In an era when data is everything, everywhere, all at once and computation has almost no limit, ensuring privacy while leveraging data analytics is paramount. The US Department of Commerce’s National Institute of Standards and Technology (NIST) recently published NIST Special Publication 800-226 (the Guidelines), a comprehensive guide for evaluating and achieving differential privacy, a cutting edge approach to protecting individual privacy when using and relying on large datasets.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
In a recent report, a team of Morgan Lewis lawyers discussed enforcement of the US Department of Justice’s (DOJ’s) Data Security Program (DSP). The report outlines critical considerations for companies and entities that may be affected by the extensive requirements of this national security initiative.
In June 2025, cybersecurity researchers discovered a leak of 16 billion passwords in one of the largest data breaches ever, impacting a wide range of platforms and placing billions of users’ information at risk. This incident underscores the urgent need for companies to adopt proactive cybersecurity measures and remain vigilant in the face of evolving threats.
In a recent LawFlash, a team of Morgan Lewis lawyers wrote on the enactment of the Texas Responsible Artificial Intelligence Governance Act (TRAIGA), which will enter into force on January 1, 2026. This legislation marks a significant step in regulating artificial intelligence (AI) technologies within the state of Texas. TRAIGA is broad in scope: applicable to any individual or entity, including government agencies, developing AI systems in Texas, offering a product or service used by Texas residents, or promoting, advertising, or conducting business in the state.
A new Insight published by our Morgan Lewis colleagues highlights the complex legal landscape data centers face in the United States, particularly concerning cybersecurity, privacy, and national security. Cybersecurity preparedness and data privacy are now a critical focus for data centers. However, unlike Europe, the US lacks a comprehensive data privacy statute, requiring data centers to navigate a patchwork of federal, state, and industry-specific regulations.
New York state lawmakers on June 12, 2025 passed the Responsible AI Safety and Education Act (the RAISE Act), which aims to safeguard against artificial intelligence (AI)-driven disaster scenarios by focusing on the largest AI model developers; the bill now heads to the governor’s desk for final approval. The RAISE Act is the latest legislative movement at the state level seeking to regulate AI, a movement that may continue to gain momentum after a 10-year moratorium on AI regulation was removed from the recently passed One Big Beautiful Bill.
Given the rapid, sweeping, and unpredictable changes in the tariff landscape, we return to the force majeure clause, a now-recurring theme following the COVID-19 pandemic and cyberattacks. Although, like many force majeure events, tariffs can significantly disrupt or alter markets, tariffs’ nature, duration, and potential impact differ markedly. Despite renewed attention, the force majeure clause may not be a tariff elixir.
In a recent LawFlash, a team of Morgan Lewis lawyers wrote on New York state’s enactment of the Fashion Workers Act, which took effect on June 19, 2025. The act mandates model management companies to register their businesses while imposing a range of duties on both these companies and their clients, including a fiduciary duty applicable to all aspects of “negotiations, contracts, financial management, and the protection of the models’ legal and financial rights.”
Cyber regulations are crucial for the protection of individuals and businesses and aid in risk minimization; failure to comply with these regulations can result in severe consequences such as financial penalties, legal action, reputational damage, and potential breach of sensitive or confidential information. Analysts have identified some key cyber regulations to watch in the coming months.
Commercial contracts are typically represented by two separate, yet equally important, components: the master agreement that contains primarily legal terms, and the ordering documentation that contains primarily commercial terms.