Alston & Bird Privacy, Cyber & Data Strategy Blog

European Commission Publishes Draft Guidelines on Classification of High-Risk AI Systems Under the EU AI Act

May 21, 2026 By Alice Portnoy, Wim Nauwelaerts and Paul Greaves

On May 19, 2026, the European Commission (EC) published draft guidance on how to determine whether an AI system qualifies as a high-risk AI system (HRAIS) under the EU’s Regulation 2024/1689 on artificial intelligence (AI Act). The draft reflects input from stakeholders and EU Member States through the EU AI Board and represents the most detailed interpretative material issued to date on this topic. What the EC Published The EC released a package of three complementary documents that … [Read more] about European Commission Publishes Draft Guidelines on Classification of High-Risk AI Systems Under the EU AI Act

May Flowers Bring Fresh Insight from CalPrivacy

May 19, 2026 By Cynthia Cole and John Lesko

Increased scrutiny of data brokers, rapid scaling of enforcement operations and active opposition to federal privacy preemption are in bloom in the Golden State. On May 1, 2026, the California Privacy Protection Agency (the “Agency”) Board (the … [Read more] about May Flowers Bring Fresh Insight from CalPrivacy

Colorado Replaces Landmark AI Act—Creating New Trails for AI Rules and Private AI Litigation

May 14, 2026 By Daniel Felz, Cynthia Cole and Anna von Spakovsky

On May 12, 2026, the Colorado legislature passed SB 26-189, which repeals and replaces its landmark Artificial Intelligence Act. Colorado is doing away with the concept of “algorithmic discrimination” and moving instead to a notice- and … [Read more] about Colorado Replaces Landmark AI Act—Creating New Trails for AI Rules and Private AI Litigation

Your AI Therapist May Need a Lawyer: Pennsylvania Brings Suit Against Chatbot Developer

May 14, 2026 By Jennifer Everett, Sean Sullivan, Jennifer Pike, Sara Pullen and Jonathan Jagoda

Our Health Care Group investigates a lawsuit against Character.AI that raises legal risks for AI platforms presenting themselves as licensed professionals and signals tightening regulatory scrutiny. AI chatbot developers could face regulatory … [Read more] about Your AI Therapist May Need a Lawyer: Pennsylvania Brings Suit Against Chatbot Developer

UK Cyber Security Breaches Survey 2025/2026: Key Takeaways

May 14, 2026 By Hanna Hewitt and Kelly Hagedorn

The UK Government has published its 2025/2026 Cyber Security Breaches Survey, which is drawn from information received from thousands of UK businesses. The 2025/2026 survey paints a picture of a cyber threat landscape that is stable in its scale … [Read more] about UK Cyber Security Breaches Survey 2025/2026: Key Takeaways