Tech & Sourcing @ Morgan Lewis

In June 2025, cybersecurity researchers discovered a leak of 16 billion passwords in one of the largest data breaches ever, impacting a wide range of platforms and placing billions of users’ information at risk. This incident underscores the urgent need for companies to adopt proactive cybersecurity measures and remain vigilant in the face of evolving threats.

In a recent LawFlash, a team of Morgan Lewis lawyers wrote on the enactment of the Texas Responsible Artificial Intelligence Governance Act (TRAIGA), which will enter into force on January 1, 2026. This legislation marks a significant step in regulating artificial intelligence (AI) technologies within the state of Texas. TRAIGA is broad in scope: applicable to any individual or entity, including government agencies, developing AI systems in Texas, offering a product or service used by Texas residents, or promoting, advertising, or conducting business in the state.

A new Insight published by our Morgan Lewis colleagues highlights the complex legal landscape data centers face in the United States, particularly concerning cybersecurity, privacy, and national security. Cybersecurity preparedness and data privacy are now a critical focus for data centers. However, unlike Europe, the US lacks a comprehensive data privacy statute, requiring data centers to navigate a patchwork of federal, state, and industry-specific regulations.

New York state lawmakers on June 12, 2025 passed the Responsible AI Safety and Education Act (the RAISE Act), which aims to safeguard against artificial intelligence (AI)-driven disaster scenarios by focusing on the largest AI model developers; the bill now heads to the governor’s desk for final approval. The RAISE Act is the latest legislative movement at the state level seeking to regulate AI, a movement that may continue to gain momentum after a 10-year moratorium on AI regulation was removed from the recently passed One Big Beautiful Bill.

Given the rapid, sweeping, and unpredictable changes in the tariff landscape, we return to the force majeure clause, a now-recurring theme following the COVID-19 pandemic and cyberattacks. Although, like many force majeure events, tariffs can significantly disrupt or alter markets, tariffs’ nature, duration, and potential impact differ markedly. Despite renewed attention, the force majeure clause may not be a tariff elixir.

In a recent LawFlash, a team of Morgan Lewis lawyers wrote on New York state’s enactment of the Fashion Workers Act, which took effect on June 19, 2025. The act mandates model management companies to register their businesses while imposing a range of duties on both these companies and their clients, including a fiduciary duty applicable to all aspects of “negotiations, contracts, financial management, and the protection of the models’ legal and financial rights.”

Cyber regulations are crucial for the protection of individuals and businesses and aid in risk minimization; failure to comply with these regulations can result in severe consequences such as financial penalties, legal action, reputational damage, and potential breach of sensitive or confidential information. Analysts have identified some key cyber regulations to watch in the coming months.

Commercial contracts are typically represented by two separate, yet equally important, components: the master agreement that contains primarily legal terms, and the ordering documentation that contains primarily commercial terms.

As we wrote on last week, the recent NCAA settlement has ushered in a new era for college athletics—one with unprecedented legal, financial, and operational consequences. Join Morgan Lewis partners, including technology transactions, outsourcing, and commercial contracts partner Don Shelkey, for a two-part webinar series that will examine the regulatory, business, and litigation risks forming the future of college sports.

In a recent LawFlash, a team of Morgan Lewis lawyers discussed the US Court of International Trade and the US District Court for the District of Columbia’s ruling that invalidated President Donald Trump’s actions imposing tariffs pursuant to the International Emergency Economic Powers Act of 1977, and the temporary, administrative stay granted by the US Court of Appeals for the Federal Circuit while it considers whether to stay the orders during the pendency of the government’s appeal of the ruling. These recent events demonstrate the continued uncertainty businesses and consumers face in light of this economic policy.