|
Welcome
Welcome to our third issue of 2026 of Decoded -- our technology law insights e-newsletter.
Charleston SuperVision, Charleston, WV, June 18
SAVE THE DATE! Join us in Charleston on June 18 for our in-person SuperVision Labor & Employment Symposium, an all-day, free legal seminar. This program will dive into many hot topics of interest to business owners, HR professionals, and anyone who manages employees. More information will be coming soon!
As always, thank you for reading.
Nicholas P. Mooney II, Co-Editor of Decoded; Chair of Spilman's Technology Practice Group; Co-Chair of the Cybersecurity & Data Protection Practice Group; and Co-Chair of the Artificial Intelligence Law Practice Group
and
Alexander L. Turner, Co-Editor of Decoded and Co-Chair of the Cybersecurity & Data Protection Practice Group
| | |
“The bill aims to identify which agencies should regulate digital currencies.”
Why this is important: Since cryptocurrencies first emerged, a debate has been ongoing over how the law should classify them and which government agency has regulatory powers. They sometimes have been treated like futures; sometimes they have been treated like physical goods. The U.S. seems ready to try to put the debate to bed. After Congress passed and the President signed the Guiding and Establishing National Innovation for U.S. Stablecoins (Genius) Act, Congress does not appear to be done. The House of Representatives has approved the Digital Asset Market Clarity Act, and Senate committees are currently debating it. While the Genius Act is specific to stablecoins, the Clarity Act addresses all types of digital assets, including cryptocurrencies. The House and Senate versions of the Clarity Act differ, and the final version is far from being decided. However, it looks like now may be the time when Congress takes a big step toward clarifying the rules governing cryptocurrencies and puts to bed years of debate and disagreement. The question on our minds is whether the Clarity Act, if it is enacted, will create a new set of questions, debates, and uncertainty. --- Nicholas P. Mooney II
| | |
“As massive data center projects pop up across Pennsylvania to feed artificial intelligence’s computing needs and cloud storage demand, the governor has said he wants to prevent developers from negatively affecting energy prices and water supplies, make sure they don’t pollute the environment, and urge them to hire locally and be transparent with the communities where they’re building.”
Why this is important: Governor Shapiro has proposed a voluntary framework called the Governor's Responsible Infrastructure Development (GRID) standards, which would offer data center developers access to an expedited permitting process in exchange for commitments to higher environmental, energy, labor, and community transparency standards. The initiative, outlined in Shapiro's recent budget address, is designed to address growing public concern about the rapid proliferation of data centers across the state, driven by AI and cloud computing demand, particularly regarding potential strain on the electrical grid, water consumption, and local community impacts. Under the proposal, developers who adopt the highest available standards, such as bringing their own power generation, meeting strict water conservation benchmarks, and engaging local workers, would gain access to the state's existing “Fast Track” permitting program. However, environmental advocates and policy experts have raised significant concerns about the framework's effectiveness, noting that the absence of binding enforcement mechanisms limits the state's ability to hold developers accountable after permits are issued, and that meaningful protection for communities and the environment will likely require legislative action rather than executive incentives alone. --- Shane P. Riley
| | |
“The AI boom positions construction firms to capitalize on multibillion-dollar facility builds and level up their businesses with the technology.”
Why this is important: Data centers are a hot topic in the construction industry right now, and for good reason: new data center projects are popping up everywhere! As noted in this article, in 2025, a group of tech companies committed up to $500 billion to build data centers across the country, and Moody’s is projecting $3 trillion in global data center spending in the next five years. Data centers are here, and construction businesses have the opportunity to take advantage of not only the direct data center projects, but the “spin-off” projects like power plant expansions and construction of new nuclear, natural gas, and coal-fired power generation facilities to accommodate the increased electricity demands of large data centers.
This article also highlights another key takeaway for construction businesses from the data center boom, though. These data centers are largely driving and powering the expansion of AI, which has the potential to revolutionize the construction industry. From estimating to scheduling, to marketing to BIM and design, there are ample opportunities for construction businesses to leverage AI, and the early adopters that stay at the forefront of the technology will certainly rise to the top.
Spilman’s Construction Practice Group has the experience and is ready to assist companies across the construction industry in navigating the data center boom, any negative fallout if (as some fear) the “bubble bursts,” and in implementing AI-based tools to grow their businesses. --- Steven C. Hemric
| | |
“Stolen passwords have replaced infectious code as the most common tactic in major breaches, Cloudflare said.”
Why this is important: Identity has replaced malware as the biggest threat vector, opening the door for ransomware attacks, according to Cloudflare's annual threat report. The shift is significant: hackers' increasing use of legitimate credentials rather than malicious code is making it harder for defenders to detect and contain their attacks.
Key Trends
The modern extortion landscape has moved beyond traditional encryption challenges to what Cloudflare calls an identity and access crisis. Manufacturing and critical infrastructure now represent over 50 percent of all targeted attacks, as ransomware gangs find these organizations profitable targets eager to resolve operational disruptions.
In financial fraud, criminals attempted to steal roughly $123.5 million in 2025, with name impersonation being the most lucrative tactic. The most common theft target is around $49,000, a calculated strategy to maximize profit while staying below stricter executive approval thresholds. Thread hijacking attacks exploit existing business conversations to request payments that appear legitimate to automated systems.
Implications for Law Firms
This reinforces why credential management, MFA enforcement, and identity governance are now more critical than perimeter defenses. The emphasis on legitimate access exploitation makes traditional malware detection less effective against modern ransomware operations. --- James E. Dunlap, Chief Information Officer, Spilman
| | |
“The rapid expansion of artificial intelligence in construction and data centers is reshaping industry operations while spurring debates over electricity demand and consumer protection.”
Why this is important: According to this piece, artificial intelligence has forever changed the construction and energy sectors, two traditionally slow-evolving industries.
In the construction sector, the shift is no longer experimental: AI systems are now embedded into planning, monitoring, safety oversight, predictive scheduling, and even autonomous machinery operation. According to industry reporting, this evolution responds to chronic labor shortages and heightened safety liabilities. What’s more, AI anticipates issues and resolves problems before they actually exist. This raises questions about potential liability for AI-driven equipment malfunctions and the need for contracts and insurance frameworks that account for AI systems.
What’s more, AI’s rising power demands constitute a stress test on energy markets and utility regulation. In the Tennessee Valley, utility officials acknowledge that data center load has already become a material portion of industrial electricity demand and is projected to grow substantially. Utility leaders are publicly wrestling with how to meet service obligations and maintain low prices for regular consumers without sacrificing grid reliability.
Governors and legislators are participating actively in this debate. In Tennessee, the governor’s office signaled that attracting digital economy investment must not negatively affect ordinary power consumers, calling for regulatory frameworks that balance industrial growth with consumer interests. In Florida, lawmakers are similarly pursuing statutory guardrails.
Construction and energy lawyers must look closely at how AI will fit into traditional occupational safety and construction law and keep an eye on rapidly evolving utility regulation, as the very rules we operate under change dramatically and daily. --- Jason Wandling
| | |
“The new age verification policy is not yet set in stone, but may allow users to verify with a credit card rather than biometrics or an ID check.”
Why this is important: In response to significant user backlash, Discord announced that it will delay its controversial age verification requirements until at least the latter half of 2026. In early February, the communications platform suddenly announced a mandatory new age verification plan set to roll out globally in March. Under the plan, some Discord users would need to verify their age by sharing a photo ID and uploading a selfie, or else be automatically subject to underage user restrictions on the platform. The company shared that their age assurance plan--which is now being revamped--was intended to ensure an age-appropriate experience for users and comply with international online safety laws. A significant portion of Discord users are teenagers, and the social platform initially built for gaming enthusiasts has also become a hub for “NSFW” adult content. The coexistence of mature content and a substantial underage user base creates a complex moderation challenge, as Discord attempts to balance user privacy with online safety.
The outrage in response to Discord’s age verification plan was rooted in privacy concerns--especially as many people use the platform anonymously. Fears around data security and the involvement of third-party verification partners are heightened due to a recent security incident at the company as well. In October 2025, the company announced a potential data breach at a third-party customer service provider, which may have exposed around 70,000 users' government ID scans. Users are not only concerned about potential data breaches, but also about what third-party verification partners might do with their IDs and biometrics. In a blog post responding to the backlash, Discord CTO and Co-founder Stanislav Vishnevskiy shared that prior to launching the new age verification requirements, the company would provide full transparency on its verification vendors and their data handling processes, and provide multiple options of verification vendors so users can make an informed decision on whom they prefer to handle their data. He noted that Discord “missed the mark” with this rollout.
Discord also stressed that 90 percent users will not be affected by the new age verification requirements, and the company already has an internal system as part of its safety operations that works to determine user age, via account-level signals like how long an account has existed, whether there is a payment method on file, what types of servers the user is in, and general patterns of account activity. However, for users who want to access age-restricted content and the internal system cannot confirm that they are an adult, there must be an alternative method, which is where third-party verification vendors come in. Discord has already rolled out such methods in countries that have passed age verification laws, including the UK, Australia, and Brazil. In these regions, any user who tries to access age-restricted content must verify their age through certain methods or vendors pursuant to the applicable law. The laws do not allow the company to rely on its own internal, non-identifying systems of age determination.
Discord’s swift retreat underscores the conflict between the burgeoning global mandate for age assurance and the established legal expectations for data privacy, while the intense user backlash highlights a major trust gap in current technology. The impasse suggests that the future of online regulation may depend less on the existence of laws and mandates and more on the technical maturation of privacy-preserving architectures, such as on-device facial estimation and decentralized age credentials. Ultimately, the industry’s ability to resolve this tension will determine whether the internet can successfully transition to an age-aware environment without compromising the sanctity of user anonymity or institutionalizing a permanent infrastructure of biometric data.
--- Alison M. Sacriponte
| | |
“The researchers — who were building a new AI agent called ROME — said they found ‘unanticipated and spontaneous behaviors emerge’ without any explicit instruction and, more troublingly, outside the bounds of the intended sandbox."
Why this is important: As the article puts it in the opening line, “an AI agent went rogue and started a side hustle mining cryptocurrencies.” What’s the story behind that opener? An AI research team affiliated with Alibaba was creating a new AI agent named ROME. When reviewing the activity that it had been taking, they discovered what they called “unanticipated” and spontaneous behaviors: the AI agent started mining cryptocurrency. But ROME was sandboxed and didn’t have access to the outside world. The researchers discovered that it had found a hidden backdoor from the inside of its system to an outside computer. It used that backdoor to make connection beyond the sandbox in which it operated. Once connected to the outside world, it began mining cryptocurrency. ROME did this without being prompted to mine cryptocurrency or to search for a backdoor connection to the outside world. After this discovery, the researchers tightened the restrictions on ROME, which they say will stop similar behavior from happening again. If this wasn’t yet alarming enough, the article also recounts other instances of AI agents going off-script, including one in which an AI agent convinced a Florida man to commit suicide. The bottom line, according to this article: AI agents going beyond their prompts are no longer rare. --- Nicholas P. Mooney II
| | |
“Grid operator PJM released a plan to allow faster connections of large loads and accelerated procurement of backup power as it looks to strengthen grid reliability while accommodating soaring demand from data centers.”
Why this is important: New U.S. power grid rules are creating a faster connection pathway for data centers that build their own on-site power plants, a trend that currently favors natural gas over renewable energy. To bypass long wait times, data centers can connect more quickly if they provide at least 250 MW of reliable on-site generation, a threshold easily met by natural gas plants but challenging for intermittent sources like solar and wind. There are quite a few renewable energy projects waiting for PJM approval, but gas continues to go to the front of the line because it can provide reliable capacity when the electrical supply grid is under stress from heavy demand. --- David L. Yaussy
| | |
This is an attorney advertisement. Your receipt and/or use of this material does not constitute or create an attorney-client relationship between you and Spilman Thomas & Battle, PLLC or any attorney associated with the firm. This e-mail publication is distributed with the understanding that the author, publisher and distributor are not rendering legal or other professional advice on specific facts or matters and, accordingly, assume no liability whatsoever in connection with its use.
Responsible Attorney: Michael J. Basile, 800-967-8251
| | | | |
