As I have noted on this site in discussing artificial intelligence, among the risks and opportunities that the recent rapid emergence of AI represents for organizations of all kinds are the risks associated with AI-related regulatory oversight and supervision. Until now, references to AI-related regulatory concerns have mostly pertained to the EU’s Artificial Intelligence Act, which the European Parliament approved in March of this year. It is now clear that AI-related regulatory concerns likely will also extend to supervisory efforts of U.S. states as well, as reflected in the Colorado legislature’s May 8, 2024 passage of the Colorado Artificial Intelligence Act. This legislation, if signed into law by Colorado governor Jared Polis, would make Colorado the first U.S. state to enact comprehensive AI-related regulation.

As discussed below, the Act may or may not become law, but whether or not it does become law, it contains key signposts concerning the likely course of future AI-related regulation, as well as key AI risk management measures that well-advised companies will take to try to address their AI-related regulatory risk.Continue Reading Colorado Legislature Passes U.S.’s First State AI Regulatory Bill

On July 26, 2023, a divided SEC adopted, by a 3-2 vote, final rules for cybersecurity disclosures. The final rules are based on proposed rules the agency first introduced in March 2022. The rules require companies to disclose material cybersecurity incidents they experience, and also to disclose on an annual basis material information regarding their cybersecurity risk management and governance. The rules will have a significant impact on reporting companies’ disclosure practices and could present a challenge for some companies. A copy of the final cybersecurity disclosure rules can be found here. The SEC’s July 26, 2023, press release about the final cybersecurity disclosure rules can be found here. The SEC’s two-page fact sheet about the new rules can be found here.Continue Reading SEC Adopts Final Cybersecurity Disclosure Rules