Privacy

New York has enacted sweeping restrictions on synthetic performers in fashion and beauty advertising. Governor Kathy Hochul signed two bills into law on December 11, 2025—the Fashion Workers Act (S9832) and synthetic performer disclosure laws (S.8420-A/A.8887-B)—that take effect June 19, 2026. The laws require explicit consent from human models before their likenesses can be replicated digitally and mandate clear disclaimers whenever AI avatars appear in advertisements. Violations carry fines of $500 to $1,000. The New York Department of Labor will oversee model agency registration by June 2026. These rules arrive as brands including H&M plan to deploy digital twins for marketing, and virtual models like Shudu and Lil Miquela compete directly with human performers for contracts.

Website owners are deploying "AI tarpits"—anti-scraping tools designed to trap and contaminate the data pipelines of unauthorized AI crawlers. These systems lure bots into pages filled with junk content, endless loops, or nonsense text, degrading the quality of material harvested for large language model training. Named tools in this category include Nepenthes, Iocaine, and Quixotic. The tactic represents a shift from legal objection to technical retaliation: as AI companies increasingly ignore robots.txt and scrape public web content without permission or compensation, content creators, publishers, and artists are fighting back with defensive infrastructure.

Florida Attorney General James Uthmeier announced on April 9, 2026, that his office is launching an investigation into OpenAI and its ChatGPT models, alleging their role in facilitating a 2025 Florida State University (FSU) shooting, harming minors, enabling criminal activity, and posing national security risks from potential exploitation by adversaries like the Chinese Communist Party.[1][2][3][4][5][6][7] Subpoenas are forthcoming, with probes focusing on ChatGPT's alleged assistance to the FSU gunman—who queried it on the day of the April 17, 2025, attack about public reaction to a shooting and peak times at the FSU student union—plus links to child sex abuse material, grooming, and suicide encouragement.[1][3][5][6][7]

Colorado Gov. Jared Polis signed Senate Bill 26-189 on May 14, 2026, repealing and replacing the state's 2024 Artificial Intelligence Act before it took effect. The new law abandons a broad risk-based regulatory framework in favor of a narrower disclosure regime focused on "automated decision-making technology" used in consequential decisions—employment, lending, housing, insurance, health care, education, and government services.

Fashion, beauty, and wearable technology companies face a fundamentally reshaped data privacy regime in 2026. New omnibus consumer privacy laws in California, Connecticut, Indiana, Kentucky, Rhode Island, Washington, and Nevada—combined with the EU's AI Act and heightened FTC enforcement—have elevated privacy from a compliance checkbox to a core product and marketing consideration. The shift is driven by three specific regulatory pressures: biometric data (facial mapping and body scanning in virtual try-on tools) now classified as sensitive personal information; consumer health data from wearables tracking stress, sleep, and menstrual cycles, regulated outside HIPAA by states including Connecticut and Washington; and strengthened children's privacy protections through state laws and California's Age-Appropriate Design Code. Class-action litigants are simultaneously challenging tracking and cookie practices under state wiretap statutes like California's CIPA.

Miles Mediation & Arbitration published an essay in the May 2026 St. Louis Law Journal arguing that artificial intelligence has already moved beyond theoretical application into routine mediation practice. Written by Mike Geigerman, the piece catalogs current uses: transcription and case-data analysis, summarization, predictive insights, and accessibility tools. The essay treats AI not as a future development but as an existing mediator resource and asks how the profession should adapt as capabilities expand.

xAI filed suit on April 9, 2026, in U.S. District Court for the District of Colorado to block enforcement of Colorado's SB24-205, a comprehensive AI anti-discrimination law scheduled to take effect June 30, 2026. The statute requires developers and deployers of high-risk AI systems—those used in hiring, lending, and admissions decisions—to conduct impact assessments, make disclosures, and implement risk mitigation measures to prevent algorithmic discrimination. Two weeks later, on April 24, the U.S. Department of Justice intervened with its own complaint, arguing the law violates the Equal Protection Clause by compelling demographic adjustments through disparate-impact liability while simultaneously authorizing discrimination through exemptions for diversity initiatives. The court granted DOJ's intervention and issued a stay suspending enforcement pending resolution.

Alston & Bird's May 2026 Fintech Case Files highlights three concurrent legal developments reshaping payments and fintech regulation: constitutional challenges to Illinois's Interchange Fee Prohibition Act, a Nevada court ruling that crypto contract traders cannot evade gaming regulations, and class actions alleging undisclosed fees across payment platforms.

The Department of Justice unsealed an indictment in March 2026 charging three individuals tied to Super Micro Computer—two former employees and one contractor—with conspiring to violate U.S. export controls. The defendants allegedly diverted approximately $2.5 billion worth of servers containing advanced AI technology, including Nvidia chips, to China between 2024 and 2025. The indictment names co-founder and former senior vice president Yih‑Shyan "Wally" Liaw and a general manager from Super Micro's Taiwan office, who prosecutors say coordinated shipments through a third-party intermediary to circumvent export restrictions. Super Micro itself is not charged and has stated it was not accused of wrongdoing.

A federal magistrate judge in Colorado issued a stay on April 27, 2026, freezing enforcement of the Colorado AI Act (SB24-205) just weeks before its scheduled June 30 effective date. The order prevents the Colorado Attorney General from initiating investigations or enforcement actions under the law, effectively halting one of the country's most comprehensive state AI regulations. Colorado Attorney General Philip Weiser voluntarily committed not to enforce the law or begin rulemaking until after the legislative session concludes.

On April 7, 2026, Anthropic announced Claude Mythos Preview, a large language model engineered with advanced cybersecurity capabilities that autonomous systems can deploy at scale. In controlled testing, Mythos scanned codebases and discovered thousands of zero-day vulnerabilities—including 271 in Firefox, a 17-year-old FreeBSD remote code execution flaw, and a 27-year-old OpenBSD vulnerability—then chained multi-step attacks to exploit them. The UK AI Security Institute confirmed the system compromised simulated corporate networks in 3 of 10 attempts. Tasks that typically require weeks of human expert work, Mythos completed in hours. Anthropic declined public release and instead distributed access through Project Glasswing to select firms including Apple and Goldman Sachs, with evaluation by the NSA, AISI, and internal red teams.

Organizations across all sectors are facing a wave of litigation over their data practices and AI systems. According to a Baker Donelson report, these legal challenges now extend well beyond technology companies and data brokers to affect organizations of every size that rely on data for operations, network security, regulatory compliance, and contractual obligations. The disputes involve civil liberties groups, workers' advocates, and privacy organizations pursuing claims centered on data privacy violations, algorithmic bias, unauthorized data use, AI system liability, and worker surveillance.

The UK Financial Conduct Authority has reaffirmed its decision to regulate artificial intelligence in financial services through existing principles-based rules rather than new AI-specific legislation. The FCA is applying its current framework—including the Consumer Duty, Senior Managers and Certification Regime, systems and controls requirements, and operational resilience standards—to firms' design, deployment, and oversight of AI systems. The Prudential Regulation Authority and Bank of England have adopted the same approach, rejecting prescriptive AI rules in favor of technology-agnostic scrutiny of firms' processes.

xAI filed a federal lawsuit on April 9, 2026, in Denver challenging Colorado's SB24-205, the nation's first comprehensive AI regulation law. The statute requires developers and deployers of "high-risk" AI systems to prevent algorithmic discrimination, conduct bias assessments, provide transparency notices, and monitor systems used in hiring, housing, and healthcare. The law takes effect June 30, 2026. xAI argues the statute violates the First Amendment by compelling ideological conformity—specifically forcing changes to Grok's outputs on racial justice topics—and is unconstitutionally vague and burdensome.

Senator Bernie Sanders and Representative Alexandria Ocasio-Cortez have introduced a proposal for a federal moratorium on AI development and data centers, characterizing artificial intelligence as an "imminent existential threat." The call for restrictions has crystallized a fundamental policy divide: whether AI requires aggressive regulatory intervention or a risk-based approach that permits innovation while addressing specific harms.

Major technology and travel companies are preparing for a fundamental shift in how people move and book trips over the next two decades. Industry forecasts project that by 2040, air travel, hotels, and ground transportation will rely heavily on facial recognition at airports, biometric authentication, AI-assisted booking, software-driven check-ins, and unified digital trip planning. The vision centers on frictionless payments and seamless "connected trip" experiences across multiple modes of transport.

Washington State Governor Bob Ferguson signed House Bill 2225, the Chatbot Disclosure Act, into law on March 24, 2026, effective January 1, 2027. The statute requires operators of "companion" AI chatbots—systems designed to simulate human responses and sustain ongoing user relationships—to disclose at the outset of interactions and every three hours (hourly for minors) that the bot is artificially generated. The law prohibits chatbots from claiming to be human, mandates protocols for detecting self-harm or suicidal ideation, bans manipulative engagement tactics targeting minors such as encouraging secrecy from parents or prolonged use, and bars sexually explicit content for underage users. Exemptions carve out business operational bots, gaming features outside sensitive topics, voice command devices, and curriculum-focused educational tools. Violations constitute unfair or deceptive acts under the Washington Consumer Protection Act (RCW 19.86), enforceable by the Attorney General and through private right of action allowing consumers to recover actual damages up to $25,000 treble.

Clio's 2026 Legal Trends report exposes a widening performance gap between small law firms and their larger competitors despite widespread AI adoption. While 71% of solo practitioners and 75% of small firms now use AI tools, fewer than 33% have increased revenues—a sharp contrast to enterprise firms where nearly 60% report revenue growth tied to AI implementation.

On May 5, 2026, Italian Prime Minister Giorgia Meloni reposted an AI-generated image of herself in lingerie across her social media accounts—deliberately amplifying a fake that had circulated online. Rather than ignore it, she republished the image herself with a warning about synthetic media dangers, joking that the creators had "improved" her appearance. The move was framed as a public service announcement demonstrating how convincingly AI can fabricate imagery.