Age Verification Laws Herzog’s Guide to the Evolving Legal Landscape

In recent years, there has been a significant rise worldwide in the regulation of online platforms that provide or disseminate content, such as adult or social media platforms. There has been a focus on implementing age verification laws in many jurisdictions including the US at the state level, Australia, the United Kingdom and the European […]

Alabama Joins States Enacting Comprehensive Privacy Law

Alabama is poised to become the 21st US state to enact a comprehensive data protection law, following the state legislature’s passage of House Bill 351, which adopts the Alabama Personal Data Protection Act. While the new act largely follows the established US state privacy framework and incorporates provisions consistent with its predecessors, it also introduces […]

Oklahoma Becomes the 20th State to Enact Privacy Law

Last week, Oklahoma’s Senate Bill 546 was passed by both legislative chambers, and later on was signed by the Governor. The new act will take effect on 1 July 2027. This development makes Oklahoma the 20th US state to enact comprehensive consumer data privacy law, following years of legislative discussions.   Scope and Applicability Similarly […]

Detecting and Mitigating Dark Patterns on Digital Platforms

By Ariel Yosefi, Kevin David Gampel & Tamara Mascisch Cohen   In recent years, regulators around the world have intensified their scrutiny of online interface design, with a growing focus on practices commonly referred to as “dark patterns.” These practices involve design choices in user interfaces that nudge, pressure or mislead individuals into taking actions […]

The UK Online Safety Act – Herzog’s Practical Playbook

The UK Online Safety Act 2023 (“OSA“) establishes a comprehensive statutory framework governing the safety obligations of online services with a connection to the United Kingdom. The act applies not only to services established in the UK, but also to services based outside the UK where they enable access by UK users or where their operation gives […]

European Commission Introduced Digital Regulations Amendments

On 19 November 2025, the European Commission (“Commission“) published two draft regulations: The Digital Omnibus Regulation Proposal(the “Data Proposal”) introduces horizontal amendments to the General Data Protection Regulation (“GDPR”), the ePrivacy Directive, the Data Act and other core digital instruments; and The Digital Omnibus on AI Regulation Proposal (the “AI Proposal”), which focuses on targeted […]

US Landmark Stablecoin Regulation Signed into Law

On 18 July 2025, a new act stablishing the first comprehensive regulatory framework for payment stablecoins in the US has been signed into law by the President of the United States. The GENIUS Act (standing for Guiding and Establishing National Innovation for US Stablecoins) is considered as the most significant piece of legislation in the […]

Special Update – The European Accessibility Act Guide

By Ariel Yosefi, Ido Manor & Yuval Ram   Dear clients and friends, The European Accessibility Act establishes mandatory accessibility requirements for certain digital services available to EU consumers. While it specifically names several sectors, e-commerce services are explicitly within scope – and many modern digital platforms fall under this category, even if not individually […]

Texas Enacts a Responsible Artificial Intelligence Governance Act

Texas has enacted a new act regulating the use of artificial intelligence (AI) systems, with the signing yesterday (22 June 2025) of the Texas Responsible Artificial Intelligence Governance Act. The new act joins other state-level AI laws enacted in the US in the past year, such as Colorado and Utah, alongside bills in Virgina and […]

The UK Data Protection Reform – Herzog’s Guide to the Key Changes

The United Kingdom’s parliament has approved the Data (Use and Access) Bill, which is now pending a Royal Assent, in order to become an act. In recent years, data protection in the UK has been based on and aligned with the European Union’s Geneal Data Protection Regulation. Over the years, the UK Government has decided […]

SEC Staff Issues Statement on Protocol Staking and Related Activities

By: Ariel Yosefi, Dima Zalyalyeyev & Gal Mechtinger On 29 May 2025, the US Securities and Exchange Commission’s (“SEC“) Division of Corporation Finance issued a statement providing the regulator’s views on the application of US federal securities laws to “Protocol Staking” of crypto assets on Proof-of-Stake (“PoS“) networks. While the statement does not formally alter […]

Age Verification Rules Intensify: Key Implications for Developers and App Stores

In the past year there has been a clear trend toward stricter online child protection laws, particularly in the US where a wave of multiple states has floated age-verification bills, and lawmakers at the federal level have introduced several bills to address social media and app age gating. Similarly, in the UK and EU, regulators […]

Fintech Regulatory Updates

We are pleased to highlight below some key regulatory developments and events from the recent months, affecting various sectors in the fintech industry, including crypto, online trading and derivatives, payments and financial services. In the weeks since President Trump’s inauguration, the US administration is undergoing a broad shift in its economic and regulatory policy, affecting […]

The European Accessibility Act: Key Considerations for E-Commerce Providers

By Ariel Yosefi and Yuval Ram   In just 4 months, effective 28 June 2025, the European Accessibility Act (“EAA”) will apply across the European Union through national implementing legislation in each member state.   Scope of Application The EAA imposes harmonized accessibility requirements on a wide spectrum of products and services, including e-commerce services, […]

New York Legislature Passes the Health Information Privacy Act

The New York Assembly and Senate have passed the New York Health Information Privacy Act (the “Act“), establishing a comprehensive framework for the processing of health data. The Act joins other state-level health privacy laws in the US, such as the Washington My Health My Data Act and the Nevada Consumer Health Data Privacy Law […]

FTC Implements Major Revisions to Children’s Online Privacy Protection Rule

On 16 January 2025, the Federal Trade Commission (“FTC“) announced the finalization of a significant revision to the Children’s Online Privacy Protection Act’s (“COPPA“) Rule, placing stricter obligations on companies that collect, process and share personal information from children under the age of 13. This revision aims to strengthen privacy protections for minors, provide parents […]

EDPB Adopted Opinion on Personal Data in Developing and Deploying AI Models

Last week, the European Data Protection Board (“EDPB“) has adopted an opinion on the use of personal data for the development and deployment of AI models. The opinion, which was requested by the Irish Data Protection Authority, looks at three issues related to privacy and AI: When and how AI models can be considered anonymous; […]

Herzog’s Comparative Guide on Key Rights in US States Privacy Laws – December 2024

The legal landscape surrounding data protection in the United States has undergone significant changes over the past couple of years. While various attempts to legislate a comprehensive federal privacy law have not succeeded, more and more US states have moved forward with adopting their own comprehensive privacy laws. To date, 19 states have enacted comprehensive […]

The UK Online Safety Act – Ofcom Releases First Set of Regulatory Guidelines

The UK Online Safety Act (“Act“) has entered its implementation phase. On 16 December 2024, Ofcom, the UK communications regulator, published its first major policy statement and accompanying regulatory guidelines, which focus on safeguarding individuals from illegal online harms. The statement outlines notable developments for in-scope online service providers, including user-to-user and search services (“Providers“). […]

Fintech Regulatory Updates

Dear clients and friends, We are pleased to highlight below some key regulatory developments and events from the recent months, affecting various sectors in the fintech industry, including crypto, online trading and derivatives, payments and financial services. Our fintech and crypto team is helping our clients in monitoring and navigating the evolving regulatory environment for […]

The US Tightens Regulatory Requirements on Recurring Payments Programs

The Federal Trade Commission (“FTC“) recently announced final amendments to its trade rule, titled the “Rule Concerning Recurring Subscriptions and Other Negative Option Programs“, commonly referred to as the “Click-to-Cancel” rule. The FTC introduced the new rule as part of an ongoing effort to modernize consumer protection practices around recurring payment programs in a transparent […]

AI Governance in California: Pioneering New Safety Standards

California is poised to lead the nation in regulating artificial intelligence with several major bills awaiting the Governor’s signature. The most prominent of these, SB 1047, the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act (“the AI Safety Act“), represents a comprehensive attempt to manage risks of large AI models. Along side with […]

Rhode Island Passes Data Privacy Act; Vermont Privacy Act Vetoed by Governor

Following our recent update regarding the passage of the new privacy bill by the Vermont state legislature, the governor of Vermont has decided to veto the act. This is the first time that one of the 19 comprehensive privacy laws enacted by US states legislatures in recent years was vetoed. The governor cited concerns over […]

Herzog’s Comparative Guide on Key Rights in US States Privacy Laws – V3

Dear clients, colleagues and friends, The legal landscape surrounding data protection in the United States continues to evolve and expand during 2024, after significant expansion in the previous year. Since the beginning of the year, 7 additional US states (Kentucky, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey and Vermont) have enacted comprehensive general privacy laws, and […]

Minnesota is the 19th US State to Adopt Comprehensive Data Protection Legislation

The Minnesota legislature granted final passage to the state’s comprehensive privacy legislation. The legislation, named the Minnesota Consumer Data Privacy Act, is expected to be approved by the governor and to take effect on 31 July 2025, less than a month after Vermont‘s and Tennessee‘s new privacy laws. The act provides similar protections to other […]

The Colorado AI Act: America’s First Comprehensive AI Law

This month, while the EU AI Act receives its final vote and is about to be officially published, and enter into force, Colorado became the first state in the US to follow suit and enact comprehensive legislation regulating artificial intelligence, with the signing of the Colorado AI Act. This landmark act aims to protect consumers […]

Vermont is the 18th US State to Adopt Comprehensive Data Protection Legislation

Vermont’s legislature has passed the Vermont Data Privacy Act, which is now pending the governor’s final approval. Once approved, it is expected to take effect on July 2025 (together with Tennessee‘s new privacy law). The new act appears to provide wider rights and requirements comparing to previous privacy laws in US states, featuring a privacy […]

Nebraska is the 17th US State to Adopt Comprehensive Data Protection Legislation

Nebraska is about to become the seventeenth US state to adopt comprehensive data protection legislation, after its legislature passed the Nebraska Data Privacy Act, which is now pending the governor’s final approval. Once approved, it is expected to take effect in January 2025 (together with Iowa, Delaware, New Jersey and New Hampshire). The new act […]