EU AI Act Transparency Obligations: Preparing for Compliance by 2 August 2026

From 2 August 2026, organisations will become subject to the transparency obligations set out in Article 50 of the EU AI Act (Regulation (EU) 2024/1689).

Article 50 introduces transparency requirements for providers and deployers in relation to certain AI system functionalities and use cases that may create transparency risks for individuals. Whilst much of the EU AI Act focusses on obligations on high-risk AI systems, Article 50 obligations may also apply to certain limited-risk systems. As a result, many organisations will need to implement governance, disclosure and content-labelling measures to ensure users are appropriately informed about the use of certain AI systems and AI-generated content.

(more…)

EU Lawmakers Reach Provisional Agreement to Delay Key EU AI Act Obligations

On 7 May 2026, following extensive negotiations, the European Council and European Parliament reached a provisional agreement on the EU Digital Omnibus on AI (AI Omnibus) which proposes targeted amendments to the EU Artificial Intelligence Act (AI Act). On 16 June 2026, the European Parliament voted to adopt the provisional agreement — although, formal adoption remains subject to European Council approval.

Scientific Research and the GDPR: EDPB Issues Long-Awaited Guidelines

On 15 April 2026, the European Data Protection Board (“EDPB”) published its long-awaited draft Guidelines 1/2026 on the processing of personal data for scientific research purposes (the “Guidelines”), marking the most comprehensive regulatory statement to date on how the GDPR applies to scientific research activities.

(more…)

U.S. SEC Regulation S-P: Compliance Deadline Approaching for Smaller Entities

The U.S. Securities and Exchange Commission has issued amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information, which became effective on August 2, 2024 (the Final Amendments). For smaller entities, including registered investment advisers with less than $1.5 billion in assets under management, as well as certain broker-dealers and other SEC-regulated entities, the compliance deadline is June 3, 2026. The compliance deadline for larger entities was December 3, 2025. For a full list of entities required to comply, please see June 4, 2024 Sidley Update.

(more…)

European Biotech Act I: Navigating the EDPB/EDPS Vision for the Future of Clinical Trials

On 12 March 2026, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a Joint Opinion (the “Joint Opinion”) on the proposed European Biotech Act I (the “Biotech Act”). The Joint Opinion broadly supports the EU’s ambition to strengthen its biotechnology sector. However, it emphasises that data protection safeguards must be tightened, particularly where health data is involved. The recommendations signal forthcoming scrutiny during the legislative process and highlight key compliance considerations for organisations involved in clinical trials.

(more…)

Geopolitics and Cybersecurity: Japan and the UK Announce Strategic Cyber Partnership Among Growing Global Focus on Privacy and Cyber Risks Posed by Foreign Actors

On January 31, 2026, the governments of Japan and the United Kingdom announced they were strengthening their cybersecurity collaboration through a bilateral Strategic Cyber Partnership (Partnership).

(more…)

Texting in Texas: Texas AG Settlement Clarifies No Registration Needed for Consent-Based Text Messaging

Businesses that obtain consent prior to sending text marketing messages in Texas can breathe a cautious sigh of relief: the Texas Attorney General (Texas AG) has clarified that recent amendments to Texas’ telephone solicitation and telemarketing law enacted through Senate Bill 140 should not be interpreted to require such businesses to complete onerous registration requirements including posting of a $10,000 security bond and detailed disclosures about business owners, officers, directors and sales managers.

(more…)

Regulatory Update: National Association of Insurance Commissioners Summer 2025 National Meeting

The National Association of Insurance Commissioners (NAIC) held its Summer 2025 National Meeting (Summer Meeting) August 10–13, 2025. This blog summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Summer Meeting. Highlights include adoption of guidance on asset adequacy testing for reinsurance transactions, renewed focus on the risks of offshore reinsurance transactions, evaluation of insurers’ use of funding-agreement-backed note (FABN) and funding-agreement-backed securities (FABS) programs, and consideration of additional regulatory frameworks to address insurers’ use of artificial intelligence (AI).
(more…)

Texting in Texas: The State Expands Telemarketing Registration Requirements to Include Text Marketers

Texas has amended its telephone solicitation and telemarketing law (the Texas “mini-TCPA” — after the federal Telephone Consumer Protection Act) to require certain businesses that engage in text marketing to register with the Texas Secretary of State and make detailed disclosures, pay registration fees, and post a $10,000 security deposit. The amendments, which were enacted by Senate Bill 140 and went into effect on September 1, 2025, also make certain violations of the Texas mini-TCPA de facto violations of the state’s deceptive trade practices law, which includes a private right of action and can carry significant penalties. While the law includes several provisions that will likely exempt established businesses that obtain one-to-one opt-in consent for text marketing messages and other types of calls, in light of the substantial fines and private right of action, businesses will want to carefully review the application of these new amendments to their marketing programs.

(more…)

New Digital Health Ecosystem and HIPAA Flexibilities Facilitate Sharing of Patient Health Information

Earlier this month, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), released a new Frequently Asked Question (FAQ) related to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, which establishes national standards to safeguard “protected health information” or “PHI.”

(more…)