GT Alert

On May 31, 2025, the Texas Legislature passed House Bill 149, the Texas Responsible Artificial Intelligence Governance Act (TRAIGA). TRAIGA sets forth disclosure requirements for government entity AI developers and deployers, outlines prohibited uses of AI, and establishes civil penalties for violations. On June 2, 2025, the bill was sent to the governor of Texas for review and signed into law on June 22.

Continue Reading TRAIGA: Key Provisions of Texas’ New Artificial Intelligence Governance Act

DOJ’s new Data Security Program (DSP), effective April 8, 2025, imposes significant restrictions on U.S. government contractors and global companies that handle sensitive U.S. personal or government-related data. The DSP is currently subject to a 90-day initial enforcement period, After July 8, 2025, NSD will implement full enforcement of the DSP.
Continue Reading DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities

Six months after the SEC’s Cybersecurity Incident Disclosure Rule (SEC Rule) came into force, an April 2024 GT Alert summarized disclosure trends. The GT Alert identified that the companies who filed a mandatory form 8-K disclosing a cybersecurity incident had erred on the side of caution, hedged on whether the materiality threshold had been met

On Jan. 15, 2025, the Department of Defense (DoD), General Services Administration, and NASA, all members of the FAR Council, published a proposed FAR CUI Rule under Title 48 of the CFR. This proposed rule amends the Federal Acquisition Regulation (FAR) to implement the third and final piece of the National Archives and Records Administration’s

The European Data Protection Board (EDPB) has recently (re)positioned itself on several controversial topics and published three new guidelines and opinions. Although not legally binding, they do have a significant influence on proceedings before the supervisory authorities and courts. This GT Alert discusses the EDPB’s new guidelines and their implications for companies dealing with personal

On Oct. 21, 2024, the OMB Office of Information and Regulatory Affairs (OIRA) concluded its regulatory review of the long-awaited Federal Acquisition Regulation Controlled Unclassified Information Rule (FAR CUI Rule), clearing the proposed rule’s path for publication in the Federal Register in 2024.

The FAR CUI Rule is being issued pursuant to Executive Order 13556

On Oct. 14, 2024, the Department of Defense (DoD) published the final rule that would implement the Cybersecurity Maturity Model Certification 2.0 (CMMC) Program under 32 CFR Part 170 (Final Rule) to the Federal Register. The Final Rule comes less than 10 months after DoD published the proposed rule, which yielded approximately 361 submissions

On Aug. 15, 2024, the Department of Defense (DoD) published a proposed rule that would implement contract clauses under 48 CFR related to the Cybersecurity Maturity Model Certification (CMMC) Program (Proposed Rule). DoD previously published a related proposed rule that would implement the CMMC 2.0 Program under 32 CFR 170 and provided the relevant security

On Aug. 2, 2024, Illinois Gov. J.B. Pritzker signed SB 2979 into law, amending BIPA in two ways: significantly limiting potential damages and updating the Act’s definition of “written release” to include an “electronic signature.”

Continue reading the full GT Alert.