Alston & Bird Privacy, Cyber & Data Strategy Blog

NYDFS Issues Frontier AI Advisory and Guidance for Heightened Cyber Threat Environment

By , , and

On May 21, 2026, the New York Department of Financial Services (“NYDFS”) issued two Industry Letters to the organizations it regulates (“Regulated Entities”): “Heightened Cybersecurity Risks Associated with Frontier AI Models” (the “Advisory”) and “Guidance on Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment” (the “Guidance”) (collectively, the “Letters”). The Letters discuss various recommended security controls Regulated Entities should consider in … [Read more] about NYDFS Issues Frontier AI Advisory and Guidance for Heightened Cyber Threat Environment

California Puts Social Media’s Youth Feeds on Notice

By and

On May 14, 2026, California Attorney General Rob Bonta issued proposed regulations and opened a 45-day public comment period addressing compliance with the age determination and parental consent requirements of the Protecting Our Kids from Social … [Read more] about California Puts Social Media’s Youth Feeds on Notice

European Commission Publishes Draft Guidelines on Classification of High-Risk AI Systems Under the EU AI Act

By , and

On May 19, 2026, the European Commission (EC) published draft guidance on how to determine whether an AI system qualifies as a high-risk AI system (HRAIS) under the EU’s Regulation 2024/1689 on artificial intelligence (AI Act). The draft reflects … [Read more] about European Commission Publishes Draft Guidelines on Classification of High-Risk AI Systems Under the EU AI Act

May Flowers Bring Fresh Insight from CalPrivacy

By and

Increased scrutiny of data brokers, rapid scaling of enforcement operations and active opposition to federal privacy preemption are in bloom in the Golden State. On May 1, 2026, the California Privacy Protection Agency (the “Agency”) Board (the … [Read more] about May Flowers Bring Fresh Insight from CalPrivacy

Colorado Replaces Landmark AI Act—Creating New Trails for AI Rules and Private AI Litigation

By , and

On May 12, 2026, the Colorado legislature passed SB 26-189, which repeals and replaces its landmark Artificial Intelligence Act. Colorado is doing away with the concept of “algorithmic discrimination” and moving instead to a notice- and … [Read more] about Colorado Replaces Landmark AI Act—Creating New Trails for AI Rules and Private AI Litigation