New US Obligations for New Technology: Cybersecurity and Data Privacy Predictions for the Remainder of 2025

As rapid technological advances create new challenges to security and privacy interests, US companies and other entities that obtain, use, or disclose consumer, employee, or government data face an ever-growing web of legal and regulatory obligations. The complexity will only compound as new artificial intelligence laws and regulations interact with existing requirements for the capture, storage, and transfer of data.

We anticipate that the remainder of 2025 will bring significant developments in four crucial domains: (1) state artificial intelligence laws, (2) updated state data privacy laws, including new comprehensive statutes, (3) increased federal enforcement of cybersecurity reporting regulations and compliance with cybersecurity standards included in federal contracts, and (4) stricter international data privacy laws, including new private rights of action and data transfer protocols. Companies should review their policies and procedures to ensure they remain in compliance with the developments outlined below.

Read our team’s analysis of the evolving regulations and compliance requirements for companies.

This white paper is a summary for general information and discussion only and may be considered an advertisement for certain purposes. It is not a full analysis of the matters presented, may not be relied upon as legal advice, and does not purport to represent the views of our clients or the Firm. The views expressed in this white paper are the views of the authors except as otherwise noted.

© 2025 O’Melveny & Myers LLP. All Rights Reserved. Portions of this communication may contain attorney advertising. Prior results do not guarantee a similar outcome. Please direct all inquiries regarding New York’s Rules of Professional Conduct to O’Melveny & Myers LLP, 1301 Avenue of the Americas, Suite 1700, New York, NY, 10019, T: +1 212 326 2000.