On January 21, 2026, the FCC’s Media Bureau released a Public Notice providing new guidance on how it will evaluate whether broadcast television stations have triggered an obligation to provide “equal opportunities” to political candidates under Section 315 of the Communications Act.  

The FCC’s equal opportunities rule generally says that if a station gives one legally qualified candidate free airtime, it usually has to offer comparable airtime to the other candidates running for the same office unless an exemption applies. To avoid discouraging general news coverage, Congress created several exemptions to this rule—one of the most commonly used being the exemption for bona fide news interviews.  In its new guidance, the FCC signals a more restrictive view of the bona fide news exemption, particularly in the context of late‑night shows, daytime talk shows, and other hybrid news‑entertainment formats.Continue Reading FCC Issues Guidance Focused on Candidate Appearances on Talk Shows

On January 20, 2026, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) (together, the “Authorities”) adopted Joint Opinion 1/2026 on the European Commission’s proposal to amend the EU AI Act (hereafter the “Proposal”, summarized in our previous blog). Overall, the Authorities acknowledge the complexity of the AI Act and agree that targeted simplifications can support legal certainty and efficient administration. However, they warn that simplification should not result in lowering the protection of fundamental rights, including data protection rights. This blog outlines some of the Authorities’ main recommendations as expressed in their Joint Opinion.Continue Reading European Data Protection Authorities Issue Joint Opinion on the Digital Omnibus on AI

On November 5, 2025, the Spanish Ministry for Ecological Transition and Demographic Challenge (“MITECO”) adopted a Resolution setting out the National Plan for the control of compliance with access and benefit-sharing (“ABS”) obligations under Regulation 511/2014 implementing the Nagoya Protocol in the European Union.  The National Plan sets out a “risk-based” control system to ensure that life sciences companies in, e.g., the pharmaceutical, plant breeding, cosmetic and other sectors operating in Spain utilize genetic resources (“GRs”) and associated traditional knowledge (“ATK”) in compliance with ABS rules of the country where the GRs and ATK are accessed. We provide more details below.

Building on the existing ABS framework in Spain, and in particular on the Royal Decree 124/2017, the MITECO adopted a National Plan setting out a “risk-based” control system, mandating the competent authorities of the Autonomous Communities (“the authorities”) to perform controls on users of certain sectors that are more likely at risk of utilizing GRs and ATK in violation of ABS rules.  Continue Reading ABS Enforcement Expected in Spain: Spain Adopted a National Plan to Enforce Access and Benefit-Sharing Rules

On 16 December 2025, the European Commission presented the Automotive Package (the “Package”), a set of interlinked legislative and policy initiatives aimed at supporting the European automotive sector’s transition to clean mobility. The Package has four core components: (i) a proposal to revise the CO₂ emission performance standards for cars and vans, (ii) the so-called “Battery Booster Strategy”, (iii) a proposal on greening corporate vehicle fleets, and (iv) a proposal for an “Automotive Omnibus” regulation that would amend several pieces of automotive legislation to simplify regulations for vehicle manufacturers. Together, these initiatives signal a material recalibration of the EU’s approach to vehicle decarbonization.Continue Reading The EU Automotive Package: Increased Compliance Flexibility, but Growing “Made in the EU” Conditionality

On January 8, 2026, the California Privacy Protection Agency (“CalPrivacy”) announced an enforcement action against Rickenbacher Data LLC (d/b/a “Datamasters”), an information reseller, for failing to register as a data broker under the California Delete Act.  Datamasters agreed to pay a $45,000 administrative fine, among other remedial measures.  In November, CalPrivacy launched a Data Broker Enforcement Strike Force within its enforcement division to investigate violations of the law in the data broker industry, which builds upon a 2024 investigative sweep into data broker compliance.Continue Reading CalPrivacy Announces $45,000 Fine Against Data Broker for Delete Act Violations

On 20 January 2026, the European Commission published a proposal for a Regulation to update and replace the Cybersecurity Act (Regulation 2019/881). The proposal—known as the Cybersecurity Act 2 (CSA2)—forms part of a wider package aimed at modernizing and streamlining the EU’s cybersecurity framework and is closely linked to the Commission’s parallel proposal to amend Directive (EU) 2022/2555 (NIS2). We cover that proposal in a separate blog post.

CSA2 covers two main areas that will be relevant to private companies. First, it would introduce the EU’s first horizontal framework for ICT supply chain security—this is an entirely new addition that is not contained in the Cybersecurity Act, and could have significant implications for organizations in sectors that procure components from providers located in high-risk jurisdictions (e.g., telecoms). Second, it would update and expand the existing framework for cybersecurity certifications (the European Cybersecurity Certification Framework, or ECCF). In addition, it would significantly expand the role of the EU cybersecurity agency, ENISA.

Below, we summarize the main elements of the proposal.Continue Reading European Commission Proposes Cybersecurity Act 2: New EU Supply Chain Rules and Certification Reforms

On 20 January 2026, the European Commission published a proposal to amend the Directive (EU) 2022/2555 (NIS2) as part of a broader package to streamline the EU’s cybersecurity framework. The Commission also issued a proposal to revise the EU Cybersecurity Act (CSA2), which we cover in a separate blog post.

The proposed amendments build on earlier streamlining efforts in the Commission’s Digital Omnibus Package—published on 19 November 2025—which introduced the first wave of technical adjustments to NIS2. Those earlier amendments focused on creating a single framework for reporting cyber incidents and clarifying how NIS2 interacts with sectoral regimes such as the CER Directive and DORA.

With this proposal, the Commission now aims to clarify the scope of the law, harmonize technical measures, introduce certification‑based compliance pathways, and strengthen cross‑border supervision through an expanded role for ENISA.

Below, we summarize the main elements of the proposal and what they could mean for entities in scope of NIS2.Continue Reading European Commission Proposes Targeted Amendments to NIS2 to Simplify Compliance and Align With Proposed Cybersecurity Act 2

On 21 January 2026, the European Commission (“Commission”) unveiled its landmark proposal for the Digital Networks Act (“DNA Proposal”), an ambitious attempt to overhaul the framework for the regulation and development of electronic communications networks and services across the EU. The Commission’s stated aim with the DNA Proposal is to establish a “modern and simplified legal framework that incentivises the transition from legacy networks to fibre, high quality 5G and 6G networks, and cloud-based infrastructures, as well as increased scale through service provision and cross-border operation.” To do this, the DNA Proposal would replace and consolidate several existing EU laws, including the European Electronic Communications Code (“EECC”), the BEREC Regulation, and parts of the Open Internet Regulation and e-Privacy Directive.

A key theme of the proposal is harmonization of rules—arising first and foremost from the fact that this is a directly-applicable Regulation rather than a Directive like the current European Electronic Communications Code. Several of the substantive provisions in the DNA Proposal may take a significant amount of influence over the communications networks and services away from Member State governments and up to EU level. In turn, the Commission clearly hopes to promote larger-scale communications network and service providers that can operate across the EU, and that have the funds to invest in modern communications infrastructure. The DNA Proposal could, therefore, have a substantial and long-lasting impact on the connectivity and communications markets in the EU, although we anticipate significant debate about many of the provisions of the DNA Proposal throughout the legislative process.

Below, we summarize seven of the most eye-catching changes to the regulatory framework for communications providers in the DNA Proposal.Continue Reading Seven Major Changes in the European Commission’s Proposal for an EU Digital Networks Act

When the UK Modern Slavery Act (“MSA”) came into force in 2015, it was hailed as a landmark for supply chain transparency on a key human rights risk. Today, there is widespread recognition among stakeholders that the UK may have fallen behind in its approach to corporate human
Continue Reading UK Business and Human Rights Landscape: 2026 Outlook

On January 13, 2026, the U.S. Commerce Department, Bureau of Industry and Security (“BIS”) issued a final rule, titled Revision to License Review Policy for Advanced Computing Commodities (the “BIS Rule”), that implements a more favorable license application review policy for exports from the United States of certain advanced computing

Continue Reading U.S. Commerce Department Revises License Review Policy for Exports of Certain Advanced Computing Commodities to China and Macau