On 26 May 2026, Spain’s Council of Ministers approved a draft Organic Law on the proper use and governance of artificial intelligence, aligning Spain’s national law with Regulation (EU) 2024/1689 (the “EU AI Act”). The legislation aims to create a framework for trustworthy, human‑centric AI, combining regulatory oversight while supporting innovation.
Governance and designated
Quantum computing is poised to profoundly reshape the cybersecurity landscape, with significant legal and regulatory implications. By introducing fundamentally different computational methods, enabling the simultaneous processing of multiple possibilities, quantum computing has the potential to undermine and ultimately render many traditional encryption techniques ineffective. The result is a significant systemic risk across critical infrastructures, including
The UK Government’s legislative agenda, set out in the King’s Speech on 13 May 2026, places cybersecurity and digital resilience firmly at the centre of national policy. Against a backdrop of increasing geopolitical instability and rapidly evolving technological risks, the proposed measures continue the shift towards a more interventionist and systemic approach to safeguarding the
On May 8, 2026, California Attorney General Rob Bonta — joined by the District Attorneys of San Francisco, Los Angeles, Napa, and Sonoma Counties, with support from the California Privacy Protection Agency (CalPrivacy) — announced a $12.75 million settlement with General Motors and OnStar (collectively, “GM”) over the alleged unlawful sale of California drivers’ geolocation
The KRITIS Umbrella Act (Dachgesetz zur Stärkung der physischen Resilienz kritischer Anlagen – KRITISDachG) has been in effect since March 17, 2026. For operators of critical infrastructure in Germany, this means: new obligations, tight deadlines, and hefty fines require swift action. For the first time, the law establishes a cross-sector legal framework to strengthen physical
The SECURE Data Act 2026 and GUARD Financial Data Act were introduced on April 22, 2026. This legislation would impose major data restrictions and requirements across the U.S. economy. The bill would give the U.S. Department of Commerce and the Federal Trade Commission (FTC) expanded powers to oversee data collection and use.
The SECURE Data
The Senate Commerce Committee held an oversight hearing of the Federal Trade Commission (FTC) on April 15, 2026, its first in six years. Chairman Andrew Ferguson testified that the FTC policy focus will be combating hidden fees and misleading pricing practices by avoiding misleading representations about pricing and clearly disclosing total cost up front.
The
On April 7, 2026, the Alabama legislature unanimously passed House Bill 351, the Alabama Personal Data Protection Act. The bill cleared the House 104-0 and the Senate 34-0, making Alabama the 21st state to enact a comprehensive consumer privacy statute. If signed by Governor Kay Ivey, the law will take effect on May 1,
In 2024, the Illinois General Assembly amended the Illinois Biometric Information Privacy Act (“BIPA”) to clarify that an individual cannot seek recovery for multiple alleged violations of BIPA when those violations concern the same person, defendant entity, and method of collection.
On April 1, 2026, the Seventh Circuit issued its decision in Clay v. Union
Organisations are increasingly turning to AI-enabled tools throughout the recruitment lifecycle, from CV filtering and suitability scoring to online assessments and behavioural analysis. These tools can offer real advantages, including faster hiring processes and the potential to reduce human bias that inevitably exists in traditional recruitment. However, their use often creates a tension with data
