Insights

The EU AI Act defines ‘AI literacy’ as the skills, knowledge and understanding to enable the informed use and operation of AI systems and increase awareness of the opportunities, risks and possible harm that AI systems may present — with the ultimate purpose being to ensure that staff (and other relevant individuals) are able to take informed decisions in relation to AI, such as how to interpret AI output and decision-making processes and their impact on natural persons.

Meta continues to face lawsuits around the country alleging that its platforms are designed to induce compulsive use by children. In March 2026, a California jury delivered a landmark verdict that Meta and YouTube were liable for allegedly addictive platform features that resulted in a child’s mental health distress.  

Last month, in a ruling that may carry significant implications for the artificial intelligence industry, a California federal court held that state tort and contract claims related to the training of AI models were not preempted by federal law and could proceed in state court. Because many AI models were trained in a similar fashion---by scraping data from online posts and repositories---the decision suggests other plaintiffs may bring such claims in state courts, in addition to federal claims of copyright infringement.

In two recent pathbreaking judgments, juries in California and New Mexico held social media companies civilly liable for harming minors who used their products.

The National Institute of Standards and Technology (“NIST”) recently released draft guidelines for applying NIST’s Cybersecurity Framework to organizations adopting artificial intelligence. NIST requests public comments on its “Initial Preliminary Draft” Cybersecurity Framework Profile for Artificial Intelligence (the “Cyber AI Profile”) by midnight on January 30, 2026. 

2026 will be a significant year for retailers and e-commerce companies, with significant changes on the horizon that will affect the entire industry and ecosystem. Potential headwinds and developments in product safety, pricing, artificial intelligence, data privacy, website compliance, and environmental responsibility are expected. But amidst these changes, there are likely significant opportunities that retail and e-commerce businesses can capitalize on.

In July 2025, President Trump signed Executive Order (EO) 14319, Preventing Woke AI in the Federal Government, to preclude the federal government from procuring artificial intelligence (AI) models that incorporate “ideological biases or social agendas,” including “diversity, equity, and inclusion.” The EO mandates that the federal government purchase only large language models (LLMs) developed according to two “Unbiased AI Principles” — that they be “truth-seeking” and show “ideological neutrality.” To implement these principles, the EO directed the Office of Management and Budget (OMB) to issue guidance.

On December 11, 2025, President Trump signed a much-anticipated Executive Order that seeks to forestall state regulation of artificial intelligence (AI) by threatening federal lawsuits and the withholding of some federal funds and calls for a national policy framework on AI. The Executive Order, Ensuring a National Policy Framework for Artificial Intelligence (EO), declares it the policy of the administration “to sustain and enhance the United States’ global AI dominance through a minimally burdensome national policy framework for AI.”

California continues its blistering pace in enacting artificial intelligence regulations. In 2024 alone, California enacted 18 AI-related bills seeking to regulate AI tools and increase transparency around AI data disclosure.

Major changes have been proposed to EU AI, data and wider digital laws. On 19th November 2025, the European Union Commission issued its much anticipated Digital Omnibus Regulation Proposal, (the “Digital Omnibus”) and also its Digital Omnibus on AI Regulation Proposal, (the “AI Omnibus”). The mooted changes potentially impact the “Brussels effect” seen post GDPR and add potential complexities to the compliance efforts of businesses.

On October 23rd, the U.S. Department of Energy (“DOE”) sent a letter to the Federal Energy Regulatory Commission (“FERC”) containing an Advance Notice of Proposed Rulemaking (“ANOPR”) with principles for all large load interconnections across the US, including those co-located with generating facilities.[1] Significantly, the Secretary of Energy states that the interconnection of large loads to the transmission system “falls squarely” within FERC’s jurisdiction, thus weighing in on a dispute that has been pending before FERC for over a year. This move appears to be a reaction to the continued pendency before FERC of the colocation dockets[2] and a technical conference on colocation held almost a year ago.[3]

Last year, the California General Assembly passed the California AI Transparency Act (CAITA), which Governor Gavin Newsom signed into law on September 19, 2024, and goes into effect on January 1, 2026. This may change because this year, the same General Assembly passed AB 853, an amendment to CAITA with potentially far-reaching implications.

On September 9, 2025, the Ninth Circuit Court of Appeals affirmed a district court’s denial of a preliminary injunction as to certain provisions of California’s Protecting Our Kids from Social Media Addiction Act. This interlocutory ruling is significant for two reasons. First, it demonstrates why and how state laws can withstand and avoid First Amendment challenges. Second, it showcases the potential difficulties in establishing associational standing on behalf of member technology and digital commerce companies.

On September 29, 2025, California Governor Gavin Newsom signed into law Senate Bill 53, the Transparency in Frontier Artificial Intelligence Act (TFAIA). This landmark legislation represents California’s most significant regulation to date of AI developers.

The states of the Persian Gulf are moving rapidly to establish themselves as global centers of investment and innovation in artificial intelligence (AI). The Kingdom of Saudi Arabia, the United Arab Emirates (UAE), and the State of Qatar are making substantial outlays in technology and infrastructure as they seek to diversify their economies away from oil. As important, their governments are implementing digital regulations and AI strategies in a bid to attract foreign investment and develop technology companies that can go toe-to-toe with American and European competitors. 

California Governor Gavin Newsom has until October 12, 2025, to sign into law a first-in-the-nation bill that will, if enacted, likely impose significant regulatory obligations and litigation risk on companies deploying AI chatbots in California.

On 8 August, the UK Department for Science, Innovation & Technology (“DSIT”) published a report titled “Emerging technologies and their effect on cyber security” (the “Report”). It examines how the convergence of AI, IoT, Quantum, Edge Computing, Blockchain and other emerging technologies is transforming the cyber threat landscape. We’ve summarised below some of their key findings and takeaways. In the pursuit of growth and efficiencies many companies are considering how to adopt emerging technology into their operational processes, and the Report provides a useful guide as to emerging cyber risks and where the UK Government’s attention is focused as it launches the Cyber Resilience Bill later this year.

On 11 July 2025, the European Commission published the final version of its Code of Practice for General-Purpose Artificial Intelligence (GPAI). This Code is meant to serve as a tool for GPAI model providers, helping them to comply with the transparency, copyright and security provisions governing general-purpose AI models as set out in the AI Act (arts. 53 and 55), which will become applicable on 2 August 2025. Adherence to the Code is on a voluntary basis.

Last week, artificial intelligence companies won two significant copyright infringement lawsuits brought by copyright holders, marking an important milestone in the development of the law around AI. These decisions – Bartz v. Anthropic and Kadrey v. Meta (decided on June 23 and 25, 2025, respectively), along with a February 2025 decision in Thomson Reuters v. ROSS Intelligence – suggest that AI companies have plausible defenses to the intellectual property claims that have dogged them since generative AI technologies became widely available several years ago. Whether AI companies can, in all cases, successfully assert that their use of copyrighted content is “fair” will depend on their circumstances and further development of the law by the courts and Congress.

On Friday, May 9, 2025, the U.S. Copyright Office released the third (pre-publication) installment in a series of reports regarding the intersection of artificial intelligence (AI) and copyright law.[1]  This report addresses the legal implications of training generative AI models using copyrighted materials.[2]