In 2026, several new technology laws will come into effect across various states in the U.S., addressing issues from artificial intelligence to consumer rights. Notably, California’s new regulations mandate transparency from AI companies regarding safety and security, while Colorado has implemented comprehensive right-to-repair laws and cryptocurrency ATM protections. Additionally, states like Indiana and Kentucky have introduced data privacy laws, although they have received criticism for lack of effectiveness. The new regulations reflect a growing trend among state legislatures to fill gaps left by federal inaction, with significant implications for consumer rights and technology governance.
The Federal Communications Commission has finalized new financial penalties for telecommunications companies that submit false or late information to the Robocall Mitigation Database. Starting February 5, 2026, companies can face fines of up to $10,000 for inaccurate submissions and $1,000 for failing to update their information within ten business days. These regulations were prompted by past incidents, including a case where a political consultant used a voice-cloning tool to impersonate President Joe Biden in robocalls, highlighting the need for stricter accountability. The new rules aim to enhance the accuracy of caller information to combat illegal robocalls and improve overall telecommunications integrity.
New York Governor Kathy Hochul has signed legislation establishing state rules for the safe development of advanced artificial intelligence models. This new law, known as the Responsible Artificial Intelligence Safety and Education Act, aims to enhance safety and transparency in AI technologies while responding to lobbying from major tech companies that sought to weaken its provisions. The act is notable as it is the first state-level AI regulation enacted since a recent executive order by President Donald Trump aimed at limiting state control over the artificial intelligence industry. Both California and New York are taking proactive steps to set standards for AI safety, with New York’s law requiring companies to report critical safety incidents more rapidly than California’s regulations. This legislative move reflects a growing recognition of the need for regulatory frameworks in the rapidly evolving AI landscape, as nearly 40 states have introduced related legislation this year, according to the National Conference of State Legislatures.
The National Institute of Standards and Technology is calling on the public to provide insights on securing artificial intelligence agents from cyber threats. This initiative comes in response to growing concerns about the vulnerabilities of AI systems, which have been rapidly adopted by companies without adequate security measures, increasing risks to computer networks and critical infrastructure. NIST’s Center for AI Standards and Innovation is seeking case studies and best practices over the next 60 days to help develop guidelines for the secure development and deployment of AI systems. The agency emphasizes that unchecked security risks could jeopardize public safety and consumer trust, potentially hindering the adoption of innovative AI technologies. Stakeholders are encouraged to address specific questions regarding the unique risks associated with AI agents and the effectiveness of current security controls.
The Pennsylvania Supreme Court has ruled that police do not need a warrant to access Google search histories when investigating crimes. The court stated that internet users have no reasonable expectation of privacy regarding their searches, as companies like Google collect and share user data. This ruling could encourage more law enforcement agencies to conduct warrantless searches of online activity, according to Andrew Ferguson, a law professor at George Washington University. He emphasized that such access creates a “chilling environment” for individuals who seek privacy in their online inquiries, warning that it allows police to effectively explore the thoughts and questions of users without their consent.
Google and Character.AI have reached a settlement regarding a lawsuit linked to the tragic death of a 14-year-old boy from Florida, who took his own life after developing a relationship with an artificial intelligence chatbot. The lawsuit, initiated by Megan L. Garcia, the boy’s mother, claimed that the chatbot’s harmful interactions contributed to the tragedy. This case is part of a broader scrutiny surrounding AI chatbots and their potential risks to children. Character.AI, which allows users to create and interact with AI characters, has faced scrutiny before.
Why do we care?
This is the point where “policy” stops being abstract and starts costing real money.
Look at what’s actually happening. States are setting AI safety expectations without agreeing on definitions. The FCC is fining companies for bad data hygiene, not bad behavior. Courts are saying your search history isn’t really yours. And in the background, AI systems are becoming more autonomous, more persuasive, and more embedded.
Now imagine an MSP rolling out AI tools because “the vendor said it was compliant.” A client relies on an AI-generated recommendation. Something goes sideways. The vendor points to disclaimers. The law points to outcomes. And suddenly the MSP is explaining why no one thought governance was necessary.
The most dangerous behavior right now is passive enablement—turning on AI features, connecting data sources, and assuming regulation will sort it out later. That’s how you end up with client loss, liability exposure, or reputational damage you can’t undo.
The rules are being written through enforcement and precedent, not press releases. The only safe position is to assume accountability follows influence. If AI influences decisions in your client’s environment, you need to decide—explicitly—who owns that risk before someone else decides it for you.