May 29, 2026
Connecticut, United States
The Connecticut Artificial Intelligence Responsibility and Transparency Act (SB 5) has been signed. This legislation marks Connecticut as the seventh U.S. state to enact an AI-specific legal framework, joining California, Colorado, New York, Washington, Oregon, and Idaho.
The law regulates automated employment tools used for hiring, promotion, discipline, or termination, alongside establishing safety mandates and human-disclosure alerts for consumer "AI companions." This includes targeted online safety obligations for social media platforms and extra protections for minors. It also establishes requirements surrounding provenance data to ensure transparency in generative AI content, alongside employee whistleblower protections for frontier AI developers and plans for a state-run regulatory sandbox.
Private companies utilizing automated workforce tools must adapt to a staggered timeline, with the core disclosure framework taking effect on October 1, 2026, and stricter pre-decision notice obligations following on October 1, 2027. Under this law, organizations utilizing automated workforce tools must provide applicants and workers with explicit, plain-language written notifications explaining the tool's purpose and data sources. Organizations must now explicitly report any AI-driven layoffs to the state Department of Labor, while a trade-secret safe harbor remains available to protect proprietary assets during formal compliance disclosures.
May 21, 2026
California, United States
Governor Gavin Newsom signed an Executive Order directing state agencies to assess and prepare for the economic and workforce impacts of artificial intelligence. The order focuses on ensuring economic resilience and promoting a responsible transition as AI technologies increasingly integrate into the California labor market.
The directive instructs state departments to evaluate the potential for job displacement, develop support strategies for affected workers, and identify opportunities for upskilling and retraining. Additionally, the order emphasizes the need for equitable outcomes, requiring agencies to mitigate any disproportionate impacts AI adoption may have on vulnerable or underserved communities.
This executive action signals a proactive state-led shift from general AI observation to active economic management, indicating that private entities and state contractors may eventually face new reporting requirements or labor-standards compliance tied to their AI deployments.
May 18, 2026
Vermont, United States
Governor Phil Scott signed House Bill 814 into law, making Vermont one of the first states to establish formal protections for neurological rights and strictly regulate the use of artificial intelligence in healthcare. Scheduled to take effect on July 1, 2026, the law establishes comprehensive privacy standards for "neural data" and requires explicit written consent for its collection, use, or disclosure.
In addition to these data protections, the bill prohibits health insurers from using AI to deny, delay, or modify coverage and mandates that AI cannot replace the professional judgment of human clinicians in providing patient care.
This legislation marks a new frontier in privacy law by extending legal protections to biological and cognitive data, signaling to private entities and healthcare providers that neural information will be treated with the same high level of sensitivity as genetic or biometric data.
May 14, 2026
Colorado, United States
Colorado’s Senate Bill 189 on Automated Decision-Making Technology (ADMT), effectively repealing and replacing the state's landmark Colorado Artificial Intelligence Act (SB 205), was signed into law.
Under the new statute, developers are required to provide technical documentation and notify deployers of updates, while deployers must notify consumers and provide explanations for adverse outcomes. Furthermore, consumers can request corrections to factual data and meaningful human review of consequential decisions. This legislation is set to take effect on January 1, 2027.
This new legal framework replaces previous risk-management requirements and annual assessments with a more streamlined, transparency-focused regulatory model.
May 15, 2026
United Kingdom
The UK’s National Cyber Security Centre (NCSC) has published new guidance on the adoption of agentic AI systems, autonomous tools capable of making decisions and taking actions across external systems. This guide explains that agentic AI systems can access data sources, remember context, make decisions, use tools, and take actions in pursuit of a goal. These systems introduce unique risks, such as unpredictable behavior, high-speed actions that bypass human review, and a lack of explainability.
To mitigate these, the NCSC recommends an incremental deployment through tightly bound pilots and a "security by design" approach using clearly defined tasks and building confidence in the system before expanding the scope. Organizations should only grant agents only the minimum access they need, for the shortest time required, constraining what an agent can access, what actions it can take, and when it can take them, and managing supply chain risk for third-party components, models, tools, and integrations.
May 14, 2026
United Kingdom
The Information Commissioner's Office (ICO) published guidance on steps organizations can take to protect themselves from AI-based cyber threats. The guide explains that cyber criminals are increasingly using AI to carry out attacks that are faster, more sophisticated, and harder to detect. Some of the key threats identified include AI-enhanced phishing, deepfake social engineering, and adaptive malware, alongside risks like data poisoning in AI models.
To bolster resilience, the ICO recommends a multi-layered approach: enforcing multi-factor authentication, implementing strong password policies, applying the principle of least privilege, and conducting rigorous supply chain due diligence. Beyond technical patching and automated monitoring, the guidance emphasizes the importance of data minimization, data audits, the necessity of human oversight in decision-making and specialized staff training to help teams recognize and mitigate sophisticated AI-enabled threats.
May 12, 2026
Germany's Federal Office for Information Security (BSI) announced that the cybersecurity authorities of the G7 countries and the EU Commission published a guideline entitled 'Software Bill of Materials (SBOM) for Artificial Intelligence - Minimum Elements. This guideline contains recommendations for minimum requirements for an SBOM for AI and outlines seven overarching information categories, each containing multiple elements backed by illustrative examples for practical use.
To enhance transparency and security, the guideline focuses on tracking AI systems’ components and dependencies to manage vulnerabilities and licensing risks. An effective AI SBOM must be machine-readable for automated processing and use structured data formats to ensure transparency across the supply chain. Crucially, these documents must capture both static and dynamic aspects of the AI lifecycle, including the specific datasets used for training, testing, and validation.
By empowering stakeholders with this data, the framework aims to bolster cyber resilience and informed decision-making throughout the AI ecosystem.
May 8, 2026
The European Commission has published draft guidelines clarifying the transparency obligations under Article 50 of the EU AI Act, with a public consultation open until June 3, 2026.
The guidelines provide practical direction on requirements that will apply from August 2, 2026, covering AI systems that interact with individuals, generate synthetic content, perform emotion recognition or biometric categorization, and create deepfakes or certain AI-generated public-interest content. The guidance emphasizes that users must be clearly informed when interacting with AI systems and that AI-generated or manipulated content must be appropriately identified and labeled. The publication offers early insight into regulatory expectations and signals the EU’s continued focus on transparency as a cornerstone of AI governance.
Organizations developing or deploying covered AI systems should assess whether existing disclosure and content-labeling practices align with the upcoming requirements.
May 27, 2026
Australia
Australia’s Cyber Security Centre has published new guidance outlining how organizations can use AI to strengthen cyber defence while managing the risks associated with AI adoption.
The guidance highlights AI use cases across the full cybersecurity lifecycle, including threat detection, vulnerability management, incident response, recovery planning, and security operations. It also emphasizes that AI should augment, rather than replace, human decision-making and calls for strong governance, oversight, testing, supply chain risk management, and secure-by-design practices. Notably, the guidance addresses the growing use of agentic AI in cybersecurity and warns that poorly governed AI systems can introduce new attack surfaces and operational risks.
The publication reflects increasing government focus on responsible AI adoption in cybersecurity and provides organizations with a practical framework for balancing innovation with security and resilience.
May 19, 2026
China
China's National Cybersecurity Standardization Technical Committee (TC260) has issued new Ethics-Safety Guidelines for Artificial Intelligence Applications, establishing a comprehensive framework for the responsible development and deployment of AI systems.
The guidelines outline nine core principles, including fairness, transparency, privacy protection, controllability, risk management, and human welfare. Organizations are expected to embed ethical safeguards throughout the AI lifecycle, implement traceability and incident response mechanisms, minimize the processing of sensitive data, and provide clear disclosures regarding data collection practices. The framework also emphasizes that AI should serve a supporting role in decision-making, with meaningful opportunities for human oversight and intervention.
The guidance reflects China's continued focus on integrating ethical governance, safety controls, and accountability requirements into AI development and deployment practices.
May 14, 2026
Vietnam
Vietnam has issued Decree No. 142/2026/ND-CP, providing detailed implementation measures under its AI Law and establishing a risk-based framework for the classification and conformity assessment of AI systems.
The Decree requires providers to classify AI systems before deployment and reassess risk levels when systems are modified, integrated, or repurposed. High-risk AI systems will be subject to conformity assessments based on factors such as potential impact, deployment sector, level of automation, human oversight, and scale of use. The framework also introduces a national AI database and a centralized AI information portal to support oversight and coordination.
The development aligns Vietnam with the growing global trend toward risk-based AI regulation and signals increased regulatory expectations around AI governance, accountability, and lifecycle risk management.
May 12, 2026
China
China has officially launched a new series of national standards on AI Terminal Intelligence Classification (GB/Z 177-2026) to establish a standardized framework for assessing the intelligence capabilities of AI-enabled devices.
The standards introduce a four-tier classification system ranging from L1 (Response Level) to L4 (Collaborative Level) and provide evaluation criteria, testing methodologies, and baseline requirements for AI-powered products. The framework adopts a “2+N” structure, consisting of foundational standards and product-specific requirements covering categories such as smartphones, computers, televisions, smart glasses, vehicle cockpits, speakers, and headphones. The initiative forms part of China’s broader “AI+” strategy and is intended to support product innovation, consumer transparency, and the development of a unified AI device ecosystem.
The move signals increasing regulatory attention toward the standardization and governance of consumer-facing AI technologies.
May 10, 2026
China
China’s Ministry of Industry and Information Technology (MIIT) has launched a pilot program to implement and operationalize the country’s AI ethics review framework.
The initiative will be rolled out initially in provinces hosting National AI Innovation and Application Pilot Zones and is designed to support the practical implementation of China's Measures for AI Ethics Review and Services (Trial). The program aims to establish provincial AI ethics review mechanisms, ethics committees, and dedicated ethics review and service centers, while developing technical standards based on real-world review practices. China also plans to create a national AI ethics risk monitoring network and introduce ongoing ethics training and risk monitoring activities.
The initiative reflects China's growing focus on embedding ethical oversight, risk monitoring, and governance structures into the AI lifecycle as the adoption of advanced AI technologies accelerates.
May 7, 2026
Japan
Japan’s Digital Agency and Belgium’s Federal Public Service for Policy and Support (BOSA) have signed a Memorandum of Cooperation (MoC) to strengthen collaboration on digital transformation and emerging technologies.
The agreement covers a range of areas, including digital identity and digital wallets, cross-border interoperability, trusted data sharing, government cloud initiatives, digital procurement, and the use of artificial intelligence in the public sector. The partnership also provides for the exchange of best practices, joint research initiatives, expert collaboration, and cooperation under the broader EU-Japan Digital Partnership framework.
The development highlights growing international efforts to advance digital government capabilities and establish common approaches to emerging technologies, including AI, data governance, and cross-border digital infrastructure.
May 4, 2026
UAE
The UAE Cyber Security Council, in collaboration with Cisco and Open Innovation AI, has launched the National AI Test and Validation Lab, a first-of-its-kind facility designed to test, validate, and certify AI models, agents, and applications for security, safety, and trustworthiness.
Operating under the governance of the UAE Cyber Security Council, the lab will assess AI systems against national requirements and international frameworks, including ISO 42001, NIST AI RMF, MITRE ATLAS, and OWASP AI security standards. Evaluations will cover areas such as model security, adversarial resilience, data protection, supply-chain integrity, agent autonomy, and regulatory compliance. AI systems that successfully complete the assessment process will receive a national certification mark.
The initiative reflects the UAE’s growing focus on establishing robust AI assurance mechanisms and positioning itself as a leader in the secure and responsible deployment of AI technologies.
May 1, 2026
Australia, United States, Canada, New Zealand, United Kingdom
The cybersecurity agencies of Australia, the United States, Canada, New Zealand, and the United Kingdom have jointly issued guidance on the secure adoption of agentic AI systems, highlighting the unique security risks associated with autonomous AI agents.
The guidance warns that agentic AI expands organizational attack surfaces through increased autonomy, interconnected systems, tool integrations, and privileged access to data and critical infrastructure. It identifies key risks including privilege escalation, identity spoofing, prompt injection, insecure third-party components, rogue agents, data leakage, accountability gaps, and cascading system failures. The agencies recommend a security-by-design approach incorporating strong identity management, least-privilege access controls, human oversight, continuous monitoring, rigorous testing, threat modeling, and governance mechanisms.
The publication reflects growing international concern over the cybersecurity implications of agentic AI and signals increasing expectations for organizations to adopt robust security controls before deploying autonomous AI systems at scale.
May 1, 2026
Australia
Australia’s Prudential Regulation Authority (APRA) has issued a letter to regulated entities outlining supervisory expectations for the adoption and governance of AI.
Following a review of major banks, insurers, and superannuation trustees, APRA identified significant gaps in AI governance, security, operational resilience, supplier oversight, and assurance practices. The regulator emphasized that AI-related risks, including cyber threats, model unpredictability, agentic AI risks, third-party dependencies, and concentration risk must be managed within existing prudential frameworks. APRA expects entities to maintain AI inventories, establish clear accountability across the AI lifecycle, strengthen board-level AI literacy, implement continuous monitoring and testing, and ensure meaningful human oversight for high-risk decisions.
The letter signals increased regulatory scrutiny of AI adoption in the financial sector and reinforces expectations that organizations treat AI as a material operational and prudential risk requiring robust governance and risk management controls.
Date: May 1, 2026 I Country: South Korea
May 1, 2026
South Korea
South Korea’s Personal Information Protection Commission (PIPC) has released updated Personal Information Processing Policy Guidelines to address the growing use of generative AI and on-device processing technologies.
The revised guidance requires organizations to provide prior or immediate notice of policy changes that may materially affect individuals’ privacy rights. It also introduces AI-specific recommendations requiring providers of generative AI services to clearly explain how user inputs are processed and utilized, provide safety guidance to users, and offer accessible opt-out mechanisms for individuals who do not want their data used for AI model training.
The update reflects increasing regulatory focus on transparency and user control in AI-powered services and signals growing expectations for organizations to clearly communicate AI-related data processing practices.
At Securiti, our mission is to enable organizations to safely harness the incredible power of Data & AI.
Copyright © 2026 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, LLC.
3155 Olsen Drive
Suite 325
San Jose, CA 95117
Type
