NIST

Virginia Legislature Passes Second US AI Governance Act behind Colorado: Comparing the AI Acts

March 4, 2025 By Alex Brown, Jennifer Everett, Daniel Felz, Ashley Miller and Dorian Simmons

On February 20, 2025, the Virginia legislature passed the High-Risk Artificial Intelligence Developer and Deployer Act (House Bill 2094, the “VA AI Act”) that mandates developers and deployers of high-risk artificial intelligence systems (“HRAI systems”) to adhere to specific governance requirements. The VA AI Act will come into effect on July 1, 2026 (if Virginia […]

NIST Releases Updated Draft Guidelines regarding AI Use in Identity Systems

September 20, 2024 By Seol Namgoong and Kim Peretti

On August 21, 2024, the National Institution of Standards and Technology (“NIST”) released the second draft of its Digital Identity Guidelines, which provides federal agencies with a framework for identity proofing and authentication of external employees, government contractors, and individuals accessing government information systems and services. Building on the first draft of the guidance, the […]

Department of Justice Intervenes in Cybersecurity Qui Tam Action Against Georgia Tech

August 30, 2024 By Kim Peretti, Andrew Liebler, Kellen Dwyer and Andrew Rice

On Thursday, August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention in the case of United States of America ex rel. Christopher Craig and Kyle Koza, v. Georgia Tech Research Corp. and Board of Regents of the University System of Georgia (d/b/a the Georgia Institute of Technology) (United States v. Georgia […]

NIST Cybersecurity Framework 2.0 Prioritizes Governance and Flexibility

May 6, 2024 By Lance Taubin and Noelle Reyes

Earlier this year, the National Institute of Standards and Technology (NIST) issued an update to its Cybersecurity Framework (CSF) with the release of version 2.0, the first update since April 2018 (version 1.1). While the core components of CSF remain, there are two thematic changes: CSF 2.0 (1) no longer applies just to critical infrastructure […]

California Privacy Protection Agency Releases Draft Regulations on Risk Assessments

September 27, 2023 By Dorian Simmons and Hyun Jai Oh

On August 28, 2023, the California Privacy Protection Agency (the “Agency”) released two sets of draft regulations under the California Consumer Privacy Act (the “CCPA”), one for risk assessments and another for cybersecurity audits, as part of the Agency’s informal rulemaking process. We discuss the draft cybersecurity audits in California Proposes Annual Audits to Assess […]