EU Consults on Digital Fairness Act: Big Changes Ahead for Consumer-Facing Platforms
The European Commission (Commission) has launched a public consultation on a proposed new law — the Digital Fairness Act (DFA) — aimed at strengthening consumer protection in digital markets. The goal is to fill perceived regulatory “gaps” left by recent EU digital regulations, including the Digital Services Act (DSA) and Digital Markets Act (DMA).
The Trump Administration’s 2025 AI Action Plan – Winning the Race: America’s AI Action Plan – and Related Executive Orders
On July 23, 2025, the Trump administration released its much-anticipated AI Action Plan, outlining 90 federal policy positions across three key pillars: Accelerating Innovation, Building American AI Infrastructure, and Leading in International Diplomacy and Security. These pillars are designed to guide near-term action and are underpinned by three cross-cutting priorities: protecting and promoting American workers, ensuring that artificial intelligence (AI) systems are trustworthy and free from ideological bias, and safeguarding AI from misuse, theft, or other risks posed by malicious actors. The scope of the AI Action Plan demonstrates the far-reaching impact of AI, with policy positions affecting not only technology but also trade, national security, cybersecurity, energy, labor, education, environmental regulation, antitrust, science, and financial markets.
California Privacy Protection Agency Advances Substantial Rulemaking – Cyber Audits, Risk Assessments, New Automated Decisionmaking Technologies Rights, and More
The California Privacy Protection Agency (Agency) on Thursday, July 24, 2025, approved a comprehensive set of new California Consumer Privacy Act (CCPA) regulations that the Agency has been developing for over four years. Before taking effect, the proposed regulations must still be approved by California’s Office of Administrative Law (OAL). It is possible some of these provisions may change with the OAL’s review, which must be completed within 30 business days after the Agency submits to the OAL its final rulemaking package. However, many expect that most of the proposed regulations will pass OAL review. If approved, several of the proposed regulations would be effective as of January 1, 2026. (more…)
Regulatory Update: National Association of Insurance Commissioners Spring 2025 National Meeting
The National Association of Insurance Commissioners (NAIC) held its Spring 2025 National Meeting (Spring Meeting) March 23–26, 2026. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Spring Meeting. Highlights include continued development of guidance on asset adequacy testing for reinsurance transactions, efforts to develop revisions to the Long-Term Care Insurance Multistate Rate Review Framework, and consideration of amendments to the NAIC’s Purposes and Procedures Manual regarding private letter rating rationale reports.
Financial Entities in the EU: Time to Register Your ICT Third-Party Service Providers under DORA
The European Union’s (“EU”) Digital Operational Resilience Act (“DORA”) became effective on 17 January 2025. Since then, financial entities (such as banks, insurance companies and investment firms) and their ICT third-party service providers operating in the EU have been – directly or indirectly – subject to the new regime. One of the first key DORA compliance deadlines, for financial entities to register their ICT service providers with competent EU Member State authorities, is coming into effect across most of the member states this month.
EU Commission Publishes AI Continent Action Plan and Seeks Input
On April 9, 2025 the European Commission adopted a communication on the so-called AI Continent Action Plan – its strategy to shape the next phase of AI development in Europe, with consultation to follow. The Commission’s declared objective is to transform the EU into a global leader in AI by fostering innovation, ensuring trustworthy AI, and enhancing competitiveness while safeguarding democratic values and cultural diversity. Keep monitoring Data Matters for more on the Commission’s consultation, when available. (more…)
New UK Consumer Rules Herald Stricter Enforcement and Significant Fines
Consumer protection is rising to the top of the regulatory agenda worldwide. The UK consumer protection regime is undergoing a major shift: The Competition and Markets Authority (CMA) now has powerful new tools under the Digital Markets, Competition, and Consumers Act (DMCCA) (see our Sidley Update here), including the ability to directly enforce consumer law and fine companies up to 10% of global annual turnover for serious infringements. (more…)
Chambers 2025 Global Practice Guide for Cybersecurity
The newest editions of the Chambers Global Practice Guides have been published. Sidley lawyers have contributed to: Cybersecurity 2025. (more…)
U.S. HHS Office of General Counsel Statement of Organization Suggests Potential Consolidation, Expansion of Authority
On March 14, 2025, the U.S. Department of Health and Human Services (HHS) issued a revised Statement of Organization for the Office of the General Counsel (HHS-OGC).1 Changes include a return to an organizational structure more like the early days of the first Trump administration for the lawyers advising the Food and Drug Administration (FDA), as well as the closing of certain regional HHS-OGC offices. Additional changes could potentially signal an effort to consolidate and expand HHS-OGC’s authority, especially with respect to matters currently opined upon by lawyers advising the HHS Office of Inspector General (HHS-OIG). Stakeholders should consider opportunities to engage with HHS in light of the changes announced in the March 2025 Statement of Organization.
Impact of U.S. Outbound Investment Rules on Loan Transactions in China and Practical Considerations
The final rule on the new U.S. outbound investment security program (Outbound Investment Rules), implemented by the U.S. Department of the Treasury (Treasury) and effective on January 2, 2025, represents a significant regulatory framework aimed at prohibiting, or requiring notification to Treasury of, investments directed by, or undertaken by subsidiaries of U.S. persons in Chinese-affiliated companies that design, develop, or manufacture certain sensitive technologies deemed important to U.S. national security. Understanding the implications of the Outbound Investment Rules will be essential for both borrowers and lenders operating within these jurisdictions.
