On October 28, Texas State Representative Giovanni Capriglione (R-Tarrant County) released a draft of the Texas Responsible AI Governance Act (“TRAIGA”), after nearly a year collecting input from industry stakeholders.  Representative Capriglione, who authored Texas’s Data Privacy and Security Act (discussed here) and currently co-chairs the state’s AI Advisory Council, appears likely to introduce TRAIGA in the upcoming legislative session scheduled to begin on January 14, 2025.  Modeled after the Colorado AI Act (SB 205) (discussed here) and the EU AI Act, TRAIGA would establish obligations for developers, deployers, and distributors of “high-risk AI systems.”  Additionally, TRAIGA would establish an “AI Regulatory Sandbox Program” for participating AI developers to test AI systems under a statutory exemption.

Although a number of states have expressed significant interest in AI regulation, if passed, Texas would become the second state to enact industry-agnostic, risk-based AI legislation, following the passage of the Colorado AI Act in May.  There is significant activity in other states as well, as the California Privacy Protection Agency considers rules that would apply to certain automated decision and AI systems, and other states are expected to introduce AI legislation in the new session.  In addition to its requirements for high-risk AI and its AI sandbox program, TRAIGA would amend Texas’s Data Privacy and Security Act to incorporate AI-specific provisions and would provide for an AI workforce grant program and a new “AI Council” to provide advisory opinions and guidance on AI.Continue Reading Texas Legislature to Consider Sweeping AI Legislation in 2025

With U.S. President Trump returning to the White House, we expect the regulatory landscape facing technology and communications companies to shift significantly, if not uniformly. 

On the one hand, media and telecommunications companies that have long been regulated heavily by the FCC can likely expect a more deregulatory environment than they have experienced under the Biden Administration (with potential caveats).  On the other, large technology companies, which have largely avoided heavy-handed regulation, can expect to face a more active regulatory environment aimed at limiting or preventing content moderation decisions that the incoming Administration has characterized as “censorship” of conservative viewpoints.  Meanwhile, bipartisan priorities—such as the commitment to ensuring national security in the telecommunications sector—will likely continue to be a major focus of regulatory agencies.  While the assessments of regulatory risks and opportunities will continue to be refined and updated as the next Trump administration takes shape, we highlight here a few trends that are likely to influence policy and regulation at the FCC over the next four years.Continue Reading Likely Trends in U.S. Tech and Media Regulation Under the New Trump Administration

Last week, California’s telecommunications regulator, the California Public Utilities Commission (“CPUC”), adopted a new regulatory framework for providers of interconnected voice over Internet protocol (“iVoIP”) that marks a significant shift in regulation of a service that has long been lightly regulated both at the state and federal level.  Under the new rules adopted at Thursday’s CPUC meeting, iVoIP providers are now subject to registration and licensing requirements in California, which also will require that these companies notify the CPUC of – and in some cases, seek prior approval for – any transfers of control or assignments of their assets.

The new rules could have significant and far-reaching ramifications for carriers providing iVoIP services in the largest market in the United States.  For example, because the CPUC’s decision now requires at least some form of filing with the regulator before transfer of control of an iVoIP provider may occur, financial or strategic investors focused on the telecommunications space should take note that regulatory requirements may apply to any acquisition or investment in an iVoIP provider with operations in California.  In some circumstances, a transfer of control of a California iVoIP provider or assignment of iVoIP provider assets may require prior approval from the CPUC, a process that tends to be the lengthiest state regulatory approval process for communications transactions that require state review.

Substantively, the CPUC’s order concerns the creation of new utility classifications (and corresponding authorization types) for iVoIP providers, which are subject to different licensing or registration requirements depending on the nature of the iVoIP services they provide.  The following is a summary of the three new utility types and the key requirements for each from the CPUC’s order.

Continue Reading California PUC Adopts New Rules Implementing Sweeping Changes in Regulation of Interconnected VoIP Providers

On November 4, 2024, the European Commission (“Commission”) adopted the implementing regulation on transparency reporting under the Digital Services Act (“DSA”). The implementing regulation is intended to harmonise the format and reporting time periods of the transparency reports required by the DSA.

Transparency reporting is required under Articles 15, 24 and

Continue Reading European Commission Adopts Implementing Regulation on DSA Transparency Reporting Obligations

Brazil’s National Data Protection Agency (“ANPD”) initiated a public consultation on the relationship between artificial intelligence (AI) and data protection.  At this point, there is no proposed draft regulation, but ANPD is requesting responses to 15 open-ended questions.  The consultation may lead to specific legislation and regulation.

The questions include topics such as: the compatibilization of AI and data protection principles; AI-related data treatment; data ownership rights in connection with AI use; and good practices and governance.

The consultation is open until December 5, 2024.Continue Reading Brazilian Government Opens Consultation on Artificial Intelligence and Data Protection

In a new post on the Inside Privacy blog, our colleagues discuss the Federal Trade Commission’s final “click-to-cancel” rule, which amends the previous Negative Option Rule to “make it as easy for consumers to cancel their enrollment as it was to sign up.”  The Rule imposes extensive requirements regarding misrepresentations, disclosures, and consent, among

Continue Reading FTC Issues Final “Click-to-Cancel” Rule

On October 23, the Federal Communications Commission (“FCC”) released a Notice of Inquiry (“NOI”) seeking comment on potential initiatives to address customer service concerns among regulated communications service providers. 

The FCC stated that the goal of the NOI is “to ensure that consumers have appropriate access to the customer services resources they require to interact with their service provider in a manner that allows them to efficiently resolve issues, avoid unnecessary charges, and make informed choices regarding the services they obtain from service providers.”  The inquiry is specific to regulated cable operators, Direct Broadcast Satellite providers, voice service providers, and broadband service providers (collectively referred to as “service providers”).Continue Reading FCC to Examine Customer Service Issues in the Communications Industry

In a new post on the Inside Privacy blog, our colleagues discuss SB 976, the Protecting Our Kids from Social Media Addiction Act, which California Governor Gavin Newsom signed into law on September 20, 2024. The Act prohibits an “addictive internet-based service or platform” from providing an “addictive feed” to a minor unless

Continue Reading California Passes Law to Protect Minors from “Addictive Feeds”

On September 25, the Federal Trade Commission (FTC) announced that it brought five actions against companies it accused of using “artificial intelligence as a way to supercharge deceptive or unfair conduct that harms consumers.”  These actions, which the FTC indicated are part of its new enforcement sweep called “Operation AI Comply,” reflect the FTC’s repeatedly stated intention to exercise its authority under the FTC Act and other rules in connection with AI-related products and marketing claims. 

The five actions rely on a range of FTC authorities and target several different forms of conduct. 

  • DoNotPay: The FTC brought an action against DoNotPay, which purports to offer automated legal services, on the theory that it violated the FTC Act by making false claims that its product could substitute for the expertise of a human lawyer.  A proposed settlement would require DoNotPay to pay $193,000, provide notices to past subscribers, and avoid making claims about its ability to substitute AI for professional expertise without proper evidence.

Continue Reading FTC Announces New Enforcement Actions on Marketing of AI-Enabled Products