A Mid-Year Privacy Check-In – Important Developments and New Compliance Obligations for Privacy Laws
During the first half of 2025, state legislators and regulators have been working overtime to enact new data privacy laws and expand existing laws, all of which are likely to have an impact on businesses in the remainder of the year and into 2026. These efforts reflect key themes such as increased regulation of teen data and social media platforms, enhanced restrictions on the collection and sale of geolocation and biometric data, simplified opt-out mechanisms for tracking technologies, and broader obligations concerning consumer health data and data minimization. In parallel, significant regulatory activity surrounding AI has emerged, including a new federal AI Action Plan and proposed amendments to the CCPA addressing automated decision-making technologies, alongside a wave of new state AI laws.
The Trump Administration’s 2025 AI Action Plan – Winning the Race: America’s AI Action Plan – and Related Executive Orders
On July 23, 2025, the Trump administration released its much-anticipated AI Action Plan, outlining 90 federal policy positions across three key pillars: Accelerating Innovation, Building American AI Infrastructure, and Leading in International Diplomacy and Security. These pillars are designed to guide near-term action and are underpinned by three cross-cutting priorities: protecting and promoting American workers, ensuring that artificial intelligence (AI) systems are trustworthy and free from ideological bias, and safeguarding AI from misuse, theft, or other risks posed by malicious actors. The scope of the AI Action Plan demonstrates the far-reaching impact of AI, with policy positions affecting not only technology but also trade, national security, cybersecurity, energy, labor, education, environmental regulation, antitrust, science, and financial markets.
California Privacy Protection Agency Advances Substantial Rulemaking – Cyber Audits, Risk Assessments, New Automated Decisionmaking Technologies Rights, and More
The California Privacy Protection Agency (Agency) on Thursday, July 24, 2025, approved a comprehensive set of new California Consumer Privacy Act (CCPA) regulations that the Agency has been developing for over four years. Before taking effect, the proposed regulations must still be approved by California’s Office of Administrative Law (OAL). It is possible some of these provisions may change with the OAL’s review, which must be completed within 30 business days after the Agency submits to the OAL its final rulemaking package. However, many expect that most of the proposed regulations will pass OAL review. If approved, several of the proposed regulations would be effective as of January 1, 2026. (more…)
Artificial Intelligence in Pharmacovigilance: Eight Action Items for Life Sciences Companies
The Council for International Organizations of Medical Sciences Working Group XIV (CIOMS) Draft Report offers comprehensive principles and best practices, translating global artificial intelligence (AI) requirements — such as those in the EU Artificial Intelligence Act (EU AI Act) — into practical guidance for pharmacovigilance (PV). In the U.S., where no overarching AI legislation exists, the report can guide lawmakers, regulators, and other stakeholders as they develop approaches to using AI in PV. The consultation period for the draft report is currently open, and interested parties are encouraged to take advantage of this opportunity by providing comments on the draft report by June 6, 2025.
Generative AI Meets Copyright Scrutiny: Highlights from the Copyright Office’s Part III Report
On May 9, 2025, the U.S. Copyright Office released a “pre-publication” version of Part III of its highly anticipated Report on Copyright and Artificial Intelligence (AI) (Report). The Report provides a technical overview of how generative AI models are developed, trained, and deployed and how U.S. copyright law, particularly the fair use doctrine, should apply in the context of training generative AI models. The prepublication report states that it was released “in response to congressional inquiries and expressions of interest from stakeholders” and that “[a] final version will be published in the near future, without any substantive changes expected in the analysis or conclusions.”
Medicare Reimbursement Pathway for AI-Enabled Medical Devices Considered in Senate’s Health Tech Investment Act
On April 9, 2025, U.S. Sens. Mike Rounds, Republican of South Dakota, and Martin Heinrich, Democrat of New Mexico, introduced a bill titled the Health Tech Investment Act (S 1399). The proposed bill would amend Title XVIII of the Social Security Act to create a Medicare payment system for algorithm-based healthcare services (AHBS), defined in the proposed legislation as services delivered through FDA-cleared or -approved devices that use artificial intelligence (AI), machine learning, or similar software to yield clinical outcomes for use by healthcare professionals to diagnose and treat diseases.
Regulatory Update: National Association of Insurance Commissioners Spring 2025 National Meeting
The National Association of Insurance Commissioners (NAIC) held its Spring 2025 National Meeting (Spring Meeting) March 23–26, 2026. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Spring Meeting. Highlights include continued development of guidance on asset adequacy testing for reinsurance transactions, efforts to develop revisions to the Long-Term Care Insurance Multistate Rate Review Framework, and consideration of amendments to the NAIC’s Purposes and Procedures Manual regarding private letter rating rationale reports.
EU Commission Publishes AI Continent Action Plan and Seeks Input
On April 9, 2025 the European Commission adopted a communication on the so-called AI Continent Action Plan – its strategy to shape the next phase of AI development in Europe, with consultation to follow. The Commission’s declared objective is to transform the EU into a global leader in AI by fostering innovation, ensuring trustworthy AI, and enhancing competitiveness while safeguarding democratic values and cultural diversity. Keep monitoring Data Matters for more on the Commission’s consultation, when available. (more…)
New UK Consumer Rules Herald Stricter Enforcement and Significant Fines
Consumer protection is rising to the top of the regulatory agenda worldwide. The UK consumer protection regime is undergoing a major shift: The Competition and Markets Authority (CMA) now has powerful new tools under the Digital Markets, Competition, and Consumers Act (DMCCA) (see our Sidley Update here), including the ability to directly enforce consumer law and fine companies up to 10% of global annual turnover for serious infringements. (more…)
Meeting EU Data, Cybersecurity, and Artificial Intelligence Law Obligations: A Checklist for Swiss Life Sciences Companies
For Swiss companies, the next six months are critical for preparing to meet new Digital Data Law obligations. In this briefing, we outline the key timelines, compliance requirements, and practical steps to align with EU requirements. (more…)
