On July 16, 2026, the Court of Justice of the European Union (“CJEU”) issued a decision clarifying that EU law does not, as a rule, prevent a national competition authority from seizing business emails stored on a company’s systems without prior authorisation from a court. However, strict legal safeguards and effective ex post judicial review must be implemented.

This blog post provides an overview of the decision.

Continue Reading CJEU Clarifies the Conditions for Seizure of Business Emails During Competition Inspections

On 3 June 2026, the European Commission published several legislative and policy measures wrapped up in one “tech sovereignty” package (see our posts summarising the package as a whole here, and diving deeper into the Cloud and AI Development Act here). But the EU’s tech sovereignty drive has a long history, and is by no means limited to this package.

In this post, we take a closer look at the current and forthcoming EU legislative measures aimed at increasing the resilience of services provided in the EU against external, malicious influence, a key aspect of tech sovereignty. Relevant legislation falls into two broad categories: (1) laws promoting cyber resilience generally, to prevent malicious actors from disrupting services and critical infrastructure; and (2) laws focused on building supply chain resilience and reducing dependencies on certain external actors by building European industrial capacity in key tech sectors.

Continue Reading Looking beyond the tech sovereignty package: how the EU is moving to ensure tech sector resilience

On July 2, 2026, the Federal Trade Commission (“FTC”) announced that Hopper (USA), Inc. and its Canadian parent, Hopper Inc., agreed to a $35 million settlement resolving allegations that Hopper engaged in unfair and deceptive fee practices in violation of Section 5 of the FTC Act and the Trade Regulation

Continue Reading FTC Settles with Hopper Over Hidden Fee Practices

On June 16, 2026, the Delaware General Assembly passed HB 380, which would amend the Delaware Personal Data Privacy Act (DPDPA). The bill is currently awaiting the Delaware governor’s signature, and if signed, the amendments would take effect on January 1, 2027. The amendment would impose the following:

Continue Reading Delaware General Assembly Passes HB 380, an Amendment to the Delaware Personal Data Privacy Act

On July 7, 2026, the Irish National Cyber Security Centre (“NCSC”) published guidance for management boards and senior executives of organizations subject to the EU’s Network and Information Security Directive (“NIS2”). Reflecting a central theme of NIS2, the Guidance makes it clear that cybersecurity is no longer solely a technical issue, but a governance and risk-management matter that requires active oversight at “the highest levels of executive management.”  It is a helpful document for organizations that are likely to be subject to NIS2, expect to be supervised in Ireland, and that are considering their governance structures and board-level oversight mechanisms.

Continue Reading Irish NCSC Issues Cyber Governance Guidance for Management Boards Ahead of NIS2 Implementation

On July 1, 2026, the Federal Trade Commission (“FTC”) issued a proposed policy statement addressing what it describes as the “suppression of accuracy” in artificial intelligence (“AI”) systems and is seeking public comment through July 31, 2026. The proposal was issued pursuant to Executive Order 14365, Ensuring a National Policy Framework for Artificial Intelligence, which directed the FTC to explain how Section 5 of the FTC Act applies when AI developers alter model outputs in response to state law requirements.[1]

Continue Reading FTC Seeks Comment on Proposed Policy Statement Addressing AI Accuracy and Output Steering

On June 29, 2026, in a 6-3 decision, the U.S. Supreme Court held that (1) the Federal Trade Commission’s (FTC) statutory “for‑cause” removal protection for Commissioners violates the Constitution’s separation of powers and (2) President Trump lawfully removed Rebecca Slaughter from the FTC. The Court concluded that because FTC Commissioners exercise executive power, they must be removable by the President at will rather than only for “inefficiency, neglect of duty, or malfeasance in office.”

Continue Reading Supreme Court Holds FTC Removal Protections Unconstitutional

In what continues to be a busy year for genetic privacy developments, Rhode Island has joined the growing number of states regulating direct-to-consumer (“DTC”) genetic testing with its recently enacted genetic privacy law, S 2203. With S 2203, Rhode Island is the fifth state to enact genetic privacy legislation this year, following Utah, South Dakota, Connecticut, and Vermont

Continue Reading Rhode Island Enacts Genetic Privacy Law

On June 22, 2026, the White House released two Executive Orders (EOs) on quantum technologies: Securing the Nation Against Advanced Cryptographic Attacks (EO 14412) and Ushering in the Next Frontier of Quantum Innovation (EO 14413).  Through the first EO, the White House seeks “to safeguard America’s most sensitive data, [U.S.] critical infrastructure, and the digital economy that drives jobs and growth.”  (For further reading on this topic, our Post-Quantum Cryptography: A Practical Guide provides a high-level overview of steps organizations should consider to move toward post-quantum cryptography (PQC) to protect their systems.)  The second EO, in comparison, seeks “to supercharge U.S. innovation in quantum technologies.”  Together, these EOs reflect a continued U.S. government focus on core themes in the quantum space — security and innovation.

Continue Reading Trump Administration Releases Two Executive Orders on Quantum

On June 22, the leaders of the cybersecurity agencies in Australia, Canada, New Zealand, the UK, and the U.S. issued a joint statement calling for an “urgent” focus on cyber resilience in anticipation of “frontier AI models . . . exceed[ing] current industry expectations” and “fundamentally transforming both offensive and defensive cyber capabilities” within a timeline of “months.”  The frontier AI models referenced in the statement are the latest generation of advanced AI models that are capable of identifying and exploiting security vulnerabilities, which may result in an increased cadence of cybersecurity intrusions and data loss.  In light of the growing capabilities of these models, the statement encourages organizations to avoid treating cyber risk “as a purely technical issue” or an “IT issue” and instead take a “whole-of-organization” approach to cyber resilience that treats it as a “core business risk and leadership responsibility” that is “central to operational continuity and market trust.”  The statement also proposes several “urgent” practical actions that organizations can take to reduce risk, many of which were also discussed in our recent client alert regarding key considerations for lawyers addressing cyber risks posed by frontier models. 

Continue Reading Five Eyes Cybersecurity Agencies Issue Statement Regarding AI-Related Shifts in Cybersecurity Risks, Urging Organizational Leaders to “Act Now”