On 3 February 2026, the second International AI Safety Report (the “Report”) was published—providing a comprehensive, science-based assessment of the capabilities and risks of general-purpose AI (“GPAI”). The Report touts itself as the largest global collaboration on AI safety to date—led by Turing Award winner Yoshua Bengio, backed by an Expert Advisory Panel with nominees from more than 30 countries and international organizations, and authored by over 100 AI experts.Continue Reading International AI Safety Report 2026 Examines AI Capabilities, Risks, and Safeguards
Belgian High Court Confirms Full Judicial Review of Supervisory Authority Decisions
On 15 January 2026, the Belgian High Court delivered a judgment in proceedings initiated by the Belgian Supervisory Authority, in which it challenged the scope of judicial review exercised by the Market Court over its enforcement decisions. The authority was unsuccessful on both grounds of appeal.Continue Reading Belgian High Court Confirms Full Judicial Review of Supervisory Authority Decisions
Cybersecurity Information Sharing Act of 2015 Reauthorized Through September 2026
Posted in Cybersecurity
The Cybersecurity Information Sharing Act of 2015 (“CISA 2015”), which provides liability protections and other safeguards for sharing certain cybersecurity information with the U.S. federal government and private entities, was reauthorized as part of the funding bill enacted on February 3, 2026. CISA 2015’s information‑sharing provisions, which had been scheduled to sunset on January 30, 2026, will now remain in effect through September 30, 2026.Continue Reading Cybersecurity Information Sharing Act of 2015 Reauthorized Through September 2026
FTC Restarts Negative Option Rulemaking Process
By Terrell McSweeny, Laura Kim & Carter McCants on
Posted in Consumer Protection
The Federal Trade Commission (FTC) is poised to re-start a rulemaking process regarding disclosures and requirements for subscription and auto-renewing products and services. On January 30, 2026, the FTC submitted a draft Advance Notice of Proposed Rulemaking (ANPRM) on the Rule Concerning the Use of Prenotification Negative Option Plans (the Rule), commonly known as the Negative Option Rule, to the Office of Information and Regulatory Affairs (OIRA) for review. Continue Reading FTC Restarts Negative Option Rulemaking Process
ICO Shares Early Views on Agentic AI & Data Protection
By Jadzia Pierce on
AI agents have arrived. Although the technology is not new, agents are rapidly becoming more sophisticated—capable of operating with greater autonomy, executing multi-step tasks, and interacting with other agents in ways that were largely theoretical just a few years ago. Organizations are already deploying agentic AI across software development, workflow automation, customer service, and e-commerce, with more ambitious applications on the horizon. As these systems grow in capability and prevalence, a pressing question has emerged: can existing legal frameworks—generally designed with human decision-makers in mind—be applied coherently to machines that operate with significant independence?
In January 2026, as part of its Tech Futures series, the UK Information Commissioner’s Office (“ICO”) published a report setting out its early thinking on the data protection implications of agentic AI. The report explicitly states that it is not intended to constitute “guidance” or “formal regulatory expectations.” Nevertheless, it provides meaningful insight into the ICO’s emerging view of agentic AI and its approach to applying data protection obligations to this context—insight that may foreshadow the regulator’s direction of travel.
The full report is lengthy and worth the read. This blog focuses on the data protection and privacy risks identified by the ICO, with the aim of helping product and legal teams anticipate potential regulatory issues early in the development process.Continue Reading ICO Shares Early Views on Agentic AI & Data Protection
New Jersey Enacts Amendment to its Comprehensive Privacy Law
Posted in State Privacy
On his last day in office, January 20, 2026, former New Jersey Governor Phil Murphy signed an amendment to the New Jersey Data Privacy Act, A5017. The bill amends the state’s comprehensive privacy law to add new data- and entity-level exemptions and to expand the definition of de-identified data. The amendment took effect immediately.Continue Reading New Jersey Enacts Amendment to its Comprehensive Privacy Law
Several States Introduce New Genetic Privacy Bills in Early 2026
By Libbie Canter, Elizabeth Brim & Clare Mathias on
Posted in Health Privacy
Following a trend from the past few years, several states have introduced bills related to genetic privacy in recent months. These bills have focused on a range of issues, including the privacy practices of direct-to-consumer (“DTC”) genetic testing companies, the national security implications of “foreign adversaries” accessing genetic information, and other topics related to genetic privacy and testing. We summarize a subset of such recently introduced bills below.Continue Reading Several States Introduce New Genetic Privacy Bills in Early 2026
European Data Protection Authorities Issue Joint Opinion on the Digital Omnibus on AI
What to Watch in 2026: Key EU Privacy & Cybersecurity Developments
As 2026 gets underway, the European Union enters a pivotal year for data protection, AI governance, and cybersecurity regulation, among other matters. EU institutions and national authorities are expected to progress a number of significant digital‑policy files, roll‑out new cyber‑resilience obligations, and make transparency in the privacy space a top priority. Below is an overview of the key developments to monitor.Continue Reading What to Watch in 2026: Key EU Privacy & Cybersecurity Developments
Seven Major Changes in the European Commission’s Proposal for an EU Digital Networks Act
On 21 January 2026, the European Commission (“Commission”) unveiled its landmark proposal for the Digital Networks Act (“DNA Proposal”), an ambitious attempt to overhaul the framework for the regulation and development of electronic communications networks and services across the EU. The Commission’s stated aim with the DNA Proposal is to establish a “modern and simplified legal framework that incentivises the transition from legacy networks to fibre, high quality 5G and 6G networks, and cloud-based infrastructures, as well as increased scale through service provision and cross-border operation.” To do this, the DNA Proposal would replace and consolidate several existing EU laws, including the European Electronic Communications Code (“EECC”), the BEREC Regulation, and parts of the Open Internet Regulation and e-Privacy Directive.
A key theme of the proposal is harmonization of rules—arising first and foremost from the fact that this is a directly-applicable Regulation rather than a Directive like the current European Electronic Communications Code. Several of the substantive provisions in the DNA Proposal may take a significant amount of influence over the communications networks and services away from Member State governments and up to EU level. In turn, the Commission clearly hopes to promote larger-scale communications network and service providers that can operate across the EU, and that have the funds to invest in modern communications infrastructure. The DNA Proposal could, therefore, have a substantial and long-lasting impact on the connectivity and communications markets in the EU, although we anticipate significant debate about many of the provisions of the DNA Proposal throughout the legislative process.
Below, we summarize seven of the most eye-catching changes to the regulatory framework for communications providers in the DNA Proposal.Continue Reading Seven Major Changes in the European Commission’s Proposal for an EU Digital Networks Act
