Insights

Last year, the California General Assembly passed the California AI Transparency Act (CAITA), which Governor Gavin Newsom signed into law on September 19, 2024, and goes into effect on January 1, 2026. This may change because this year, the same General Assembly passed AB 853, an amendment to CAITA with potentially far-reaching implications.

On September 9, 2025, the Ninth Circuit Court of Appeals affirmed a district court’s denial of a preliminary injunction as to certain provisions of California’s Protecting Our Kids from Social Media Addiction Act. This interlocutory ruling is significant for two reasons. First, it demonstrates why and how state laws can withstand and avoid First Amendment challenges. Second, it showcases the potential difficulties in establishing associational standing on behalf of member technology and digital commerce companies.

On September 29, 2025, California Governor Gavin Newsom signed into law Senate Bill 53, the Transparency in Frontier Artificial Intelligence Act (TFAIA). This landmark legislation represents California’s most significant regulation to date of AI developers.

The Really Simple Licensing Collective (“RSL Collective”), a nonprofit dedicated to creating collective licensing solutions for content creators and publishers, has announced Really Simple Licensing (“RSL”), a new standard designed to stop crawlers from scraping websites for content without permission or compensation. If adopted, RSL could have major implications for both online platforms and the AI technologies that source content for training data from them.

After months of anticipation, the Senate has received a nomination for a Commissioner of the U.S. Consumer Product Safety Commission (CPSC). 

E&E News reported that EPA will continue to operate during the shutdown relying on “carryover funds.” Carryover funds generally are unspent and unobligated funds from a previous budget period that are carried forward to cover allowable costs in a future budget period. There is no indication how long EPA’s carryover funds will allow all EPA employees to continue working versus those that are “exempted” or “excepted” personnel, meaning they can continue to work either because they are separately funded (“exempted) or must continue to work because of their position (“excepted), such as emergency responders or criminal agents.

The U.S. Consumer Product Safety Commission (CSPC) issued its Lapse Plan in advance of the federal government shutdown. The CSPC will furlough 35% of full-time employees, with the overwhelming majority of those retained focused on “protect[ing] life and property.” Under the Lapse Plan, consumer-oriented programs and, notably, civil penalties, will pause for the duration of any shutdown.

On September 24, 2025, the California Air Resources Board (“CARB”) issued a preliminary list of reporting/covered entities under California’s climate disclosure laws SB 253 (the Climate Corporate Data Accountability Act) and SB 261 (the Climate-Related Financial Risk Act) (the “Climate Disclosure Laws”) (both as modified by SB 219).

California Governor Gavin Newsom has until October 12, 2025, to sign into law a first-in-the-nation bill that will, if enacted, likely impose significant regulatory obligations and litigation risk on companies deploying AI chatbots in California.

On September 9, 2025, the California Privacy Protection Agency (“CPPA”), along with California Attorney General Rob Bonta, Colorado Attorney General Phil Weiser, and Connecticut Attorney General William Tong, (collectively the “Coalition”) announced a joint investigative sweep (the “Sweep”) into businesses refusing to honor consumers' requests to opt-out of the sale of their personal information submitted via Global Privacy Controls (“GPCs”). This Sweep is another action in a growing trend of multi-state cooperation in data privacy enforcement activities. Given the continued lack of a federal data privacy law, state cooperation and enforcement activities are expected to continue.

In 2023, California passed two landmark laws—SB 253, the Climate Corporate Data Accountability Act; and SB 261, the Climate-Related Financial Risk Act—that will require large public and privately-held entities doing business in California to comply with sweeping disclosure requirements regarding their direct and indirect greenhouse gas emissions and their climate-related financial risks. California subsequently passed SB 219, which updated certain deadlines and requirements of the laws (collectively, the “Climate Disclosure Laws”).

On August 21, the Supreme Court, in National Institutes of Health v. American Public Health Association, granted the government’s application for a stay of the district court’s order vacating NIH’s termination of various research grants. The Court denied the government’s application with respect to the district court’s vacatur of related internal guidance documents. The Court’s order impacts federal government grantees who wish to challenge grant terminations in federal court.

A California Court of Appeal recently provided employers with a wage and hour victory and meal period guidance in Bradsbery v. Vicar Operating, Inc. As a matter of first impression, the Court held that upon hire, employees can prospectively waive all meal periods owed during any five-to-six-hour shifts they will work throughout the course of their employment. This decision provides helpful guidance for employers seeking to implement enforceable meal period waivers.

On 8 August, the UK Department for Science, Innovation & Technology (“DSIT”) published a report titled “Emerging technologies and their effect on cyber security” (the “Report”). It examines how the convergence of AI, IoT, Quantum, Edge Computing, Blockchain and other emerging technologies is transforming the cyber threat landscape. We’ve summarised below some of their key findings and takeaways. In the pursuit of growth and efficiencies many companies are considering how to adopt emerging technology into their operational processes, and the Report provides a useful guide as to emerging cyber risks and where the UK Government’s attention is focused as it launches the Cyber Resilience Bill later this year.

On August 5, 2025, Royal Sovereign International Inc. (Royal Sovereign), a defunct New Jersey importer of portable air conditioners, pled guilty to one count of willfully violating the Consumer Product Safety Act (CPSA) for its failure to report dangerous defects in portable air conditioners that had been linked to multiple fires and one death. The company also agreed to a civil settlement with the Department of Justice and the Consumer Product Safety Commission (CPSC) that included $395,786.48 in restitution to victims and a $16,025,000 civil penalty, which was suspended to $100,000 for inability to pay.

On July 24, 2025, President Trump signed an Executive Order titled “Saving College Sports” (the “Order”). The White House also released an accompanying Fact Sheet regarding the Order.

Over the past several months, Missouri and Florida have gone on the offensive against the nation’s largest proxy advisors related to what they deemed “radical” agendas in providing proxy advice. In Texas, two of the largest proxy advisors, Institutional Shareholder Services Inc. (ISS) and Glass, Lewis & Co., LLC (“Glass Lewis”), punched first, filing separate complaints in federal court against Texas Attorney General Ken Paxton in his official capacity, challenging the facial and as applied constitutionality of Senate Bill 2337 (“S.B. 2337” or “the Act”). The Act would require all proxy advisory services to disclose advice or recommendations that are “not provided solely in the financial interest of the shareholders of a company.” Advice and/or a recommendation is defined as being “for nonfinancial reasons” when it “is wholly or partly based on, or otherwise takes into account, one or more nonfinancial factors” including “an environmental, social, or governance (ESG) goal,” “diversity, equity, or inclusion (DEI)”, or “a social credit or sustainability factor or score.” Both Glass Lewis and ISS seek declaratory and injunctive relief enjoining the enforcement of S.B. 2337 as unconstitutional under the First and Fourteenth Amendments. Specifically, they allege the Act violates the First Amendment’s prohibition against viewpoint discrimination, infringes upon their freedom of association, and is unconstitutionally vague. Glass Lewis also argues that the Act violates the Dormant Commerce Clause, and that it is preempted by the Employment Retirement Income Security Act of 1974 (“ERISA”).

On July 23, 2025, the White House released Winning the Race: America’s AI Action Plan (“the Plan”) the Trump Administration’s most significant policy statement on artificial intelligence to date.

Open source data and software play a foundational role in software development, artificial intelligence (AI), education, and research. Open source AI refers to systems where the source code, model parameters, and related components are freely available for anyone to use, study, modify, and distribute.

On July 14, 2025, the FTC announced its enforcement action against telemedicine company NextMed over charges it used misleading prices, fake reviews and deceptive weight-loss claims to sell GLP-1 weight-loss drugs. The FTC has now settled its charges that NextMed used deceptive practices to lure consumers into buying their weight-loss membership programs that had hidden terms and conditions. With the rise of both authentic and counterfeit GLP-1s throughout the nation and the proliferation of the availability of GLP-1s from telemedicine/telehealth companies, online pharmacies and medspas, this announcement is a sign that the federal government will actively monitor these entities to ensure consumers are getting genuine, authentic GLP-1s, that consumers are making informed decisions about weight-loss drugs, and that consumers are not being deceived and duped in the frenzy over GLP-1s.