Sidley AI Monitor

On November 4, 2025, Sen. Bill Cassidy (R-LA) introduced the Health Information Privacy Reform Act, which requires the Secretary of Health and Human Services (HHS) to promulgate regulations setting privacy, security, and breach notification standards for the processing of applicable health information by regulated entities and their service providers. The Act includes a requirement for the Secretary of HHS to publish, no later than one year after the enactment of the Act, guidance on applying the minimum necessary standard to health data used in AI.

On November 3, 2025, Hungary enacted the Hungary AI Act to establish a framework for its implementation of the EU AI Act. The Hungary AI Act applies broadly to AI system service providers, manufacturers, importers, and users in Hungary and establishes multiple government authorities to monitor, regulate, and support the development of AI.

On October 28, 2025, the National People's Congress of the People's Republic of China announced that it voted to pass amendments to China's Cybersecurity Law. The amendments set forth a foundational framework for national support for AI development and increased the scope and penalties of enforcement of the Cybersecurity Law, including to expand coverage to any foreign conduct that endangers China's network security.

On October 21, 2025, the New York State Department of Financial Services (NYDFS) issued industry guidance to clarify regulatory requirements relating to covered entities and describe steps covered entities should consider to address cybersecurity risks arising from relationships with third-party service providers. The NYDFS guidance provides a list of provisions for covered entities to consider incorporating into their agreements with third-party service providers, including a provision relating to the acceptable use of AI and whether the covered entity's data may be used to train AI models or be disclosed to additional parties.

Massachusetts Senate Bill 2630 was introduced in the Massachusetts Senate on October, 16, 2025 by Sen. Barry Finegold (D). Bill S.2630 would require each large AI developer to publish (1) an AI framework that describes various policies and practices of the developer relating to compliance with AI standards, management and mitigation of risks, and response to safety incidents and (2) a transparency report disclosing various aspects of its AI model.

California Gov. Gavin Newsom (D) signed Senate Bill No. 243 on October 13, 2025, which requires companion chatbot operators to notify certain users (including all users known by the operator to be minors) that they are interacting with AI. Additionally, SB-243 requires operators to report annually to the Office of Suicide Prevention and to maintain protocols to prevent chatbots from producing suicidal ideation content.

On October 14, 2025, California Gov. Gavin Newsom (D) signed Assembly Bill No. 853, which delays the operation of the California AI Transparency Act until August 2, 2026. AB 853 also amends the Act to require large online platforms to make available to users information to indicate whether content was generated or substantially altered with AI (effective January 1, 2027) and to require capture device manufacturers to provide users with the option to include, in the content they generate, certain disclosures such as the names of the manufacturer and device (effective January 1, 2028).

California Assembly Bill No. 316 was signed by Gov. Gavin Newsom (D) on October 13, 2025, and provides that defendants that are alleged to have caused harm by AI that they developed, modified, or used are not eligible to assert that the AI autonomously caused harm to the plaintiff.

California Assembly Bill No. 489, signed by Gov. Gavin Newsom (D) on October 11, 2025, extends existing laws prohibiting the use of specified language to falsely indicate or imply possession of a license or certificate to practice a health care profession to entities that develop or deploy AI that uses such language in its advertising or functionality.

On October 8, 2025, Gov. Gavin Newsom (D-CA) signed Senate Bill No. 361, which expanded the scope of information that must be provided to the California Privacy Protection Agency upon registration by "data brokers" (businesses that collect and sell to third parties the personal information of a consumer with whom the business does not have a direct relationship). Included within the new disclosure requirements is a requirement to provide information regarding whether the data broker shared or sold consumers' data to a developer of a GenAI system in the past year.

On October 1, 2025, Latvia's Law on the Resilience of Digital Operations in the Financial Market and the Use of Artificial Intelligence entered into force. The law applies the provisions of the EU AI Act, including with respect to identifying, monitoring, and mitigating AI risks, to a wide array of financial services entities such as insurance companies, investment management companies, and payment service providers.

On October 1, 2025, California's rules regulating the usage of AI and other automated-decision systems in making employment decisions went into effect. Among other things, the rules prohibit employers from using automated-decision systems that discriminate against employees or applicants based on existing protected classes under California's Fair Employment and Housing Act.

On September 29, 2025, California Governor Gavin Newsom (D) signed into law Senate Bill No. 53, known as the Transparency in Frontier Artificial Intelligence Act, which among other matters, relates to the safety of a foundation model.

On September 25, 2025, Italy's Law No. 132 was published in the Official Gazette No. 223. The law aims to ensure that the use of artificial intelligence is aligned with the General Data Protection Regulation and Personal Data Protection Code and becomes effective on October 10, 2025.

On September 15, 2025, the Cyberspace Administration of China published its AI Safety Governance Framework 2.0, building upon its AI Governance Version 1.0 and the Global AI Governance Initiative to address rapid developments in AI technology.

On September 11, 2025, Wyoming Representative Harriet M. Hageman (R) introduced the Fair Artificial Intelligence Realization Act of 2025 (H. R. 5315), which would prohibit the Federal procurement of large language models not developed in accordance with unbiased AI principles, among other matters.

On September 10, 2025, Texas Senator Ted Cruz (R) introduced the Strengthening Artificial Intelligence Normalization and Diffusion By Oversight and eXperimentation Act, which would among other matters, create a regulatory “sandbox” that gives AI developers space to test and launch new AI technologies without being subject to certain federal rules.

On September 10, 2025, U.S. Senators Lisa Blunt Rochester (D) and John Curtis (R) introduced legislation Consumer Safety Technology Act (S. 2766), aimed at strengthening consumer protection through the use of emerging technologies such as artificial intelligence, blockchain, and digital tokens.

On September 4, 2025, South Korea's Personal Information Protection Commission announced the implementation of revised standards for Personal Information Impact Assessments, specifically addressing the use of artificial intelligence.

On September 3, 2025, the Office of the Information and Privacy Commissioner of Alberta issued guidance to assist custodians under the Health Information Act in ensuring they are compliant with the act when using artificial intelligence scribe tools.

On September 1, 2025, Measures for the Identification of Artificial Intelligence-Generated Synthetic Content in China went into effect. The measures aim to promote the development of artificial intelligence and standardize the identification of such content.

On August 28, 2025, Colorado Governor Jared Polis (D) signed S.B. 25B-004, which delayed the effective date of the Colorado AI Act from February 1 to June 30, 2026.

Key Steps Toward Using Artificial Intelligence in Pharmacovigilance – Sidley Insights on the Recent CIOMS Draft Report

On August 14, 2025, the U.S. General Services Administration (GSA) announced the launch of USAi, a secure generative artificial intelligence evaluation suite that enables federal agencies to experiment with and adopt artificial intelligence at scale.

On August 13, 2025, the Reserve Bank of India published a report referred to as the Framework for Responsible and Ethical Enablement of Artificial Intelligence in the Financial Sector.