I also noted two items in regulation I didn’t want to miss.
Creative Commons has introduced a new initiative called CC Signals, designed to create a framework for sharing datasets in the era of artificial intelligence. This project aims to address increasing concerns about data privacy and accessibility as organizations update their policies on using user data for training AI models. The CC Signals initiative enables dataset owners to specify how their content can be reused, encouraging a balance between the open nature of the internet and the rising demand for data in AI development. Anna Tumadóttir, CEO of Creative Commons, stated that “CC signals are designed to sustain the commons in the age of AI,” highlighting the importance of ethical data practices. The organization is currently seeking public input on early designs and plans to launch an alpha version in November 2025.
The United States Supreme Court has upheld a Texas law requiring websites with sexual content to verify the ages of all visitors, a ruling that advocates warn could seriously affect internet privacy. This decision permits states to enforce age verification methods that might include uploading government IDs rather than just self-declarations of age. Eighteen states have already passed similar laws, raising concerns among internet privacy advocates about possible breaches of personal data. According to Aaron Mackey, the Free Speech and Transparency Litigation Director at the Electronic Frontier Foundation, these regulations place heavy burdens on adults seeking lawful access to content, thus risking their anonymity and data security.
Why do we care?
Both developments are signals of a shifting internet regulatory landscape where data governance and privacy are no longer optional—they’re core business risks.
For IT service providers, this creates a strategic opening to offer compliance-as-a-service bundles:
- Data governance consulting (CC Signals, AI ethics, dataset licensing).
- Privacy and security frameworks for client websites facing age verification laws.
- Secure ID verification integrations with strong encryption and minimal data retention.
The providers who thrive will be those who stop seeing these as one-off projects and instead build recurring services around data privacy, governance, and compliance readiness.
This is a clear path for IT service firms to evolve—not just keeping clients’ tech running, but actively keeping them out of regulatory trouble.

