Bass, Berry & Sims attorney Alex Davenport helped outline how businesses subject to the California Consumer Privacy Act (CCPA) should be aware of plans to update the scope of the proposed cybersecurity audit, risk assessment, and automated decision-making technology (ADMT) regulations, and how businesses should prepare for these regulations. The content was included in the Practical Law The Journal’s GC Agenda for May 2025 – a roundup of major horizon issues for general counsel.
Alex pointed out that there are plans to narrow the scope of the proposed ADMT, cybersecurity, and risk assessment regulations, but no timeframe has yet been decided to finalize these regulations. Companies, especially those that use artificial intelligence (AI) or ADMT, should continue to monitor how these regulations may evolve in future drafts and assess whether any changes should be made to their compliance obligations.
In addition to these data privacy and cybersecurity details from Alex and others, the May 2025 GC Agenda also included updates related to antitrust, arbitration, finance, commercial transactions, capital markets and corporate governance, and more. The full content can be found here.