State attorneys general increasingly impact businesses in all industries. Our nationally recognized state AG team has been trusted by clients for more than 20 years to navigate their most complicated state AG investigations and enforcement actions.
State Attorneys General Monitor analyzes regulatory actions by state AGs and other state administrative agencies throughout the nation. Contributors to this newsletter and related blog include attorneys experienced in regulatory enforcement, litigation, and compliance. Also visit our State Attorneys General Monitor microsite.
Contact our State AG Team at StateAG@troutman.com.
Troutman Pepper Locke Spotlight
Effective Strategies for Managing Cybersecurity Breaches: How to Navigate State AG Investigations and Federal Agency Actions
By Troutman Pepper Locke State Attorneys General Team
Register Here
Thursday, September 25 • 1:00 – 3:10 p.m. ET
Sadia Mirza, co-leader of Troutman Pepper Locke’s Incidents + Investigations practice, Privacy + Cyber Partner Timothy St. George, and Regulatory Investigations, Strategy + Enforcement Counsel Gene Fishel, will participate in an upcoming CLE with myLawCLE to examine the nuances of navigating cybersecurity breaches.
Podcast Updates
State AGs’ Continued Focus on Enforcement – With or Without AI Legislation
By Stephen C. Piepgrass, Brett Mason, Chris Carlson, and Gene Fishel
In this crossover episode of The Good Bot and Regulatory Oversight, Brett Mason, Gene Fishel, and Chris Carlson discuss the latest state laws targeting AI, especially in health care. They break down new legislation in Colorado, Utah, California, and Texas, highlighting differences in scope and enforcement. They also cover how state attorneys general are using consumer protection and anti-discrimination laws to regulate AI, even in states without AI-specific statutes.
State AG News
California Privacy Protection Agency Announces Multistate Sweep Targeting GPC Compliance
By Troutman Pepper Locke State Attorneys General Team, David Stauss, and Angelo A. Stio III
Key point: The investigative sweep is part of a growing multistate approach to privacy enforcement actions.
On September 9, the California Privacy Protection Agency (CPPA) announced that it has initiated a joint regulatory sweep in collaboration with attorneys general (AG) from California, Colorado, and Connecticut. The sweep will target businesses’ compliance with legal requirements associated with recognition of opt-out preference signals (OOPS) and universal opt-out mechanisms (UOOMs) that consumers can use to exercise their right to opt out of online tracking technologies (i.e., targeted advertising, sales, or sharing).
AG of the Week
Raúl Labrador, Idaho
Raúl Labrador serves as Idaho’s 33rd attorney general (AG), focusing on serving the people of Idaho and promoting government accountability. Labrador began his public service career in 2006 when he was elected to the Idaho Legislature, serving for four years. In 2010, he was elected to the U.S. House of Representatives, representing Idaho for eight years. During his time in Congress, Labrador chaired the House Judiciary Subcommittee on Immigration and Border Security and was a member of the House Committee on Natural Resources for eight years, contributing to legislative discussions on immigration, border security, and resource management.
Labrador holds a bachelor’s degree from Brigham Young University in Utah and a law degree from the University of Washington School of Law in Seattle. After law school, he clerked for the U.S. District Court for the District of Idaho. Prior to his congressional service, Labrador founded and managed a law firm with offices in Boise and Nampa, focusing on immigration and criminal law.
As AG, Labrador continues to emphasize transparency, legal integrity, and ensuring that Idaho’s government remains accountable to its citizens. He works to provide legal guidance to state agencies and represents Idaho in legal matters at the state and federal levels.
Idaho AG in the News:
- Labrador announced the AG offices’ legal victory in a wrongful termination lawsuit filed by a former employee.
- Labrador warned Idaho families about the danger of cryptocurrency ATM scams.
- Labrador joined the bipartisan coalition urging tech companies to stop the spread of nonconsensual intimate imagery.
Upcoming AG Events
- October: AGA | Human Trafficking Conference | Oxford, MS
- October: RAGA | Senior Staff Retreat | Kiawah Island, SC
- November: DAGA | Scottsdale Policy Conference | Scottsdale, AZ
For more on upcoming AG Events, click here.
Troutman Pepper Locke’s State Attorneys General team combines legal acumen and government experience to develop comprehensive, thoughtful strategies for clients. Our attorneys handle individual and multistate AG investigations, proactive counseling and litigation, and manage ancillary regulatory issues. Our successful approach has been recognized by Chambers USA, which ranked our practice as a leader in the industry.
Labor + Employment Workforce Watch is a guide to the employment law developments most likely to impact your business. The Troutman Pepper Locke Labor + Employment Team represents employers in the most sensitive workplace matters, enabling our clients to concentrate on their core business operations. Our team is adept at handling and managing labor and employment issues on national, international, and local levels. Recognized as a leading law firm by Chambers USA, our attorneys provide comprehensive advice on every type of employment issue a company may encounter, at every stage of the employment life cycle.
In This Issue:
Developments in AI and What Employers Should Know
By Tracey E. Diamond and Akilah F. Craig
As employers continue to grasp the benefits, uses, challenges, and risks of using artificial intelligence (AI) in the workplace, they should take note of new laws in Colorado, Illinois, and Texas that will go into effect in early 2026. This article focuses on the employment law provisions and implications of each of these laws.
Navigating OSHA’s Recent Updates: What Employers Need to Know
By Gregory S. Narsh and Moses M. Tincher
As businesses strive to maintain safe and compliant workplaces, staying informed about the latest updates from the Occupational Safety and Health Administration (OSHA) is crucial. Recent changes, effective from 2024 through 2025, carry significant implications for employers across various industries. Below are key updates that employers should consider and their potential impact on business operations.
Supreme Court Denies Retiree’s ADA Claim for Postemployment Benefits
By Richard D. Glovsky and Owen J. Peters
In a June 20, 2025, opinion, the U.S. Supreme Court affirmed the U.S. Court of Appeals for the Eleventh Circuit’s decision that a retiree could not successfully assert a discrimination claim under the Americans with Disabilities Act (ADA) due to her former employer’s change to its postemployment benefits policy. The decision is most noteworthy, not for its relatively narrow ruling, but more for the future insights it provides to employers. In other words, the Supreme Court’s decision does not foreclose the possibility that retirees who compose more precise pleadings, could properly bring discrimination claims under the ADA against their former employers.
The View From London: “New Deal for Working People” (Part 1 of 2)
Since its election in July 2024, the left-leaning UK government has taken steps toward implementing its flagship “New Deal for Working People” billed as the biggest strengthening of employment rights in a generation.
Leeper v. Shipt: Will California Hamper Arbitration in PAGA Employment Lawsuits?
By Nina Huerta and David Rutan
In Leeper v. Shipt, the California Supreme Court will revisit the ongoing question of whether, and to what extent, employees can pursue litigation in court for violation of the California Private Attorneys General Act (PAGA), Labor Code § 2698, et seq. despite signing valid and binding arbitration agreements.
The One Big Beautiful Bill: How Will It Impact Your Employees?
By Lori A. Basilico and Jina Davidovich
The One Big Beautiful Bill Act (OBBB) was signed into law on July 4, 2025. With far-ranging impacts on taxation and spending, the OBBB will have significant effects on many benefit and compensation plans. Below is a high-level summary of the OBBB’s provisions that impact executive compensation and employee benefit programs. These provisions take effect in taxable years beginning after December 31, 2025, unless otherwise noted:
The Secret Formula: How Generative AI Could Change Reverse Engineering Forever
By Evan Gibbs and Grace M. Goodheart
As generative artificial intelligence (AI) programs become more commonplace and more powerful, they in turn become more useful — and present more risks. But what can a company do if a generative AI program recreates its most closely guarded trade secret?
FTC Stakes Out Its Position on Worker Noncompetes
By Daniel N. Anziska, Barbara T. Sicalides, and Andrew Reed
Three nearly simultaneous actions of the Federal Trade Commission (FTC) confirmed its intentions with respect to employee noncompetes. In the first two related actions, the FTC indicated it will not defend its 2024 rule banning virtually all worker noncompetes and will instead focus on efforts to rein in the use of “unfair and anticompetitive” noncompetes. The FTC’s third action notified the public of its intent to accomplish its goals, at least in part, through a wide-ranging request for the public to identify employers using noncompetes, followed by targeted enforcement actions.
Recent Client Advisories
- FTC Takes Aim at Noncompete Agreements in the Health Care Sector
- Florida’s CHOICE Act Expected to Expand Employer-Friendly Non-Compete Laws on July 1
- Supreme Court Strikes Down Sixth Circuit Rule Heightening Discrimination Standard for Members of Majority Groups
In Payscale Inc. v. Norman, the Delaware Court of Chancery struck down a noncompete contained in incentive equity agreements between Payscale and a former employee, finding the noncompete unreasonable in scope. This decision is notable because the court questioned the appropriateness of broad, nationwide noncompetes outside the business sale context, where an employee receives minimal consideration from her employer in exchange for agreeing to a noncompete.
Background
Payscale sued a former sales executive, Erin Norman, and her new employer, BetterComp, to enforce restrictive covenants in two incentive equity agreements. Under these agreements, Norman received profit interest units that were nontransferable and had no value at issuance, with cancellation provisions that would be triggered upon breach of the covenants. The noncompete prohibited Norman from engaging in competitive activities anywhere in the U.S. for 18 months post-employment, covering any business conducted or proposed to be conducted by Payscale’s parent and its subsidiaries as of Norman’s departure.
Analysis
Delaware courts will not mechanically enforce noncompetes, as they are restrictive of trade. Under Delaware law, a noncompete must (i) be reasonable in geographic scope and temporal duration, (ii) advance a legitimate economic purpose of the enforcing party, and (iii) survive a balance of the equities. As part of its analysis, the court distinguished between noncompetes in the business sale context, where a buyer has paid a substantial price in exchange for the right to be free of competition from the seller, and noncompetes in the employment context, where employees typically receive minimal consideration.
According to the court, the noncompete was unreasonable in duration and geographic scope. The court concluded that the minimal consideration exchanged did not justify an 18-month, nationwide ban on Norman’s work for any company engaged in business that Payscale’s parent and its subsidiaries were conducting (or planning to conduct) when Norman left Payscale.
The court also held that the noncompete was broader than necessary to protect Payscale’s legitimate business interests. In particular, the court concluded that the noncompete, in combination with a nonsolicitation provision that was unlimited in geographic scope, would transform the noncompete into a worldwide ban on Norman’s ability to work as a salesperson in Payscale’s parent or subsidiaries’ lines of business, even though Payscale only serves customers in the U.S.
The court also held that the noncompete was impermissibly vague, as it applied broadly to Payscale’s parent and subsidiaries, but failed to describe the lines of business in which these entities operate. The court similarly noted that the noncompete prohibited Norman from working in the same line of business as Payscale’s parent — managing investments — even though Norman, a sales executive, had no specialized knowledge regarding this line of business. Although the incentive equity agreements contained two limitations on the scope of the noncompete, the court held that these carve-outs did little to restrict the noncompete’s scope, and thus, the noncompete was still broader than necessary to protect Payscale’s legitimate business interests. Consistent with other recent Delaware Court of Chancery decisions, the court declined to blue-pencil the noncompete.
Takeaways
This case demonstrates that employers should carefully limit the scope of noncompetition provisions contained in employee equity agreements or other similar contracts. In the employment context, the Delaware Court of Chancery is reluctant to enforce nationwide noncompetes, particularly where the consideration the employee receives is minimal, illusory, or subject to forfeiture upon breach. Employers should also be sure to specify the lines of business covered by the noncompete, ensure that other restrictive covenant provisions do not broaden the noncompete’s scope, and tailor the noncompete to only cover lines of business of which the employee has specialized knowledge. In sum, this decision underscores the importance of careful drafting and structuring of restrictive covenants in employment and equity agreements, particularly outside the business sale context.
As generative artificial intelligence (AI) programs become more commonplace and more powerful, they in turn become more useful — and present more risks. But what can a company do if a generative AI program recreates its most closely guarded trade secret?
Fortunately, judges are showing signs of readily adapting to this new landscape, and recent judicial decisions are shedding some light on how trade secrets can be protected in the age of AI. The few courts that have addressed this specific issue to date have largely been able to fit the issues into the framework provided by existing law.
When it comes to trade secrets, the applicable law is the federal Defend Trade Secrets Act (DTSA), along with similar state laws. (For simplicity’s sake, we’ll refer to analogous federal and state trade secret laws as “the DTSA.) Under the DTSA, a trade secret is generally a piece or compilation of information which has independent economic value because it is kept secret from others, particularly competitors. The DTSA protects trade secrets from unlawful misappropriation, which means using improper means to acquire a trade secret or using a trade secret with knowledge (or a reason to know) that it was improperly acquired.
Generally, reverse engineering — the process of lawfully purchasing a product, taking it apart, and figuring out how to reconstruct it — is not a violation of the DTSA. See18 U.S.C. § 1839 ([T]he term ‘improper means’ [under the DTSA]…does not include reverse engineering…). However, if that process is taken over by a generative AI program, directed by a person who uses targeted prompts to attempt to recreate a trade secret, the conduct may cross the line from reconstruction into misappropriation.
One recent case in the U.S. Court of Appeals for the Eleventh Circuit demonstrates that use of a computer program to process inhuman amounts of data can constitute an improper taking of trade secrets, even if the method used to gather the data is generally lawful. In Compulife Software, Inc. v. Newman et al., the plaintiff’s trade secret was a database of insurance quotes. The plaintiff’s website was public and allowed individuals to pull insurance quotes from its database, but the plaintiff guarded the structure of the database and restricted access to the full database. The Eleventh Circuit found that the defendants used a “scraping” program (a type of lawful program used to gather information for targeted advertising, journalism, and other purposes) to carry out a targeted attack on the database. The scraping program successfully scraped millions of proprietary insurance quotes from the plaintiff’s trade secret database. Although the defendants did not take the entire trade secret, they gained access to enough of the database to harm the plaintiff’s business. The Eleventh Circuit determined that the defendants wrongfully acquired the plaintiff’s trade secrets by using the “scraping” program to gather inhuman amounts of data.
Another case currently pending in the U.S. District Court for the District of Massachusetts, OpenEvidence, Inc. v. Pathway Medical, Inc. and Louis Mullie, illustrates how a bad actor might use a generative AI program to reconstruct a competitor’s proprietary technology and trade secrets. In that case, the target of the alleged attack was the generative AI program itself. The defendants allegedly used false credentials to log in to the plaintiff’s AI platform, then used targeted prompts to bypass the restrictions placed on the generative AI and convince it to disclose the instructions and algorithms which formed the basis of its functions. In that way, the defendants allegedly sought to reconstruct the generative AI program itself and create their own, competitive program. Although the court has not yet substantively addressed the allegations, the case is an excellent example of how generative AI could be used to discover sensitive or trade secret information.
Extrapolating from these cases, it is easy to see how generative AI models may pose a risk to trade secrets. Generative AI models are typically trained on vast amounts of publicly available data, which may be gathered using processes similar to “scraping.” Each time a user inputs a prompt or uploads a file for the program to analyze, additional data is added to the generative AI program for its later use. And although generative AI models typically create new outputs, rather than regurgitating the data inputs, a bad actor crafting the right prompts may be able to recreate some of that training data, including trade secrets.
These risks exist even if the generative AI model has never actually “seen” the underlying trade secret. Commentators believe that generative AI models may be able to find patterns in vast libraries of input data and identify correlations that humans may not readily see, allowing the generative AI program to reconstruct a competitor’s product or trade secret simply by having greater access to information, and more processing power, than any human. In that case — and assuming that the human user of the AI was not acting improperly — it is possible that a court would find that the trade secret was lawfully reverse engineered by the generative AI. Another complicating factor in these types of analyses is that it is often difficult (or impossible) to ascertain what information was used to train a generative AI model, and that process itself can be a trade secret.
Although there are few cases yet addressing these issues, the DTSA is flexible enough to adapt to new technologies and new methods of misappropriation. We expect that as these cases come before the courts, the contours of the law will shift to account for these new challenges.
Companies with protectable trade secrets should continue to take reasonable precautions to safeguard those trade secrets from disclosure or use. In the age of generative AI, those safeguards should include instructing and training employees not to input trade secret or sensitive information or documents into a public AI tool, and may also require updates to nondisclosure or confidentiality agreements in order to prevent former employees from recreating trade secrets through targeted prompts to a generative AI program.
In a June 20, 2025, opinion, the U.S. Supreme Court affirmed the U.S. Court of Appeals for the Eleventh Circuit’s decision that a retiree could not successfully assert a discrimination claim under the Americans with Disabilities Act (ADA) due to her former employer’s change to its postemployment benefits policy. The decision is most noteworthy, not for its relatively narrow ruling, but more for the future insights it provides to employers. In other words, the Supreme Court’s decision does not foreclose the possibility that retirees who compose more precise pleadings, could properly bring discrimination claims under the ADA against their former employers.
Background
Plaintiff Karyn Stanley worked as a firefighter for the city of Sanford, FL, from 1999 to 2018. In 2003, Sanford revised its health insurance policy to provide only 24 months of postemployment benefits for disabled employees who retired with fewer than 25 years of service. Previously, its policy provided health insurance until age 65 for employees who retired early due to a disability. Stanley asserted she became disabled while employed, and contended that she was entitled to the more generous benefits provided in the previous policy. However, Sanford disagreed with Stanley’s interpretation, and Stanley filed suit in a Florida federal district court. The district court dismissed the claim, determining that Stanley was not a qualified individual under the ADA because her complaint acknowledged that the discrimination had occurred after she retired. The Eleventh Circuit affirmed that decision. Stanley appealed that decision to the Supreme Court, where, as in the lower courts, Stanley contended that Sanford violated the ADA by awarding her only the lesser benefits of its new policy.
Holding
Writing for the majority, Justice Neil Gorsuch opined that the ADA’s definition of “qualified individual” as someone “who, with or without reasonable accommodation, can perform the essential functions of the employment position that [she] holds or desires” did not apply to Stanley because she is a retiree. The majority reached this conclusion primarily because the ADA defined the term “qualified individual” in the present tense, meaning that it applies only to current employees and applicants for employment. Accordingly, the Supreme Court ruled that Stanley was not a qualified individual under the ADA and could not assert a claim for the allegedly discriminatory administration of Sanford’s postemployment benefits program.
Potential Claims by Other Retiree Plaintiffs
Despite ruling for Sanford, the Stanley decision does not eliminate retirees’ rights to assert ADA claims against their former employers. In that regard, Justice Gorsuch charted several avenues for disabled retirees to successfully pursue ADA claims in the future, notwithstanding his opinion on behalf of the majority. For example, Justice Gorsuch indicated that retirees could potentially still pursue ADA claims by more precisely pleading that they were disabled at the time their employer implemented a discriminatory postemployment benefits policy. Justice Gorsuch also suggested that a retiree who more specifically describes the nature of their disability may be able to successfully still pursue an ADA claim, in contrast to Stanley, who failed to specify her disability, Parkinson’s disease, in her complaint. A dissent from Justice Ketanji Brown Jackson and partial dissent from Justice Sonia Sotomayor bolstered these possibilities, as both justices stressed their view that retirees can and do satisfy the ADA’s qualified individual definition.
In light of the Stanley decision, when making changes to a benefits plan that could affect former employees and retirees, employers should consider the risk of claims left open by Justice Gorsuch’s opinion.
As businesses strive to maintain safe and compliant workplaces, staying informed about the latest updates from the Occupational Safety and Health Administration (OSHA) is crucial. Recent changes, effective from 2024 through 2025, carry significant implications for employers across various industries. Below are key updates that employers should consider and their potential impact on business operations.
Introduction to OSHA
OSHA, a federal agency under the U.S. Department of Labor, is dedicated to ensuring safe and healthy working conditions for employees by setting and enforcing standards. Through inspections and investigations, OSHA ensures compliance with workplace safety regulations, addressing issues such as hazard prevention and safety training. Additionally, OSHA manages whistleblower cases, protecting employees who report violations or unsafe practices from retaliation. OSHA’s mandate is to advocate for employee safety and rights, often viewing circumstances from the perspective of the workers to ensure their protection and well-being in the workplace.
Increased Penalties for Safety Violations
OSHA increases its maximum penalties for violations in mid-January each year. The increase is based on an inflation-based factor. Effective January 15, 2025, OSHA increased its maximum penalties for serious and “other-than-serious” violations to a maximum penalty of $16,550 per violation, while willful or repeated violations can result in fines up to $165,514 per violation. OSHA’s firmer stance on both the imposition of penalties and not backing away in penalty negotiations underscores the importance of compliance.
Revised Penalty Guidelines for Small Businesses
Effective July 14, 2025, businesses with up to 25 employees can benefit from a 70% penalty reduction, previously reserved for those with 10 or fewer employees. Additionally, a new 15% reduction is available for employers that promptly address identified hazards, encouraging swift corrective actions. A 20% reduction is available to employers that either (1) have never been inspected by federal OSHA or a state plan, or (2) have been inspected within the past five years without receiving serious, willful, repeat, or failure-to-abate violations.
Personal Protective Equipment (PPE) for Construction
A new rule, effective January 13, 2025, mandates that employers ensure PPE “fit[s] properly” for each construction worker, regardless of their body size or type. Depending on circumstances, PPE in the construction industry may include hard hats, gloves, goggles, safety shoes, safety glasses, welding helmets, hearing protection devices, respirators, coveralls, vests, harnesses, and full body suits. This change aims to provide better protection by requiring correctly sized and adjusted gear, emphasizing the importance of personalized safety equipment. While specific to the construction industry, OSHA seeks to apply the “properly fit” standard across all industries. Notably, even when employees provide their own PPE, employers must check for proper fit under this new rule.
Proposed Heat Illness Prevention Standard
In August 2024, OSHA proposed a rule to address heat hazards in both indoor and outdoor work environments. If enacted, this rule could require employers to provide water, rest breaks, and shade in high-heat conditions, along with developing heat illness prevention plans. This proposal highlights OSHA’s commitment to safeguarding workers against heat-related illnesses and could result in additional whistleblower and safety violation claims concerning heat-related illness. Employers are encouraged to develop comprehensive heat illness prevention plans tailored to their specific work environments, which may include training programs to educate employees on recognizing symptoms of heat-related illnesses. Currently, individuals may participate in a notice-and-comment period until September 30, 2025.
Updated Inspection Programs
In May 2025, OSHA updated its Site-Specific Targeting (SST) program, the primary planned inspection program for non-construction establishments with 20 or more employees. Under this program, OSHA focuses inspections on high-risk, non-construction workplaces using recent injury and illness data from 2021 to2023. This targeted approach aims to identify establishments with the highest rates of workplace injuries.
OSHA has also increased efforts to support voluntary compliance through its On-Site Consultation Program. This free and confidential service helps small and medium-sized businesses identify and rectify workplace hazards, improve safety and health management systems, and comply with OSHA standards. Separate from OSHA’s enforcement activities, this program does not result in penalties or citations. Instead, it offers expert advice and assistance from state-run consultation agencies, focusing on preventing workplace injuries and illnesses. Employers can benefit from tailored recommendations and solutions to enhance their safety practices, fostering a safer work environment. Participation in the program can lead to recognition through OSHA’s Safety and Health Achievement Recognition Program (SHARP), which acknowledges exemplary safety and health management systems.
Conclusion
These updates reflect OSHA’s ongoing efforts to enhance workplace safety and streamline regulatory processes. Employers should review these changes carefully and consider consulting with legal experts to ensure compliance and optimize safety strategies.
As employers continue to grasp the benefits, uses, challenges, and risks of using artificial intelligence (AI) in the workplace, they should take note of new laws in Colorado, Illinois, and Texas that will go into effect in early 2026. This article focuses on the employment law provisions and implications of each of these laws.
Colorado
The Colorado Artificial Intelligence Act (CAIA), which will become effective June 30, 2026, is widely considered to be the most groundbreaking and comprehensive legislation in the U.S. regarding the development and use of AI. The firm previously issued a client alert providing a detailed analysis of the CAIA’s requirements, which differ depending on whether an entity is a developer or deployer of an AI system. Most employers likely fall under the “deployer” or user category, and, therefore, should pay particular attention to those requirements.
Employers are subject to the CAIA when they deploy an AI system that makes, or is a substantial factor in making “a decision that has a material legal or similarly significant effect on the provision or denial … of employment or employment opportunities.” The CAIA defines “consumers” broadly to include any resident of Colorado. Therefore, the law’s protections likely will apply to both job applicants and employees who are Colorado residents. Virtually all employers that do business in Colorado—which potentially may include employing Colorado residents and/or considering job applicants who reside in Colorado—and utilize AI systems in employment decisions are thus required to comply with the CAIA (although the law excludes small employers with fewer than 50 employees and whose data is not used to train the AI system).
Covered employers are required to use reasonable care to protect Colorado residents from the known or foreseeable risk of “algorithmic discrimination.” Algorithmic discrimination is any condition in which the use of an AI system results in “an unlawful differential treatment or impact against an individual or group of individuals” on the basis of actual or perceived age, color, disability, ethnicity, genetic information, limited proficiency in the English language, national origin, race, religion, reproductive health, sex, veteran status, or other classifications protected under Colorado or federal law.
There is a rebuttable presumption that an employer that implements a CAIA-compliant risk management policy and program to govern the deployment of AI systems used reasonable care to avoid algorithmic discrimination. To benefit from the rebuttable presumption, the risk management policy must specify and incorporate the principles, processes, and personnel that the employer uses to identify, document, and mitigate known or reasonably foreseeable risks of algorithmic discrimination. The risk management policy and program also must be reviewed and updated throughout the life cycle of the AI system.
To comply with the CAIA, employers are also required to: conduct impact assessments annually and within 90 days after any intentional and substantial modification to the AI system; provide notice to individuals when the company deploys an AI system to make, or to be a substantial factor in making, employment decisions; and notify the Colorado attorney general (AG) if the company determines the AI system caused algorithmic discrimination, within 90 days of such discovery.
The law does not appear to create a private right of action and is subject to enforcement by the Colorado AG. However, violations of the CAIA constitute an unfair or deceptive trade practice under Colorado’s consumer protection law, which allows for civil actions. Thus, further guidance is needed on whether employees and job applicants can assert a claim against an employer for violations of the CAIA.
Although almost 18 months have passed since the CAIA was signed into law, changes remain likely based on recommendations from Colorado’s Artificial Intelligence Impact Task Force. However, given its impending effective date, employers in Colorado should review their systems and processes to determine whether, and to what extent, AI is used in employment decision-making. Once an employer determines it is covered by the CAIA, it should begin preparing the initial impact assessment, as well as the notices to be provided to individuals regarding the company’s use of AI in employment decision-making, to ensure readiness when the law goes into effect.
Employers outside of Colorado should take note of the CAIA’s requirements, as we anticipate that other states will follow the same model in enacting their own AI laws in the future.
Illinois
On January 1, 2026, an amendment to the Illinois Human Rights Act (IHRA) will go into effect, regulating employers’ use of AI in recruitment, hiring, promotion, renewal of employment, selection for training or apprenticeship, discharge, discipline, tenure, and the terms, privileges, or conditions of employment. The law classifies an employer’s use of AI as a civil rights violation if such use has the effect of subjecting employees to discrimination on the basis of membership in a protected class or if zip codes are used as a proxy for protected classes. It is also a civil rights violation for an employer to fail to provide notice to employees of the employer’s use of AI in employment decision-making.
The enforcement and remedies provisions of the IHRA apply to the amendment. As such, the Illinois Department of Human Rights and the Illinois Human Rights Commission enforce the amendment, and employees may file a charge of discrimination against employers for violations.
Texas
On January 1, 2026, the Texas Responsible AI Governance Act (RAIGA) will take effect. Similar to Colorado’s AI law, the RAIGA regulates both the development and deployment of AI.
The RAIGA prohibits employers from using AI with the intent to unlawfully discriminate against a protected class in violation of Texas or federal law. For purposes of the RAIGA, “protected class” means “a group or class of persons with a characteristic, quality, belief, or status protected from discrimination by state or federal civil rights laws, and includes race, color, national origin, sex, age, religion, or disability.” Importantly, the law specifically states that if the use of AI has a disparate impact, this alone is insufficient to show an intent to discriminate. The law does not create a private right of action, and except where such authority has been designated to another state agency, the Texas AG has exclusive authority to enforce its provisions.
Although employers were likely already prohibited from circumventing anti-discrimination laws by using AI to make employment decisions, the Illinois and Texas legislators have removed any doubt that discrimination in employment through AI tools is unlawful. Training provided to employees in decision-making roles should address AI tools to ensure compliance with anti-discrimination laws in both human and technology-assisted employment decisions. To the extent an employer relies on third parties to develop its AI systems, the employer should work closely with the AI vendor to understand how the systems work and manage implementation in employment decision-making to minimize legal risks.
Teams private channels enable collaboration among a subset of a team’s members. While posts and messages exchanged on most Teams channels have historically been stored in the Exchange Online mailbox associated with the team, private channel communications have been stored in the Exchange Online mailboxes of all members of the private channel. See eDiscovery (Premium) workflow for content in Microsoft Teams. As early as September 20, this will change. Once Microsoft rolls out this change to your tenant, Teams private channel messages will be stored in the group mailbox associated with the team in question.
| Teams Message Category | Current Message Storage | Message Storage On/After September 20 |
| 1:1 and Group Chats | Exchange Online mailboxes of all chat participants | |
| Standard Channels | Exchange Online mailbox associated with parent team | |
| Shared Channels | Group mailbox associated with shared channel1 | |
| Private Channels | Exchange Online mailboxes of all private channel members | Group mailbox associated with private channel1 |
1 To preserve or search for messages sent in a shared channel (or in a private channel after this change), specify the Exchange Online mailbox for the parent team.
TIMELINE
The transition is expected to start by September 20. Organizations may experience the change at any point between September 20 and mid-December.
IMPACT
eDiscovery
- For existing Purview eDiscovery holds scoped to capture Teams private channel messages stored within one or more private channel participants’ mailboxes, consider rescoping the holds to also include the corresponding team group mailbox before September 20 to preserve new private channel messages.
- For new Purview eDiscovery holds and Purview eDiscovery searches that implicate private channel content and span a date range that straddles this backend storage change, include both the private channel participants’ mailboxes and the corresponding team group mailbox within the scope of the hold and/or search to ensure all intended content is preserved and/or identified.
Data Lifecycle Management
- It will no longer be possible to create new private channel-specific retention or deletion policies in Purview’s Data Lifecycle Management module. Instead, “Teams channel message” policies will also include private channel messages.
- Review all current retention policies designed to govern the retention or disposition of Teams messages, and consider appropriate policy revisions to ensure consistent future treatment of private channel messages.
* * *
We know these changes can be disruptive to your workflows and are available to help support your assessment and mitigation efforts. If you have any questions or need assistance, please reach out to eMerge Information Governance.
Troutman Pepper Locke attorneys Alan Clement, Judy O’Grady, and Andy Zappia recently authored the Bloomberg Law article “RFK Jr.’s Drug Advertising Crackdown Will Face Legal Hurdles,” in which they discuss how the current administration’s efforts to curb direct-to-consumer pharma advertising may encounter legal challenges.
Patent litigation is a complex and strategic endeavor, requiring thorough preparation and careful consideration. Before proceeding with a lawsuit, patent owners should evaluate several critical factors to refine their strategy and increase their likelihood of success. Here are 10 essential considerations:
1. Understand Your Patent Portfolio
Begin by thoroughly assessing what you own. A comprehensive review of your patent portfolio will help you understand the scope and value of your patents. Consider the breadth of your claims and the remaining lifespan of your patents. Understanding the scope of your patents is crucial, as it determines the extent of protection and possible recovery. For example, are there open continuations that could allow you to adjust your claims if necessary? The ability to redraft claims allows you to expand the patent’s scope to include possible variations of target product designs, limiting infringers’ ability to escape liability, and allows you to limit the scope to avoid potential invalidity challenges.
Furthermore, an extensive patent portfolio comprising several patents or patent families provides flexibility to assert a wider variety of claims. This flexibility creates a strategic advantage during litigation by safeguarding your lawsuit against failure due to the loss of any single claim from an invalidity finding or a voluntary withdrawal for other strategic reasons.
2. Evaluate Patent Validity and Enforceability
Ensure your patents are valid and enforceable. This includes checking maintenance fees and expiration dates. Additionally, patent owners should analyze the history of assignments as well as any licenses to determine who else might have rights in the patent. A patent is not enforceable against a party who already has a right to use the patented subject matter. A patent owner can also conduct a prior art search to assess the strength of its patents and identify any invalidity weaknesses, such as closely related prior art.
Verify that your products are appropriately marked according to the marking statute.[1] Under the marking statute, a patent owner can only begin collecting damages for a patented article after appropriate notice, such as affixing the patented material with the appropriate patent number. This, however, does not apply if there are no products to mark,[2] such as where you do not manufacture a product, your own products do not practice the patent, or you plan to assert only method claims.[3]
3. Identify the Proper Defendants
Determine who infringes on your patents and the total universe of parties you could capture in litigation. Analyze the corporate structure of your target, including parent or child companies, and consider upstream or downstream parties like manufacturers, suppliers, and distributors. Understanding the full scope of potential infringers can help you strategize effectively and maximize the impact of your litigation.
4. Assess the Threat of Countersuit
Investigate whether the anticipated defendants have patents of their own or are part of a patent pool. Consider whether there are any products of yours the defendants might allege infringement against. Understanding the potential for a countersuit is crucial, as it can significantly impact your litigation strategy and outcomes.
5. Choose the Right Venue
Decide whether to file in the U.S. International Trade Commission (ITC or Commission), a district court, or both. The ITC is an administrative law court and a popular venue for efficient patent litigation. The ITC’s statutory mandate to issue a finding within 18 months of filing and ability to award an injunction on importing foreign infringing products can provide a critical advantage. However, the ITC cannot award monetary damages. Therefore, patent litigants often file simultaneous lawsuits in district court and the ITC for the opportunity to secure both a prospective exclusion order from the Commission and past monetary damages from the district court.
Consider that the ITC requires complainants (plaintiffs) to prove they have a “domestic industry.” To meet the domestic industry requirement, complainants must prove they have made (A) significant investment in plant and equipment; (B) significant employment of labor or capital; or (C) substantial investment in its exploitation, including engineering, research and development, or licensing.[4] Additionally, complainants must show the investments are directed to products or services within the U.S. that practice at least one claim of the asserted patents. Domestic industry must be properly pleaded in the complaint, and the Commission may order a 100-day proceeding on the issue.[5] Thus, you should determine the strength of your domestic industry claims before filing suit.[6]
For the district court, consider factors like the defendant’s state of incorporation, principal place of business, and physical locations. Research the related court’s familiarity with patent cases and review local patent rules, which may be favorable for your goals. Some district courts are unfamiliar with patent cases, so it is essential to choose a venue that aligns with your litigation strategy. Additional considerations could include patentee win rate and venue transfer rate.
6. Gather Evidence
Start collecting evidence early. This could include researching the related technologies. Does the target company advertise the alleged products or features on their website? Have they published articles on the subject matter? Sometimes preparing for patent infringement allegations requires purchasing and inspecting products in the market.
Contact the named inventors on the patents. Named inventors may have intimate knowledge of the relevant technology, related products, and distinctions over the prior art. They will also likely become involved during the course of the litigation, including depositions. Your current or past relationships with the named inventors could become a critical point during litigation.
Build out claim charts to assess the strength of your infringement claims. Gathering robust evidence is critical to substantiating your claims and strengthening your case. An experienced law firm can help you in this process.
7. Consider Costs
Litigation can be expensive. Factor in costs for technical and damages experts, filing fees, and legal fees. Decide whether to opt for hourly or alternative fee structures, including contingency fees and fees per milestone. Understanding the financial implications of litigation is essential for budgeting and ensuring you have the resources to see the case through to completion.
Weigh the potential litigation costs against impacts to the business. While litigation can be expensive, allowing infringers to continue unchecked could be much more costly when considering lost sales, market share, and future opportunities.
8. Define Your Goals
Clarify what you want to achieve from the lawsuit. Are you seeking a lump-sum payment, a running royalty, a license agreement, or an injunction? Consider the remaining years on your patent and whether you want to license the technology, especially if it is related to your core assets. Defining clear goals will guide your litigation strategy and help you measure success.
9. Plan Your Timeline
Understand the timeline for litigation. District court cases will likely take more than two years, while ITC investigations are quicker, lasting fewer than 18 months. Consider how willing you are to settle prior to a resolution at trial or appeal. Weigh the time versus money impact on your business. Planning your timeline is crucial for managing expectations and aligning litigation with business objectives.
10. Prepare for Potential Disruptions to the Business
Litigation will likely require input from designers, inventors, and management. Depending on the technology, engineers and developers may have to take time to explain the complexities of the technology to your attorneys as well as the history of development – especially in the early stages. Your employees are the best source of this information and can be invaluable for the patent litigation process. Consider that the opposing party may want your employees to give deposition testimony during discovery.
Be prepared for document production. Establish a litigation-related document retention protocol and be ready to produce internal documents to opposing counsel during the discovery process. Discovery will be subject to a court-issued protective order governing the handling of confidential business information. Preparing for the business impacts of litigation readies your organization to support the legal process without disrupting operations.
In conclusion, by carefully considering these factors, patent owners can strategically plan their litigation approach, minimizing risks and maximizing potential rewards. A well-prepared lawsuit can protect your intellectual property and strengthen your competitive position in the market.
[1] Under 35 U.S.C. § 287 (“the marking statute”), patentees must provide prior public notice to recover damages in any infringement action for patented articles. Typically, a patentee satisfies the marking statute by fixing the word “patent” and the number of the related patent or patents onto the patented article.
[2] Texas Digital Sys., Inc. v. Telegenix, Inc., 308 F.3d 1193, 1220 (Fed. Cir. 2002).
[3] Crown Packaging Tech., Inc. v. Rexam Beverage Can Co., 559 F.3d 1308, 1316-17 (Fed. Cir. 2009); Am. Med. Sys., Inc. v. Med. Eng’g Corp., 6 F.3d 1523, 1538 (Fed. Cir. 1993).
[4] Lashify, Inc. v. International Trade Commission, 130 F.4th 948, 955 (Fed. Cir. 2025).
[5] https://www.usitc.gov/press_room/featured_news/pilot_program_will_test_early_disposition_certain.htm
[6] For additional information on pursuing litigation at the ITC, please see the article “The Top Five Challenges of Pursuing Litigation at the ITC.”