The Data Chronicles

AI regulation in the United States is at an inflection point. A new executive order, emerging legislation, and shifting political dynamics are rapidly reshaping the policy landscape for AI developers and adopters. 

In this episode of The Data Chronicles, we examine the administration’s latest executive order on AI innovation and security, which introduces a voluntary framework for pre-release review of frontier AI models – an approach some compared to FDA-style oversight. We also explore how it differs from prior safety-focused directives and more aggressive regulatory models abroad. 

The discussion highlights what this moment means for companies across the ecosystem, from major tech firms helping shape policy to startups navigating commercialization. At the core is a key tension: policymakers are unusually open to new ideas but the window to influence these frameworks may be narrower than it appears.

State-level data regulation in the United States is accelerating, with a growing patchwork of laws reshaping how organizations approach privacy, artificial intelligence, and online safety. 

In this episode of The Data Chronicles, we provide a 2026 legislative wrap-up, examining how new comprehensive privacy laws in states like Oklahoma and Alabama, alongside emerging frameworks in Louisiana, are reinforcing a largely harmonized – but still fragmented – compliance landscape. 

The discussion explores how AI regulation is diverging more significantly, with states such as Colorado and Connecticut shifting toward targeted, risk-based approaches focused on automated decision-making and employment use cases, while broader concerns around AI chatbots and workforce integration continue to draw legislative attention. We also unpack the rapid evolution of online safety and children’s protections, including the expansion of age-appropriate design codes, age verification requirements, and ongoing constitutional challenges. 

Across all three areas, the episode highlights the practical implications of increased regulatory overlap, evolving enforcement dynamics, and the growing need for organizations to monitor state-level developments closely – particularly as lawmakers continue to experiment with technology-driven solutions and push toward more granular oversight of data-driven systems.

Data protection in the United Kingdom is entering a new phase of post‑Brexit divergence, introducing targeted but impactful changes across regulatory governance, enforcement, and day‑to‑day compliance.

 

In this episode of The Data Chronicles, we examine how the Data (Use and Access) Act 2025 is reshaping UK data protection through reforms to the ICO’s structure, new approaches to cookies, automated decision‑making, international data transfers, and lawful bases for processing.

 

The discussion explores how increased flexibility in the United Kingdom is paired with heightened enforcement risk, why operating across United Kingdom and European Union regimes is becoming more complex for global organizations, and how data protection is increasingly being reframed as both a legal compliance and economic policy tool – demanding closer coordination between legal, product, and operational teams.

Cybersecurity regulation in Europe has entered a period of rapid expansion and fragmentation, moving well beyond traditional data protection into a complex framework governing enterprise security, product security, sector specific obligations, and supply chain risk. 

In this episode of The Data Chronicles, we examine how evolving regimes such as NIS2, the Cyber Resilience Act, DORA, and proposed reforms to the EU Cybersecurity Act are reshaping legal and operational expectations for organizations operating across borders. 

The discussion explores why global “one size fits all” security programs and reliance on baseline standards like ISO and NIST are no longer sufficient on their own, how post Brexit divergence between the EU and U.K. is creating material compliance challenges, and why cybersecurity has shifted from a best practice exercise to enforceable law – requiring tighter integration between legal, IT, and information security teams to execute compliance at scale.

AI enforcement in the United States is emerging through legacy laws, creative pleading theories, and increasing regulatory scrutiny rather than a single statute or regulator.

In this episode of The Data Chronicles, we examine how AI-related risk materializes once it moves into litigation and enforcement — from copyright and privacy class actions to consumer protection claims, product liability, and employment disputes — and why unsettled standards of care, evolving case law, and regulator focus areas are driving uncertainty for companies deploying AI systems.