On September 10, Senate Commerce, Science, and Transportation Committee Chair Ted Cruz (R-TX) released what he called a “light-touch” regulatory framework for federal AI legislation, outlining five pillars for advancing American AI leadership.  In parallel, Senator Cruz introduced the Strengthening AI Normalization and Diffusion by Oversight and eXperimentation (“SANDBOX”) Act

Continue Reading Senator Cruz Unveils AI Framework and Regulatory Sandbox Bill

On August 29, the Oregon Department of Justice (DOJ) issued an enforcement report and press release covering its first year of enforcement of the Oregon Consumer Privacy Act (OCPA).  The OCPA took effect on July 1, 2024, and the cure period sunsets on January 1, 2026.  We previously summarized some of requirements in the OCPA here.  This blog summarizes notable takeaways from the enforcement report.Continue Reading Oregon DOJ Publishes Enforcement Report on the Oregon Consumer Privacy Act

On August 20, 2025, the Federal Trade Commission (“FTC”) sued Fitness International, LLC and Fitness & Sports Club LLC – the parent companies of LA Fitness and other gym chains – for  violations of Section 5 of the FTC Act and the Restore Online Shoppers’ Confidence Act (“ROSCA”) in connection with alleged practices that make it difficult for their customers to cancel their gym memberships and other add-on services. The FTC seeks a court order prohibiting the allegedly unfair and unlawful conduct and restitution to consumers harmed by the difficulty in cancelling memberships.Continue Reading FTC Sues LA Fitness Operators for Unfair Gym Cancellation Policies

The United States and Colombia have historically maintained a strong bilateral partnership that has been the envy of much of Latin America. However, the bilateral relationship today is facing a test as U.S. and Colombian approaches to shared problems increasingly diverge. The next several months present milestones that will have

Continue Reading U.S.-Colombia Relations Facing Key Decision Points with Implications for Businesses

This blog post discusses the Department of Defense’s (“DoD”) new cybersecurity rule that imposes certain cybersecurity requirements on relevant DoD contractors and subcontractors. The post will be of interest to all DoD contractors, subcontractors, and possibly affiliates of contractors that may be impacted by the new rule’s cybersecurity requirements.

On September 10, 2025, DoD published the final version of the Cybersecurity Maturity Model Certification (“CMMC”) Defense Federal Acquisition Regulation Supplement (“DFARS”) Procurement Rule (“Procurement Rule” or “Rule”) in the Federal Register.  This Rule imposes the contractual requirements associated with the CMMC Program Rule that was published in final form in October 2024.  The Procurement Rule will become effective sixty days after publication, on November 10, 2025 and will be implemented in a phased approach.  Continue Reading Cybersecurity Maturity Model Certification (CMMC) Program Procurement Final Rule Announced

The EU e-evidence Regulation and Directive, which establish a regime for law enforcement authorities (“LEAs”) in one Member State to issue legally-binding demands for data from certain types of providers established in other Member States, will come into effect on 18 August 2026 (our post on the specific requirements of the Regulation and Directive is available here). On 28 July 2025, the European Commission adopted an Implementing Regulation (“IR”) setting out the technical specifications for the decentralized communications system that LEAs and covered service providers must use when, among other things, issuing and responding to European Production Orders (“EPOs”) and European Preservation Orders (“EPrOs”) under the e-evidence Regulation.Continue Reading European Commission adopts technical standards for the decentralized communication system to be used under the forthcoming e-evidence Regulation

On August 29, 2025 the Department of Justice (“DOJ”) announced the launch of a cross-agency Trade Fraud Task Force (“TFTF”), a partnership between DOJ’s Civil and Criminal Divisions, as well as the Department of Homeland Security (“DHS”). On the same day, the U.S. Court of Appeals for the Federal Circuit

Continue Reading Creation of the Cross-Agency Trade Fraud Task Force and the Future of Tariffs Enforcement

As the California Legislature’s 2025 session draws to a close, lawmakers have advanced over a dozen AI bills to the final stages of the legislative process, setting the stage for a potential showdown with Governor Gavin Newsom (D).  The AI bills, some of which have already passed both chambers, reflect

Continue Reading California Lawmakers Advance Suite of AI Bills

In August, the Federal Trade Commission (“FTC”) announced a $14 million settlement with Match Group, Inc. and Match Group, LLC (collectively, “Match”), the parent companies of online dating platforms Match.com, OkCupid, PlentyOfFish, and other dating sites. In addition to monetary relief, the settlement includes significant injunctive provisions aimed at addressing alleged deceptive marketing and unfair billing practices. This resolution marks a significant development in the FTC’s ongoing efforts to monitor and regulate subscription-based services in the digital space.Continue Reading FTC Secures $14 Million Settlement with Match Group Over Deceptive Subscription Practices

In a new post on the Covington Inside Privacy blog, our colleagues provide an overview of the Federal Trade Commission’s (“FTC”) $45 million settlement with online lead generator MediaAlpha, Inc. and its subsidiary QuoteLab, LLC (collectively, “MediaAlpha”), resolving allegations that the companies, among other things, tricked consumers into sharing sensitive

Continue Reading FTC Takes Aim at Online Lead Generator