My Content
Insights

New Privacy, Data Protection and AI Laws in 2026

As 2026 begins, several significant legislative developments are reshaping the legal landscape governing artificial intelligence, digital identity, and data protection across the United States and European Union.

New York enacts AI transparency requirements for advertising.

Governor Hochul signed two related bills addressing synthetic media and digital replicas in commercial contexts. Senate Bill S8420A requires advertisers to conspicuously disclose when ...

California Approves Regulations for the Delete Act and DROP Platform

The California Privacy Protection Agency (CPPA) announced that the California Office of Administrative Law has formally approved the regulatory package implementing the Delete Act.

The regulations, effective 1 January 2026, operationalize the California-managed Delete Request and Opt-out Platform (DROP), a centralized mechanism enabling consumers to issue a single deletion request to all registered data brokers. The framework represents a significant ...

UK Proposes a New Cyber Security and Resilience Bill

The UK Parliament has begun deliberations on the Cyber Security and Resilience (Network and Information Systems) Bill. The proposed UK act aims to improve the security and resilience of network and information systems relied upon for essential activities, primarily through amendments to the existing Network and Information Systems Regulations 2018 (the NIS Regulations).

The bill’s operative parts begin with amendments ...

Israel Begins Transition to a New Regime Regulating Encryption

The Israeli Minister of Defense issued a new set of regulations to repeal the decades-old ministerial order on the supervision of encryption (referred to as the “Cipher Order”).

This legislative shift is rooted in a fundamental change in regulatory thinking, acknowledging the widespread integration of encryption products and the expansion of the networked environment. Consequently, the historic need for comprehensive ...

UK’s First Court Decision on Copyright Works in AI Models

The judgment of the UK High Court in the case of Getty Images v Stability AI outlines the proceedings in a high-stakes intellectual property dispute filed by Getty Images and its affiliated companies against Stability AI Limited. The lawsuit accuses Stability AI of both trademark infringement and secondary copyright infringement relating to its powerful generative art model, Stable Diffusion.

Much ...

EDPB Issues a Favorable Opinion on EU-Brazil Data-Transfer Adequacy

The European Data Protection Board (EDPB) adopted an opinion on the European Commission’s draft implementing decision under Article 45 of the GDPR, recognizing that Brazil ensures an essentially equivalent level of protection for personal data. The opinion acknowledges Brazil’s comprehensive framework as closely aligned with the EU’s General Data Protection Regulation (GDPR).

However, the EDPB highlighted several key areas requiring ...

More of My Content
Insights