Gmail - Five AI trends in the 2026 US state legislative session

3/5/26, 10:18 Gmail - Five AI trends in the 2026 US state legislative session Page 1 of 9 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1858766902397942605&simpl=msg-f:1858766902397942605 Marco Gervasi <marco.gervasi75@gmail.com> Five AI trends in the 2026 US state legislative session IAPP AI Governance Dashboard <publications@iapp.org> Wed, Mar 4, 2026 at 10:03 PM Reply-To: publications@iapp.org To: marco.gervasi75@gmail.com To view this email as a web page, click here 4 March 2026 NOTES FROM THE AI GOVERNANCE CENTER Outcomes of the India AI Impact Summit India's AI Impact Summit highlighted and expanded several key topics regarding the ever-growing industry, including AI adoption, labor market impacts and sector-specific applications. Beyond musings about innovation, there was also greater emphasis on global cooperation and the need for shared tools. IAPP AI Governance Center Managing Director Ashley Casovan offers her impressions from her time and conversations in New Delhi. Read more -- 1 of 9 -- 3/5/26, 10:18 Gmail - Five AI trends in the 2026 US state legislative session Page 2 of 9 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1858766902397942605&simpl=msg-f:1858766902397942605 Ashley Casovan Managing Director, IAPP AI Governance Center TOP STORIES Five AI trends in the 2026 US state legislative session U.S. state legislatures are considering AI bills across sectors seeking to address a range of topics, including children's online safety and concerns associated with automated decision-making tools. IAPP Westin Fellow David Botero and Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, outline the latest AI trends coming out of 2026 legislative sessions, noting transparency "continues to be one of the main focuses as it empowers regulators and consumers to make informed choices about managing the evolving risks and benefits of these new technologies." Full story Crunch time: Evolve or face being left behind This year, the IAPP Governance Survey is taking specific look at compliance technologies. IAPP Principal Researcher for Privacy Management Saz Kanthasamy, CIPP/E, CIPM, FIP, writes, "the complexities of meeting changing regulatory requirements have transformed compliance from a legal hurdle into a higher-stakes data engineering and business-defining challenge and opportunity." He offers an overview of the survey and asks professionals to categorize specific tasks and rank the automation in their work, if they build or purchase compliance tech, their level of satisfaction with their compliance tech and define who in their companies takes ownership over certain solutions. Full story What 2026 may bring for Canada's federal privacy reform efforts Canada is awaiting reintroduction of federal privacy reforms after 2025 attempts fizzled. Bill C-27 failed to pass in the Parliament of Canada prior to last year's federal election; however, the Liberal Party that ran the bill in recent years retained government control. Political and legal observers believe a new bill could be introduced by the end of the first quarter of 2026. IAPP Staff Writer Alex LaCasse reports on the latest developments and stakeholder views on what the next reform bill might contain. -- 2 of 9 -- 3/5/26, 10:18 Gmail - Five AI trends in the 2026 US state legislative session Page 3 of 9 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1858766902397942605&simpl=msg-f:1858766902397942605 Full story OneTrust's new CEO shares vision for company amid maturing AI governance landscape Last month, OneTrust named John Heyman its new CEO to replace founder Kabir Barday, who will remain in an advisory role on the company board. As OneTrust's privacy program management platform has grown to encompass AI governance needs since it was founded a decade ago, Heyman said the push to operationalize AI governance is still in its infancy. Heyman shared his thoughts on the state of AI governance and his vision for OneTrust with IAPP Staff Writer Alex LaCasse. Full story PERSPECTIVES The second wave of AI governance: The risks of ubiquitous transcription tools Individuals' use of AI transcription tools for meetings may pose unique privacy risks as practices and technology grow more sophisticated. Ampersand General Counsel and Chief Privacy Officer Noga Rosenthal, AIGP, CIPP/E, CIPP/US, writes, while many organizations have implemented data minimization policies, AI transcription tools "capture everything, creating permanent records of conversations that were never intended to be memorialized." Full story AI, identity and the limits of consent: Why child protection must begin upstream AI advancement has allowed children greater access to technology, including AI systems, potentially creating a governance gap between AI and children's privacy protections. EthyicaAI CEO Sandor Szabo, CIPP/US, notes children cannot -- 3 of 9 -- 3/5/26, 10:18 Gmail - Five AI trends in the 2026 US state legislative session Page 4 of 9 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1858766902397942605&simpl=msg-f:1858766902397942605 properly consent to these AI systems and said governance "approaches that focus solely on enforcement or remediation risk treating symptoms while leaving underlying structural influences unexamined." Full story AESIA's AI Guidelines: Spain steps into the AI spotlight Spain's AI authority, the Agencia Española de Supervisión de la Inteligencia Artificial, issued guidance to help organizations comply with the EU AI Act. Hogan Lovells Associate Joanna Rozanska, CIPP/E, CIPP/US, outlines the agency's guidance, noting AESIA's suggestions "offer an unprecedented level of legal clarity at a time when many organizations are still struggling to understand how the regulation will apply in practice." Full story A February in the lives of European privacy regulators IAPP European Operations Coordinator Laura Pliauškaitė summarizes February developments among European privacy regulators as they tackle challenges posed by AI and evolving data protection needs. She highlights guidance on agentic AI from Spain's data protection authority, the Agencia Española de Protección de Datos, regulatory priorities for 2026 and beyond across several DPAs, and the European Data Protection Board's report on the results of its 2025 Coordinated Enforcement Action, during which 32 European privacy regulators inspected the effectiveness of the right to be forgotten under the EU General Data Protection Regulation. Full story Thought for the week: What an accidental hack of robot vacuums can teach us about the next generation of cyberattacks The recent Tech Times story detailing how a programmer accidently hacked 7,000 DJI robot vacuums using the Claude Code AI coding assistant prompted Baker McKenzie Global Chair for Data and Cyber Brian Hengesbaugh, CIPP/US, to question what the long-term cyber risks connected devices can pose if they have similar authentication flaws as the vacuums. Hengesbaugh opines that global regulations, such as the EU Cyber Resilience Act, can "set a clear baseline and give companies something specific to achieve and maintain" for device security, and that manufacturers should look at the risk matrix holistically for connected devices from both the consumer and vendor perspectives. Full story -- 4 of 9 -- 3/5/26, 10:18 Gmail - Five AI trends in the 2026 US state legislative session Page 5 of 9 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1858766902397942605&simpl=msg-f:1858766902397942605 New study maps the privacy gap in consumer AI — and proposes a fix University of Grenoble Alpes Professor of International and European Law Théodore Christakis reviewed a new academic study that represents the "first comprehensive attempt to map the gap between the confidentiality users expect and the confidentiality they actually receive" when using consumer AI chatbots. Christakis said the study’s findings "do not reveal a landscape of abuse, but they do reveal a landscape of structural opacity." Full story IAPP PODCAST Data protection law in India and Vietnam: A discussion with Charmian Aw The Asia-Pacific region is home to more than half the world's population — at 60% — with approximately 4.75 billion people. In recent years, India and Vietnam, to name just two, have enacted comprehensive data protection laws. Hogan Lovells Partner Charmian Aw, AIGP, CIPP/A, CIPP/E, CIPP/US, CIPM, FIP, has long practiced in the region, specializing in Asia-Pacific region data protection, privacy, AI governance and cybersecurity law and offers developments of the region in the IAPP Asia-Pacific Dashboard Digest. While attending the IAPP U.K. Intensive 2026 in London, IAPP Editorial Director Jedidiah Bracy sat down with Aw to discuss the latest on India and Vietnam's laws as well as other developments in the region. Full story LAW & REGULATION EU Digital Omnibus assessment outlines considerations for European Parliament negotiations A report commissioned by the European Parliament's Committee on the Internal Market and Consumer Protection analyzes the EU Digital Omnibus proposals while offering recommendations for lawmaker scrutiny. The analysis covers regulatory overlaps the Omnibus attempts to address while also calling attention to the most contested proposals. Changes to the definition of personal data and data subject access rights requirements under EU General Data Protection Regulation and proposals to tackle third-party cookie fatigue are among the callouts for MEPs. Full story Analysis shows many companies behind on EU AI Act transparency requirements -- 5 of 9 -- 3/5/26, 10:18 Gmail - Five AI trends in the 2026 US state legislative session Page 6 of 9 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1858766902397942605&simpl=msg-f:1858766902397942605 Researchers from Trinity College Dublin claimed many AI companies have not fulfilled EU AI Act obligations requiring companies to share summaries about how their AI models were trained, Euractiv reports. Insufficient information on organizations' AI training measures has raised concerns among publishers due to copyright issues. Researchers suggested the EU AI Office create a portal for companies to submit their AI training practices to increase transparency and ensure compliance with the EU AI Act. Full story The 2026 US midterm election's AI battleground The Financial Times reports on the political action groups pushing the AI policy debate to the forefront of 2026 U.S. midterm election campaigns. USD265 million has been paid by various Big Tech-backed PACs that support and oppose AI regulation. The goal on both sides is to boost candidates that will sway U.S. Congress' debates on the stringency and scope of AI guardrails. Full story BENCHMARKING & RESEARCH OECD issues report clarifying distinction between 'AI agents' and 'agentic AI' The Organisation for Economic Co-operation and Development released a report on AI agents, agentic AI and understanding their distinctions. Using the OECD's AI system definition, the report examines how the terms of AI agents and agentic AI are defined in existing literature in the hopes of establishing more "precise and consistent terminology." Full story REGULATORY GUIDANCE France to launch pilot of AI auditing tool for GDPR compliance France's digital agencies are seeking participants for the pilot phase of their AI auditing tool to facilitate EU General Data Protection Regulation compliance. The PANAME project was announced in June 2025 with the aim to "enable efficient and cost-effective implementation of certain technical tests for extracting information from training data that actors in the AI ecosystem may need to perform to assess -- 6 of 9 -- 3/5/26, 10:18 Gmail - Five AI trends in the 2026 US state legislative session Page 7 of 9 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1858766902397942605&simpl=msg-f:1858766902397942605 the status of an AI model" in a GDPR context. The pilot is open to public and private entities with a 28 March registration deadline. Full story Connecticut's attorney general releases memo on AI and applicable laws Connecticut Attorney General William Tong issued guidance to state officials, state agencies and the public on AI use. The memorandum provides an overview for all relevant laws at the attorney general's disposal that can apply to AI, including Connecticut's civil rights laws, privacy and data security laws, the Connecticut Unfair Trade Practices Act, and antitrust laws. "This document focuses on the past and present, as it must, in highlighting existing legal constructs and their application in the realm of AI," the memo stated. Editor's note: IAPP News Editor Joe Duball reported on the digital regulatory activity in several states, including Connecticut. Full story TECH How AI chatbot interactions are reshaping privacy risks The New York Times reports on how the proliferation and growing sophistication of AI chatbots are reframing views on data privacy risks. Concerns around general data consumption remain mostly unchanged, even as chatbots consume more data through user interactions. However, the increasing collection and retention of more highly sensitive personal data shared in conversation is a key issue in relation to higher risks of cyberattacks and data breaches. Full story European Parliament questions the privacy implications of Meta glasses Members of European Parliament asked the EU Commission to answer questions about potential privacy concerns involving Meta's smart glasses, including claims individuals could collect sensitive data through the glasses without consent, Euractiv reports. MEPs noted the glasses have raised "broader questions regarding the Commission's digital policy initiatives, and proposals to ease EU rules on personal data for AI training." Meanwhile, 404 Media reports an app called Nearby Glasses is aiming to use Bluetooth features to let users know if someone is using smart glasses around them to prevent unwanted recordings. Editor's note: IAPP Research and Insights Analyst Brandon LaLonde, CIPM, outlined smart glasses' potential benefits and privacy implications. Full story -- 7 of 9 -- 3/5/26, 10:18 Gmail - Five AI trends in the 2026 US state legislative session Page 8 of 9 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1858766902397942605&simpl=msg-f:1858766902397942605 Researchers find vulnerabilities within AI prescription service Researchers from Mindgard allegedly found vulnerabilities in AI health company Doctronic's systems that allowed its prescription refill service to change the dosage of individuals' medication and provide false information about vaccinations, Axios reports. Utah's Department of Commerce previously launched a pilot program allowing certain individuals to request medication refills through Doctronic. In a statement, Doctronic co-CEO Matt Pavelle said systems face "ongoing adversarial testing" and the researchers' findings are appreciated. Meanwhile, researchers from Zenity Labs alleged safety gaps within AI browsers that could grant hackers access to individuals' sensitive information. Full story Reddit posts are most cited sources by generative AI models through licensing agreements Reddit posts have become the most cited source among generative AI platforms, Euronews reports. In 2024, when Google introduced AI Overview that populated after users entered search queries, Google also struck a partnership with Reddit to license content to train its AI models. Since then, Reddit has struck similar agreements with other foundation model companies, including OpenAI. Full story GOVERNMENT Anthropic emphasizes AI safety priorities in the face of DOD contract dispute Anthropic CEO Dario Amodei said the company will continue to prioritize its AI safety measures after U.S. President Donald Trump's administration told federal agencies to stop using Anthropic after it did not reach an agreement with the U.S. Department of Defense, CBS News reports. Amodei noted an agreement could be reached if the company and the DOD could "see things the same way." He added, "For our part and for the sake of U.S. national security, we continue to want to make this work." OpenAI announced it made a deal with the DOD to use its AI technology, CNBC reports. Meanwhile, the U.S. military’s AI use has raised concerns about its application to surveillance against other countries, including allies, Euractiv reports. Full story LITIGATION & CASE LAW US Supreme Court declines to hear case involving denial of certain AI copyright protections -- 8 of 9 -- 3/5/26, 10:18 Gmail - Five AI trends in the 2026 US state legislative session Page 9 of 9 https://mail.google.com/mail/u/0/?ik=bc2fd8bca7&view=pt&searc…gid=msg-f:1858766902397942605&simpl=msg-f:1858766902397942605 The U.S. Supreme Court declined to hear a case involving a Missouri man who sought copyright protections for his AI-created visual artwork, Reuters reports. Plaintiff Stephen Thaler was asking the Supreme Court to overturn lower federal court rulings that upheld the U.S. Copyright Office decision to deny his work copyright protections in 2022, in part because the work did not have a human author. The Copyright Office has separately denied copyright applications for other AI-created works of art. Full story OPINION Op-ed: How Taiwan's AI Basic Act could serve as model legislation for Asia In an op-ed in Tech Policy Press, Stanford University's Global Digital Policy Incubator of the Cyber Policy Center Research Scholar Charles Mok and Harvard Kenned School Research Fellow Chen-Tso Chu outline why they believe Taiwan's AI Basic Act could serve as a model for Asian countries seeking to "balance the needs of the citizens' quality of life and the nation's sustainable development while safeguarding national cultural values and social ethics and promoting international competitiveness" in pursuing AI regulation. Full story This email was sent by: The IAPP, 75 Rochester Ave., Portsmouth, NH 03801 USA +1.800.266.6501. This email was sent to you at marco.gervasi75@gmail.com. You received this email because you are a member of the IAPP or you provided your email address to us. We respect your right to privacy; view our privacy statement. To manage all your IAPP email subscriptions individually, visit our subscription page. To unsubscribe from this email and all other IAPP marketing communications, please click here. -- 9 of 9 --