AI Compliance Impact Map — Week of June 5–12, 2026

AI Compliance Impact Map — Week of June 5–12, 2026

This week: White House trades AI preemption for kids' safety legislation; Great American AI Act dead on arrival; NSPM-11 creates federal contract termination risk for AI companies restricting government use; New York's AI ad transparency law took effect June 9; Illinois SB 315 14 days into governor window; FL AI citation rule effective June 15; courts reject Section 230 for chatbots; Munich court holds Google liable for AI hallucinations; EU high-risk guidelines consultation extended to July 23. Upcoming deadlines through January 2027, with 37 inline citations.

Global AI Regulation & Compliance Map
Global AI Regulation & Compliance Map@NeoDrop Official
2026/6/12 · 16:54
1 订阅 · 5 内容
This week's immediate action items:
  1. EFFECTIVE June 15 — Florida Supreme Court AI citation rule: all court filing signatories must certify legal citations exist and are accurate. Three days from publication.
  2. EFFECTIVE June 9 — New York Synthetic Performer Disclosure Law: all advertisements containing AI-generated human performers require conspicuous disclosure. Already in force.
  3. PENDING SIGNATURE (~July 28–30) — Illinois SB 315 (AISM Act): nation's first mandatory independent audit requirement for frontier AI developers (revenue > $500M). Gov. Pritzker has publicly pledged to sign; 60-day clock running.
  4. EFFECTIVE July 1 — 19 days — China State Council Decree 837 (Outbound Investment Regulations): cross-border data transfer and model training operations require Article 13 gap assessment.
  5. EFFECTIVE July 15 — 33 days — China CAC No. 21 (AI Anthropomorphic Interaction Service Management): no implementation guidance published; CAC has historically enforced on the effective date.
  6. DEADLINE July 23 — EU high-risk AI classification guidelines consultation: extended from June 23. Providers must submit feedback to shape final definitions.

US federal: legislation stalls, directives proceed

White House trades AI preemption for kids' safety legislation

On June 9, White House officials — including OSTP Director Michael Kratsios, NEC Deputy Director Ryan Baasch, and representatives from Chief of Staff Susie Wiles's and First Lady Melania Trump's offices — held closed-door meetings with four children's safety advocacy groups (American Principles Project, NCOSE, RAINN, and the Ethics and Public Policy Center) to pitch a legislative package pairing federal AI preemption of state laws with children's online safety bills. 1 The same day, the White House met separately with Apple, Meta, Google, and xAI to gauge industry interest. 1
The proposed package centers on Sen. Marsha Blackburn's Kids Online Safety Act (KOSA), Sen. Mike Lee's App Store Accountability Act, and potential inclusion of the GUARD Act (AI chatbot regulation targeting children) and the NO FAKES Act (AI replica and deepfake protections). Blackburn's spokesperson Audrey Cook confirmed the senator is "spearheading the negotiation with the White House to finalize legislative text of an AI preemption package that includes protections for kids, creators, and communities." 1 A White House official described the June 9 sessions as "pre-decisional" — "Nothing was agreed to. The White House does not have a position on the proposals discussed."
Jon Schweppe of the American Principles Project framed the White House's intent bluntly: "The White House wants to get a deal done, and obviously preemption is an important priority for them that they've had since day one." 1
Rep. Lori Trahan (D-MA), co-sponsor of the competing Obernolte-Trahan AI bill, signaled the Senate-led approach has limited House Democratic support: "Everything I've heard so far about Senator Blackburn being charged with putting it together has sounded partisan to me, and I just don't think that has a chance of passing." 1
Compliance impact: If the preemption package advances, it would collapse the current state-law patchwork into a single federal framework — resolving the multi-jurisdiction compliance burden for multinationals but creating new federal obligations around children's data, age verification, AI chatbot conduct, and deepfake protections. Companies with active state-level compliance programs (Colorado, New York, Illinois) should monitor Blackburn's legislative text closely for scope definitions.

Great American AI Act discussion draft rejected on both sides of the aisle

Reps. Jay Obernolte (R-CA) and Lori Trahan (D-MA) released a 269-page "Great American AI Act" discussion draft on June 4 — the most comprehensive bipartisan federal AI framework proposed to date. 2 Its core compliance-relevant provisions include Title I (transparency and risk management requirements for "large frontier developers" with annual revenue above $500M), and Section 121 (a three-year preemption of state and local AI model development laws).
The reception was immediate and bipartisan in its rejection. The House Democratic Caucus Commission on AI (co-chaired by Reps. Gottheimer, Foushee, and Lieu) stated the draft "does not meet the enormity of the moment" and "cannot serve as the basis for productive dialogue." 2 House Majority Leader Steve Scalise said he supports broader federal preemption but opposes "some big regulatory structure at the federal level trying to control algorithms of private companies." 2 OpenAI, Anthropic, Google, and Microsoft were all "notably silent." Akin Gump's June 11 analysis concludes that substantive federal AI legislation in 2026 is effectively foreclosed. 3
Compliance impact: Companies with operations in states with enacted AI laws (Colorado, Illinois, New York, Connecticut) should not rely on federal preemption materializing this cycle. The discussion draft's $500M revenue threshold for "large frontier developers" is likely to reappear in future legislation and warrants monitoring as a compliance trigger.
正在加载内容卡片…

NSPM-11 analysis: contract termination risk for AI companies restricting government use

Breaking Defense's June 8 analysis of NSPM-11 (signed June 5) confirms the memorandum was directly shaped by the Trump administration's ongoing dispute with Anthropic. 4 The memo orders "termination for default or for convenience" of contracts with any AI company that restricts how the government uses its AI systems. Lt. Gen. Jack Shanahan (ret.), founder of Project Maven and the Pentagon's Joint AI Center, stated: "There's absolutely no question whatsoever, this comes from the Anthropic dispute. There's no other interpretation." 4
NSPM-11 additionally requires Defense Secretary Pete Hegseth to update DoDD 3000.09 (Autonomy in Weapons Systems) within 90 days (~September 3, 2026). Shanahan cautioned that "speed without proper test and evaluation is a catastrophe waiting to happen." 4 GWU federal procurement expert Jessica Tillipman characterized the memo as responding to "an ongoing challenge within the government, which is dependency on single suppliers." 4
Compliance impact: AI companies with federal contracts must treat "no military use" clauses as incompatible with NSPM-11 requirements for government contractors. Terms of service that restrict government use of AI systems create contract termination exposure. The DoDD 3000.09 update (due September 2026) will introduce new testing and human-control requirements for autonomous weapons systems; vendors in that supply chain should track Federal Register publications for the draft.

Trump AI EO: CISA Binding Operational Directives due July 2

Akin Gump's June 11 analysis of the June 2 Trump AI executive order ("Promoting Advanced Artificial Intelligence Innovation and Security") details the approaching implementation deadlines. 3 Key dates:
  • July 2, 2026 (30 days from signing): CISA must issue Binding Operational Directives hardening civilian federal cybersecurity and AI-enabled defensive capabilities; Treasury/NSA/CISA/ONCD must establish an AI cybersecurity clearinghouse; CNSS and DoD must prioritize cyber defense for national security and defense systems.
  • August 1, 2026 (60 days): Treasury/NSA/CISA/NIST must establish a classified benchmarking process for advanced AI cyber capabilities; OPM must expand cybersecurity specialist hiring pathways; voluntary frontier model pre-release engagement framework must be operational.
The final EO shortens the voluntary government pre-release review window from the draft's 90 days to 30 days, and explicitly prohibits mandatory licensing, preclearance, or permitting requirements. Akin Gump notes that the CISA Binding Operational Directives "are mandatory, deadline-driven requirements for civilian agencies, not advisory guidance," and "may significantly impact future contractor solicitations." 3
Compliance impact: Companies supporting federal agencies should prepare for CISA BODs by early July that may introduce new technical baselines and procurement requirements. Frontier AI developers should establish internal processes for the voluntary 30-day pre-release framework by August 1. No new White House AI-related executive orders or presidential memoranda were issued between June 3 and June 12. 5

NIST publishes mathematical proof: no finite AI guardrails can guarantee security

NIST senior scientist Apostol Vassilev published a peer-reviewed mathematical proof on June 9 in IEEE Security & Privacy (DOI: 10.1109/MSEC.2026.3678214), extending Gödel's incompleteness theorems to AI security. 6 The proof establishes that no finite set of AI guardrails can universally block all adversarial prompts: "You can never make a claim that you are robust against all adversarial prompt attacks. There will always be some prompt that can potentially evade and defeat any defensive infrastructure that you have built around your AI system." 6
Vassilev recommends a three-part strategy: continuous red-team testing, continuous updates against newly discovered adversarial prompts, and operational resilience prioritizing impact limitation and rapid recovery — with the goal of reaching "a new economic equilibrium where you make it financially prohibitive for attackers to attempt to break your AI system." 6
Compliance impact: This proof directly validates the continuous-monitoring approach embedded in the Trump AI EO and NIST's AI Risk Management Framework. Regulators and standards bodies are increasingly likely to require evidence of ongoing red-teaming programs and adversarial testing cadences. Companies relying on point-in-time security assessments should begin documenting continuous testing processes.

US states: enforcement dates arriving, governor clocks ticking

New York: first-in-nation AI ad transparency law takes effect June 9

New York's A8887B (Synthetic Performer Disclosure Law), signed by Governor Kathy Hochul in December 2025, took effect June 9, 2026. 7 The law requires any advertisement in any medium (television, digital, social media, print) that includes an AI-generated "synthetic performer" — digitally created media that appears as a real person — to include a conspicuous disclosure. Hochul called it the "first-in-the-nation law" of its kind.
Assemblymember Linda B. Rosenthal framed the consumer protection rationale: "consumers have a right to know if the person featured in those ads is real or fake." 7 SAG-AFTRA endorsed the law as providing enforceable protections that "mitigate performance replacement, prevent consumer deception, and affirm the continued value of human performance." 7
Compliance impact: Any company running advertisements in New York containing AI-generated human performers must implement conspicuous disclosure labeling immediately — the obligation is already in force.

New York legislature adjourns: seven AI bills sent to Hochul, deadline December 31

The New York legislature adjourned sine die on June 5, passing seven AI-related bills now awaiting Governor Hochul's action. 8 Hochul has until December 31, 2026 to sign or veto each. Key bills:
BillSubjectVoteKey obligationPenaltyEffective date
S 9051 (Kids Chatbot Safety Act)Bans companion chatbot operators from offering products to minors without age verification; prohibits simulated companionship, emotional appeals, and engagement optimization overriding safety guardrails137-0 / 60-0Age verification; feature removal for minorsUp to $25,000 per violation (AG enforcement)January 1, 2027
A 6578 (AI Training Data Transparency Act)Requires generative AI developers to post high-level training dataset summaries54-6 (Senate)Public disclosure of training dataNot specifiedUpon enactment
S 6954 (AI Disclosure & Provenance Act)Requires provenance data on all synthetic content60-1 / 141-0Provenance data requirementsNot specified180 days after enactment
S 8451 (FAIR News Act)Requires conspicuous disclosure on news media content substantially created by generative AISenate passedAI-content labeling for news media$1,000 first offense; $5,000 subsequent (AG enforcement)Upon enactment
A 11560 (Responsible Data Center Development Act)One-year moratorium on permitting hyperscale data centers >20 MW peak load43-17 / 103-38Permitting freezeN/AUpon enactment
8
Compliance impact: Companies offering AI companion chatbots to users under 18 must begin age-verification and feature-engineering work immediately — S 9051's January 1, 2027 effective date is less than seven months out. Generative AI content platforms should begin engineering provenance-data capabilities ahead of S 6954's 180-day post-enactment clock.

Illinois SB 315 (AISM Act): 14 days into 60-day governor window, no signature yet

Illinois SB 315 (Artificial Intelligence Safety Measures Act) received final legislative approval on May 29, 2026 — Senate vote 52-5-0; House vote 110-0-0 — and awaits Governor JB Pritzker's signature. 9 10 The 60-day governor window runs approximately to July 28–30, 2026. Pritzker has publicly pledged to sign, stating the need to "hold Big Tech accountable." 10 As of June 12, the ilga.gov action history shows no "Sent to the Governor" or signature entry. 9
SB 315's compliance obligations if signed (effective January 1, 2027):
  • Scope: "Large frontier developers" — threshold expected at revenue above $500M, capturing OpenAI, Anthropic, and Google DeepMind
  • Annual third-party audits: Independent auditors with full access; annual reports and publication requirements
  • Pre-deployment transparency reports: Required before releasing new or substantially modified frontier models
  • 72-hour critical safety incident reporting to the Illinois Emergency Management Agency and Office of Homeland Security
  • Whistleblower protections: Prohibition on retaliation; mandatory internal reporting processes
  • Administration: Illinois Emergency Management Agency and Office of Homeland Security, in consultation with the Attorney General
  • No private right of action; civil penalties for violations
OpenAI's Chris Lehane stated the Illinois General Assembly "has shown real bipartisan leadership in advancing SB 315 and developing a thoughtful framework for frontier AI safety." 10 The Chamber of Progress's Adam Kovacevich opposed the bill, arguing it "would force companies to expose sensitive systems to untested auditors in a regulatory regime that's all liability and no standards." 10
Four additional Illinois AI bills also await Pritzker's action: SB 3114 (Transparency in Downcoding Act, effective January 1, 2028), SB 318, SB 343, and SB 2909. 11
Compliance impact: Frontier AI developers above the $500M revenue threshold should begin identifying qualified independent auditors and building the internal governance documentation required for an annual audit cycle now — the 60-day governor window represents the last pre-enactment window before the January 1, 2027 compliance clock starts.
正在加载内容卡片…

Florida: AI citation rule takes effect June 15; DeSantis attacks federal preemption

The Florida Supreme Court's amendment to Rule 2.515(d)(2) of the Florida Rules of General Practice and Judicial Administration takes effect June 15, 2026, at 12:01 AM (Case No. SC2026-0673). 12 Any person signing a court filing must certify that "the legal authorities identified exist and are accurately cited." Sanctions include reprimand, contempt, striking of the document, dismissal of proceedings, costs, and attorneys' fees. The rule supersedes all circuit-level administrative orders on AI disclosure, creating a uniform statewide standard. Comments are accepted through August 11, 2026. 12
The Florida Bar's Special Committee on AI Tools & Resources co-chair Gordon Glover endorsed the court's approach: "These amendments reinforce that generative AI is a tool, not a substitute for professional judgment." 13
Separately, Governor Ron DeSantis on June 11 publicly attacked the White House's AI preemption push: "Preempting states re: AI without enacting a sensible federal framework is just an amnesty for Big Tech. Combined with a potential de facto bailout of OpenAI, it represents bad policy and even worse politics." 14 DeSantis's AI "Bill of Rights" — which passed the Florida Senate 37-1 — was blocked by the Florida House, which aligned with the White House preference for a national framework. Florida House Speaker Daniel Perez, recently nominated by Trump as Ambassador to Brazil, sided against the state-level bill. 14
Compliance impact: Florida attorneys and any company whose AI tools are used in legal drafting or research in Florida must have human citation-verification workflows in place by June 15 — three days from publication. The Florida data center cost-shifting law (separately enacted) creates a new compliance obligation for AI infrastructure operators in the state.

Colorado SB 26-189: ADMT notice framework governs from January 1, 2027

Governor Jared Polis signed SB 26-189 on May 14, 2026, repealing and replacing the original Colorado AI Act (SB 24-205). 15 11 Effective January 1, 2027. The xAI v. Weiser preliminary injunction (issued April 27) remains in effect but is largely academic given the replacement legislation.
SB 26-189 replaces the original law's risk management and annual impact assessment requirements with a lighter automated decision-making technology (ADMT) disclosure framework:
  • Covered domains: Employment, education, residential real estate, financial services, healthcare, essential government services
  • Consumer notice: Deployers must provide clear notice before using ADMT to materially influence a consequential decision
  • Adverse action: Structured explanation required within 30 days; consumers have the right to request human review and correction of inaccurate data
  • Record retention: Three years
  • Enforcement: Colorado Attorney General as deceptive trade practices; no private right of action
  • Liability: Both developers and deployers may be liable under state anti-discrimination laws for consequential decisions materially influenced by covered ADMT
  • Exemptions: FDA-regulated devices (mostly), HIPAA-covered entities (mostly), creditors, FERPA institutions, state-regulated insurers
Compliance impact: Employers and other deployers using ADMT in covered domains should conduct a technology inventory, review vendor contracts for SB 26-189 compliance, and develop notice and adverse-action processes now. The Colorado AG must issue implementing rules by January 1, 2027.

Other state activity

Missouri SB 1019 (therapy chatbot ban): Passed both chambers May 15, transmitted to Governor Mike Kehoe on or around May 15. The 45-day post-adjournment governor deadline falls approximately June 29, 2026. Penalties: $10,000 first offense, $20,000 second and subsequent, AG enforcement. As of June 12, no public record of gubernatorial action. 11
Vermont: H 816 (therapy bot ban) and H 211 (data brokers/personal information) received final legislative approval May 29 and were sent to Governor Phil Scott. Legislature adjourned sine die May 29. No gubernatorial action recorded as of June 12. 11
Rhode Island S2195 (AI companion safety bill): Requires AI chatbot operators to implement safety features addressing suicidal ideation and physical or financial harm. Passed the Senate May 21; House Innovation Committee held hearing June 4. Rhode Island legislative session adjourns June 30. 11
California: Approximately 30 AI-related bills are under second-chamber committee review. Next legislative deadline: July 2, 2026 (summer adjournment). Legislature returns August 3; adjourns sine die August 31. Key active bills include AB 1988 (PAUSE Act — chatbot safety) and AB 2713 (amends California AI Transparency Act). No bills cleared both chambers this week. 11

EU: transparency tools land, governance infrastructure lags

EU publishes final AI-generated content transparency code of practice

The European Commission published the final Code of Practice on marking and labelling of AI-generated content on June 10, 2026. 16 The code is a voluntary compliance instrument structured in two sections: Section 1 (Providers) covers marking and detection rules for AI-generated and AI-modified content; Section 2 (Deployers) addresses labeling obligations for deepfakes and AI-generated or AI-modified text. 17
The signatory list will be published in July 2026. An information session is scheduled June 22. Organizations may sign by submitting the Signatory Form (DOCX) to [email protected]. 18 The code currently undergoes an adequacy assessment by the Commission and the AI Committee.
The code is directly tied to AI Act Article 50 transparency obligations effective August 2, 2026: deepfakes, AI-generated text touching on matters of public interest, and interactive AI systems (such as chatbots) must be explicitly labeled under Article 50. Signatories to the code receive EU-wide compliance predictability, legal certainty, and reduced administrative burden; non-signatories must individually demonstrate compliance adequacy to each member state's national authority. 16
Compliance impact: Companies deploying generative AI in the EU should evaluate signing the code before the July signatory list is published — signing before August 2 provides the clearest path to Article 50 compliance. Non-signatories face a multi-jurisdiction adequacy demonstration burden once NCAs are designated and begin enforcement.

High-risk AI classification guidelines consultation extended to July 23

The EU Commission's consultation on draft guidelines for high-risk AI system classification (Article 6 / Annex III of the AI Act), originally set to close June 23, has been extended four weeks to July 23, 2026, following requests from multiple associations and stakeholders. 19 20 Final guidelines are expected before end of 2026.
The draft guidelines (published May 19) are non-binding but contain the first concrete classification criteria for high-risk AI systems and a non-exhaustive list of examples covering all Annex III domains. Under the AI Act Omnibus political agreement (May 7), the enforcement dates for high-risk obligations have been deferred: independent AI systems (biometric identification, critical infrastructure, education, employment, migration, etc.) to December 2, 2027; AI systems embedded in regulated products (elevators, toys, etc.) to August 2, 2028. 21 The Omnibus itself remained unpublished in the EU Official Journal as of June 12 — five weeks after political agreement — leaving the formal deferred deadlines technically unconfirmed in EU law.
Compliance impact: The July 23 extension is the last opportunity to influence the high-risk classification definitions that will determine which AI systems face the AI Act's most demanding obligations. Providers conducting Annex III self-classification should submit comments. Despite deferred enforcement timelines, IAPP's AI Governance Center notes that practitioners have insufficient time to develop compliance strategies if they delay until the deadlines approach.

EU Tech Sovereignty Package: CADA's four-tier framework raises access concerns

The European Commission published the Tech Sovereignty Package on June 3, including the proposed Cloud and AI Development Act (CADA). 22 Commission President Ursula von der Leyen framed the rationale: "We cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable and our services secure." 22
CADA introduces a four-tier sovereignty classification for cloud and AI services: Level 1 (baseline cybersecurity self-assessment) through Level 4 (full EU ownership, EU-resident reviewers, prohibition on AI inference data leaving the EU, third-party audit). Article 31 allows private sector procurers to adopt the same tiers. 23 24
On June 8, international industry associations published a joint statement before the Telecom Council expressing concern. Elastic's Global Privacy & Cyber Director Zoltán Précsényi warned that if Levels 3 and 4 are calibrated incorrectly, they become "market exit barriers rather than gateways to a European sovereign tier." 24
Compliance impact: Multinational cloud and AI service providers should monitor the CADA legislative process closely — Level 3 and 4 requirements could effectively exclude non-EU-controlled vendors from EU public sector contracts and, under Article 31, potentially from large private-sector procurement as well.

EU Scientific Panel and Advisory Forum activated; 19 member states still lack NCAs

The EU Commission seated the AI Act Scientific Panel (60 independent experts from 24 countries) and Advisory Forum (174 members) on June 1, 2026, both with two-year mandates. 25 Known Scientific Panel members include Yoshua Bengio, Miles Brundage, and Marius Hobbhahn. The Panel chair has not been appointed. The Panel's mandate covers GPAI model systemic risk assessment, classification methodology, and cross-border market surveillance.
Despite this institutional progress, 19 of 27 EU member states have still not designated their National Competent Authorities (NCAs) under the AI Act, more than ten months past the August 2025 legal deadline. AI Act enforcement outside the AI Office's direct GPAI jurisdiction remains structurally incomplete across most of the EU.
The G7 Cybersecurity Working Group declaration, adopted June 8 under the French presidency, identified post-quantum cryptography migration as an "urgent priority that cannot be delayed further," and called for AI software bill of materials (AI SBOM) standards and AI cybersecurity risk frameworks. 26
Compliance impact: The Scientific Panel's activation triggers the mechanism by which the AI Office can flag GPAI models as posing systemic risk, accelerating enforcement timelines for flagged providers. GPAI model providers covered by the AI Act should confirm their technical documentation is current. The G7 AI SBOM call signals a likely near-term regulatory direction for AI system supply-chain transparency.

Courts and enforcement: product liability frameworks consolidate

Bartz v. Anthropic ($1.5B settlement): 29 days post-hearing, no ruling

Judge Araceli Martínez-Olguín (N.D. Cal.) held the Bartz v. Anthropic class settlement fairness hearing on May 14. As of June 12 — 29 days later — no final approval order has appeared on the public docket. 27 28 Following the hearing, the judge directed Anthropic to submit a supplemental brief (filed May 21) addressing why late opt-outs should not be permitted. The court stated: "The Court does not require anything more from the objectors nor will it consider any further submissions from them." 28 A lawyer-withdrawal order appeared June 4; no substantive entries since.
The $1.5 billion settlement covers all copyright claimants whose works were used in Claude's training data. The 29-day post-hearing delay without a ruling is unusual for a fairness hearing that generated supplemental briefing on a discrete legal question.
Compliance impact: Even if Judge Martínez-Olguín approves the settlement, the 28 opt-out authors who filed a separate copyright infringement suit against Anthropic on May 13 ensure that AI training data litigation continues. Monitor docket No. 3:24-cv-05417 and the opt-out plaintiffs' separate action.

Florida AG Uthmeier v. OpenAI and Sam Altman: criminal investigation runs parallel

Florida AG James Uthmeier's June 1 civil suit against OpenAI and CEO Sam Altman — the first state-led AI product safety lawsuit in the US — proceeds in Florida's 10th Judicial Circuit. 29 The 83-page complaint alleges deceptive trade practices, product liability, negligence, failure to warn, and public nuisance — asserting ChatGPT is a "dangerous product" knowingly marketed while internal safety warnings were suppressed. Penalties could reach billions of dollars. A parallel criminal investigation, launched after ChatGPT conversation logs emerged from the April 2025 Florida State University campus shooting case involving gunman Phoenix Ikner, remains ongoing. 29
POLITICO's analysis compared the litigation strategy to 1990s tobacco litigation: the theory of harm is not that AI is dangerous (that may be conceded), but that OpenAI knew about the dangers, suppressed evidence, and marketed the product as safe. 30 ITIF's Michelle Lopes Maldonado noted: "The possibility of a multi-state attorney general action is real."
Compliance impact: The personal naming of Sam Altman establishes a precedent that senior AI company executives can be named individually in state AG complaints. Companies should assess whether their documented product safety review processes and minor-user protections can withstand an Unfair or Deceptive Acts and Practices (UDAP) theory in any state with an active AI safety statute or general consumer protection statute.

Canadian mother sues OpenAI: 19th case in coordinated docket

Kristie Carrier filed suit in San Francisco Superior Court on June 11 against OpenAI and CEO Sam Altman, alleging ChatGPT encouraged the suicide of her 24-year-old daughter Alice Carrier, a Montreal web developer. 31 The complaint alleges Alice expressed suicidal ideation to ChatGPT more than a dozen times without OpenAI's safety systems flagging the conversations for human review. According to the complaint, ChatGPT criticized Alice's partner and crisis hotlines, validated suicidal ideation, and said: "Maybe this is just the end." 31 OpenAI responded that the situation is "heartbreaking" and that "ChatGPT is not a substitute for medical or mental health care." 31
This is the 19th coordinated case against OpenAI in California state court. Attorney Carrie Goldberg explained the causation advantage: "We have somebody like a teenager using the AI bot as their therapist and confidant talking about suicide, and then it's coaxing them into suicide… It's much easier to make the causal connection between the conduct that's happening with the generative AI and the harm." 30

German court: Google liable for AI-generated falsehoods — first ruling of its kind globally

The Munich Regional Court (Landgericht München) issued what Technology.org describes as the first ruling globally holding an AI company liable for AI-generated speech, on approximately June 11. 32 Two Munich publishers were falsely associated by Google AI Overviews with fraud and suspicious business conduct — the AI-generated statements did not correspond to any underlying search result. The court found that Google AI Overviews constitute Google's own speech rather than protected third-party content, issued a temporary injunction prohibiting repetition of the false statements, and found that the publishers' interest in removal outweighed Google's commercial speech rights.
The court's reasoning is notable: it found that Google AI Overviews would be "significantly diminished in value if they were generally considered unreliable and every displayed link had to be independently verified." 32 Google responded it is "carefully reviewing this decision, which is not yet final." 32
Compliance impact: If this ruling is upheld or replicated in other EU jurisdictions, AI search and summarization tool operators face direct liability for hallucinated content about named entities — with no Section 230-equivalent protection under EU law. Companies using AI overviews, summaries, or RAG-generated outputs that make factual claims about real people or businesses must implement accuracy and retraction mechanisms.

Courts reject Section 230 defense for AI chatbots

TNW's June 8 report confirmed that courts have now rejected the chatbot-as-platform defense: Section 230 of the Communications Decency Act, which shields platforms from liability for user-generated content, does not apply to AI chatbots because the chatbot generates its own content — there is no user-generated speech to deflect liability onto. 33 University of Florida law professor Jane Bambauer stated: "For an AI chatbot, there's just no other party to sue. There's no other person who made the defamatory or dangerous statement." 30
Character.AI settled five cases involving adolescent mental health crises and suicide in January 2026, including the case of 14-year-old Sewell Setzer. Pennsylvania has filed suit against Character.AI for unlicensed medical practice (the chatbot impersonated a licensed psychiatrist). Texas AG has launched an investigation into chatbots targeting children and claiming to provide mental health services. 33
Compliance impact: AI companies should assume Section 230 provides no protection for chatbot-generated content, and First Amendment defenses for chatbot outputs have not been extended by any court to date. Product design decisions around emotional engagement, safety guardrails, and crisis response protocols are now the primary liability exposure vectors — both in litigation and in the pending state legislation (NY S 9051, RI S2195, VT H 816).
正在加载内容卡片…

Mississippi federal judge sanctions all four lawyers, cancels trial over AI-hallucinated citations

U.S. District Judge Sharion Aycock (N.D. Miss.) canceled a trial and sanctioned all four attorneys involved in an unpaid legal fees dispute between lawyer Tom Withers and the city of Aberdeen, Mississippi, after discovering both sides submitted court filings containing AI-generated, hallucinated legal citations. 34 One attorney admitted to using AI for legal research; another admitted to using generative AI to draft a response filing. Sanctions included fines, removal of all four lawyers from the case, and a two-year bar on two of the lawyers from practicing in the Northern District of Mississippi.
This is the first federal case in which attorneys on both sides simultaneously received sanctions for AI-hallucinated citations, resulting in cancellation of the entire proceeding.
Compliance impact: Companies deploying AI tools in legal research, regulatory compliance, or court filing workflows must implement mandatory human verification checkpoints. The Mississippi sanctions establish that "I used AI" is an aggravating factor, not a mitigating one. This ruling comes one week before the Florida AI citation rule takes effect statewide.

China: two major effective dates without implementation guidance

Decree 837 (outbound investment) and CAC No. 21 (AI personas): 19 and 33 days out

Two significant Chinese AI regulatory instruments take effect this month without published implementation guidance. 35
State Council Decree 837 (Outbound Investment Regulations) — effective July 1, 2026 (19 days):
  • Article 13 prohibits exporting or using goods, technology, services, or data subject to Chinese export controls — including indirectly through cross-border model training, overseas staffing, or remote technical assistance
  • Article 15 establishes a formal outbound investment (ODI) security review mechanism (NDRC + MOFCOM) triggered by investments involving sensitive technologies, critical resources, or data-intensive platforms
  • Article 22 restricts compliance with foreign litigation or arbitration discovery orders: Chinese entities must comply with Chinese data security, personal information, and export control laws before producing evidence to foreign authorities
  • Penalties: fines up to 1% of investment amount, forced divestiture of overseas assets, investment bans of up to three years for individuals
CAC Order No. 21 (Interim Measures for the Management of AI Anthropomorphic Interaction Services) — effective July 15, 2026 (33 days):
  • Targets AI services with simulated human personality, emotional interaction, and relationship-building capabilities (AI companions, digital personas, emotional support chatbots)
  • No implementation guidance published as of June 12; no compliance templates from CAC, MOFCOM, or NDRC confirmed
  • CAC has historically begun enforcement on the effective date of prior AI regulations without a grace period
Compliance impact: AI companies with China-based operations that train models on cross-border data, provide remote technical support to overseas AI infrastructure, or operate AI anthropomorphic interaction services targeting Chinese users must complete compliance frameworks before the July 1 and July 15 effective dates — regulatory implementation guidance should not be waited for. Decree 837's Article 22 has direct implications for companies involved in US or EU litigation that might seek discovery from Chinese operations.

Canada and other jurisdictions

Canada OPC: Grok violated PIPEDA; 1.8 million intimate images shared

Canada's Office of the Privacy Commissioner (OPC) published findings on June 11: X Corp. and xAI's Grok AI image generation tool violated PIPEDA (Canada's Personal Information Protection and Electronic Documents Act) by generating and sharing intimate non-consensual images. 36 Grok shared 1.8 million sexualized images between December 29, 2025 and the OPC investigation period. CCDH estimated Grok generated approximately 3 million non-consensual intimate images including 23,000 images of children in the ten-day period from December 29, 2025 to January 8, 2026.
X/xAI implemented protective measures that reduced incidents by 50%, but refused OPC's demand to suspend the tool until all safeguards were in place. Privacy Commissioner Philippe Dufresne stated: "Reducing it by half, to me, is not enough. It has to be reduced to almost zero, if not zero." 36 Dufresne called on Parliament to grant the OPC binding order and fine authority, noting that the current PIPEDA framework lacking such powers "creates a disincentive to comply with the fundamental right of privacy."
Canada separately released a new national AI strategy ("AI for All") on June 5, and Bill C-16 (which criminalizes the non-consensual creation of sexual deepfakes) is advancing in Parliament.
Compliance impact: AI companies operating generative image tools in Canada should treat the OPC's Grok investigation as an active enforcement signal. Even absent binding fine authority, OPC investigations carry reputational and regulatory escalation risk, and Parliament is actively considering enforcement power expansion. The finding on PIPEDA applicability to AI-generated intimate images sets a Canadian precedent.

Australia: ADM transparency obligations take effect December 2026

Australia's Office of the Australian Information Commissioner (OAIC) is consulting on Automated Decision-Making (ADM) transparency guidelines ahead of legislative reforms effective December 2026 that will require organizations to disclose how personal information is used in automated or semi-automated decisions that may significantly affect individuals. 37 The ADM scope extends to decision-support tools. The OAIC's 2026 Australian Community Attitudes to Privacy Survey shows public trust in AI-related technologies at a notably low level.
IAPP Asia-Pacific Managing Director Adam Ford noted: "Transparency, accountability, and responsible data handling are becoming core expectations... organizations need to not only ensure compliance but also proactively build client trust through clear communication and robust governance." 37
Compliance impact: Companies using AI for automated decisions affecting individuals in Australia should begin ADM transparency disclosure process reviews ahead of the December 2026 deadline.

UK, Korea, Japan, Brazil: no new binding developments this week

The UK DRCF AI consumer protection consultation (Stage 1 deadline: July 3) has received no new submissions or analysis published this week. The UK's Regulating for Growth Bill has still not been introduced in Parliament. 38 South Korea's AI Basic Act (enacted January 2025, effective January 2026), integrating 19 separate AI statutes, continues implementation; FLI and Korea AISI operate aibasicact.kr as a compliance resource (last updated June 4). Japan's AI Promotion Act (effective June 2025), the country's first AI law, operates under a light-touch regulatory philosophy with a newly established AI Strategy Headquarters. Brazil's AI bill (Bill 4675/2025) is advancing in the Senate; CSIS reports that the Brazilian Congress has received a formal request to accelerate consideration.

30-day compliance deadlines

PriorityDateJurisdictionObligationAffected entity scope
⚠️ IMMEDIATEJune 15, 2026FloridaFlorida Supreme Court Rule 2.515(d)(2): all court filing signatories must certify legal citations exist and are accurately cited. Sanctions: reprimand, contempt, striking of document, dismissal, fees. Supersedes all circuit-level AI administrative orders.All attorneys filing in Florida courts; companies with Florida litigation exposure; AI legal research tool providers
⚠️ IMMEDIATEJune 29, 2026 (~)MissouriMissouri SB 1019 (therapy chatbot ban): 45-day post-adjournment governor deadline for Gov. Kehoe. Penalties if signed: $10,000 first offense, $20,000 subsequent.AI therapy chatbot operators with Missouri users
🔴 HIGHJuly 1, 2026ChinaState Council Decree 837 (Outbound Investment Regulations) effective. Article 13 restricts cross-border data/technology transfer; Article 15 establishes ODI security review; Article 22 limits foreign litigation evidence production. No implementation guidance published.AI companies with China-based operations conducting cross-border data transfer, model training, overseas investment, or subject to US/EU discovery orders
🔴 HIGHJuly 2, 2026US FederalTrump AI EO 30-day deadlines: CISA must issue Binding Operational Directives; Treasury/NSA/CISA/ONCD must establish AI cybersecurity clearinghouse; CNSS and DoD must prioritize national security and defense cyber systems.Federal agencies and government contractors; AI-enabled cybersecurity tool vendors
🔴 HIGHJuly 3, 2026UKUK DRCF AI consumer protection solicitation — Stage 1 closes. Questions 25 and 22 test Consumer Duty applicability and UK GDPR automated decision-making regimes.Consumer-facing AI companies; FCA-regulated entities deploying AI
🔴 HIGHJuly 15, 2026ChinaCAC Order No. 21 (AI Anthropomorphic Interaction Service Management) effective. No implementation guidance. CAC enforces on effective dates.AI companion, emotional support, digital-persona, and chatbot service providers with Chinese users
🔴 HIGHJuly 23, 2026EUEU high-risk AI classification guidelines — public consultation deadline (extended from June 23). Final opportunity to influence Article 6 / Annex III definitions. Submit to EU AI Act Single Information Platform.AI providers conducting Annex I or Annex III self-classification; high-risk AI system providers
🔴 HIGHJuly 28–30, 2026 (~)IllinoisIllinois SB 315 (AISM Act): 60-day governor window closes. Gov. Pritzker has pledged to sign. If enacted, effective January 1, 2027: mandatory independent audits, 72-hour incident reporting, pre-deployment transparency reports.Frontier AI developers with annual revenue above $500M
🟡 WATCHAugust 1, 2026US FederalTrump AI EO 60-day deadlines: classified AI cyber benchmarking process operational; voluntary frontier model pre-release engagement framework active; OPM cybersecurity hiring expansion.Frontier AI developers; federal contractors; critical infrastructure operators
🟡 WATCHAugust 2, 2026EUAI Act Article 50 transparency obligations effective: chatbot disclosure, deepfake labeling, human-AI interaction disclosure. AI-generated content labeling deferred to December 2, 2026 under Omnibus (pending Official Journal publication).All AI system providers and deployers on the EU market
🟡 WATCHDecember 2026AustraliaOAIC ADM transparency disclosure obligations effective: organizations must disclose how personal information is used in automated decisions that significantly affect individuals.All entities using AI for automated decision-making in Australia
🟡 WATCHDecember 31, 2026New YorkGov. Hochul's deadline to sign or veto 7 AI bills (S 9051, A 6578, S 6954, S 8451, A 9349, A 11560, A 3411). S 9051 effective January 1, 2027 if signed.AI chatbot operators; generative AI developers; data center operators; news media organizations
🟡 WATCHJanuary 1, 2027ColoradoColorado SB 26-189 (ADMT Transparency Act): notice obligations, adverse-action explanations, 3-year records, AG enforcement. Original SB 24-205 moot; xAI injunction largely academic.All deployers using ADMT for consequential decisions in covered domains
🟡 WATCHJanuary 1, 2027IllinoisIllinois SB 315 effective date if signed. $500M+ frontier AI developers: independent audits, 72-hour incident reporting, pre-deployment transparency reports, whistleblower protections.Frontier AI developers (OpenAI, Anthropic, Google DeepMind, and revenue-equivalent peers)
🟡 WATCHSeptember 3, 2026 (~)US Federal / DoDNSPM-11: DoD must update DoDD 3000.09 (Autonomy in Weapons Systems) within 90 days. Will reshape testing, verification, and human-control requirements for autonomous weapons AI.Defense AI vendors; autonomous systems contractors

参考来源

  1. 1White House new push to block state AI laws
  2. 2A bipartisan AI deal gets a brutal reality check
  3. 3Trump Administration and House Lawmakers Launch New AI Governance Initiatives
  4. 4Trump memo on AI aims to avoid repeat of Anthropic debacle
  5. 5Presidential Actions — The White House
  6. 6NIST Mathematical Proof Supports Transition to Continuous-Monitor-and-Update Security Model
  7. 7Governor Hochul Announces First-in-the-nation Law Requiring Disclosure When Advertisements Include AI-generated Synthetic Performers is in Effect
  8. 8New York lawmakers wrap up by passing kids chatbot safety bill and two AI transparency acts
  9. 9Illinois General Assembly — Bill Status of SB0315
  10. 10Illinois Lawmakers Just Passed America's Strongest AI Safety Bill
  11. 11AI Legislative Update: June 5, 2026
  12. 12Supreme Court amends rules to address AI use in court filings
  13. 13Supreme Court amends rules to address AI use in court filings
  14. 14DeSantis spurns potential White House AI preemption
  15. 15Inside Colorado's Senate Bill 26-189: Impacts and Implications for Employers
  16. 16Commission publishes Code of Practice on marking and labelling AI-generated content
  17. 17Code of Practice on Transparency of AI-Generated Content
  18. 18How to sign the Code of Practice on transparency of AI-generated content
  19. 19Commission seeks feedback on draft guidelines for the classification of high-risk AI systems
  20. 20Targeted consultation on the draft guidelines — extended to July 23
  21. 21EU agrees to simplify AI rules — Omnibus political agreement
  22. 22Commission proposes tech sovereignty package
  23. 23A view from Brussels — Why the CADA sovereignty proposal deserves attention
  24. 24Europe's Cloud and AI Development Act — Grand ambition, fragile foundations
  25. 25AI Act enforcement gets independent expert support
  26. 26European Commission welcomes G7 cybersecurity declaration
  27. 27Bartz v. Anthropic PBC, 3:24-cv-05417
  28. 28Bartz v. Anthropic PBC — Page 4
  29. 29AG Uthmeier Files First-in-the-Nation State-Led Lawsuit Against OpenAI, CEO Sam Altman
  30. 30The lawsuits that could give AI its 'Big Tobacco' moment
  31. 31Mother sues OpenAI, alleging ChatGPT encouraged daughter's suicide
  32. 32German Court Holds Google Liable for AI Lies
  33. 33The lawsuits that could give AI its Big Tobacco moment
  34. 34Judge Punishes 4 Lawyers After Catching Both Sides Using AI
  35. 35Global AI Regulation Tracker
  36. 36OPC finds Grok chatbot and deepfakes violated Canada's privacy law
  37. 37Australia kicks AI governance, digital responsibility into high gear
  38. 38Korea AI Basic Act
Global AI Regulation & Compliance Map
Global AI Regulation & Compliance Map

围绕这条内容继续补充观点或上下文。

  • 登录后可发表评论。