The GM OnStar Settlement Changes What "Compliance" Means for Connected-Product Data
California regulators just told every company with a connected product that a privacy policy is not a governance record.
9 min read
SparkPoint
Writing on regulated business, the law that applies to it, and how to build inside it.
SparkPoint is where Consilium Law writes about legal and regulatory developments that matter to companies building inside regulated markets. The focus is practical: what changed, why it matters, and what a founder, executive team, or board should do next.
Recent
Recent articles
Should You Sign a Co-Located AI Power Deal Before PJM's New Tariff Lands? A Decision Framework
FERC's December 2025 order to PJM is rewriting the tariff under every co-located AI power deal. Three contract levers to add before the rules land.
5 min read
AI Controls Audit: 5 Places Where Your Policy Is a Sign When You Need a Guardrail
When your company sets a rule about how its AI should behave, there are two ways to enforce it.
8 min read
The Training-Data Propagation Audit Clause: The AI Vendor Deletion Right That Actually Survives an FTC Disgorgement Order
Your AI vendor's deletion clause was written for databases. The data lives in model weights. The training-data propagation audit right closes the gap.
21 min read
Your AI Vendor's Deletion Clause Is a Legal Fiction
You negotiated a right to delete. The vendor agreed. The problem: the clause describes an operation your vendor can't actually perform.
5 min read
The Federal Government and the EU Just Wrote the AI Vendor Contract. Your Commercial MSA Probably Doesn't Match. Here Are the 12 Clauses to Redline.
---
15 min read
The EU AI Act High-Risk Deadline Is 110 Days Away. Most US Companies Aren't Ready.
---
14 min read
The SEC Just Changed What Counts as "Enforcement." Here's What Your Board Should Actually Do About It.
If you run a growing company, the practical question isn't "did the SEC do less this year." The practical question is: which line items in your compliance...
12 min read
AI and Privilege After Heppner and Warner: How Two Federal Courts Split on Whether Talking to a Chatbot Waives Protection
Bradley Heppner's criminal trial began yesterday in the Southern District of New York. The AI privilege ruling that came out of his case in February is the most consequential generative-AI legal development of the year.
13 min read
The Tariff Wall Is Being Rebuilt. Section 301 Investigations Just Launched Against 60 Economies, and Your Comment Deadline Is April 15.
USTR launched two sweeping Section 301 investigations covering 21 sectors across 16 economies plus a forced labor probe spanning 60 countries. Comments due April 15, 2026.
13 min read
Your Privacy Policy Is a Legal Contract: 5 Lessons from the FTC's Match/OkCupid Case
The FTC just filed against Match and OkCupid for sharing 3 million user photos with a facial recognition company. The deception lasted 12 years. Here are the five audits every company should run this week.
5 min read
Your Patent Defense Just Became a Manufacturing Decision. The USPTO Made Sure of It.
The USPTO now weighs where you manufacture when deciding whether competitors can challenge your patents. If your supply chain runs through Asia, your IP just got harder to defend.
10 min read
View the archive 56 more
Colorado Just Killed Its Own AI Law. Should You Stop Complying With State AI Rules?
Colorado's AI Act lasted one month. On February 1, the state's sweeping algorithmic discrimination law took effect, requiring risk assessments,...
4 min read
One Stolen Password Just Wiped 80,000 Devices at a $25 Billion Company. Here's What Every CEO Needs to Know.
On March 11, hackers linked to Iran's intelligence services stole a single administrator password at Stryker Corporation, the $25 billion medical device...
4 min read
California Just Paused Its VC Diversity Reporting Law. Here's Why You Shouldn't Stop Preparing.
The DFPI suspended the FIPVCC two weeks before the April 1 deadline. The law is still on the books, and the rulemaking that follows could be harder to work around.
10 min read
Your Foreign Board Members Have 6 Days to Start Filing SEC Insider Reports. Here's the Compliance Playbook.
The HFIA Act eliminates a decades-old FPI exemption. Starting March 18, foreign directors and officers must file Forms 3, 4, and 5 on EDGAR. Here's the action plan.
12 min read
Your CFO Just Called to Approve a Wire Transfer. It Wasn't Your CFO.
Deepfake fraud losses hit $1.1B in 2025. One company lost $25.6M from a single AI-generated video call. Here's the 6-point verification protocol every company needs.
4 min read
Your AI Claims Could Be Securities Fraud. The SEC Just Made That Very Clear.
In 18 months, the SEC escalated from $400K fines to parallel criminal prosecutions for AI misrepresentation. Here's where the line is.
11 min read
Manufacturing Is the #1 Cyberattack Target. NIST Just Gave You a Playbook.
NIST's updated CSF Manufacturing Profile gives manufacturers a concrete roadmap for board-level cyber governance, supply chain risk, and OT protection.
10 min read
The FTC Is About to Call AI Bias Mitigation "Deceptive." Should You Stop Doing It?
On March 11, the FTC will issue a policy statement explaining when state laws that require AI systems to mitigate bias are preempted by federal consumer...
4 min read
The SEC Just Signaled That Startup Deal Finders Are About to Become Legal. Here's What That Means for Your Next Raise.
---
10 min read
NIST Wants to Regulate AI Agents: A 5-Point Readiness Checklist
NIST launched the AI Agent Standards Initiative targeting autonomous AI systems. Two comment periods are open now. Here's a 5-point checklist to prepare.
4 min read
The Rules Are Still on the Books: Why Oil and Gas Operators Can't Treat the Endangerment Rescission as a Compliance Holiday
EPA rescinded the 2009 GHG Endangerment Finding, but methane rules for oil and gas remain enforceable. State regulators, EU import requirements, and tort liability create new risks.
13 min read
The Supreme Court Just Killed Trump's IEEPA Tariffs. Here's What Dies, What Survives, and What Your Company Should Do This Week.
The Supreme Court ruled 6-3 that IEEPA tariffs are illegal. $130 billion in refunds at stake. Section 232 and 301 tariffs survive. What importers need to do this week.
13 min read
The Merger Paperwork Overhaul Is Dead. Here's What It Means for Your Next Deal.
A federal court struck down the FTC's expanded HSR merger disclosure form on February 12. The old form, used for 46 years, goes back into effect as early as February 20. Here's what deal teams need to know.
10 min read
The Deregulation Paradox: Why Scrapping Federal Emissions Rules Could Mean More Legal Risk for Manufacturers
The White House says this saves manufacturers and consumers $1.3 trillion through 2055, with per-vehicle costs dropping roughly $2,400. If you run a...
10 min read
Your AI Hiring Tool Might Be an Unlicensed Credit Bureau: The Lawsuits That Could Change How You Recruit
A new FCRA lawsuit against Eightfold AI, a collective action against Workday, and two state laws now in effect are creating real liability for any company using AI in hiring. Here's what to do about it.
10 min read
The 72-Hour Clock Is Coming: CIRCIA's Mandatory Cyber Incident Reporting Will Cover 316,000 Companies
CISA announced town halls to finalize the biggest federal cybersecurity mandate in a decade. If you exceed SBA size thresholds in a critical infrastructure sector, mandatory 72-hour incident reporting is coming.
9 min read
$83 billion in clean energy funding just vanished. Here's what your legal team should have told you six months ago.
DOE cancelled $83.6B in clean energy loans and $7.5B in grants ruled unconstitutional. Companies are moving factories overseas. What proactive legal counsel catches before federal funding disappears.
11 min read
The Section 201 solar tariff just died. The regime that replaced it is worse for importers.
Section 201 solar tariffs expired February 6 after eight years. Four overlapping tariff programs replaced them, with combined rates exceeding 300%. Country-by-country breakdown and seven actions for procurement teams.
12 min read
Treasury Just Gutted the Stock Buyback Tax. Your Company Might Be Owed a Refund.
IRS final regulations dramatically narrow the 1% stock buyback excise tax. LBOs, reorganizations, and preferred stock excluded. Companies that overpaid under prior guidance can file refund claims now.
10 min read
The $1.25 Trillion Deal That Skipped the Line: What the SpaceX-xAI Merger Reveals About Antitrust Blind Spots
The largest private merger in history may have skipped federal review. What the SpaceX-xAI deal teaches founders about HSR exemptions, triangular mergers, and fiduciary risk.
12 min read
The FTC Just Warned 13 Companies About a Data Law You've Probably Never Heard Of. Here's Why It Matters for Tech Companies.
The FTC sent warning letters to 13 data brokers under PADFAA. If your tech company shares user data it didn't collect directly, you could be a data broker under federal law. Fines start at $53,088.
12 min read
CISA Just Ordered the Federal Government to Rip Out Its Network Equipment. Here's Why Your Company Should Do the Same.
CISA's Binding Operational Directive 26-02 orders federal agencies to remove unsupported edge devices exploited by Chinese and Russian hackers. Private companies face the same risk.
11 min read
The Supreme Court Is About to Rule on Your Import Costs. Here's How to Protect Your Refund Rights Before It Does.
IEEPA tariffs face Supreme Court review. Importers may recover billions in refunds, but liquidation deadlines start Feb 13. File now to preserve your claim.
14 min read
Five Federal Courts, Five Offshore Wind Wins: What the Sunrise Wind Decision Tells Operators About Regulatory Reversals
Five federal judges blocked BOEM's offshore wind stop-work orders in three weeks. The Sunrise Wind ruling completes a clean sweep that reshapes how courts handle agency reversals backed by classified national security claims.
11 min read
The $40 Billion Loophole That Just Closed: Why Your AI Talent Deal May Need Federal Approval
Three senators are demanding the FTC and DOJ crack down on AI acquihires. If you're buying or selling AI talent through licensing-plus-hiring deals, the rules just changed.
10 min read
Selling Your Company? The Government's Merger Review Fees Just Hit Record Highs. Here's What You Need to Know Before February 17.
The FTC just raised HSR filing fees to $2.46 million for the largest deals. But if you file before February 17, you pay the old rates. Here's how the timing rules work and what it means for your next transaction.
9 min read
The DATA Act Promises Data Centers a Way Off the Grid. Here's What It Actually Delivers.
Senator Cotton's bill would let data centers bypass FERC entirely by building off-grid power. The federal exemption is real. The state-level complications are where this gets interesting.
11 min read
The Federal Government Is Coming for State AI Laws. Here's What to Do Before March.
DOJ created an AI Litigation Task Force to sue states over AI laws. With California, Texas, and Illinois laws already in effect, here's how to handle the federal-state showdown.
11 min read
The 25% Chip Tariff Is Live. Here's Who Pays, Who Doesn't, and What to Do This Week.
Section 232 tariff hits NVIDIA H200, AMD MI325X chips. US data centers are exempt. Here's how the exemptions work and what compliance requires.
12 min read
The Fifth Circuit Just Handed Limited Partners a Major Tax Win. Here's Who Can Claim It.
Fifth Circuit rejects IRS 'passive investor' test in Sirius Solutions. Limited partners in TX, LA, MS can file refund claims. Here's who benefits and what to do now.
10 min read
The Patent Office Wants to Make Bad Patents Untouchable. 97% of Commenters Said No.
USPTO's proposed 'one-and-done' rule would make patents that survive any initial challenge virtually immune from further review. Here's what it means for your patent defense strategy.
10 min read
Commerce Department's First Equity Stake Under CHIPS Act Expands Government Industrial Policy Into Uncharted Territory
The government is taking 8-16% ownership in USA Rare Earth under a novel CHIPS Act interpretation. Senator Todd Young says it wasn't authorized. Here's what companies need to know.
14 min read
New AI Chip Export Rules: What the BIS Policy Shift Means for Your Business
BIS shifted to case-by-case review for H200/MI325X exports to China. Six certifications required. Here's what compliance actually takes.
10 min read
Trump's 100% Tariff Threat Puts $784 Billion in US-Canada Trade at Risk
Trump threatened 100% tariffs on all Canadian goods over a China trade deal. With $784B in annual trade at stake, here's what businesses need to know about legal authority, supply chain impact, and next steps.
12 min read
FERC Just Opened the Door to LNG Deregulation. You Have Three Days to Shape What Comes Next.
FERC is considering blanket authorization for LNG facilities for the first time in 44 years. The comment deadline is January 26, 2026. Here's what operators need to know.
10 min read
The INVEST Act Just Passed the House. Here's What It Means for Your Next Fundraise.
H.R. 3383 combines over 20 capital formation measures: bigger VC fund limits, demo day safe harbors, and new pathways to accredited investor status. Here's what founders and fund managers need to know.
11 min read
Your Connected Product Just Became an FTC Target: What the GM Settlement Means for Every Company Collecting Location Data
The FTC finalized its order against GM and OnStar, calling it an 'egregious betrayal.' If your product collects location data, this 20-year consent framework is your new compliance baseline.
9 min read
CISA's Ransomware Early Warning Program Lost Its Architect: What Your Business Should Do Now
David Stern resigned from CISA's Pre-Ransomware Notification Initiative. With a 40% vacancy rate at the agency, companies can no longer rely on government early warnings. Here's how to protect yourself.
9 min read
The 500% Tariff Threat Is Real: What the Russia Sanctioning Act Means for Your Supply Chain
Trump greenlit the Russia Sanctioning Act with 84 Senate cosponsors. A 500% tariff on China and India imports could hit in 15 days. Here's how to assess your exposure and what to do now.
11 min read
FEOC Compliance Deep Dive: The Supply Chain Rules That Could Kill Your Clean Energy Tax Credits
Only 38% of clean energy firms are fully prepared for 2026 FEOC rules. Here's what you need to know about the 40% solar threshold, 15% debt restriction, and 10-year recapture risk.
10 min read
California's DROP Platform Is Live: Why Your Company Might Be a Data Broker and What to Do Before January 31
Three companies have been fined a combined $164,000 in the last two months for failing to register as data brokers. S&P Global got hit for $62,600 due to an administrative error. If a Fortune 500 company can miss this, so can you.
10 min read
The Patent Office Just Made It Easier to Patent AI-Assisted Inventions
The USPTO rescinded Biden-era guidance that applied joint inventorship tests to solo inventors using AI. The new rules treat AI like any other lab tool. Here's what that means for your patent strategy.
8 min read
Offshore Wind Scores Two Court Victories, With a Third Ruling Tomorrow
Two federal judges have now ruled against the Trump administration's offshore wind suspension orders. A third hearing happens tomorrow. Here's why the 'arbitrary and capricious' standard is working, and what it means for your projects.
7 min read
The AI Enforcement Paradox: Why Federal Retreat Doesn't Mean You're Safe
The FTC just reversed its Rytr enforcement order while 42 state attorneys general demand AI safety measures by January 16. Here's how to build a compliance program that works under both regimes.
8 min read
The Six-Month Sprint: What Clean Energy Developers Must Do Before July 4
Wind and solar projects that don't begin construction by July 4, 2026, lose years of development runway. Add new FEOC restrictions, and clean energy developers face a compliance crunch with less than six months to act.
10 min read
The 21-Day Countdown: What Your Company Must Do Before CISA 2015 Expires
The Cybersecurity Information Sharing Act of 2015 expires January 30, 2026. If your company shares threat intelligence with ISACs or participates in government programs, you have 21 days to figure out your legal exposure.
8 min read
State AI Laws Are Live. The Feds Want Them Gone. Here's What That Means for You.
The DOJ's AI Litigation Task Force launches January 10 to challenge state AI laws. But those laws are already enforceable. Here's how to build a compliance program that works under both outcomes.
8 min read
Offshore Wind Projects Sue the Federal Government: What Project Developers Need to Know About the January 16 Showdown
Three offshore wind developers have filed federal lawsuits challenging BOEM's authority to suspend their leases. The January 16 hearing will shape risk calculus for every infrastructure project touching federal land.
9 min read
Building a Data Center in 2026: What Developers Need to Know Before Breaking Ground
PJM's market monitor filed for a data center connection moratorium. Grid capacity prices jumped 10x. Here's what developers need to know about power access, state regulations, tax incentives, and water constraints.
10 min read
2026 Oil & Gas Permitting: What Trump's 28-Day Fast Track Means for Your Projects
The federal government approved more drilling permits in 2025 than in any year over the past 15 years. Here's what oil and gas operators need to know about the 28-day emergency permitting process, EPA methane delays, and tariff risks.
9 min read
The 2026 Compliance Playbook: How to Turn New Regulations into Competitive Advantage
Tomorrow, a wave of new regulations takes effect. California's AI rules. Three new state privacy laws. Major tax code changes. Here's your roadmap to get ahead while competitors figure out what hit them.
10 min read
Your Board Will Ask About AI Risk in 2026. Here's How to Have a Good Answer.
The FTC fined Cleo AI $17 million. Insurers are adding AI exclusions to liability policies. Here's how to build a defensible AI governance program before your next board meeting.
10 min read
The December 31 Deadline Is Real: What Clean Energy Businesses Need to Know Before IRA Credits Expire
The IRS doesn't care when you signed the contract. It cares when installation is completed. Here's what clean energy businesses need to know about the IRA tax credit sunset.
10 min read
Behind-the-Meter, Out in the Open: What Data Center Operators Must Know About FERC's January 20 Deadline
FERC just rewrote the rules for how data centers connect to power plants. If you're operating in PJM territory, you have until January 20, 2026 to understand what changed.
11 min read
How to Set Up Your Business to Get the Most From the New Tax Law
The One Big Beautiful Bill Act changed which business structures make the most sense. Here's how to optimize your entity selection, capital investments, and exit planning under the new rules.
12 min read
The AI Compliance Collision: How the White House's Preemption Order Creates Legal Uncertainty for Multi-State Enterprises
The White House just threw a wrench into every multi-state AI compliance program. Here's what enterprises need to know about the December 11 executive order and how to navigate the uncertainty.
9 min read
Newsletter
SparkPoint Briefings
Receive occasional notes from Consilium Law on legal and regulatory developments affecting companies building inside regulated markets.
ADVERTISING MATERIAL. Responsible attorney: Meetesh Patel, Consilium Law LLC, 10490 Little Patuxent Parkway, Suite 600, Columbia, Maryland 21044. This newsletter does not constitute legal advice and does not create an attorney-client relationship.