pexels-ramaz-bluashvili-26344937-7017138

The Trump Administration’s recent AI pronouncements decry “ideological bias or engineered social agendas” as antithetical to continued American AI leadership. Executive Order 14179, repealing prior Biden Administration Executive Order 14110 on AI safety, reflects that theme and so does Vice President Vance’s speech at the February 11 Paris AI summit. “We feel very strongly,” Vance remarked, “that AI must remain free from ideological bias.” The Trump Administration’s view appears to be that overzealous regulation, likely including nondiscrimination, safety, and transparency regulation, puts American AI development at a disadvantage. The release of DeepSeek undoubtedly reinforces such concerns. As White House Press Secretary Karoline Leavitt put it, “[DeepSeek] is a wake-up call to the American AI industry.”

Continue Reading Trump’s New AI Executive Order: Navigating the Conflicting Poles of AI Regulation
money-7923867_1280

In 2024, financial sector regulators prioritized cybersecurity issues impacting financial institutions and the public. Key U.S. federal agencies—including the Securities and Exchange Commission, Federal Trade Commission, and the Consumer Financial Protection Bureau—have been joined by state regulators such as the New York Department of Financial Services in significant new federal and state regulations and more robust and novel enforcement actions. This trend is expected to continue in 2025 as the rise of digital transactions and advent of AI introduce additional risks and cyberattacks become increasingly complex and prevalent.

Click here to read the full Ropes & Gray client alert.

pexels-tima-miroshnichenko-9574323

On January 22, 2025, the New York State Assembly and Senate rapidly passed the wide-ranging New York Health Information Privacy Act. If not vetoed by Governor Kathy Hochul, NY HIPA would be the fourth enacted state consumer health data privacy law, following the Washington My Health My Data Act, Nevada SB 370 and the Connecticut Data Privacy Act. Importantly, NY HIPA could have a significant impact on companies across the country that collect or process health information of New York residents.

Click here to read the full Ropes & Gray client alert.

lady-justice-2388500_1280

The U.S. Department of Justice (DOJ) announced last Wednesday that settlements and judgments under the False Claims Act (FCA) exceeded $2.9 billion in fiscal year 2024—up approximately 5% from last year. DOJ’s announcement underscores its commitment to FCA enforcement, particularly in the healthcare industry and now with increased activity in the areas of pandemic relief programs, military procurement, and cybersecurity.

Click here to read the full Ropes & Gray client alert detailing the key takeaways from DOJ’s press release, along with our key insights as companies try to anticipate what lies ahead.

ai-generated-9106907_1280

In December 2024, New York Governor Kathy Hochul signed into law two bills (A8872A and S2376B; collectively, the “Bills”) that amend New York’s Data Breach Notification Law.1 The Bills introduce a maximum thirty-day timeframe for notifying affected New York residents of a reportable “breach of the security of the system”2 under state law (a “Data Breach”), require Data Breaches to be reported to the New York State Department of Financial Services (“NYSDFS”), and add medical information and health insurance information to categories of private information that may be subject to a Data Breach. According to their legislative history, the Bills were introduced in order to address “a broad sense of uncertainty by experts and lawmakers as to which federal regulations, if any, [are] charged with the responsibility to monitor and do regular supervision on cybersecurity.”3 While the Bills are likely to have a limited effect on HIPAA covered entities and business associates, they stand to significantly impact other persons and businesses in New York, including life sciences and consumer health care companies that are not subject to HIPAA.

Click here to read the full Ropes & Gray client alert.

pexels-cottonbro-7578799

In December 2024, the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (“ASTP/ONC”) within the U.S. Department of Health and Human Services (“HHS”) published two final rules that establish health data interoperability and information blocking regulations (the “New HTI Final Rules”).

The New HTI Final Rules will affect Trusted Exchange Framework and Common Agreement (“TEFCA”) qualified health information networks (“QHINs”) and health care organizations that exchange data through QHINs, as well as developers of certified health information technology, health information exchanges and networks, and health care providers (collectively, “Actors”) that are subject to the Information Blocking Rule.

Click here to read the full Ropes & Gray client alert which summarizes key provisions of the New HTI Final Rules.

digitization-5231610_1280

On January 8, 2025, the Department of Justice (“DOJ”) published its Final Rule to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Final Rule”). This follows the DOJ’s publication of its Notice of Proposed Rulemaking (“NPRM”) in October 2024, and its Advance Notice of Proposed Rulemaking (“ANPRM”) earlier in 2024. (Ropes & Gray published alerts on the NPRM and ANPRM)

The Final Rule continues to assert the DOJ as a critical regulator of data transfers involving countries of concern or covered persons. Organizations transacting with entities or individuals located in or otherwise having relationships with the People’s Republic of China (including Hong Kong and Macau) (the “PRC”), Russia, Iran, North Korea, Cuba, and Venezuela should carefully review the Final Rule for potential impacts on their business models. The Final Rule prohibits certain data brokerage transactions and transactions involving human ‘omic data. The Final Rule also creates a set of restricted transactions involving vendor agreements, employment agreements, or investment agreements in which U.S. persons may engage only if they comply with a set of cybersecurity requirements. In tandem with the publication of the Final Rule, on January 8, 2025 Cybersecurity and Infrastructure Security Agency (“CISA”) published its final security requirements for restricted transactions.

Click here to read the full Ropes & Gray client alert for more detailed information.

24_1742_12 Days of Data_Graphic_102912

As a recent DataPhiles post explored, the threat to telecommunications infrastructure and private call records posed by foreign threat actors only continues to grow. In fact, at least one U.S. government agency has urged employees to avoid using mobile communications for any work-related activity. This has led private entities to wonder how they might protect the sensitive mobile communications of officers and employees.

Continue Reading New Year, New Threats: Practical Tips for Secure Communications after Salt Typhoon
24_1742_12 Days of Data_Graphic_102911

After its election to power in July 2024, the newly formed Labour government wasted little time in announcing its legislative priorities for the coming year. Unsurprisingly, these priorities included several proposed Bills relating to data protection, cybersecurity and digital regulation. At the time of writing, only one of these Bills—the Data (Use and Access) Bill (“DUAB”)—has been introduced to Parliament, with the others expected to follow in early 2025.

Continue Reading Meet the In-Laws: the UK’s Digital Legislative Agenda for 2025
24_1742_12 Days of Data_Graphic_102910

Cybersecurity and national security collided in significant ways in 2024, with governments and private-sector entities grappling with the legal, technical, and policy challenges of a rapidly evolving cyber landscape. Offensive cyber operations, questions of foreign ownership of social media companies, and the balance of power between the Executive and Legislative branches are just a few of the pressing issues shaping the modern landscape. OAs governments and private entities grapple with these challenges, the legal frameworks governing cybersecurity are evolving rapidly, offering both opportunities and risks for practitioners.

Continue Reading Deck the Halls with Cyber Walls: Navigating National Security in the Digital Age