Maine Privacy Bill Advances, Oregon AI Chatbot Bill Clears Legislature

Maine's legislature has advanced a comprehensive privacy bill, the Maine Online Data Privacy Act, through both chambers. Oregon's Senate Bill 1546, an AI chatbot safety bill, has also cleared its state legislature and is heading to the governor. Both bills represent significant state-level regulatory developments.

US House Committee Advances KIDS Act and Other Online Safety Bills

The U.S. House Committee on Energy and Commerce advanced the KIDS Act, Sammy's Law, and the App Store Accountability Act to a full House vote. These bills aim to enhance children's online safety by addressing issues like dangerous content, age verification, and app store policies.

EU AI Act Omnibus: New Compliance Deadlines and Deepfake Ban

Members of the European Parliament have reached a preliminary agreement on amendments to the EU AI Act, including extended compliance deadlines for high-risk systems and a ban on non-consensual deepfakes. The agreement aims to provide legal certainty and allow more time for technical standards and guidance development.

AI Training Compliance Guidance Post-SRB Ruling

This guidance analyzes the impact of the EU Court of Justice's Single Resolution Board ruling on AI training compliance for engineers. It outlines two pathways for compliance, emphasizing engineering choices in defining identifiability and data protection.

South Korea Overhauls PIPA with 10% Turnover Fines and CEO Accountability

South Korea has significantly amended its Personal Information Protection Act (PIPA), introducing fines up to 10% of total turnover and assigning direct supervisory liability to CEOs. These changes, effective September 11, 2026, aim to strengthen deterrence and promote proactive data protection investment.

HITRUST CSF v11.6 Assessment Creation Deadline

HITRUST has announced deadlines for creating and submitting e1 and i1 assessments using CSF v11.6.0. The ability to create new assessments using v11.6.0 will be disabled on March 31, 2026, and submission will be disabled on June 30, 2026.

HITRUST CSF v11.6 Assessment Creation Deadline

HITRUST has announced that effective August 22, 2025, all new e1 and i1 assessments must be created using CSF v11.6.0. Existing assessments using v11.5.1 can still be submitted, with a future deadline to be announced.

HITRUST CSF v11.7.0 Release Notes

HITRUST has released version 11.7.0 of its Common Security Framework (CSF), effective December 18, 2025. This update includes new authoritative sources, consolidation of requirement statements, and modifications to the e1 and i1 assessment baselines.

HITRUST Assessment Handbook v1.2 Updates Released

HITRUST has released version 1.2 of its Assessment Handbook, introducing updates to procedures for evidence generation, testing expectations, reporting, and inheritance eligibility. These changes will be enforced for assessments submitted on or after April 15, 2026.

HITRUST 2025 H2 Threat Analysis on AI Tactics and Assessments

HITRUST released its 2025 H2 Cyber Threat Adaptive Report, indicating that its e1, i1, and r2 assessments effectively mitigate top attack techniques, including AI-driven tactics. The report analyzed threat indicators, intelligence articles, and breaches, mapping data to the MITRE ATT&CK framework.