As the California Legislature’s 2025 session draws to a close, lawmakers have advanced over a dozen AI bills to the final stages of the legislative process, setting the stage for a potential showdown with Governor Gavin Newsom (D). The AI bills, some of which have already passed both chambers, reflect
Continue Reading California Lawmakers Advance Suite of AI BillsHealthcare
Covington Robotics Forum Spotlight – Enhanced Autonomy: Strategies to Navigate New Regulations, Risks & Opportunities
By Moritz Hüsch, Priscilla Combari & Antonia Xu on
On May 14, 2025, Covington convened experts across our practice groups for the Fourth Annual Covington Robotics Forum to explore the legal and regulatory risks and opportunities impacting robotics, AI, and connected devices. Eight Covington attorneys discussed global forecasts relevant to these spaces in a highly concentrated 90-minute session, culminating in an Industry Spotlight moderated by Covington partner Nick Evoy featuring Casey Campbell, Deputy General Counsel and Chief Intellectual Property Counsel at Figure AI. Highlights from the Forum are captured below.
AI & Robotics in the Workplace
Covington attorneys Carolyn Rashby and Anna Oberschelp de Meneses addressed key considerations for companies implementing AI tools. In the U.S., though no federal laws specifically address robotics or the use of AI in employment, employers must still comply with preexisting federal laws, like Title VII and FCRA. Conversely, various states and localities are creating legislation specifically aimed at these topics, such as New York City’s Local Law 144, which regulates employer usage of automated employment decision tools. Similarly, a patchwork of rules exists in the EU, requiring companies to monitor both EU-level regulations and directives, as well as member state-specific laws. Recommended best practices for employers seeking to utilize AI tools and robotics in the workplace include reviewing for, and mitigating potential bias in, AI vendors and tools, maintaining human oversight, and instituting ongoing training and compliance measures.
Product Safety, Product Liability & Risks
Covington attorneys Joshua González and Daniel Auten addressed key considerations for product safety and product liability in robotics. They identified robotics and AI as some of the most actively transforming spaces within product liability law today, highlighting a recent case which found that both a manufacturer of a robotics device and the software developer could be subject to product liability claims. Key defenses in robotics-related product liability suits may include asserting federal or state preemption, arguing for lack of proximate causation, and importantly, pre-planned contractual defenses and indemnifications. On the regulatory side, the CPSC and NHTSA have hosted a number of information gathering meetings on robotics, and will likely continue to issue relevant reports and monitor industry standards. Recommendations for companies in this space include developing strategies for eventual regulatory engagement, monitoring any enforcement activities, and staying abreast of regulatory obligations, such as reporting requirements.Continue Reading Covington Robotics Forum Spotlight – Enhanced Autonomy: Strategies to Navigate New Regulations, Risks & Opportunities
European Commission Publishes Action Plan on Cybersecurity of Hospitals and Healthcare Providers
By Mark Young & David Brazil on
On 15 January 2025, the European Commission published an action plan on the cybersecurity of hospitals and healthcare providers (the “Action Plan”). The Action Plan sets out a series of EU-level actions that are intended to better protect the healthcare sector from cyber threats. The publication of the Action Plan follows a number of high-profile incidents in recent years where healthcare providers across the European Union have been the target of cyber attacks.
Whilst the Action Plan primarily focuses on healthcare providers including hospitals, clinics, care homes, rehabilitation centres and others, the plan identifies interdependence between those providers and the healthcare industry. Therefore, some of the measures proposed address risks affecting the broader healthcare supply chain and ecosystem, and will potentially have implications for pharmaceutical and biotechnology industry players as well as medical device manufacturers.
The action that will be of most significance for industry is the plan for Member States to request that entities subject to the NIS2 Directive, including healthcare organisations, must report on ransom payments when reporting significant incidents to the competent authority under the NIS2 Directive (section 3.3, p.14). The Action Plan rationalizes this proposal by stating that the collection of further data is needed to understand the effectiveness of measures taken against ransomware attacks, and noting that such reporting would support the effective investigation of incidents. Reporting of ransomware payments is not required by the NIS2 Directive, so this would represent a significant change for in-scope entities. While this is titled a ‘national action’ to be implemented by Q4 2025, it is not immediately clear from the Action Plan if the proposal would take the form of a new EU law that imposes the obligation on Member States or otherwise.Continue Reading European Commission Publishes Action Plan on Cybersecurity of Hospitals and Healthcare Providers