By Scott Hall

Artificial intelligence regulation has entered a new phase. What started as policy conversations about innovation, ethics, and voluntary guardrails is now a real compliance issue centered on privacy, transparency, discrimination risk, and accountability for automated outcomes. For businesses, the question is no longer just whether to use AI, but how to use it responsibly, lawfully, ethically, and efficiently, while building trust with consumers.

California remains one of the key states to watch. The state has continued to expand its privacy framework in ways that directly affect AI systems, including through the CPPA’s finalized rules on automated decision-making technology, risk assessments, and cybersecurity audits, as well as statutes addressing AI disclosures, training-data transparency, and synthetic content. Those developments are important —not just because of California’s market power, but because they reflect a broader regulatory instinct: treating AI as part of the privacy and consumer protection landscape, especially when automated tools rely on personal information.

At the same time, federal AI policy has become more unsettled. Rather than moving toward one comprehensive federal law, the national approach has continued to shift with changing administrations, executive branch priorities, and agency agendas. President Trump recently issued a “National Policy Framework for Artificial Intelligence” intended to preempt state law and address seven objectives that, in many ways, directly contradict the AI framework set out by the Biden administration and states that have already implemented AI regulations. In particular, rather than tighten restrictions on AI systems, the Trump framework would avoid broad content standards with the goal of avoiding excessive litigation. Even if the framework is not enacted, the uncertainty leaves businesses in an awkward position. Less federal oversight does not necessarily mean lower risk. In practice, it often means less uniformity, more uncertainty, and greater pressure to track what states, regulators, and private plaintiffs are doing without a lot of central guidance.

This reality helps explain why states continue to move aggressively to fill the gap. Some are adopting broad, risk-based AI frameworks. Others are focusing on narrower but still important issues, such as chatbot disclosures, profiling, health-related uses, insurance determinations, and AI tools used in employment decisions. The regulatory picture is developing issue by issue and sector by sector, rather than through a single national standard. That legal and regulatory patchwork—which is familiar in the privacy landscape—is harder for businesses to manage, but it is quickly becoming the reality for AI.

One notable theme is that states are increasingly using existing legal frameworks to address AI risk, rather than waiting for entirely new AI statutes. In employment, for example, states are starting to apply discrimination principles directly to automated hiring and screening tools. In privacy, states are using profiling, sensitive-data, and transparency rules to reach AI systems that make or support consequential decisions. That means companies must not only monitor new AI laws, but also consider how older laws may apply to the new technologies they are using.

We are also likely to see different rules for different AI uses. Not every AI-enabled tool will draw the same level of scrutiny. Consumer-facing tools that support routine tasks are likely to face lighter oversight than systems used for underwriting, hiring, eligibility, diagnosis, or other decisions that can significantly affect individuals. That risk-based approach is consistent with both the EU model and California’s Automated Decision-making Technology (ADMT) rules, which focus more closely on significant decision-making contexts. For companies, the practical takeaway is that compliance efforts should be prioritized based on use case, not just on whether a tool is labeled “AI.”

Globally, the EU AI Act remains the leading comprehensive model, with obligations tied to risk classification and substantial requirements for high-risk and general-purpose AI systems. Other jurisdictions are taking different approaches, but the overall direction is the same: more formal governance and more regulatory interest in documentation, transparency, and accountability. For companies operating across borders, that means AI compliance cannot be treated solely as a U.S. state-law issue. It increasingly requires a governance structure that can respond to different legal triggers while maintaining a consistent baseline of documentation and control.

We can also expect regulators to dig deeper into how AI works in practice. They want to know what data a system uses, how its outputs are reviewed, whether human oversight is real or just nominal, and whether the system creates privacy, fairness, or transparency concerns. As a result, AI governance is starting to look a lot like privacy compliance: inventorying systems, documenting use cases, assessing risk, limiting data use, testing for problems, and putting controls in place that can be defended later. Accountability in how AI is actually used matters more than simply having a policy on paper. It is also worth noting that enforcement risk is not limited to agency action. As AI becomes more embedded in decision-making, private plaintiffs are also testing new theories in private litigation, including through discrimination claims for AI use in employment and hiring decisions, or wiretapping claims for AI notetaking tools or other online services.

Ultimately, AI regulation is not emerging through just one statute, one agency, or one theory of liability. It is developing through privacy law, consumer protection, sector-specific regulation, administrative rulemaking, state legislation, and private litigation, often all at once. In the U.S., California remains one of the clearest signals of where this is heading, but it is not alone. Businesses adopting AI should expect questions not just about what the technology can do, but about what data is used, how it is governed, whether and how humans remain accountable, and whether AI use matches reasonable expectations of privacy and fairness. As AI becomes embedded in business operations, companies will be best positioned to manage risk when governance is built into everyday decision-making and workflows, rather than addressed only after problems arise.

If your company needs assistance with any privacy issues, Coblentz Data Privacy & Cybersecurity attorneys can help. Please contact Scott Hall at shall@coblentzlaw.com for further information or assistance.

Navigating the Evolving Legal Landscape of Data Privacy, Cybersecurity, and AI

By Scott Hall, Phillip Wiese, Leeza Arbatman, Kat Gianelli, and Saachi Gorinstein

Download a PDF version of this report here.

Privacy, cybersecurity, and AI regulation continue to be front and center in all aspects of business operations. Two additional states, Oklahoma and Alabama, have recently passed comprehensive consumer privacy laws, increasing the patchwork enforcement framework across the country, while federal laws continue to be proposed but may not be any closer than before.

At the same time, regulators have accelerated enforcement actions against companies that do not comply with state laws, and privacy litigation continues to flood dockets with claims for violations of the California Invasion of Privacy Act (CIPA) and the Video Privacy Protection Act (VPPA). Companies are also facing increased regulatory scrutiny over the collection and use of health data and minors’ data, while also navigating uncertain waters with respect to the intersection of artificial intelligence governance and consumer privacy.

Our 2026 Spring Privacy Report examines key developments shaping the privacy, cybersecurity, and AI landscape this year, along with practical considerations for businesses. View the full report here.

Spring Privacy Webinar – June 16, 2026

Please join Scott Hall and the Data Privacy team on Tuesday, June 16, 2026 for our Spring Privacy Webinar, where we will discuss these developments in greater detail. RSVP for the webinar here.

If your company needs assistance with any privacy issues, Coblentz Data Privacy & Cybersecurity attorneys can help. Please contact Scott Hall at shall@coblentzlaw.com for further information or assistance.

The California Department of Housing and Community Development (HCD) has released 22 new Housing Law Fact Sheets that provide concise, standalone summaries of key state housing laws. As state housing laws continue to expand and evolve, the fact sheets offer quick-reference guidance on statutory requirements, recent legislative changes, and relevant technical assistance letters. Topics that may be of interest to developers include:

• Accessory Dwelling Unit law
• Density Bonus Law
• Housing Accountability Act
• Housing Crisis Act (SB 330)
• SB 35 / SB 423 streamlining
• Permit Streamlining Act
• Transit-Oriented Development (SB 79)

HCD also recently revamped its Technical Assistance and Enforcement Letters Dashboard to make it easier to locate individual letters sent to local jurisdictions on a range of housing law implementation issues. Together, the materials offer a practical reference for navigating entitlement strategy, local agency obligations, and state housing-law compliance across California.

A roundup of news and multimedia from the Unfamiliar Terrain team:

San Francisco

Why the skyscraper race is back on when SF has plenty of empty offices (SF Standard): Although one-third of San Francisco’s 90 million square feet of office space remains vacant since the pandemic, several developers are pursuing plans to build the City’s next great skyscraper, with investor backing.

Apartment rents soar to all-time highs — ‘San Francisco is rewriting its own record books’ (SF Business Times): San Francisco’s apartment rents are at their highest levels ever, driven by competition from tech workers. Local rent growth is significantly outpacing national trends.

S.F. tech company expands its footprint as leasing surge lifts downtown office market (SF Chronicle): A year after signing a long-term, 150,000 square foot lease at One Sansome, Databricks has expanded its office footprint in the space by 90,000 square feet, showing strong momentum for the City’s office market.

Bay Area

Big Tech’s favorite landlord is leaning into housing. It’s daring others to follow (SF Standard): The Sobrato Organization, long known for developing major Silicon Valley corporate tech campuses, is turning significant attention toward affordable housing, marked by the opening of The Millton, a 120-unit all-affordable development in Redwood City.

Newsom issues ‘final warning’ to cities over housing law violations — only one is in the Bay Area (Mercury News): Gov. Gavin Newsom issued notices to 15 jurisdictions, including Half Moon Bay, giving them 30 days to address housing law violations before potential referral to the Attorney General. The jurisdictions are more than two years behind on securing state-certified housing elements, and continued noncompliance could expose them to litigation, fines, loss of state funding, and builder’s remedy consequences.

California and Beyond

California considering a first of its kind idea to boost factory-built housing (CalMatters): The Legislature is considering a new proposal that would allow the state to serve as a financial backstop for factory-built housing projects. Under AB 2166, introduced by Buffy Wicks, the state would provide credit support to surety companies, enabling them to issue payment and performance bonds for factory-built construction.

Tight Curves and Wide Horizons: The Return of Highway 1 (NY Times): A travel feature explores the reopening of California’s Highway 1 through Big Sur and reflects on how recurring landslides, climate pressures, and costly repairs continue to shape the future of one of the state’s most iconic transportation corridors.

Cities scramble to comply with or fight major state housing law (CalMatters): With a July 1 deadline looming for local governments to introduce local “wiggle room” around SB 79, which broadly increases building height limits near major transit stops, cities around the state are exploring ways to tailor their own plans or buy themselves more time.

A Bill Aimed at Creating Homes Is Leaving Plots Empty Instead (Wall Street Journal): A U.S. Senate housing bill would significantly restrict the build-to-rent industry, causing financing to pull back and putting projects on pause.

California blew a hole in environmental planning law. Now, lawmakers are trying to fix it (CalMatters): California lawmakers are scrambling to more clearly define the new CEQA exemption for “advanced manufacturing” passed as part of the 2025 CEQA reform. The proposed fix would add limits and community protections, setting up a fight between environmental justice advocates seeking more review and industry groups arguing that streamlined approvals are needed for clean-energy manufacturing and economic development.