On June 23, 2025, the New York State Department of Financial Services (“NY DFS”) issued guidance to NY DFS-regulated individuals and entities regarding the impact of “ongoing global conflicts” to the financial sector. The guidance follows a bulletin from the U.S. Department of Homeland Security about the “heightened threat environment” in the United States, which specifically references cyber attacks. The NY DFS guidance highlights three key areas of focus: cybersecurity, sanctions, and virtual currency, and may be helpful for organizations across industries globally:

In a surprise move, Senate Parliamentarian Elizabeth MacDonough ruled that a proposed moratorium on state and local AI laws satisfies the Byrd Rule, the requirement that reconciliation bills contain only budgetary provisions and omit “extraneous” policy language.  While MacDonough’s determination allows the Senate Commerce Committee’s version of the moratorium to remain in the bill, its

Covington is pleased to announce that it has revised and updated its comprehensive 50-state survey of political laws for 2025.

Corporations, trade associations, non-profits, other organizations, and individuals face significant penalties and reputational harm if they violate federal or state laws governing corporate and personal political activities, the registration of lobbyists, lobbying reporting, or the

This year, state lawmakers have introduced over a dozen bills to regulate “surveillance,” “personalized,” or “dynamic” pricing.  Although many of these proposals have failed as 2025 state legislative sessions come to a close, lawmakers in New York, California, and a handful of other states are moving forward with a range of different approaches.  These proposals

On June 2, 2025, the New Jersey Division of Consumer Affairs published draft regulations to implement the New Jersey Data Protection Act, which went into effect on January 1, 2025. The draft regulations propose detailed requirements, including for privacy notices, consent, and consumer rights. Interested parties may submit written comments by August 1, 2025.

A number of previously enacted laws related to privacy and minors’ use of social media platforms will enter into force in July 2025.  These laws include comprehensive privacy frameworks in Tennessee and Minnesota, as well as laws governing the use of social media platforms by minors in Georgia and Louisiana.  An overview of some key laws is below.

Personalized advertising and pricing are increasingly common online practices, and prompt discussions about fairness and consumer rights in the EU.  This post examines how these practices are regulated under EU consumer protection law, and what we anticipate from the forthcoming Digital Fairness Act (DFA).  We also consider how data protection rules—such as the GDPR—interact with consumer protection laws.

This is the third post in our series on the DFA—a draft EU law currently being prepared by the European Commission and expected to be published in mid-2026.  Previous posts covered influencer marketing and AI chatbots in consumer interactions.

On June 3, 2025, the OECD introduced a new framework called AI Capability Indicators that compares AI capabilities to human abilities. The framework is intended to help policymakers assess the progress of AI systems and enable informed policy responses to new AI advancements. The indicators are designed to help non-technical policymakers understand the degree of advancement of different AI capabilities. AI researchers, policymakers, and other stakeholder groups, including economists, psychologists, and education specialists, are invited to submit their feedback to the current beta-framework.

On 4 June 2025, the European Commission published a decision recognising 13 critical raw material projects located in non-EU countries as “Strategic Projects” under the Critical Raw Materials Act (“CRMA”, Regulation (EU) 2024/1252). This first set of Strategic Projects based outside the EU adds to the 47 Strategic Projects based within the EU announced earlier this year. These Strategic Projects are recognized as significantly contributing to the security of the EU’s supply of strategic raw materials, and will benefit from preferential access to finance and other advantages. For more information on the CRMA and the framework for Strategic Projects, see our previous blog post here.

On June 19, 2025, the French Data Protection Authority (“CNIL”) published two recommendations for AI developers.  The first recommendation covers reliance on the GDPR’s legitimate interest legal basis for developing an AI model.  It provides examples of legitimate interests that can justify the use of personal data for AI development.  The second recommendation discusses measures to implement when collecting personal data through “web scraping.”  It provides a list of measures that, if followed, will ensure compliance with the GDPR’s accountability principle.