AI agents have arrived. Although the technology is not new, agents are rapidly becoming more sophisticated—capable of operating with greater autonomy, executing multi-step tasks, and interacting with other agents in ways that were largely theoretical just a few years ago. Organizations are already deploying agentic AI across software development, workflow automation, customer service, and e-commerce, with more ambitious applications on the horizon. As these systems grow in capability and prevalence, a pressing question has emerged: can existing legal frameworks—generally designed with human decision-makers in mind—be applied coherently to machines that operate with significant independence?

In January 2026, as part of its Tech Futures series, the UK Information Commissioner’s Office (“ICO”) published a report setting out its early thinking on the data protection implications of agentic AI. The report explicitly states that it is not intended to constitute “guidance” or “formal regulatory expectations.” Nevertheless, it provides meaningful insight into the ICO’s emerging view of agentic AI and its approach to applying data protection obligations to this context—insight that may foreshadow the regulator’s direction of travel.

The full report is lengthy and worth the read. This blog focuses on the data protection and privacy risks identified by the ICO, with the aim of helping product and legal teams anticipate potential regulatory issues early in the development process.Continue Reading ICO Shares Early Views on Agentic AI & Data Protection

In late December 2025, the FCC updated its “Covered List” to add foreign-produced unmanned aircraft systems (UAS), commonly known as drones, and their critical components after an Executive Branch interagency body determined that they pose “unacceptable risks to the national security of the United States and to the safety and security of U.S. persons.” Subsequently

Continue Reading FCC “Covered List” Updated to Include Certain Drones and Related Components, Subject to an Exception

On January 21, 2026, the FCC’s Media Bureau released a Public Notice providing new guidance on how it will evaluate whether broadcast television stations have triggered an obligation to provide “equal opportunities” to political candidates under Section 315 of the Communications Act.  

The FCC’s equal opportunities rule generally says that if a station gives

Continue Reading FCC Issues Guidance Focused on Candidate Appearances on Talk Shows

On 21 January 2026, the European Commission (“Commission”) unveiled its landmark proposal for the Digital Networks Act (“DNA Proposal”), an ambitious attempt to overhaul the framework for the regulation and development of electronic communications networks and services across the EU. The Commission’s stated aim with the DNA Proposal is to establish a “modern and simplified legal framework that incentivises the transition from legacy networks to fibre, high quality 5G and 6G networks, and cloud-based infrastructures, as well as increased scale through service provision and cross-border operation.” To do this, the DNA Proposal would replace and consolidate several existing EU laws, including the European Electronic Communications Code (“EECC”), the BEREC Regulation, and parts of the Open Internet Regulation and e-Privacy Directive.

A key theme of the proposal is harmonization of rules—arising first and foremost from the fact that this is a directly-applicable Regulation rather than a Directive like the current European Electronic Communications Code. Several of the substantive provisions in the DNA Proposal may take a significant amount of influence over the communications networks and services away from Member State governments and up to EU level. In turn, the Commission clearly hopes to promote larger-scale communications network and service providers that can operate across the EU, and that have the funds to invest in modern communications infrastructure. The DNA Proposal could, therefore, have a substantial and long-lasting impact on the connectivity and communications markets in the EU, although we anticipate significant debate about many of the provisions of the DNA Proposal throughout the legislative process.

Below, we summarize seven of the most eye-catching changes to the regulatory framework for communications providers in the DNA Proposal.Continue Reading Seven Major Changes in the European Commission’s Proposal for an EU Digital Networks Act

On January 9, the U.S. Supreme Court granted certiorari to resolve a circuit split over the FCC’s authority to impose monetary forfeiture penalties through its administrative process.  The outcome could have significant implications for the FCC’s ability to pursue civil penalties in its enforcement cases.  For more information on the issues at stake, including background

Continue Reading Update: Supreme Court Grants Cert in Cases Involving the FCC’s Monetary Penalty Authority

            On January 6, 2026, the Federal Communications Commission’s Public Safety and Homeland Security Bureau (the “Bureau”) announced the application window for a new Lead Administrator for the U.S. Cyber Trust Mark Program (the “Program”).  The window will be open from January 7, 2026, through January 28, 2026.  The previous Lead Administrator, UL LLC (“UL

Continue Reading FCC Opens Application Window for New Cyber Trust Mark Program Lead Administrator

In 2024, the Federal Communications Commission (FCC) issued fines to four major telecommunications carriers—Verizon, AT&T, Sprint, and T-Mobile—for allegedly failing to protect the geolocation data of their subscribers, which the FCC claimed violated its Customer Proprietary Network Information (“CPNI”) rules. To challenge the action, all four carriers had to first pay the fines, which they did.  They then petitioned for review of the FCC’s decision in various U.S. courts of appeals, arguing that the FCC’s procedure for adjudicating monetary fines violated their right to a jury trial as guaranteed by the Seventh Amendment. Verizon sought relief in the Second Circuit, T-Mobile (which had merged with Sprint) sought relief in the D.C. Circuit, and AT&T sought relief in the Fifth Circuit.

The Second Circuit and the D.C. Circuit held in favor of the FCC, rejecting the carriers’ argument that the FCC violated their Seventh Amendment rights. But the Fifth Circuit reached a different conclusion, holding that the FCC’s procedure did in fact violate AT&T’s right to a jury trial. The FCC (which lost in the Fifth Circuit) and Verizon (which lost in the Second Circuit) each has filed a petition for certiorari at the Supreme Court.

With a 2-1 federal circuit split and two certiorari petitions pending, some are predicting that there is a good chance that the Supreme Court will decide to consider the appeals. The dispute raises a fundamental question about the FCC’s authority to impose monetary penalties through its in-house administrative enforcement procedures. If the Supreme Court grants certiorari, it will be called upon to determine whether the Communications Act violates the Seventh Amendment by authorizing the FCC to order the payment of monetary penalties for violations of the Act, without guaranteeing the right to a jury trial. The resolution of this dispute thus could have significant implications for how the FCC enforces the law against telecommunications carriers and other entities subject to its jurisdiction.

Both petitions for certiorari have been distributed for a January 9, 2026 conference.Continue Reading FCC Privacy Enforcement May Face More Constitutional Scrutiny: Supreme Court Review of FCC CPNI Fines Sought Amid Circuit Split

On December 19, New York Governor Kathy Hochul (D) signed the Responsible AI Safety & Education (“RAISE”) Act into law, making New York the second state in the nation to codify public safety disclosure and reporting requirements for developers of frontier AI models.  Prior to signing, Governor Hochul secured several commitments from the legislature to

Continue Reading New York Governor Signs Frontier AI Safety Legislation

With innovation comes regulatory scrutiny. On December 9, 2025, the Financial Industry Regulatory Authority, Inc. (“FINRA”) released its 2026 Annual Regulatory Oversight Report (the “2026 Report”), which includes a new section dedicated to generative artificial intelligence (“GenAI”). The 2026 Report is the latest iteration of FINRA’s yearly summary of insights from its regulatory oversight activities

Continue Reading FINRA Highlights Trends and Risks in Member Firms’ Use of GenAI

The European Commission (“Commission”) recently launched two stakeholder consultations under the EU AI Act. The first (see here), closing on 9 January 2026, relates to the copyright-related obligations for General Purpose AI (“GPAI”) providers under the AI Act and GPAI Code of Practice. The second (see here), closing on 6 January 2026

Continue Reading European Commission Launches Consultations on the EU AI Act’s Copyright Provisions and AI Regulatory Sandboxes