On May 28, 2026, the European Union Agency for Cybersecurity (“ENISA”) published the third edition of its NIS360 report, an annual benchmarking tool that assesses the cybersecurity maturity of entities in the sectors set out in Annex I of the NIS2 Directive (which includes certain entities in the energy, transport, healthcare, digital

Continue Reading ENISA’s NIS360 2026 report highlights both the criticality of the European space sector, and flags a persistent cybersecurity maturity gap

In an 8-1 ruling, the U.S. Supreme Court upheld the FCC’s authority to issue forfeiture penalties against telecommunications companies found in violation of the agency’s Customer Proprietary Network Information (“CPNI”) rules. The impact of this ruling is that the FCC may continue to enforce its rules through forfeiture orders, but that such orders do not

Continue Reading Supreme Court Upholds FCC Authority to Levy Fines Against Cellphone Carriers

On 19 May 2026, the European Commission published its long-awaited draft, non-binding guidelines on the classification of high-risk AI systems (“HRAIs”) under the EU AI Act (the “Guidelines”). Across three documents—covering general principles, high-risk classification in the context of regulated products (Annex I), and high-risk use cases (Annex III)—the Commission sets out its approach to one of the AI Act’s central questions: when does an AI system fall within the high-risk regime (and, just as importantly, when does it not)?

Continue Reading EU AI Act Update: The European Commission Publishes Draft Guidelines on HRAIs

Last month, the Illinois Department of Human Rights (“IDHR”) released draft regulations addressing employers’ use of AI in employment decisions and invited public comment. The IDHR will hold a hearing on the draft regulations on June 10, and the public comment period will close on June 29.

Background

HB 3773 (the “Amendment”), which amended

Continue Reading Illinois Department of Human Rights Seeks Public Comment on Draft AI Employment Regulations

In a new post on Inside Privacy, our colleagues discuss the White House’s issuance of an executive order titled “Promoting Advanced Artificial Intelligence Innovation and Security.” The order reflects the Administration’s policy of advancing U.S. leadership in AI while addressing national security risks, including through measures to strengthen government and private-sector cybersecurity

Continue Reading White House Releases Executive Order on Advanced AI Innovation and Security

On June 3, the European Commission published its Tech Sovereignty Package, a set of legislative and policy initiatives designed to address what the Commission characterizes as Europe’s technological dependencies on non-European suppliers. The Package marks a further step in the evolution of the EU’s technology policy, with initiatives spanning the full tech stack—from chips and infrastructure to software, cloud, and artificial intelligence. Through this “ecosystem” approach, the Commission seeks to reduce supply-side dependencies by strengthening domestic capabilities in Europe and stimulating demand in downstream sectors.

The Package comprises four components: two legislative proposals—(i) the Cloud and AI Development Act (CADA), and (ii) the Chips Act 2.0—as well as two non-legislative initiatives—(iii) the EU Open Source Strategy and (iv) a Strategic Roadmap for Digitalisation and AI in Energy.

This blog post provides an initial, high-level overview of the four initiatives through which the Commission seeks to advance a “European way” to tech sovereignty, with potential implications for industrial ecosystems in Europe and beyond, including cloud, telecoms, automotive, aeronautics, and defense sectors.

Continue Reading EU Tech Sovereignty Package

California’s new autonomous vehicle regulations create the state’s first pathway for testing and deploying heavy-duty AVs while imposing a more rigorous permitting, safety-case, reporting, and enforcement framework for all AV manufacturers.

Finalized by the California Department of Motor Vehicles (the DMV) on April 28, 2026, the regulations (the Regulations) introduce significant new safety and oversight

Continue Reading California’s New AV Rules Open Door to Heavy-Duty Deployment While Imposing Significant New Compliance Obligations

On 27 May 2026, the European Commission (“Commission”) published its proposal for a Regulation on the authorisation of systems providing mobile satellite services (“MSSs”) in the harmonised 2 GHz frequency band (1980–2010 MHz and 2170–2200 MHz) (the “MSS Regulation Proposal”). The existing rights of use in the band are due to expire in May 2027, and the Commission is using that deadline to overhaul the framework for granting spectrum authorisations for MSS provides. This Proposal will therefore be of particular interest to MSS providers wishing to expand their footprint in the EU, as well as terrestrial mobile network operators contemplating satellite partnerships, and other space sector participants, as it may increase the number of operators in the European MSS sector.
Continue Reading A Single EU Authorisation for Satellite Spectrum: The Commission’s Proposal for a New 2 GHz Mobile Satellite Services Regulation

On 7 May 2026, negotiators from the Council of the European Union, the European Parliament, and the European Commission reached a provisional agreement on the terms of the Digital Omnibus on AI, marking the first set of amendments to the EU AI Act since its adoption in June 2024. The final package of amendments reflects

Continue Reading EU AI Act Update: Timeline Relief, Targeted Simplification, and New Prohibitions

On May 1, the Connecticut legislature passed an artificial intelligence (“AI”) safety, transparency, and consumer protection bill (“SB 5”). While the Colorado legislature takes steps to streamline existing requirements for developers and deployers of AI systems, Connecticut has passed a multi-part framework that will impose requirements on large frontier developers, operators of AI companions, developers

Continue Reading Connecticut Passes Comprehensive AI Law