Insights

Professional
Practice
Industry
Region
Trending Topics
Location
Type

Sort by:

Client Alerts 433 results

Client Alert | 1 min read | 07.08.26

Crowell & Moring and Crowell GovCon Strategies at Farnborough International Airshow 2026

We are pleased to announce that Crowell & Moring and Crowell GovCon Strategies will be exhibiting at Farnborough International Airshow (FIA 2026), one of the world's premier aerospace, defence and space events. FIA is where the aerospace, defence and space industry comes together. It is where deals are made, partnerships are formed, and the future direction of the sector takes shape. For businesses operating in this environment, navigating complex regulation, competing for government contracts, protecting critical intellectual property and managing international trade across multiple jurisdictions demands the right legal and strategic counsel.
...

Client Alert | 7 min read | 07.08.26

Illinois Imposes Transparency and Safety Obligations on Frontier AI Systems

On July 6, 2026, Illinois Governor JB Pritzker signed SB 315, the Artificial Intelligence (AI) Safety Measures Act (the Illinois Act), to establish a framework for AI safety, transparency, and accountability for the world’s most powerful AI models. The governor’s approval follows unanimous passage of the bill by the Illinois House and nearly-unanimous support in the Illinois Senate in May. 
...

Client Alert | 2 min read | 07.07.26

Time for a Change: FedRAMP Fundamentally Revamps Program With Consolidated Rules for 2026

On June 25, 2026, the Federal Risk & Authorization Management Program (FedRAMP) launched its Consolidated Rules for 2026, marking a significant turning point in how the U.S. government administers security authorizations of private sector cloud offerings. The Consolidated Rules apply to all variants of the FedRAMP ecosystem, including legacy "Rev5" authorization holders, as well as future certifications under the new 20x program. Importantly, the Rules are intended in part to transition Rev5 authorizations over to 20x, with the Rev5 authorization status expected to terminate by the end of 2028. 
...

Client Alert | 4 min read | 07.06.26

House Advances Bipartisan Kids' Online Safety Bill, But Senate Showdown Looms

On June 22, 2026, House Energy and Commerce Committee Chairman Brett Guthrie (R-Ky.) and Ranking Member Frank Pallone (D-N.J.) announced a bipartisan agreement on a revised version of the KIDS Act (H.R. 7757), marking the most significant congressional advance on children's online safety legislation in years. The House passed H.R. 7757, as amended, on June 29, 2026, setting up a potential showdown with the Senate. The revised KIDS Act consolidates elements of 14 pending legislative proposals — including KOSA and COPPA 2.0, both of which have previously passed the Senate and cleared the House Energy and Commerce Committee — into a single, comprehensive framework. The announcement, however, was met immediately with objections from Senate sponsors and civil liberties groups, underscoring the difficult legislative road ahead.
...

Client Alert | 4 min read | 06.25.26

Twin Executive Orders Seek to Spur Quantum Leap in Technology and Cybersecurity

On June 22, 2026, President Trump signed two executive orders, “Securing the Nation Against Advanced Cryptographic Attacks” (Quantum Security EO) and “Ushering in the Next Frontier of Quantum Innovation” (Quantum Innovation EO), marking the most significant federal action on quantum technology since the Quantum Computing Cybersecurity Preparedness Act of 2022, which directed agencies to harden their information systems against quantum-enabled hacking. The orders seek to speed the development of quantum computers, which are advanced processors that can calculate multiple possibilities simultaneously and thus solve problems exponentially faster than traditional computers. At the same time, the orders look to protect against the danger that quantum technology can “break” traditional encryption by easily decoding it. Of particular note for government contractors, the Quantum Security EO directs agencies to update federal acquisition regulations to require contractors by 2031 to adopt information processing standards that resist quantum-enabled codebreaking.
...

Client Alert | 6 min read | 06.17.26

GSA Issues Proposed AI Contract Clause, Seeks Feedback

The General Services Administration (GSA) is seeking public comment on a new GSA Regulation clause, 552.239-7001, Basic Safeguarding of Data within Large Language Model Artificial Intelligence Systems (LLMs), governing data safeguards and requirements prime contractors must comply with when providing or using LLMs under federal contracts. This updated clause (Revised Clause) reflects substantial revisions from an earlier version released in March 2026 (Original Clause) that faced substantial pushback from industry. Where the Original Clause cast a wide net — imposing obligations broadly across AI systems with little differentiation among supply-chain participants — the Revised Clause is more narrowly tailored. The Revised Clause:
...

Client Alert | 13 min read | 06.12.26

EU Cyber Resilience Act Countdown: 11 September 2026 Incident/Vulnerability Reporting Deadline Less Than 100 Days Away

The EU Cyber Resilience Act (CRA) is an EU product cybersecurity law for connected products (formally, “products with digital elements” under the CRA) commercialized in the EU; it entered into force on 10 December 2024, with direct application across the EU. Full application begins 11 December 2027, but one of its most operationally demanding provisions takes effect in just under 100 days, on 11 September 2026: the mandatory vulnerability and incident reporting under Article 14 CRA.
...

Client Alert | 4 min read | 06.12.26

National Security Memorandum Aims to Accelerate Deployment of AI and Streamline Procurement Aligned to Administration Policies

On June 5, 2026, President Trump issued National Security Presidential Memorandum (NSPM) 11 (NSPM-11) to accelerate AI adoption by the U.S. military and intelligence agencies. It directs updated AI management, acquisition, and use policies and seeks to compel AI companies to comply with Trump administration policies.  It calls for expanded training and enhanced security in collaboration with the private sector and orders the “termination for default or for convenience” of government contracts with AI companies that wish to limit how the government uses their products. NSPM-11 could also herald a major change in autonomous warfighting policy by directing the update of the Pentagon’s primary directive on autonomous weapon systems.
...

Client Alert | 6 min read | 06.03.26

Executive Order Creates Voluntary Regulatory Regime of Frontier AI Models

On June 2, 2026, President Trump signed a highly anticipated artificial intelligence and cybersecurity Executive Order, “Promoting Advanced Artificial Intelligence Innovation and Security” (the EO), directing several national security and civilian agencies to ramp up scrutiny of cutting-edge AI models and bolster federal cybersecurity defenses against AI-enabled threats.
...

Client Alert | 8 min read | 05.28.26

Texas Targets Big Tech With Wave of Suits and Investigations, Part of Nationwide Trend

Texas Attorney General (AG) Ken Paxton has embarked on an aggressive campaign of regulation through enforcement against some of the world’s largest technology companies.
...

Client Alert | 7 min read | 05.27.26

Colorado Hits Reset on AI Regulation: SB 26-189 Repeals and Reenacts the Colorado AI Act

Colorado’s original AI Act (SB 24-205), signed in May 2024, imposed broad obligations on developers and deployers of “high-risk AI systems” — including requiring risk management programs, impact assessments, and affirmative steps to prevent algorithmic discrimination across employment, housing, lending, insurance, health care, and education decisions. The operative date for SB 24-205 was extended twice, and a court temporarily suspended enforcement in early 2026, following a lawsuit filed by xAI, which the U.S. Department of Justice (DOJ) intervened to support. Industry feedback on SB 24-205 was generally negative. In response to this environment, Colorado’s legislature undertook a rewrite, drafting and passing SB 26-189 in a matter of weeks. SB 26-189 reflects the legislature’s effort to preserve the policy goal of filling the AI oversight vacuum given the lack of a comprehensive federal law, but within a more workable compliance framework.
...

Client Alert | 7 min read | 05.19.26

American and Allied Cyber Agencies Issue First Joint Guidance on Securing Agentic AI

On May 1, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. National Security Agency (NSA), the Australian Cyber Security Centre, the UK National Cyber Security Centre, the Canadian Centre for Cyber Security, and the New Zealand National Cyber Security Centre, published joint guidance on the “Careful Adoption of Agentic AI Services” (Guidance).
...

Client Alert | 3 min read | 05.14.26

CISA’s “CI Fortify” Initiative Signals New Expectations for Critical Infrastructure Resilience: What Operators and Vendors Need to Know

On May 5, 2026, CISA announced CI Fortify — an initiative directing critical infrastructure owners and operators to prepare for geopolitical conflict in which OT networks are actively targeted while communications infrastructure is simultaneously degraded.
...

Client Alert | 7 min read | 05.06.26

Artificial Intelligence and Human Resources in the EU - Part 2: AI Literacy - Employer AI Literacy Obligations under the EU AI Act

The EU AI Act defines ‘AI literacy’ as the skills, knowledge and understanding to enable the informed use and operation of AI systems and increase awareness of the opportunities, risks and possible harm that AI systems may present — with the ultimate purpose being to ensure that staff (and other relevant individuals) are able to take informed decisions in relation to AI, such as how to interpret AI output and decision-making processes and their impact on natural persons.
...

Client Alert | 4 min read | 05.06.26

Genetic Data and Artificial Intelligence Training Following Acquisitions: Emerging Litigation Risk and a Rapidly Expanding State Regulatory Landscape

Several recent class actions filed against Tempus AI, Inc., a health care technology company that combines AI with molecular and clinical data to develop precision medicine services, are the latest in a series of cases illustrating a fast-growing legal risk: the repurposing of genetic and clinical data — collected for diagnostic or treatment purposes — for artificial intelligence (AI) model training, analytics, and downstream commercialization following corporate acquisitions. At the same time, state genetic privacy regulation is expanding rapidly, with Utah and South Dakota being the most recent states to enact new statutes, and legislation advancing in several additional states. Organizations holding genetic datasets need to treat data governance as a core enterprise risk issue, not a downstream compliance matter.
...

Client Alert | 6 min read | 05.04.26

Japan’s Sovereign Cloud Commitment at the U.S.-Japan Summit: Defense Interoperability, Not Just Digital Policy

On March 19, 2026, President Donald Trump and Japanese Prime Minister Sanae Takaichi met at the White House and announced a series of initiatives to strengthen the U.S.-Japan alliance. Among the defense cooperation announcements, the White House fact sheet noted that “[t]he United States welcomed Japan’s commitment to develop a secure and sovereign cloud platform for government data to enhance bilateral information sharing, planning, and coordination.”[1] While it is a single sentence in a wide-ranging Summit document, the commitment represents a step in the growing architecture of allied sovereign cloud infrastructure. If this is operationalized, it will have important implications for defense, intelligence, and cloud services markets. This announcement follows the October 2025 Trump-Takaichi Summit in Tokyo, where the two governments agreed to launch a bilateral working group to deepen mutual understanding on cloud security technical standards and requirements—explicitly including U.S. experience with secure and sovereign cloud development—and to invite Japanese and American firms to participate.[2]
...

Client Alert | 8 min read | 05.01.26

Pre-Approved: ICO Publishes Guidance on "Recognised Legitimate Interests”

In March 2026, the UK Information Commissioner (ICO) published guidance on the new lawful basis for processing personal data introduced by the Data (Use and Access) Act 2025 (DUAA): the recognised legitimate interest (RLI) lawful basis. Controllers may now rely upon one of five pre-approved conditions, each focused on specific public-interest justifications, for personal data processing.
...

Client Alert | 5 min read | 04.27.26

Drift Protocol Exploit: Why “Social Trust” Is the Newest Cybersecurity Gap

The recent $285 million theft from Drift Protocol serves as a high-stakes reminder that the human element remains one of the biggest cybersecurity gaps in any organization. This was not a “hack” in the traditional sense of breaking through a digital wallet. North Korean actors used sophisticated social engineering to exploit human trust ―  highlighting what looks like a “hacking” risk into valuable lessons learned for cybersecurity oversight.
...

Client Alert | 3 min read | 04.23.26

Crowell Tracker of Court Rulings on Legal Privilege and Artificial Intelligence Tools

As companies and individuals increasingly embed AI tools in legal practice, courts are grappling with how to treat communications with, and information generated by, these tools. Chief among these questions is whether and in what circumstances attorney-client privilege and work-product protections as they are applied in different jurisdictions extend to AI-generated content or communications with an AI tool.
...

Client Alert | 2 min read | 04.23.26

Two Lawsuits in One: The Growing Risk of Pairing Biometric Tech With Wage-and-Hour Violations

On April 16, 2026, a complaint alleging a putative class and collective action was filed in the U.S. District Court for the Northern District of Illinois, alleging that a property management company violated Illinois’ biometric privacy law through the use of its biometric timekeeping software. The complaint, which begins with the statement that “[t]his is a wage theft and privacy case,” emphasizes the legal risks that may arise when employers deploy biometric timekeeping technology without adequate compliance measures, particularly in Illinois, one of the most employee-protective states for biometric privacy claims.
...