This quarterly update summarizes key legislative and regulatory developments in the first quarter of 2023 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity.

Artificial Intelligence

The first quarter of 2023 saw an array of proposed legislation, regulation, and informal guidance relating to AI.  At the federal level, some members of Congress have noted concerns with the rapid uptake of AI technologies.  For example, Representative Ted Lieu (D-CA-36) introduced a house resolution (H. Res. 66) that urges Congress to focus on AI and would resolve that the House of Representatives supports focusing on AI to ensure development of AI is done in a way that “is safe, ethical, and respects the rights and privacy of all Americans” and widely distributes AI benefits while minimizing risks.  There were a number of other AI legislative proposals introduced this quarter focused on AI in particular contexts, including the use of AI for water quality (H.R. 873), AI for telehealth (H.R. 207), and AI for drug prescriptions (H.R. 206), and the Department of Defense’s ability to procure AI-based endpoint security tools to improve cybersecurity defense (H.R. 1718).

There have also been several federal agency and regulatory developments on AI.  In January, the National Institute of Standards and Technology (NIST) released its Artificial Intelligence Management Framework to provide a resource to organizations “designing, developing, deploying, or using AI systems to help manage the many risks of AI and promote trustworthy and responsible development and use of AI systems.”  A detailed summary of this update can be found here.  Additionally, in February, the White House released an Executive Order, which directs federal agencies to “ensure that their own use of artificial intelligence and automated systems [] advances equity,” and to “focus their civil rights authorities and offices on emerging threats, such as algorithmic discrimination in automated technology,” among other items.  Under the Executive Order, agencies must investigate and address any algorithmic discrimination in technology services, improve accessibility for people with disabilities, and improve language access services. 

At the state level, there have been multiple bills introduced with the aim of regulating AI.  For example, in Massachusetts S. 31 would regulate generative AI models and require companies operating large-scale generative AI models (i.e., a machine learning model with a capacity of at least one billion parameters that generates text or other forms of output) to register with the Attorney General and adhere to specific standards, like programming text with a watermark and not engaging in bias.  Meanwhile in California, A.B. 331 would regulate automated decision tools by requiring, among other things, “deployers” (defined as a person, partnership, state or local government agency, or corporation that uses an automated decision tool to make a decision that has a legal, material, or similar significant effect on an individual’s life) to perform impact assessments for any automated decision tool, notify persons about the use of the tool, and prohibit using a tool that contributes to algorithmic discrimination.

Internet of Things

Federal legislators in both the House and Senate introduced a number of pieces of legislation related to the Internet of Things (IoT).  For example, Representative Anna Eshoo’s (D-CA-16) bill, H.R. 1123, the Understanding Cybersecurity of Mobile Networks Act, was introduced in and passed the House.  The bill directs the National Telecommunications and Information Administration (NTIA) to report to Congress on the cybersecurity and vulnerability of mobile service networks and devices to cyberattacks and surveillance.  Additionally, Representative John Curtis’s (R-UT-3) bill, H.R. 538, the Informing Consumers about Smart Devices Act, also passed the House.  It requires the disclosure of cameras or other recording abilities on certain internet-connected devices where such functionalities would be non-obvious to the user.  

Federal legislators also introduced a group of bills pertaining to precision agriculture.  Senator Deb Fischer (R-NE) introduced S. 720, the PRECISE Act, which provides incentives to adopt precision agriculture equipment and technology.  Precision agriculture technology includes IoT technology used in crop and livestock production.  Rep. Ashley Hinson (R-IA-2) introduced the House companion to the PRECISE Act, H.R. 1459.  Another bill, S. 734, the Promoting Precision Agriculture Act of 2023, was introduced by Senator John Thune (R-SD) and Senator Raphael Warnock (D-GA).  It would require the Secretary of Agriculture and NIST to develop and assess interconnectivity standards for precision agriculture. 

The White House’s recently released U.S. National Cybersecurity Strategy emphasized the Administration’s efforts to improve IoT cybersecurity through federal research and development, procurement, and risk management efforts, as directed in the IoT Cybersecurity Improvement Act of 2020. In addition, the Administration affirmed its efforts to continue to advance the development of IoT security labeling programs, as directed by Executive Order 14028, “Improving the Nation’s Cybersecurity.”  The strategy plans that, through the expansion of IoT security labels, consumers will be able to compare the cybersecurity protections offered by different IoT products, thus creating a market incentive for greater security across the entire IoT ecosystem.

Connected and Autonomous Vehicles

The first quarter of 2023 demonstrated that Congress, federal agencies, and industry groups plan to make advancing the development and deployment of CAVs a front-burner issue this year.  In early January, NIST launched an Automotive Cybersecurity Community of Interest to discuss, comment, and provide input on the work that NIST is doing which will affect the automotive industry, including cryptography, supply chain, and AI cybersecurity risk management in automated vehicles.  Government, industry, and academics are encouraged to join, as contributions from these stakeholders will inform future NIST frameworks on key aspects of automotive cybersecurity.  In February, the Federal Motor Carrier Safety Administration (FMCSA) issued a supplemental advance notice of proposed rulemaking requesting public comment about the factors the Agency should consider in amending the Federal Motor Carrier Safety Regulations to establish a regulatory framework for commercial motor vehicles (CMV) equipped with Level 4 and 5 automated driving systems (ADS), and we expect to see further rulemaking in this space that takes into account feedback FMCSA received during the public comment period.

Federal legislators have signaled action in the CAV space this year.  In the early months of 2023, bipartisan congressional leaders acknowledged the benefits of CAVs and discussed how to solidify the U.S. as a market leader for CAVs during hearings, interviews, and public meetings.  For example, on February 1, the House Committee on Energy and Commerce held a hearing entitled “Economic Danger Zone: How America Competes to Win the Future Versus China” during which both Republicans and Democrats emphasized the benefits of CAVs and the need to strengthen our position as a global leader in the development and deployment of the technology.  Bipartisan members of Congress also spoke at The Hill’s second annual EV/AV summit, which explored the barriers to electric vehicle adoption, the future of CAVs, and the critical infrastructure needed to make them both a reality.  This unified front could prove useful in advancing legislative and policy proposals in the CAV space, and CAV industry groups have taken steps to inform and support such proposals.  In March 2023, the Autonomous Vehicle Industry Association unveiled a Federal Policy Framework outlining recommendations for Congress and the Department of Transportation for the safe and advanced deployment and commercialization of CAVs in the U.S.  Recommendations include, but are not limited to, legislation and executive agency action that reforms and expands the vehicle exemption process, expands CAV testing and evaluation, and updates regulations to support CAV deployment.

Privacy & Cybersecurity

Privacy

Activities in Congress suggest that there will be efforts to reintroduce the American Data Privacy Protection Act (ADPPA) in the House.  Specifically, the House Committee on Energy and Commerce’s new Subcommittee on Innovation, Data and Commerce held two hearings on the importance of passing federal comprehensive privacy legislation.  During these hearings, lawmakers consistently emphasized their view of the ADPPA as the preferred framework to address current regulatory shortcomings.  Although there is broad bipartisan support for the ADPPA, some Senators, including Senator Ed Markey (D-MA), are urging colleagues to pass the Children and Teens’ Online Privacy and Protection Act (COPPA 2.0) prior to moving forward on comprehensive federal privacy legislation. 

Cyber

As mentioned above, the White House released its U.S. National Cybersecurity Strategy.  The Strategy, among other things, outlines fundamental shifts to how the federal government will attempt to allocate roles, responsibilities, and resources in the cyberspace.  The Strategy is built on five pillars:  (i) defend critical infrastructure; (ii) disrupt and dismantle threat actors; (iii) shape market forces to drive security and resilience; (iv) invest in a resilient future; and (v) forge international partnerships to pursue shared goals.  The Strategy signals a shift towards a more regulatory-focused approach to compel various businesses and industries to improve their cybersecurity, as well as the collective security of the internet.

Multiple cybersecurity bills were introduced in Congress this quarter, including: the Securing Semiconductor Supply Chains Act (S. 229); the Cyber Vulnerability Disclosure Reporting Act (H.R. 280); the Securing Open Source Software Act (S. 917); and the Strengthening Agency Management and Oversight of Software Assets Act (S. 931). We will continue to update you on meaningful developments in these quarterly updates and across our blogs.

Photo of Jennifer Johnson Jennifer Johnson

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors…

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors, television companies, trade associations, and other entities on a wide range of media and technology matters. Jennifer has three decades of experience advising clients in the communications, media and technology sectors, and has held leadership roles in these practices for more than twenty years. On technology issues, she collaborates with Covington’s global, multi-disciplinary team to assist companies navigating the complex statutory and regulatory constructs surrounding this evolving area, including product counseling and technology transactions related to connected and autonomous vehicles, internet connected devices, artificial intelligence, smart ecosystems, and other IoT products and services. Jennifer serves on the Board of Editors of The Journal of Robotics, Artificial Intelligence & Law.

Jennifer assists clients in developing and pursuing strategic business and policy objectives before the Federal Communications Commission (FCC) and Congress and through transactions and other business arrangements. She regularly advises clients on FCC regulatory matters and advocates frequently before the FCC. Jennifer has extensive experience negotiating content acquisition and distribution agreements for media and technology companies, including program distribution agreements, network affiliation and other program rights agreements, and agreements providing for the aggregation and distribution of content on over-the-top app-based platforms. She also assists investment clients in structuring, evaluating, and pursuing potential investments in media and technology companies.

Read more about Jennifer Johnson
Show more Show less
Photo of Nicholas Xenakis Nicholas Xenakis

Nick Xenakis draws on his Capitol Hill and legal experience to provide public policy and crisis management counsel to clients in a range of industries.

Nick assists clients in developing and implementing policy solutions to litigation and regulatory matters, including on issues involving…

Nick Xenakis draws on his Capitol Hill and legal experience to provide public policy and crisis management counsel to clients in a range of industries.

Nick assists clients in developing and implementing policy solutions to litigation and regulatory matters, including on issues involving antitrust, artificial intelligence, bankruptcy, criminal justice, financial services, immigration, intellectual property, life sciences, national security, and technology. He also represents companies and individuals in investigations before U.S. Senate and House Committees.

Nick previously served as General Counsel for the U.S. Senate Judiciary Committee, where he managed committee staff and directed legislative efforts. He also participated in key judicial and Cabinet confirmations, including of Attorneys General and Supreme Court Justices. Before his time on Capitol Hill, Nick served as an attorney with the Federal Public Defender’s Office for the Eastern District of Virginia.

Read more about Nicholas Xenakis
Show more Show less
Photo of Jayne Ponder Jayne Ponder

Jayne Ponder provides strategic advice to national and multinational companies across industries on existing and emerging data privacy, cybersecurity, and artificial intelligence laws and regulations.

Jayne’s practice focuses on helping clients launch and improve products and services that involve laws governing data privacy…

Jayne Ponder provides strategic advice to national and multinational companies across industries on existing and emerging data privacy, cybersecurity, and artificial intelligence laws and regulations.

Jayne’s practice focuses on helping clients launch and improve products and services that involve laws governing data privacy, artificial intelligence, sensitive data and biometrics, marketing and online advertising, connected devices, and social media. For example, Jayne regularly advises clients on the California Consumer Privacy Act, Colorado AI Act, and the developing patchwork of U.S. state data privacy and artificial intelligence laws. She advises clients on drafting consumer notices, designing consent flows and consumer choices, drafting and negotiating commercial terms, building consumer rights processes, and undertaking data protection impact assessments. In addition, she routinely partners with clients on the development of risk-based privacy and artificial intelligence governance programs that reflect the dynamic regulatory environment and incorporate practical mitigation measures.

Jayne routinely represents clients in enforcement actions brought by the Federal Trade Commission and state attorneys general, particularly in areas related to data privacy, artificial intelligence, advertising, and cybersecurity. Additionally, she helps clients to advance advocacy in rulemaking processes led by federal and state regulators on data privacy, cybersecurity, and artificial intelligence topics.

As part of her practice, Jayne also advises companies on cybersecurity incident preparedness and response, including by drafting, revising, and testing incident response plans, conducting cybersecurity gap assessments, engaging vendors, and analyzing obligations under breach notification laws following an incident.

Jayne maintains an active pro bono practice, including assisting small and nonprofit entities with data privacy topics and elder estate planning.

Read more about Jayne Ponder
Show more Show less
Photo of Olivia Dworkin Olivia Dworkin

Olivia Dworkin minimizes regulatory and litigation risks for clients in the medical device, pharmaceutical, biotechnology, eCommerce, and digital health industries through strategic advice on complex FDA issues, helping to bring innovative products to market while ensuring regulatory compliance.

With a focus on cutting-edge…

Olivia Dworkin minimizes regulatory and litigation risks for clients in the medical device, pharmaceutical, biotechnology, eCommerce, and digital health industries through strategic advice on complex FDA issues, helping to bring innovative products to market while ensuring regulatory compliance.

With a focus on cutting-edge medical technologies and digital health products and services, Olivia regularly helps new and established companies navigate a variety of state and federal regulatory, legislative, and compliance matters throughout the total product lifecycle. She has experience counseling clients on the development, FDA regulatory classification, and commercialization of digital health tools, including clinical decision support software, mobile medical applications, general wellness products, medical device data systems, administrative support software, and products that incorporate artificial intelligence, machine learning, and other emerging technologies.

Olivia also assists clients in advocating for legislative and regulatory policies that will support innovation and the safe deployment of digital health tools, including by drafting comments on proposed legislation, frameworks, whitepapers, and guidance documents. Olivia keeps close to the evolving regulatory landscape and is a frequent contributor to Covington’s Digital Health blog. Her work also has been featured in the Journal of Robotics, Artificial Intelligence & Law, Law360, and the Michigan Journal of Law and Mobility.

Prior to joining Covington, Olivia was a fellow at the University of Michigan Veterans Legal Clinic, where she gained valuable experience as the lead attorney successfully representing clients at case evaluations, mediations, and motion hearings. At Michigan Law, Olivia served as Online Editor of the Michigan Journal of Gender and Law, president of the Trial Advocacy Society, and president of the Michigan Law Mock Trial Team. She excelled in national mock trial competitions, earning two Medals for Excellence in Advocacy from the American College of Trial Lawyers and being selected as one of the top sixteen advocates in the country for an elite, invitation-only mock trial tournament.

Read more about Olivia Dworkin
Show more Show less
Photo of Hensey A. Fenton III Hensey A. Fenton III

Hensey Fenton specializes in providing advice and guidance to clients on legislative and regulatory strategies. Hensey counsels clients on a myriad of issues in the policy and regulatory space, including issues involving cybersecurity, financial services, artificial intelligence, digital assets, international trade and development…

Hensey Fenton specializes in providing advice and guidance to clients on legislative and regulatory strategies. Hensey counsels clients on a myriad of issues in the policy and regulatory space, including issues involving cybersecurity, financial services, artificial intelligence, digital assets, international trade and development, and tax.

Another facet of Hensey’s practice involves cutting-edge legal issues in the cybersecurity space. Having published scholarly work in the areas of cybersecurity and cyberwarfare, Hensey keeps his finger on the pulse of this fast-developing legal field. His Duke Journal of Comparative & International Law article, “Proportionality and its Applicability in the Realm of Cyber Attacks,” was highlighted by the Rutgers Computer and Technology Law Journal as one of the most important and timely articles on cyber, technology and the law. Hensey counsels clients on preparing for and responding to cyber-based attacks. He regularly engages with government and military leaders to develop national and global strategies for complex cyber issues and policy challenges.

Hensey’s practice also includes advising international clients on various policy, legal and regulatory challenges, especially those challenges facing developing nations in the Middle East. Armed with a distinct expertise in Middle Eastern foreign policy and the Arabic language, Hensey brings a multi-faceted approach to his practice, recognizing the specific policy and regulatory concerns facing clients in the region.

Hensey is also at the forefront of important issues involving Diversity, Equity and Inclusion (DEI). He assists companies in developing inclusive and sustainable DEI strategies that align with and incorporate core company values and business goals.

Prior to joining Covington, Hensey served as a Judicial Law Clerk for the Honorable Judge Johnnie B. Rawlinson, United States Court of Appeals for the Ninth Circuit. He also served as a Diplomatic Fellow in the Kurdistan Regional Government’s Representation (i.e. Embassy) in Washington, DC.

Read more about Hensey A. Fenton III
Show more Show less
Photo of Jorge Ortiz Jorge Ortiz

Jorge Ortiz is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity and the Technology and Communications Regulation Practice Groups.

Jorge advises clients on a broad range of privacy and cybersecurity issues, including topics related…

Jorge Ortiz is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity and the Technology and Communications Regulation Practice Groups.

Jorge advises clients on a broad range of privacy and cybersecurity issues, including topics related to privacy policies and compliance obligations under U.S. state privacy regulations like the California Consumer Privacy Act.

Read more about Jorge Ortiz
Show more Show less
Photo of Jemie Fofanah Jemie Fofanah

Jemie Fofanah is an associate in the firm’s Washington, DC office. She is a member of the Privacy and Cybersecurity Practice Group and the Technology and Communication Regulatory Practice Group. She also maintains an active pro bono practice with a focus on criminal…

Jemie Fofanah is an associate in the firm’s Washington, DC office. She is a member of the Privacy and Cybersecurity Practice Group and the Technology and Communication Regulatory Practice Group. She also maintains an active pro bono practice with a focus on criminal defense and family law.

Read more about Jemie Fofanah
Show more Show less
Photo of Shayan Karbassi Shayan Karbassi

Shayan Karbassi helps clients across industries navigate complex national security and cybersecurity matters to include government and internal investigations, incident and crisis response, regulatory compliance, and litigation.

As part of his cyber practice, Shayan assists clients with cybersecurity incident response and notification obligations…

Shayan Karbassi helps clients across industries navigate complex national security and cybersecurity matters to include government and internal investigations, incident and crisis response, regulatory compliance, and litigation.

As part of his cyber practice, Shayan assists clients with cybersecurity incident response and notification obligations, government and internal investigations of False Claims Act (FCA) issues and insider threats, and compliance with new and evolving federal and state cybersecurity regulations. Shayan also advises U.S. government contractors on security compliance under U.S. national security laws and regulations including, among others, the National Industrial Security Program (NISPOM), Federal Risk and Authorization Management Program (FedRAMP), and other U.S. government cybersecurity regulations.

More broadly, Shayan helps clients navigate potential civil and criminal legal risks stemming from operations in certain high-risk jurisdictions. This includes advising clients on U.S. criminal and civil antiterrorism laws, conducting internal investigations of terrorism-financing and related issues, and litigating Anti-Terrorism Act (ATA) claims.

Shayan maintains an active pro bono litigation practice with a focus on human rights, freedom of information, and free media issues.

Before joining Covington, Shayan served as a member of the U.S. intelligence community, where he routinely provided strategic analysis to the President and other senior U.S. policymakers.

Read more about Shayan Karbassi
Show more Show less