The bipartisan Internet of Things (“IoT”) Cybersecurity Improvement Act of 2020 (S. 734, H.R. 1668) has passed the House and the Senate and is headed to the President’s desk for signature. The bill was sponsored in the House by Representatives Hurd (R-TX) and Kelly (D-IL), and in the Senate by Senators Warner (D-VA) and Gardner (R-CO).  President Trump is expected to sign the measure into law.

Continue Reading IoT Update: Congress Passes IoT Cybersecurity Improvement Act of 2020

In this edition of our regular roundup on legislative initiatives related to artificial intelligence (AI), cybersecurity, the Internet of Things (IoT), and connected and autonomous vehicles (CAVs), we focus on key developments in the European Union (EU).

Continue Reading AI, IoT, and CAV Legislative Update: EU Spotlight (Third Quarter 2020)

On June 24, 2020, the United Nations Economic Commission for Europe (“UNECE”)* adopted two regulations that will have a significant impact on manufacturers of connected and autonomous vehicles (“CAVs”). These regulations impose obligations relating to cybersecurity and software updates for passenger cars, vans, trucks, and buses, while the cybersecurity regulations also reach light four-wheeler vehicles if equipped with automated driving functionalities from level 3 (conditional automation) onward. The regulations will enter into force in January 2021.

The European Union, South Korea, and Japan are expected to take steps to adopt these UNECE regulations in their respective national laws in the next couple of years. Given the widespread use of UN Regulations in the automotive sector globally, we anticipate that other countries will also adopt these regulations. Once implemented, any manufacturer that sells vehicles in the implementing countries must comply with the regulatory requirements, including by ensuring that its supply chain would not prevent compliance. As a result, the effects of the regulations are likely to flow down to vehicle manufacturers even in countries that do not adopt them, such as the United States.
Continue Reading IoT Update: UN Takes the Driver’s Seat for International Regulations on Connected and Autonomous Vehicles Cybersecurity and Software Updates

Senators Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.) and Marsha Blackburn (R-Tenn.) have introduced the Lawful Access to Encrypted Data Act, a bill that would require tech companies to assist law enforcement in executing search warrants that seek encrypted data.  The bill would apply to law enforcement efforts to obtain data at rest as well as data in motion.  It would also apply to both criminal and national security legal process.  This proposal comes in the wake of the Senate Judiciary Committee’s December 2019 hearing on encryption and lawful access to data.  According to its sponsors, the purpose of the bill is to “end[] the use of ‘warrant-proof’ encrypted technology . . . to conceal illicit behavior.”
Continue Reading Lawful Access to Encrypted Data Act Introduced

Reflecting the heightened interest in 5G and related cybersecurity concerns, the National Telecommunications and Information Administration (NTIA) has requested public comment on the implementation of its National Strategy to Secure 5G. Stakeholders with interests in telecommunications infrastructure and security—and any parties interested in 5G generally—currently have the opportunity to provide input on the plan that will carry out the Administration’s 5G strategy.

From now until June 18, 2020, the NTIA will accept public comments as part of its efforts to develop a rollout for its National Strategy to Secure 5G. This implementation plan is being developed per the Secure 5G and Beyond Act of 2020, which President Trump signed into law on March 23. The NTIA published its National Strategy the same day.
Continue Reading IoT Update: Administration Seeks Public Input on Rollout of 5G Strategy

On April 6, 2020, Tapplock, Inc., a Canadian maker of internet-connected smart locks, entered into a settlement with the Federal Trade Commission (“FTC”) to resolve allegations that the company deceived consumers by falsely claiming that it had implemented reasonable steps to secure user data and that its locks were “unbreakable.”  The FTC alleged that these representations amounted to deceptive conduct under Section 5 of the FTC Act.  In its press release accompanying the settlement, the FTC provided guidance for IoT companies regarding the design and implementation of privacy and security measures for “smart” devices, as discussed further below in this post.

Continue Reading IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT Companies

On 19 February 2020, the European Commission presented its long-awaited strategies for data and AI.  These follow Commission President Ursula von der Leyen’s commitment upon taking office to put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within the new Commission’s first 100 days.  Although the papers published this week do not set out a comprehensive EU legal framework for AI, they do give a clear indication of the Commission’s key priorities and anticipated next steps.

The Commission strategies are set out in four separate papers—two on AI, and one each on Europe’s digital future and the data economy.  Read together, it is clear that the Commission seeks to position the EU as a digital leader, both in terms of trustworthy AI and the wider data economy.

Continue Reading AI Update: European Commission Presents Strategies for Data and AI (Part 1 of 4)

U.S. federal policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the fourth quarter of 2019, including by introducing substantive bills that would regulate the use of such technology and by supporting bills aimed at further study of how such technology may impact different sectors. In our fourth AI & IoT Quarterly Legislative Update, we detail the notable legislative events from this quarter on AI, IoT, cybersecurity as it relates to AI and IoT, and connected and autonomous vehicles (“CAVs”).
Continue Reading U.S. AI and IoT Quarterly Legislative Update: Fourth Quarter 2019

Federal policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the third quarter of 2019, including by introducing substantive bills that would regulate the use of such technology and by supporting bills aimed at further study of how such technology may impact different sectors. In our third AI & IoT Quarterly Legislative Update, we detail the notable legislative events from this quarter on AI, IoT, cybersecurity as it relates to AI and IoT, and connected and autonomous vehicles (“CAVs”).

Continue Reading AI and IoT Legislative Developments: Third Quarter 2019

Earlier this month, Covington’s Brussels, Frankfurt and London offices hosted a webinar on EU regulatory developments impacting connected and automated vehicles (CAVs). The seminar attracted participants from across the globe, predominantly from tech and automotive industries. This post features an overview of the introduction, and sections on data access and competition, data protection and cybersecurity. Part 2 will focus on other important CAV areas in the EU.
Continue Reading AI/IoT Update: Connected and Automated Vehicles Webinar Series: EU Key Developments PART 1