The widespread and increasing use of artificial intelligence (“AI”) in advertising and media—particularly to generate realistic human likenesses—has prompted New York to enact two new laws that carry meaningful compliance obligations and potential monetary penalties for advertisers and content producers. Signed on December 11, 2025, the laws will impose (i) mandatory disclosure requirements for AI-generated “synthetic performers” in commercial advertisements,…

As boards and executives look for guidance on how best to adopt AI, comparisons to previous innovations are often used. But catchphrases like “AI is the new fire” or “it’s the new electricity” are not very helpful for people who have to make decisions about AI adoption. None of us were around to experience the impact of the steam engine,…

On December 9, 2025, FINRA released its 2026 FINRA Annual Regulatory Oversight Report (the “2026 Report”). The 2026 Report contains a standalone section on Generative AI (“GenAI”) that substantially expands upon the topic from last year’s publication. In particular, the 2026 Report builds on FINRA’s prior AI guidance by reminding firms of their continuing regulatory obligations with respect to GenAI,…

As we approach the end of the year, here are the top 5 privacy posts on the Debevoise Data Blog in 2025. Takeaways for Large Firms from the SEC’s Reg S-P Webinar (September 28, 2025) On September 25, 2025, the SEC held a webinar on Regulation S-P, which governs how covered institutions protect customer information. In this post, we highlight…

As we approach the end of the year, here are the Top 5 Cybersecurity posts on the Debevoise Data Blog in 2025. 1.  Protecting Privilege in Incident Response: Litigation Lessons (September 15, 2025) Companies responding to data breaches are faced with the question of whether their incident response investigation can be protected by attorney‑client privilege or the work‑product doctrine.  This…