Articles

AI adoption in local government created new security vulnerabilities in 2025 and 2026 is shaping up to be more demanding. The National League of Cities breaks down what city and county officials actually learned, what cyber threats they are now facing, and what practical steps leaders should be taking now.

A plain-language walkthrough of the overlapping federal and state privacy rules that apply when schools and EdTech vendors handle student data, with practical notes on FERPA, COPPA, and the newer state student-privacy statutes.

Whether training an AI model on copyrighted content qualifies as fair use is being decided case by case and courts are not reaching consistent answers. Skadden analyzes two recent decisions and explains what factors courts are weighing. This article is essential reading for any company building AI products.

An attorney-written summary of the FTC's 2025 update to the Children's Online Privacy Protection Rule, focused on how the changes affect EdTech providers that collect data from students under 13.

Before signing an AI vendor agreement, you should know who owns the outputs, what happens to your data if it's used for training, and what liability you carry if the AI makes a mistake. Stanford CodeX breaks down the key contractual issues: data ownership, training data clauses, IP in AI-generated outputs, and liability allocation.

The use of AI in state and local government workflows is increasing economic disparities in the distribution of public resources. This article analyzes the impact of human oversight with layered automation or agentic public AI.

New York and San Francisco now require public agencies to inventory every AI system in use. CDT maps how local governments are building their own AI governance frameworks ahead of state and federal regulation.

Federal funding exists specifically for government cybersecurity improvements for state and local governmental entities. This GAO report covers how the State and Local Cybersecurity Grant Program (SLCGP) works, what governments need to do to qualify, and program status through 2027.

The Cybersecurity and Infrastructure Security Agency keeps a continuously updated catalog of vulnerabilities being actively exploited "in the wild." Federal agencies are required to patch these on a fixed schedule and while state and local governments are not legally bound, this list is the practical standard for what to prioritize first.

California's privacy law added new requirements on January 1, 2026 addressing automated decision-making rules, cybersecurity audit obligations, and risk assessments. If your business has California customers, which most with an online presence do, this is a practical checklist of what changed and what you need to do.

California and Colorado are among states leading in privacy legislation. BDO walks through California and Colorado changes, what the thresholds are, and what compliance steps businesses should be taking now.

New compliance deadlines, instant payment mandates, and regulations for AI in credit scoring are all converging on fintech companies in 2026. The Paypers maps what's in effect, what's coming, and how the industry is responding so that businesses can avoid late payment charges and manage operational risk.

Algorithmic pricing and AI-facilitated collusion are drawing antitrust enforcement at the federal and state level. This piece maps what enforcement actions have been brought, what theories regulators are pursuing, and what tech companies using AI for pricing or recommendations need to watch. We are still moving through civil cases, but DOJ criminal action is providing a framework for civil analysis.

Open source software is code made publicly available for anyone to use, modify, and distribute, but "open" doesn't mean without legal obligation. The license attached to open source software determines what you can do with it, and some licenses include surprising obligations. Traditional open source licensing frameworks are straining under AI's unique characteristics with models trained on proprietary data and weights that can't be read like code. The Linux Foundation examines what "open source AI" actually means now and proposes the need for an open source specific license called OpenMDW, or Open Model, Data, and Weights License.

Open source AI is becoming more readily available, as is open-weight AI such as Meta's Llama 3. Using an open-source or open-weight AI model doesn't eliminate other significant legal hurdles, such as privacy obligations. IAPP examines the privacy compliance dimensions for organizations building on open-weight models.

Starting August 2026, the EU AI Act requires machine-readable marking of AI-generated content and platforms must remove deepfakes within 48 hours of a valid request. This piece explains what the GPAI Code of Practice actually requires, who it applies to, and what the compliance timeline looks like.

Over 5,000 ADA website accessibility lawsuits were filed in 2025 — concentrated in New York and California, with the same defendants repeatedly targeted. Key finding: accessibility overlay widgets have not been accepted by courts as WCAG compliance. This piece covers who is being targeted and what a real compliance program looks like versus a widget that creates only the appearance of compliance.

An accessible breakdown of the DOJ's ADA Title II web accessibility rule and what it means for public colleges, K–12 districts, and their EdTech vendors — including the WCAG 2.1 AA standard and the phased compliance timeline.