Insights

The General Services Administration (GSA) is seeking public comment on a new GSA Regulation clause, 552.239-7001, Basic Safeguarding of Data within Large Language Model Artificial Intelligence Systems (LLMs), governing data safeguards and requirements prime contractors must comply with when providing or using LLMs under federal contracts. This updated clause (Revised Clause) reflects substantial revisions from an earlier version released in March 2026 (Original Clause) that faced substantial pushback from industry. Where the Original Clause cast a wide net — imposing obligations broadly across AI systems with little differentiation among supply-chain participants — the Revised Clause is more narrowly tailored. The Revised Clause:

On June 5, 2026, President Trump issued National Security Presidential Memorandum (NSPM) 11 (NSPM-11) to accelerate AI adoption by the U.S. military and intelligence agencies. It directs updated AI management, acquisition, and use policies and seeks to compel AI companies to comply with Trump administration policies.  It calls for expanded training and enhanced security in collaboration with the private sector and orders the “termination for default or for convenience” of government contracts with AI companies that wish to limit how the government uses their products. NSPM-11 could also herald a major change in autonomous warfighting policy by directing the update of the Pentagon’s primary directive on autonomous weapon systems.

On June 2, 2026, President Trump signed a highly anticipated artificial intelligence and cybersecurity Executive Order, “Promoting Advanced Artificial Intelligence Innovation and Security” (the EO), directing several national security and civilian agencies to ramp up scrutiny of cutting-edge AI models and bolster federal cybersecurity defenses against AI-enabled threats.

Texas Attorney General (AG) Ken Paxton has embarked on an aggressive campaign of regulation through enforcement against some of the world’s largest technology companies.

On May 1, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. National Security Agency (NSA), the Australian Cyber Security Centre, the UK National Cyber Security Centre, the Canadian Centre for Cyber Security, and the New Zealand National Cyber Security Centre, published joint guidance on the “Careful Adoption of Agentic AI Services” (Guidance).

On April 30, 2026, the DOJ announced the launch of the Fraud Oversight through Careful Use of Statistics initiative (FOCUS) to increase coordination between the Department and the growing host of data miners who sift through publicly available government data to identify patterns of alleged fraud. The launch of FOCUS highlights a growing trend in False Claims Act (FCA) enforcement: civilian data miners with access to public data — but no other connection to the alleged defendants — are filing almost as many qui tam complaints as company insiders.

As companies and individuals increasingly embed AI tools in legal practice, courts are grappling with how to treat communications with, and information generated by, these tools. Chief among these questions is whether and in what circumstances attorney-client privilege and work-product protections as they are applied in different jurisdictions extend to AI-generated content or communications with an AI tool.

Meta continues to face lawsuits around the country alleging that its platforms are designed to induce compulsive use by children. In March 2026, a California jury delivered a landmark verdict that Meta and YouTube were liable for allegedly addictive platform features that resulted in a child’s mental health distress.  

In two recent pathbreaking judgments, juries in California and New Mexico held social media companies civilly liable for harming minors who used their products.

In its latest attempt to establish a national AI regulatory standard and quash “cumbersome” state AI laws, the White House on Friday, March 20, 2026, released legislative recommendations for a National Policy Framework on Artificial Intelligence. 

On March 6, 2026, the General Services Administration (GSA) issued a significant proposed contract clause, GSAR 552.239-7001, Basic Safeguarding of Artificial Intelligence Systems (“Clause”), for inclusion in GSA Schedule solicitations and contracts for AI capabilities.  The proposed clause would impose substantial new requirements related to AI sources, intellectual property rights, data use, change management, and performance standards.  The Clause would also take precedence over any other contract terms (including commercial licensing terms) related to AI, including a Seller’s terms of sale and service to which the Government had previously agreed.  GSA requests comments by March 20, 2026.

On February 26, 2026, the Senate Health, Education, Labor, and Pensions (HELP) Committee voted 22-1 to advance the Health Care Cybersecurity and Resiliency Act of 2026. Sponsored by a bipartisan group — led by HELP Committee Chair Senator Bill Cassidy (R-LA); and Senators Mark Warner (D-VA), Maggie Hassan (D-NH), and John Cornyn (R-TX) — the bill represents perhaps the most significant federal legislative effort to overhaul health care cybersecurity since the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, and would compel health care companies to make major investments in cybersecurity.

On March 6, 2026, the White House released its National Cyber Strategy (Strategy) and issued an accompanying Executive Order, “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens” (EO). These documents outline the administration’s priorities for combating cybercrime and call for coordination across the federal government and the private sector to invest in new technologies, continue innovation, and prioritize the United States’ cyber capabilities. Key sectors of concern include energy, financial services, telecommunications, data centers, water, and health care. The Strategy and EO encourage increased public-private coordination, signal greater latitude for private sector offensive cyber operations, prioritize securing critical infrastructure, elevate cybercrime as a national security priority, outline a path for victim compensation, and promote streamlining cyber regulations.

On February 13, 2026, the U.S. Department of Homeland Security (DHS) announced upcoming virtual town hall meetings scheduled for March 2026 regarding the implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).  The meetings will allow industry stakeholders to provide input to DHS to refine the “scope and burden” of the forthcoming CIRCIA final rule.

The National Institute of Standards and Technology (“NIST”) recently released draft guidelines for applying NIST’s Cybersecurity Framework to organizations adopting artificial intelligence. NIST requests public comments on its “Initial Preliminary Draft” Cybersecurity Framework Profile for Artificial Intelligence (the “Cyber AI Profile”) by midnight on January 30, 2026. 

In an important first, the yearly defense policy law, the National Defense Authorization Act (NDAA) for Fiscal Year 2026, directs the Department of Defense (DoD)  to develop and implement a framework addressing the cybersecurity and physical security of artificial intelligence and machine learning technologies (AI/ML) acquired by the Pentagon.

On December 4, 2025, an advisory committee of the U.S. Securities and Exchange Commission (SEC or Commission) voted to advance a recommendation that the agency issue guidance requiring issuers to disclose information about the impact of artificial intelligence (AI) on their companies.

On December 18, 2025, the Fiscal Year 2026 National Defense Authorization Act (FY 2026 NDAA) (P.L. 119-60) was signed into law. The Act makes significant changes to defense acquisition, sourcing restrictions, and interactions between the Defense Industrial Base (DIB) and the Department of Defense (DOD). 

In July 2025, President Trump signed Executive Order (EO) 14319, Preventing Woke AI in the Federal Government, to preclude the federal government from procuring artificial intelligence (AI) models that incorporate “ideological biases or social agendas,” including “diversity, equity, and inclusion.” The EO mandates that the federal government purchase only large language models (LLMs) developed according to two “Unbiased AI Principles” — that they be “truth-seeking” and show “ideological neutrality.” To implement these principles, the EO directed the Office of Management and Budget (OMB) to issue guidance.

On December 11, 2025, President Trump signed a much-anticipated Executive Order that seeks to forestall state regulation of artificial intelligence (AI) by threatening federal lawsuits and the withholding of some federal funds and calls for a national policy framework on AI. The Executive Order, Ensuring a National Policy Framework for Artificial Intelligence (EO), declares it the policy of the administration “to sustain and enhance the United States’ global AI dominance through a minimally burdensome national policy framework for AI.”