Virtual & Digital Health Digest
This digest covers key virtual and digital health regulatory and public policy developments during May and early June 2026 from the United States, United Kingdom, and European Union.
In this issue, you will find the following:
U.S. News
- Health Care Fraud and Abuse Updates
- Privacy and Artificial Intelligence (AI) Updates
- Policy Updates
- FDA Updates
U.S. Featured Content
This month’s June Digest includes the sentencing of three defendants in a telemedicine fraud scheme involving more than $1.97 billion in fraudulent prescriptions and $758 million paid by private insurers; a $62,500 False Claims Act settlement with Illinois physician Dr. Alexandria Williams related to allegedly medically unnecessary durable medical equipment (DME) orders; and the conviction of HealthSplash founder Brett Blackman for his role in the DMERx platform and a Medicare fraud scheme involving more than $1 billion billed and over $450 million paid. This Digest also covers the House Energy and Commerce Subcommittee’s June 3, 2026 hearing on the proposed Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (SECURE Data Act) and related debate over federal privacy standards and state law preemption, as well as Mayo Clinic and Microsoft’s collaboration to develop a frontier AI model for clinical use. Federal policy developments include congressional resolutions seeking disapproval of the Centers for Medicare & Medicaid Services’ (CMS) Wasteful and Inappropriate Service Reduction (WISeR) model for artificial intelligence (AI)-enabled prior authorization, CMS’ planned “Gold Card” approach for high-performing providers, the White House Executive Order on advanced AI innovation and cybersecurity, and the Great American AI Act discussion draft, which would establish federal AI standards infrastructure, impose risk framework and audit obligations on large frontier model developers, and temporarily preempt certain state AI laws.
EU and UK News
EU/UK Featured Content
May 2026 saw continued momentum across the European Union (EU) and United Kingdom (UK) toward modernizing and streamlining the regulatory landscape for digital health, with a particular focus on accommodating AI-enabled technologies while reducing unnecessary complexity. A central development was the provisional agreement on the Digital Omnibus package, which seeks to simplify the application of the EU AI Act by clarifying overlaps with sector-specific legislation, deferring key obligations, and introducing more proportionate requirements.
In parallel, regulators on both sides of the Channel are advancing reforms to ensure that medical device frameworks remain fit for purpose in an increasingly software-driven and data-centric environment. In the EU, the activation of key European Database on Medical Devices (EUDAMED) modules marks a major step toward enhanced transparency and traceability, while ongoing discussions on the Medical Devices Regulation 2017/745 (MDR)/In Vitro Diagnostic Regulation 2017/746 (IVDR) revisions highlight a strong policy drive toward simplification and better integration of AI. In the UK, the Medicines and Healthcare products Regulatory Agency’s (MHRA) proposed pre-market reforms and broader thinking on AI regulation signal a shift toward more flexible, lifecycle-based oversight, with greater emphasis on post-market monitoring and innovation support.
Data governance and cybersecurity also remain high on the agenda. Industry and regulators alike are emphasizing the need for coherent, proportionate frameworks that avoid duplication while enabling innovation, particularly in light of expanding AI use cases and global supply chains. Together, these developments reflect a broader trend toward risk-based, innovation-friendly regulation, coupled with increasing expectations around transparency, accountability, and data protection in digital health.
U.S. News
Health Care Fraud And Abuse Updates
Three Members of International Criminal Organization Sentenced for Telemedicine Health Care Fraud Scheme. On May 19, 2026, three defendants were sentenced for their role in a telemedicine fraud scheme. Between 2017 and 2022, the defendants allegedly operated domestic and international call centers that contacted patients enrolled with private insurers and offered them medications at no cost and without any medical evaluation. Regardless of whether beneficiaries agreed to receive medication, the defendants allegedly generated fraudulent prescriptions in their names. Allegedly, the defendants also recruited physicians purportedly to review prescriptions following telemedicine visits, but in most cases no such visits ever occurred. Prescriptions were generated under those physicians’ names and provider identification numbers without their knowledge, and many beneficiaries never actually received the medications. As a result, the defendants submitted over $1.97 billion in fraudulent prescriptions, of which private insurers paid $758 million.
Illinois Doctor Agrees to Pay $62,500 to Resolve False Medicare Claims Allegations. On May 19, 2026, an Illinois-based physician, Dr. Alexandria Williams, agreed to pay $62,500 to resolve civil allegations that she caused the submission of false Medicare claims for medically unnecessary DME. The government alleged that Dr. Williams signed pre-populated DME orders generated from telemarketing calls to Medicare beneficiaries. Those orders allegedly contained false certifications, including that she had evaluated the patient, discussed orthotic use, and provided follow-up care instructions, none of which occurred. She allegedly received payment per signed order through a telemedicine company whose owner had previously pleaded guilty to his role in the scheme.
Federal Jury Convicts Health Care Software CEO in $1 Billion Medicare Fraud Scheme. On May 14, 2026, a federal jury convicted Brett Blackman, founder and owner of HealthSplash, for his role in operating DMERx, a platform that generated false physicians’ orders and prescriptions for Medicare and other federal health care benefit program reimbursements. The scheme allegedly involved aggressively targeting hundreds of thousands of Medicare beneficiaries, typically through foreign call centers and mass mailers, to accept medically unnecessary orthotic braces and other items. Telemedicine physicians were then paid illegal kickbacks to sign false prescription orders, in some cases without any patient interaction. Fraudulent orders falsely represented that the physician had examined the patient and performed in-person tests.
In total, the scheme billed Medicare and other federal health care programs over $1 billion, of which Medicare and other insurers paid more than $450 million. We previously discussed the conviction of Blackman’s co-conspirator in our June 2025 Digest.
Privacy and AI Updates
House Subcommittee Debates Proposed Federal Privacy Legislation. On June 3, 2026, a Subcommittee of the House Energy and Commerce Committee held a hearing on the proposed SECURE Data Act, which was introduced in April and would establish national data privacy and security standards that would preempt any related state laws. At the hearing, Republican members of the subcommittee, as well as Ashli Watts, President and CEO of the Kentucky Chamber of Commerce, voiced strong support for the bill, emphasizing that it incorporates the fundamental elements of almost all of the more than 20 state privacy laws that have been enacted in the past decade while creating uniform standards for businesses nationwide. The bill drew sharp criticism from committee Democrats, however, and from Caitriona Fitzgerald, Deputy Director and Policy Director at the Electronic Privacy Information Center, who testified that the technology industry was pressing for enactment of the bill as a means to preempt the states from “doing anything for all of time on privacy.” Her testimony echoed statements made in a letter sent the day of the hearing to both House and Senate leaders from the Attorneys General of 18 states. Although the SECURE Data Act will likely advance to a markup, its path ahead will not be smooth.
Mayo Clinic and Microsoft Announce AI Collaboration. Also on June 2, 2026, the Mayo Clinic and Microsoft announced that they have formed a strategic collaboration to develop and deploy a frontier AI model for use in health care. According to the announcement, the model will be designed to synthesize diverse clinical data in order to facilitate earlier diagnoses, more personalized treatment decisions, and better patient outcomes. It will initially be deployed within Mayo Clinic’s clinical environment, where it can be periodically tested, refined, and improved through real-world use. The Mayo Clinic will maintain ownership of the model, and Microsoft will make it globally available through Azure Foundry APIs.
Policy Updates
On May 19, 2026, a group of 20 Senate Democrats, led by Sen. Ron Wyden (D-OR), introduced a joint resolution (S.J.Res. 192) that would provide for congressional disapproval of the rule submitted to the CMS related to the implementation of AI-enabled prior authorization for select services under the WISeR model. Reps. Greg Landsman (D-OH) and Suzan DelBene (D-WA) introduced an identical joint resolution (H.J.Res. 187) in the House.
- The introduction of the resolutions follows the Government Accountability Office’s (GAO) recent determination that the WISeR model should be subject to the rulemaking requirements of the Congressional Review Act (CRA). Under the CRA, a joint resolution of disapproval passed by both chambers of Congress and signed by the president will invalidate a final rule issued by a federal agency. The enactment of a joint resolution of disapproval also prevents the reissuing of any rule that is “substantially the same in nature.”
- CMS Administrator Mehmet Oz shared that CMS plans to implement a “Gold Card” program for WISeR as soon as mid-year, which will exempt “high performing” providers from review under the program.
On June 2, 2026, the White House released its delayed Executive Order (EO), “Promoting Advanced Artificial Intelligence Innovation and Security,” to address AI cybersecurity threats. The finalized EO is a scaled-back version of the draft circulated in late May. The EO would seek to improve cybersecurity and secure critical systems across the government. Additionally, the order asks AI companies to enter their frontier models into a voluntary government review program 30 days prior to public release. The previous version of the order asked developers to submit 90 days prior to release.
On June 3, 2026, OpenAI CEO Sam Altman met with congressional leaders, including Speaker Mike Johnson (R-LA), to discuss OpenAI’s new policy blueprint and a new discussion draft of the Great American AI Act (GAAIA, section-by-section, FAQs) released by Reps. Jay Obernolte (R-CA) and Lori Trahan (D-MA). The 269-page bill is a comprehensive AI legislative framework and includes new guardrails for AI developers and would preempt state AI laws related to AI development for three years. The new safety provisions include the creation of the Center for AI Standards and Innovation (CAISI) at the U.S. Department of Commerce to set voluntary standards, develop evaluation tools, monitor AI progress, and run an accreditation system for Independent Verification Organizations (IVOs). It would also require large frontier model developers with revenue greater than $500 million to publish frameworks outlining their risk mitigation plans for their models and submit to compliance audits from the IVOs accredited by CAISI. Notably, the audit requirement would also expire in three years.
FDA Updates
FDA Extends Comment Period for AI-Enabled Early-Phase Clinical Trials Pilot RFI
FDA has extended the comment period for its Request for Information (RFI) on a proposed AI-Enabled Optimization of Early-Phase Clinical Trials Pilot Program. Comments are now due June 29, 2026, 30 days after the original May 29 deadline. The RFI seeks input on how AI-enabled technologies could improve efficiency, safety monitoring, dose selection, adaptive trial design, biomarker assessment, patient recruitment and stratification, endpoint validation, and early Phase 1-to-Phase 2 go/no-go decision-making in early-phase clinical trials. FDA describes early-phase trials as a bottleneck in drug development due to uncertainty around dosing, safety, and efficacy; limited patient populations; inefficient progression decisions; long timelines; and significant resource demands. The proposed pilot would involve sponsors pursuing early-phase trials through applications submitted to CDER, CBER, and the Oncology Center of Excellence, and would be coordinated by the Deputy Chief Medical Officer within the Office of the Commissioner. FDA is seeking feedback on pilot design, participant selection, collaboration models, operational infrastructure, timelines, knowledge sharing, and evaluation metrics. FDA also emphasizes that the pilot would be guided by trustworthy AI principles aligned with the NIST AI Risk Management Framework, including validity, safety, security, accountability, explainability, privacy protection, and fairness. Comments should reference Docket No. FDA-2026-N-4390.
FDA Classifies Radiological Machine Learning-Based Quantitative Imaging Software With PCCP as Class II Device
FDA has issued a final order classifying radiological machine learning-based quantitative imaging software with a predetermined change control plan (PCCP) as a Class II device subject to special controls. The order takes effect on June 17, 2026.
The device type covers software-only products that use machine learning algorithms on radiological images to produce quantitative imaging outputs, including functions such as view selection, segmentation, and landmarking. The classification also addresses planned software modifications made under an authorized PCCP.
FDA classified the device type through the De Novo pathway after reviewing Caption Health, Inc.’s request for its Caption Interpretation Automated Ejection Fraction Software. FDA concluded that special controls, together with general controls, provide reasonable assurance of safety and effectiveness while reducing the regulatory burden compared with automatic Class III classification.
The special controls address risks such as inaccurate outputs, inaccurate results following PCCP-authorized modifications, and user misunderstanding of software changes. They require detailed documentation of algorithms and training data, independent performance testing, subgroup analyses, software verification and validation, risk management for planned modifications, and labeling that describes the device’s validated population, intended users, inputs and outputs, compatible imaging hardware and protocols, performance, limitations, PCCP status, version history, and user notification process.
The device type remains subject to 510(k) premarket notification requirements, and the new De Novo classification may serve as a predicate for future substantially equivalent devices.
FDA Updates Lists of Authorized Medical Devices Incorporating Digital Health Technologies
FDA has updated its searchable lists of medical devices authorized for marketing in the United States that incorporate certain digital health technologies, including artificial intelligence (AI), augmented reality and virtual reality (AR/VR), and sensor-based digital health technologies. The lists are intended to provide transparency into the landscape of FDA-authorized digital health-enabled devices and may help developers, providers, patients, and other stakeholders understand how these technologies are used in regulated medical devices. The updated list now includes more than 1,500 AI/ML devices.
EU and UK News
Regulatory Updates
Council of the European Union (Council) and European Parliament Reach Provisional Agreement on the Revised EU AI Rules. On May 7, 2026, the Council and European Parliament reached a provisional political agreement on the EU AI Act component of the EU Digital Omnibus package, which aims to simplify the implementation of harmonized rules on AI under the EU AI Act (see our April 2026 Digest and our February 2026 Advisory for more details on the EU Digital Omnibus). The agreement would postpone the application of obligations on high-risk AI until December 2, 2027 for standalone high-risk AI systems and until August 2, 2028 for high-risk AI systems embedded in products subject to EU sectoral legislation, including medical devices and in-vitro diagnostics (IVDs). The agreement also introduces measures intended to reduce overlaps between the AI Act and sector-specific legislation, narrows the definition of “safety component” potentially limiting the scope of certain high-risk obligations, and introduces more proportionate requirements for small and medium enterprises (SMEs) and small mid-cap enterprises. The text remains subject to formal adoption by both institutions before entering into force. Read our May 2026 BioSlice Blog for more details on the agreement.
MHRA’s Call for Evidence on Draft Pre-Market Medical Devices Regulation. The MHRA launched a call for evidence in the form of a stakeholder impact survey on newly proposed changes to UK legislation on pre-market medical device and IVD requirements, as set out in the draft Medical Devices (Amendment) Regulations 2026. The survey closed on June 19, 2026 and is intended to inform the government’s future implementation of these reforms, which aim to introduce more proportionate, patient‑centered requirements while supporting access to innovative technologies. In particular, the proposals integrate software within the broader active device classification rules (rather than there being a designated classification rule on software as there currently is within the EU rules), propose additional Unique Device Identification requirements for software, and introduce the concept of “pre-determined change control plans” as a mechanism to describe future modifications to devices, including for software, and how they will be assessed. Read about some of the key proposals in our recent May 2026 BioSlice Blog.
EUDAMED Registration Obligations Become Applicable. On May 28, 2026, four of the six modules of the EUDAMED, the EU centralized database for medical devices and in vitro diagnostics, became mandatory. This triggered the application of certain transparency and registration obligations under the MDR and IVDR that had been deferred until those modules became mandatory. In particular, manufacturers (including non-EU manufacturers), importers, and EU authorized representatives are now required to register in EUDAMED, obtain a Single Registration Number (SRN), and register their devices in EUDAMED before placing them on the EU market. Devices already placed on the market before May 28 must be registered in EUDAMED by November 27, 2026. In addition, notified bodies are now required to upload certificate information to EUDAMED, and EU Member States must conduct certain market surveillance activities through EUDAMED. Read our May 2026 BioSlice Blog for more details on the obligations.
Team-NB Publishes Statement on Provisional Agreement Reached by the Council and European Parliament on the Revised EU AI Rules. Team-NB (the European association of notified bodies) clarified in their statement that the provisional agreement reached between the institutions does not alter the integrated conformity assessment procedure for AI-enabled medical devices under the AI Act, and that AI Act requirements would remain directly applicable to AI-enabled medical devices and IVDs alongside the MDR and the IVDR. Additionally, Team-NB raised concerns that the extended timelines for high risk AI obligations may be insufficient to allow for the designation of AI notified bodies and completion of conformity assessments. Team-NB further warned that delays in the adoption of implementing measures and harmonized standards could create capacity constraints and lead to inconsistent implementation of the AI Act across EU Member States for AI-enabled medical devices and IVDs.
MedTech Europe Publishes Position Paper on the Revisions of the EU MDR/IVDR. In its position paper, MedTech Europe sets out that it broadly supports the proposed revisions to the MDR and IVDR, particularly the focus on simplification, risk-based oversight, and international cooperation. It also identifies several areas where further changes are needed, including a clear implementation process for integrating AI requirements into MDR and IVDR conformity assessment procedures and for consistent oversight of AI-enabled medical technologies within existing medical device market surveillance systems. In relation to software as a medical device, MedTech Europe supports the proposed amendments to the classification rules that would allow certain lower-risk software devices to remain classified as Class I. Read our December 2025 BioSlice Blog and our February 2026 Advisory for more details on the Commission’s proposals.
COCIR position paper on revisions to software medical device classification. COCIR, the European Trade Association representing the medical imaging, radiotherapy, health ICT, and electromedical industries, has published a position paper on the Commission’s proposal to revise MDR Rule 11 on the classification of medical device software. COCIR warns that several key terms remain too open to interpretation. In particular, it argues that the distinction between “informing” and “driving” clinical management in the proposal is unstable. The paper proposes alternative wording that it says addresses the challenges with the Commission’s proposals. COCIR suggests removing the words “confer a clinical benefit” from Rule 11, referring instead to whether the software is intended to “diagnose or treat patients without healthcare professional oversight.” It says the advantage of using health care professional oversight as a classification criterion is that it can be practically assessed, and it collapses the “semantically fragile ‘inform/drive’ dichotomy” in the current proposal.
UK’s MHRA and National AI Commission Share Views on the Regulation of AI in Health Care. In a webinar on May 20, 2026, the two agencies outlined emerging views on a UK framework for regulating AI in health care. The discussion emphasized that AI challenges traditional medicines regulation given faster development, lower barriers to entry, and continuously evolving systems, and will require a more flexible regulatory framework with greater emphasis on post‑market monitoring and proportionate controls at market entry. Stakeholder engagement has highlighted four core priorities: ensuring safety and oversight; distinguishing between lower‑risk administrative uses and higher‑risk clinical applications; improving transparency and patient awareness; and establishing ongoing monitoring with clear accountability. The National AI Commission‘s recommendations are expected in autumn 2026, alongside further MHRA guidance on AI as a medical device.
UK’s HRA Publishes Two‑Year Plan for Safe Use of AI in Health Research. The UK Health Research Authority (HRA) has published a new two-year plan on how it will help researchers use AI and new technologies to improve patient care. The plan is structured around three priorities: (1) being clear where AI development, evaluation and implementation activities qualify as research, (2) clarifying the circumstances in which health information can be accessed using AI-enabled and data driven approaches to identify and contact people about research options relevant to them, and (3) taking action to ensure that review of AI-enabled and data-driven research is appropriately informed, rigorous and consistent. Each of these priority areas is supported by workstreams with certain deliverables; for example, the HRA intends to update, as first priority, the ‘is my study research’ decision tool and supporting guidance that defines when AI activity is research. The HRA says these changes will make it simpler and faster to do health and social care research enabled by safe, AI-powered innovation.
UK Consultation on New Standard for Digital Mental Health Technologies. The MHRA has sponsored the British Standards Institution (BSI) to develop a new standard for digital mental health technologies. The BSI has now launched a consultation on the draft standard, which provides recommendations for performing studies to generate clinical evidence involving digital mental health technologies. The standard applies to the pre-market phase and real-world data in the early implementation post-market phase. It covers factors such as controls, sample characteristics, safety, effectiveness, engagement end points, and follow-up periods. The consultation is open until June 29, 2026.
Court of Justice of the European Union (CJEU) Rules on the Prohibition of Online Pharmacy Sales. The CJEU has delivered a preliminary ruling in the case FARMAKEIO YZ & SIA O.E. v. Ypourgos Anaptyxis kai Ependyseon and Ypourgos Ygeias. (C 604/24), clarifying the limits of EU Member States’ discretion to restrict online sales of non prescription medicines under Article 85c of Directive 2001/83/EC. The case arose from Greek rules which, in practice, limited online sales of medicines to a narrow subcategory of over-the-counter medicinal products, effectively excluding most non prescription medicinal products. The CJEU held that such a restriction is incompatible with Article 85c(1) of Directive 2001/83/EC, which requires EU Member States to permit distance sales of non prescription medicinal products by authorized pharmacies, and the rules cannot be justified under Article 85c(2) on public health grounds because the conditions deprived Article 85(c)(1) of its effectiveness. The CJEU held that EU Member States may make a specific category of non-prescription medicinal products subject to conditions (for example, on account of their particular therapeutic characteristics) but only insofar as those conditions do not call into question the possibility of offering those medicinal products for sale.
Council of Europe Committee of Ministers Adopts Recommendation CM/Rec(2026)7 on the Remote and Online Provision of Medicine Products. The recommendation sets out best practices for remote and online providers of medicinal products, non-pharmacy outlets (i.e., any retail business that is authorized to sell approved non-prescription medicinal products), EU Member States, and health care professional regulatory and representative bodies. Among other measures, it recommends that remote and online providers ensure that automated medicine-selection processes, including those using AI, be evaluated against relevant standards, regularly updated, and designed to ensure patient safety. It also recommends that non-pharmacy outlets take account of the limitations of the communication channels used when designing and delivering their services. While non-binding, the recommendation serves as a framework for EU Member States to consider and implement through national policies, legislation, and regulatory practice.
Privacy Updates
MedTech Europe Publishes Feedback on the European Commission Consultation on Revised EU Cybersecurity Act. While broadly supporting the revision of the EU Cybersecurity Act, MedTech Europe calls for a more coherent and proportionate framework tailored to highly regulated sectors such as health care. In particular, they emphasized that, while strengthening the EU cybersecurity resilience is critical, any revised regime should avoid regulatory fragmentation and overlapping cybersecurity requirements for medical devices already regulated under the MDR and IVDR, while remaining practical for industry to implement. Given that medical technologies often rely on globally integrated supply chains (e.g., for software modules), MedTech Europe also called to prioritize international recognition of voluntary cybersecurity certification schemes and for the centralized EU-level publication of cybersecurity certification schemes to reduce fragmentation. Read our January 2026 Digest for more details on the Commission proposal.
MedTech Europe and Other Industry Associations Urge EU Member States to Preserve the Ambition of the Digital Omnibus. Following the publication of the Council’s compromise texts on the Digital Omnibus, a coalition of industry associations, including MedTech Europe, expressed concerns that the direction of ongoing Council negotiations could undermine key simplification measures proposed by the European Commission as part of the Digital Omnibus in relation to the General Data Protection Regulation (GDPR), cybersecurity incident reporting, cookies, and the Data Act. In particular, the joint statement calls to maintain the Commission’s targeted amendments to the GDPR (including more workable conditions for the use of personal data for AI and an innovation-enabling definition of scientific research), support for an EU-wide single-entry point for cyber incident reporting, and a more innovation-friendly approach to data and cookie rules. The joint statement notes that certain elements of the Council’s compromise texts risk weakening the proposal’s simplification objectives and urges Member States to preserve the ambition of the Digital Omnibus as discussions on the Council’s position continue.
DUAA Data Protection Complaints Requirement Takes Effect in UK. On June 19, 2026, the data protection complaints handling requirement introduced by the Data (Use and Access) Act 2025 (DUAA) came into force (read our February 2026 Advisory for more details). From that date, all controllers must have a process in place to handle data protection complaints from anyone who is unhappy with how their personal information has been handled. Controllers must provide a way for people to make complaints directly to them; for example, via an electronic complaints form or a dedicated email address, and must acknowledge complaints within 30 days and respond without undue delay. This is the last major data protection provision of the DUAA to come into force, with most of the remaining provisions having commenced on February 5, 2026. The ICO updated its guidance on handling data protection complaints on May 8, 2026. Any business processing personal data in the UK that does not already have a formal complaints process in place should treat this as an immediate priority.
UK’s ICO Consults on Draft Guidance on Automated Decision-Making. The ICO consultation on draft guidance about automated decision-making (ADM) closed on May 29, 2026. This serves to update existing guidance on automated decision-making and profiling, following the introduction of the Data (Use and Access) Act 2025. The draft guidance identifies three points when organizations must provide information about their ADM activities: when they first collect personal data; when individuals make a subject access request; and when they engage in ADM. It also notes the likely need to conduct a data protection impact assessment when engaging in ADM and emphasizes the importance of adequate mechanisms for diagnosing quality issues. Final guidance is expected in Summer 2026 and is directly relevant to life sciences companies deploying AI-enabled tools in clinical, diagnostic, or patient-facing contexts.
European Data Protection Supervisor (EDPS) Publishes Its 2025 Annual Report. The Annual Report highlights a year of increased regulatory activity, particularly in the area of AI. This includes the establishment of a dedicated AI Unit, which will serve as the market surveillance authority and notified body of the EU’s AI systems under the AI Act, the launch of an AI regulatory sandbox pilot project, and more scrutiny of international data transfers and large-scale IT systems. The report notes the growing regulatory focus on AI and data‑driven technologies, signaling heightened expectations around compliance, governance, and the handling of sensitive health data.
IP Updates
The UK Government Responds to House of Lords’ Report on Copyright and AI. On May 15, 2026, the UK government published its formal response to the House of Lords Communications and Digital Committee’s (CDC) report on copyright and AI and the UK government’s earlier report and impact assessment (see our April 2026 Digest). While the response largely reiterates the government’s existing position, it identifies four areas of near-term focus:
- Digital replicas: The government will launch a consultation this summer on protecting individuals against unauthorized digital replicas, recognizing that existing legal routes, including “passing off,” may offer limited protection, particularly for lesser-known artists.
- Labeling: A task force will be established to develop best practice proposals for labeling AI-generated content, with an interim report expected in autumn 2026. The government acknowledges that voluntary measures alone may be insufficient.
- Transparency: The government will publish a review of mechanisms enabling creators to control the online use of their works, including standards, technical solutions and best practice transparency, with a view to identifying regulatory gaps.
- Licensing support: A working group will consider whether additional government assistance is needed to support smaller creative organizations in licensing their content and securing fair remuneration.
On the broader question of copyright reform, the government reiterates that it will not introduce legislative change unless it is confident that reform would deliver tangible economic and societal benefits. It also stops short of definitively ruling out a broad text and data mining exception, despite the CDC’s recommendation to do so.
Kuran Phull is employed as a trainee solicitor at Arnold & Porter’s London office. Amalia is not admitted to the practice of law.
© Arnold & Porter Kaye Scholer LLP 2026 All Rights Reserved. This Newsletter is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.