continue to drive up costs for the Russian war machine.”

The actions taken by OFAC and BIS include new prohibitions on providing certain information technology- and software-related services to persons located in Russia, establishing additional sanctions designed to target the Russian financial infrastructure, strengthening secondary sanctions that can be applied to non-U.S. persons (including in particular non-U.S. financial institutions), and expanding export controls restrictions on items destined for Russia and Belarus (including with respect to certain types of software). Along with the new rules, OFAC designated for property-blocking sanctions more than 300 individuals and entities (including parties identified for sanctions by the U.S. State Department), while BIS used its authority to make additions to the Entity List, issue Temporary Denial Orders, and notify U.S. distributors of additional restrictions on shipments to parties known to be supplying items to Russia. Significantly, BIS altered its Entity List rules to permit certain address-only designations to the Entity List and, among other designations, added to the Entity List eight addresses in Hong Kong with a high diversion risk. Exports, reexports, or transfers of certain items subject to the Export Administration Regulations (“EAR”) to purchasers, intermediate or ultimate consignees, and end ­users who use those addresses generally will require authorization from BIS.

Separately, on June 13, 2024, the UK Government imposed a new round of asset-freezing sanctions on a number of notable Russian entities. The European Union is also considering a 14th package of sanctions measures relating to Russia, although as of this writing the EU has not yet enacted the new package.

New U.S. Sanctions

Prohibition on Certain Information Technology and Software Services

As part of the joint actions, OFAC issued a determination pursuant to the authority of Executive Order 14071 (the “IT and Software Services Determination”) that prohibits the exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a U.S. person, wherever located, of (i) information technology (“IT”) consultancy and design services, and (ii) IT support services and cloud-based services for enterprise management software and design and manufacturing software (collectively, “Covered Software”) to any person located in the Russian Federation, unless licensed or otherwise authorized by OFAC. The IT and Software Services Determination is effective beginning at 12:01 eastern daylight time on September 12, 2024. “U.S. persons” include U.S. legal entities and their non-U.S. branches; U.S. citizens and lawful permanent residents, no matter where located or employed; and persons present in the United States.Continue Reading U.S. Government Issues New U.S. Sanctions and Export Controls Targeting Russia and Belarus for Continued Aggression Against Ukraine; Update on European Sanctions Developments