Internet of Things (IoT)

            On January 6, 2026, the Federal Communications Commission’s Public Safety and Homeland Security Bureau (the “Bureau”) announced the application window for a new Lead Administrator for the U.S. Cyber Trust Mark Program (the “Program”).  The window will be open from January 7, 2026, through January 28, 2026.  The previous Lead Administrator, UL LLC (“UL

Continue Reading FCC Opens Application Window for New Cyber Trust Mark Program Lead Administrator

This update highlights key mid-year legislative and regulatory developments and builds on our first quarter update related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), Internet of Things (“IoT”), and cryptocurrencies and blockchain developments.

I. Federal AI Legislative Developments

    In the first session of the 119th Congress, lawmakers rejected a proposed moratorium on state and local enforcement of AI laws and advanced several AI legislative proposals focused on deepfake-related harms.  Specifically, on July 1, after weeks of negotiations, the Senate voted 99-1 to strike a proposed 10-year moratorium on state and local enforcement of AI laws from the budget reconciliation package, the One Big Beautiful Bill Act (H.R. 1), which President Trump signed into law.  The vote to strike the moratorium follows the collapse of an agreement on revised language that would have shortened the moratorium to 5 years and allowed states to enforce “generally applicable laws,” including child online safety, digital replica, and CSAM laws, that do not have an “undue or disproportionate effect” on AI.  Congress could technically still consider the moratorium during this session, but the chances of that happening are low based on both the political atmosphere and the lack of a must-pass legislative vehicle in which it could be included.  See our blog post on this topic for more information.

    Additionally, lawmakers continue to focus legislation on deepfakes and intimate imagery.  For example, on May 19, President Trump signed the Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks (“TAKE IT DOWN”) Act (H.R. 633 / S. 146) into law, which requires online platforms to establish a notice and takedown process for nonconsensual intimate visual depictions, including certain depictions created using AI.  See our blog post on this topic for more information.  Meanwhile, members of Congress continued to pursue additional legislation to address deepfake-related harms, such as the STOP CSAM Act of 2025 (S. 1829 / H.R. 3921) and the Disrupt Explicit Forged Images And Non-Consensual Edits (“DEFIANCE”) Act (H.R. 3562 / S. 1837).Continue Reading U.S. Tech Legislative & Regulatory Update – 2025 Mid-Year Update

    Four Internet of Things (IoT) related tax relief provisions are due to expire on December 31, 2025.  Two bills were introduced in Brazil’s National Congress to extend these provisions and are currently in debate under a fast-track rule.  Companies that provide and implement IoT projects can engage congressional leaders to secure the bills’ approval.

    Tax Relief Provisions

    The Brazilian Internet of Things Act of 2020 reduced to zero four fees and contributions for companies implementing and operating IoT projects:

    • The Installation Oversight Fee (“TFI”), due when the authorization is granted to operate IoT stations;
    • The Operation Oversight Fee (“TFF”), due annually;
    • The Public Broadcasting Support Contribution (“CFRP”), due annually; and
    • The National Film Production Development Contribution (“Condecine”), due annually.

    Some of these fees and contributions, as well as roaming-related restrictions to international IoT providers, are listed in the Brazil section of the Office of the United States Trade Representative 2024 National Trade Estimate Report on Foreign Trade Barriers.Continue Reading Brazil’s Internet of Things Tax Relief Due to Expire in 2025

    On October 22, the National Institute of Standards and Technology (“NIST”) Internet of Things (“IoT”) Advisory Board released the Internet of Things Advisory Board Report, which concludes that IoT development has progressed more slowly than anticipated and identifies 26 findings that explain the slower pace of development and growth.  The Report offers 104 recommendations on how the government can help foster IoT development.  The Advisory Board provided this report to the IoT Federal Working Group emphasizing that an IoT transformation will boost U.S. economic growth, increase public safety and national resilience, create a more sustainable planet, individualize healthcare, foster equitable quality of life and well-being, and facilitate autonomous operations of our national infrastructure.  For background, the IoT Federal Working Group was established by Congress in 2020 and was charged with identifying policies and statutes inhibiting IoT development and consider recommendations of the Advisory Board. Continue Reading NIST Report and Recommendations on Fostering Development of the Internet of Things

    On September 11, 2024, the Federal Communications Commission (the “Commission”) opened the application window for entities seeking designation by the Commission as a Cybersecurity Labeling Administrator (“CLA”) and Lead Administrator.  These roles will help administer the Commission’s voluntary Internet of Things (“IoT”) cybersecurity labeling program, covered in previous blog posts from August and March of

    Continue Reading FCC Opens Applications for IoT Cybersecurity Labeling Roles

    On August 16, 2024, the U.S. Department of Transportation (the “USDOT”) announced the Saving Lives with Connectivity: A Plan to Accelerate V2X Deployment plan (the “Plan”). The Plan is intended to “accelerate the deployment” of vehicle-to-everything (“V2X”) technology and support USDOT’s goal of establishing a comprehensive approach to roadway fatality reduction. The Plan states that USDOT is “pursuing a comprehensive approach to reduce the number of roadway fatalities to the only acceptable number: zero.”

    The Plan describes V2X technology as technology that “enables vehicles to communicate with each other, with road users such as pedestrians, cyclists, individuals with disabilities, and other vulnerable road users, and with roadside infrastructure, through wirelessly exchanged messages.” Such messages may contain information about vehicles’ location and actions and traffic conditions like weather, pavement conditions, work zones, and more. The Plan notes that currently deployed V2X technology has already demonstrated safety benefits on a small scale and calls for expanded deployment of such technology.

    In a press release accompanying the Plan, U.S. Secretary of Transportation Pete Buttigieg said, “The Department has reached a key milestone today in laying out a national plan for the transportation industry that has the power to save lives and transform the way we travel … The Department recognizes the potential safety benefits of V2X, and this plan will move us closer to nationwide adoption of this technology.”Continue Reading USDOT Releases Plan to Accelerate V2X Deployment

    This is part of an ongoing series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through June 2024.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during July 2024.  It also describes key actions taken during July 2024 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, national security, and software supply chain security.Continue Reading July 2024 Developments Under President Biden’s Cybersecurity Executive Order, National Cybersecurity Strategy, and AI Executive Order

    On July 30, 2024, the Federal Register published the Federal Communications Commission (the “FCC”) Report and Order (the “Order”) creating a voluntary cybersecurity labeling program for Internet of Things (“IoT”) devices.  As reported in our blog post issued shortly before the Order was approved on March 14, 2024, this program is intended to “provide consumers with an easy-to-understand and quickly recognizable FCC IoT Label that includes the U.S. Government certification mark (referred to as the U.S. Cyber Trust Mark).”  While there are several steps remaining to fully establish the program, this Order represents a significant milestone in policymakers’ efforts to launch a federal cybersecurity labeling program for internet connected devices.Continue Reading FCC Adopts Order Establishing Voluntary IoT Labeling Program

    This quarterly update highlights key legislative, regulatory, and litigation developments in the second quarter of 2024 related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), and data privacy and cybersecurity. 

    I.       Artificial Intelligence

    Federal Legislative Developments

    • Impact Assessments: The American Privacy Rights Act of 2024 (H.R. 8818, hereinafter “APRA”) was formally introduced in the House by Representative Cathy McMorris Rodgers (R-WA) on June 25, 2024.  Notably, while previous drafts of the APRA, including the May 21 revised draft, would have required algorithm impact assessments, the introduced version no longer has the “Civil Rights and Algorithms” section that contained these requirements.
    • Disclosures: In April, Representative Adam Schiff (D-CA) introduced the Generative AI Copyright Disclosure Act of 2024 (H.R. 7913).  The Act would require persons that create a training dataset that is used to build a generative AI system to provide notice to the Register of Copyrights containing a “sufficiently detailed summary” of any copyrighted works used in the training dataset and the URL for such training dataset, if the dataset is publicly available.  The Act would require the Register to issue regulations to implement the notice requirements and to maintain a publicly available online database that contains each notice filed.
    • Public Awareness and Toolkits: Certain legislative proposals focused on increasing public awareness of AI and its benefits and risks.  For example, Senator Todd Young (R-IN) introduced the Artificial Intelligence Public Awareness and Education Campaign Act (S. 4596), which would require the Secretary of Commerce, in coordination with other agencies, to carry out a public awareness campaign that provides information regarding the benefits and risks of AI in the daily lives of individuals.  Senator Edward Markey (D-MA) introduced the Social Media and AI Resiliency Toolkits in Schools Act (S. 4614), which would require the Department of Education and the federal Department of Health and Human Services to develop toolkits to inform students, educators, parents, and others on how AI and social media may impact student mental health.

    Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – Second Quarter 2024

    This week, the FTC published a blog post on the collection and use of consumer data in vehicles.  The FTC warned that “Car manufacturers—and all businesses—should take note that the FTC will take action to protect consumers against the illegal collection, use, and disclosure of their personal data” and provided a summary of some recent

    Continue Reading FTC Publishes Blog Post on Cars and Consumer Data