Our AI Quarterly publication brings together the firm’s latest AI focused practical insights, key developments, and upcoming programs all in one place, including relevant writings, events, and firm news.
Insights
New Executive Order Promotes AI Innovation While Strengthening Cybersecurity Defenses
On June 2, 2026, President Trump signed the Executive Order “Promoting Advanced Artificial Intelligence Innovation and Security.” The Order reflects the Administration’s stated policy of advancing U.S. AI leadership through collaboration with the private sector, while taking steps to harden government and critical infrastructure systems against emerging cyber threats. Importantly, the Order maintains the Administration’s approach of favoring voluntary, industry-collaborative mechanisms over mandatory regulatory mandates, expressly disclaiming any authority to create licensing, preclearance, or permitting requirements for the development or distribution of AI models.
Fannie Mae Issues Governance Framework on Use of Artificial Intelligence and Machine Learning
On April 8, 2026, Fannie Mae issued a governance framework for Fannie Mae seller/servicers’ use of artificial intelligence and machine learning (ML) in their origination and servicing practices. The requirements that Fannie Mae sets forth in this directive are considerable and apply to all approved single-family seller/servicers using AI/ML technologies within their loan origination or servicing practices. The directive becomes effective on August 6, 2026, 120 days after publication.
Produce the Prompts: A Court Says Expert AI Inputs Are Fair Game in Discovery
A federal court just delivered one of the clearest messages yet on AI in litigation: If an expert used AI to do the work, the prompts may be discoverable. In Conservation Law Foundation Inc. v. Shell Oil Company, Magistrate Judge Thomas O. Farrish ordered the plaintiff to produce the prompts its expert used in preparing her report, treating them as part of the expert’s methodology rather than protected drafting material. That puts AI prompts squarely into the discovery fight.
NYDFS Issues Frontier AI Advisory and Guidance for Heightened Cyber Threat Environment
On May 21, 2026, the New York Department of Financial Services (NYDFS) issued two industry letters to the organizations it regulates: “Heightened Cybersecurity Risks Associated with Frontier AI Models” and “Guidance on Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment.” The letters discuss various recommended security controls regulated entities should consider in light of a heightened cybersecurity threat environment (defined as a period when “cybersecurity risks are significantly elevated and therefore have a high likelihood of impacting Information Systems, Nonpublic Information or operations”) and in light of the threats presented by frontier AI models (defined as AI models that “amplify the potency, scale, and speed of identifying vulnerabilities and exploits in information systems”).
On May 19, 2026, the European Commission published draft guidance on how to determine whether an AI system qualifies as a high-risk AI system (HRAIS) under the EU’s AI Act, Regulation 2024/1689. The draft reflects input from stakeholders and EU Member States through the EU AI Board and represents the most detailed interpretative material issued to date on this topic.
Colorado Replaces Landmark AI Act—Creating New Trails for AI Rules and Private AI Litigation
On May 12, 2026, the Colorado legislature passed SB 26-189, which repeals and replaces its landmark Artificial Intelligence Act. Colorado is doing away with the concept of “algorithmic discrimination” and moving instead to a notice- and disclosure-based regime focused on automated decision-making. This time, it does so without a carve-out for deployers that are small businesses.
The Era of AI-Driven Data Breaches Has Arrived
A recent lawsuit signals the rapid convergence of issues involving artificial intelligence, vendor-managed platforms, and individual arbitration in the data breach ecosystem. In Woodard v. OpenAI Inc. & Mixpanel Inc., No. 3:25-cv-10301 in the Northern District of California, the plaintiffs alleged that Mixpanel uses AI technologies developed by OpenAI to collect user data. Mixpanel’s data collection came to a head in November 2025, when it was hit by a third-party criminal cyberattack that allegedly impacted consumers’ OpenAI accounts on the Mixpanel platform.
One Federal Privacy Bill to Rule Them All?
On April 21, 2026, Republican lawmakers on the House Energy & Commerce Committee, including Brett Guthrie and John Joyce, M.D., leader of the Energy and Commerce Data Privacy Working Group, introduced the Securing and Establishing Consumer Uniform Rights and Enforcement over (SECURE) Data Act. The Act is designed to create a comprehensive nationwide framework governing consumer privacy and personal data protection in the United States. The Act would significantly reshape the U.S. privacy landscape by establishing uniform consumer rights, clarifying obligations for businesses nationwide, and displacing much of the current state-by-state regime.
On March 16, 2026, the Delaware Court of Chancery issued an opinion finding that the CEO of a major gaming company followed guidance from ChatGPT to breach a $500 million acquisition agreement. This dispute joins a growing list of cases in which chatbot records have entered the courtroom as evidence against users.
Your AI Scribe May Be Taking Notes (and Plaintiffs Are Too)
On April 7, 2026, several plaintiffs filed a class action complaint in the Northern District of California against Sutter Health, Memorial Health Services Inc., and Memorial Care Medical Foundation. The complaint alleges the providers illegally recorded the plaintiffs’ confidential medical information by using an AI-powered “ambient clinical documentation” tool to record clinician-patient conversations during medical visits. This suit may highlight a growing litigation risk for the health care systems deploying conversational AI technologies, as well as processes and patient consents that can mitigate such risks.
New York AI Disclosure Bill Passes State Legislature
New York state Assembly Bill A3411B passed its third reading in the Senate on March 9, 2026, sending it through the legislature and preparing it for delivery to Governor Kathy Hochul. If enacted, the bill will require owners, licensees, and operators of generative AI systems to display a clear and conspicuous notice on system user interfaces that generative AI outputs may be inaccurate. The bill now awaits delivery to, and signature by, Hochul. If signed, it will become effective 90 days after becoming law.
Publications
- June 18, 2026 – Cynthia Cole, Maki DePalo, and Jennifer Everett published “Privacy, Cyber & Data Strategy Advisory | State of the (Artificial) Union: A Mid-Year Review of US AI Regulation, Enforcement and Policy Trends.”
- June 16, 2026 – Cynthia Cole, Courtney Quirós, and Lex Mayo published “How Boards Can Shrink the AI Governance Gap” in Law360.
- June 1, 2026 – Kim Peretti, Lance Taubin, and Kristen Bartolotta published "Privacy, Cyber & Data Strategy Advisory | Five Risks GCs Should Know About Frontier AI and Cybersecurity."
- May 12, 2026 – Jennifer Everett, Sean Sullivan, Sara Pullen, and Jonathan Jagoda presented “Healthy Byte | When AI Crosses the Line: Licensure Risk in Chatbot Design,” discussing a new enforcement action surrounding AI chatbots and what it means for companies developing or deploying chatbots across regulated industries.
- May 11, 2026 – Jennifer Everett, Sean Sullivan, Jen Pike, Sara Pullen, and Jonathan Jagoda published “Health Care Advisory | Your AI Therapist May Need a Lawyer: Pennsylvania Brings Suit Against Chatbot Developer.”
- May 7, 2026 – Andrew Liebler, Jen Pike, Jennifer Everett, and Zack Higbee presented “Key Takeaways for Health Data Monetization,” synthesizing the key themes and practical takeaways from across Alston & Bird’s Health Data Monetization video series.
- May 4, 2026 – Zack Higbee presented “Protecting Data-Driven Innovation: Patents, Trade Secrets, and Strategy,” exploring how health care organizations can create and protect value from the data they generate every day.
- April 30 , 2026 – David Carpenter presented “In the Crosshairs of Privacy Litigation,” exploring the growing wave of privacy litigation targeting the monetization of health data, with a focus on how courts are applying older privacy statutes to modern digital tracking technologies.
- April 27, 2026 – Andrew Liebler presented “Innovating Without Inviting Risk,” discussing the compliance, litigation, and enforcement risks companies face when using health data—especially as innovation and AI-driven use cases accelerate.
- April 23, 2026 – Jennifer Pike presented “A HIPAA Framework,” providing a practical, high-level overview of how the Health Insurance Portability and Accountability Act (HIPAA) shapes health care data monetization strategies.
- April 20, 2026 – Sean Sullivan presented “Aligning Innovation with Regulation,” explaining how fraud and abuse laws, information blocking rules, and corporate practice of medicine considerations shape data‑driven business models.
Events
- June 30, 2026 – Alex Brown and David Carpenter will present “Pricing Under Scrutiny: Data-Driven Pricing and the Law” for the 15th program in Alston & Bird’s AI Legal Insights: Shaping Tomorrow webinar series.
- June 24, 2026 – Yuri Mikulka will present “Everything Old Is New Again: AI Meets Privilege, Confidentiality & Trade Secrets” hosted by the American Bar Association.
- June 16–17, 2026 – Jennifer Everett will speak during the FLDI Essentials of Working with FDA for Patient Organizations event on “AIding Patient Advocacy: Artificial Intelligence and Clinical Trials, Patient Privacy, and More.”
- June 4, 2026 – Jennifer Everett, Dan Felz, David Keating, Dorian Simmons, Alex Brown, Cynthia Cole, Beth Chiarello, Tery Gonsalves, and Michael Ekin presented “AI Risk & Responsibility: Ethics at Work, Enforcement Trends, and Agentic AI.”
- June 4, 2026 – Michael Deane presented “AI for Everyone – A Multi-Part CLE for Beginners and Experts,” hosted by the Georgia Tech Bar Association and Verbit.
- May 21, 2026 – Sean Sullivan, Leah McNeill, and Nick Chandler presented “Responsible Use of AI: Considerations for Health Care and Legal Professionals” for the 14th program in Alston & Bird’s AI Legal Insights: Shaping Tomorrow webinar series.
- May 12–14, 2026 – Alex Brown spoke on the panel “Walking the Tightrope: AI, Blurred Autonomy, and the Future of Competition, Regulation, and IP” during the 2026 ABA International Law Section Annual Conference.
Press Releases
Daily Report Highlights Alston & Bird’s IP Bench Expansion to Meet Growing AI-Driven Demand
A Daily Report article highlighted Alston & Bird’s continued investment in its nationally recognized Intellectual Property Group as demand grows at the intersection of artificial intelligence and IP law. Natalie Clayton and John Haynes, co-chairs of Alston & Bird’s Intellectual Property Group, commented on how AI is driving demand for sophisticated legal services across copyright, patents, and litigation. Notably, the firm is strategically expanding its capabilities in these areas and recently added three new partners who focus on disputes involving digital media, AI, and emerging technologies. Michael Elkin and Sean Anderson joined the firm’s New York office, and Jennifer Golinveaux joined in San Francisco.
For additional updates, please visit our Privacy, Cyber & Data Strategy Blog.
You can subscribe for future updates by completing our publications subscription form.