|
Welcome
Welcome to our fourth issue of 2026 of Decoded -- our technology law insights e-newsletter.
Spilman’s SuperVision Labor & Employment Symposium, Charleston, WV, June 18
2026 Workplace Masterclass: L&E Compliance, AI, & the Brave New Employment Landscape: A fast-moving, high-impact seminar for employers navigating the modern workplace. Join Spilman attorneys for our full-day SuperVision Symposium, designed to inspire confidence in navigating complex employment decisions. This complimentary symposium is tailored for business owners, C-suite executives, HR professionals, and anyone who manages employees. Dive into a day of valuable insights on employment topics such as AI, investigations, litigation, immigration, labor law, accommodations, and much more. Spend the day with us and leave armed with strategies and solutions to tackle the ever-changing world of labor and employment law. Please click here to learn more and register.
As always, thank you for reading.
Nicholas P. Mooney II, Co-Editor of Decoded; Chair of Spilman's Technology Practice Group; Co-Chair of the Cybersecurity & Data Protection Practice Group; and Co-Chair of the Artificial Intelligence Law Practice Group
and
Alexander L. Turner, Co-Editor of Decoded and Co-Chair of the Cybersecurity & Data Protection Practice Group
| | |
“AI isn’t simply speeding up attacks; it’s making the world radically less predictable, harder to comprehend, and exponentially more dangerous.”
Why this is important: Harvard Business School Senior Lecturer Hise Gibson opens with a sobering number: the average AI-enabled data breach now costs organizations $4.88 million, and that figure does not include reputational damage, regulatory penalties or cascading operational failures. His central argument is that the breach itself is no longer the greatest risk. The greatest risk is leadership that never saw it coming.
Gibson draws a sharp distinction between the VUCA framework that has guided organizational risk thinking for decades and what he calls the BANI environment we now inhabit: brittle, anxious, nonlinear, and incomprehensible. Traditional risk models assume that large threats generate proportionate warning signs. AI-enabled attacks do not. A single stolen password or a minor misconfiguration can cause enterprise-wide damage before anyone realizes something has gone wrong. That dynamic should be deeply familiar to anyone who has worked through a credential-based incident.
The statistics reinforce the urgency. Public-facing application attacks rose 44 percent in a single year, with AI-driven vulnerabilities accounting for a significant share of the increase. Yet 77 percent of executives surveyed by Accenture reported that they do not trust their organizations' ability to respond to AI-driven threats. The gap between attack velocity and organizational readiness is widening.
Gibson's practical framework, which he calls ACTS, distills the response into four postures. First, assume a breach is inevitable and build accordingly: zero-trust architecture, network segmentation, manual backup processes for critical operations, and regular crisis simulation. Second, cultivate AI fluency at every level of leadership, not just within IT. Third, tie every AI investment to core operational resilience rather than treating it as a standalone innovation exercise. Fourth, strengthen governance by creating cross-functional AI oversight structures that define accountability before an incident, not after. --- James E. Dunlap, Chief Information Officer, Spilman
| | |
“The exposed data may include names, contact information, and other details related to the support requests people filed.”
Why this is important: As healthcare companies continue to be a magnet for hackers, the latest notable victim is Hims & Hers, one of America’s largest direct-to-consumer telehealth brands, with annual revenues approaching $1 billion. On February 4, the company detected suspicious activity on its third-party customer service platform, and following an investigation, found that between February 4 and 7, attackers had accessed or stolen customer service tickets without authorization.
It is common practice for healthcare companies to outsource their customer support to third-party platforms; however, every one of those platforms then becomes another door for a hacker to try to get through. In this instance, it was just customer service tickets that were stolen, and the company has confirmed that no medical records or doctor communications were compromised. Nevertheless, when it comes to healthcare companies handling such sensitive conditions, even a list of names and contact details is information people want to keep private.
This instance is another reminder of how important agreements are with third-party service providers. We must ensure they are held to a high standard for data privacy and security, and that protections and protocols are included should a data incident occur. Spilman Thomas & Battle can assist with the review and drafting of provisions to ensure you and your customers’ data is protected. --- Suzanne Y. Pierce
| | |
“In a small but groundbreaking study, researchers delivered a working copy of a key hearing gene directly into the inner ear using a single injection.”
Why this is important: There’s been an incredible breakthrough for people born with congenital deafness or severe hearing loss. A new gene therapy is giving them the chance to hear. In a study conducted by Karolinska Institute, Sweden, that included 10 patients ranging from children to adults, all 10 experienced well-tolerated improvement in their hearing. All 10 patients, ranging in age from one to 24, had a genetic form of deafness linked to mutations in a gene identified as OTOF. The mutations prevent the body from producing the protein otoferlin, essential for sending sound signals from the inner ear to the brain. Working around the mutations’ interference with sound communication, researchers used a synthetic adeno-associated virus to deliver a working version of the OTOF gene directly into the inner ear, with reported improvement by most patients within a month. The treatment has proven meaningful and safe. This treatment is just the beginning of gene therapy for hearing loss. Researchers are optimistic that patients with different kinds of genetic deafness will one day also be able to receive treatment to improve hearing loss. --- Jennifer A. Baker
| | |
“Chatbots can create authoritative-sounding reports based on flawed inferences, which can lead to liabilities that outlive a project, writes a senior lecturer at Georgia Tech.”
Why this is important: The adage “cut once, measure twice” applies to more than just the physical construction on a job site. It is also essential for anyone using artificial intelligence tools to generate daily reports, summarize project documents, or complete administrative tasks like compiling schedules or responding to emails, one expert in machine learning writes. While generative AI output often sounds good, critical errors could be lurking under the authoritative tone of a site report if the software misunderstands the data it was fed. This could lead to harmful and costly mistakes if humans do not check AI’s work or take care to train teams using AI software to understand how to use it responsibly. --- Jamie L. Martines
| | |
“The Trump administration released a National Policy Framework for Artificial Intelligence as lawmakers consider bills to improve online safety for youth.”
Why this is important: In a new National Policy Framework for Artificial Intelligence (Framework), the White House is urging Congress to require that artificial intelligence (AI) companies implement child-specific safeguards, including age-verification systems and parental control tools such as the ability to monitor privacy settings, screen time, and content accessible to children. Though multiple bills addressing these issues are advancing through Congress, they are not without detractors. In particular, House Democrats have expressed concerns about the federal Kids Internet and Digital Safety Act, arguing that it could restrict states’ ability to implement and enforce stronger regulations aimed at protecting children and teenagers online. The Framework similarly advises against policies that would preempt states’ rights to legislate and regulate on this subject.
Although protecting young people is a bipartisan concern, and many lawmakers are encouraged that the issue is receiving attention, others argue it is not happening quickly enough. AI is becoming increasingly integrated into our society every day, making it more accessible to children and teens. Case in point, existing social media platforms that youths may already access now have their own AI interface, such as Grok on X. As a result, anyone with an account on these platforms can obtain AI-generated information on virtually any topic, including sensitive issues such as mental health and suicide. These tools can also generate deepfake images that lead to criminal conduct, such as sexual exploitation, increasing concerns about how the technology may be used by adolescents.
The rapid expansion of AI technologies has created powerful tools that can improve efficiency, analysis, and accessibility to resources. However, these benefits also come with significant risks when such systems are misused, poorly monitored, or implemented without adequate safeguards. Until state and federal legislation catch up, schools and parents alike must take affirmative measures to protect children from harmful AI usage. For schools, implementing AI policies that regulate its use and reinforce institutional anti-harassment and anti-bullying requirements, training constituents on institutional expectations, and taking swift action in response to non-compliance are mission-critical. --- Nicholas A. Muto
| | |
“The building was assembled in a single night after the last train departed and was ready before morning train operations resumed.”
Why this is important: Construction company Serendix and West Japan Railway Company (JR West) worked together to construct Japan’s first 3D-printed railway station building overnight, demonstrating how robotics and 3D-printing could significantly reduce construction time and disruption to infrastructure operations.
Traditional railway construction usually takes several months, requiring extensive on-site labor and planning. Automation technology from ABB Ltd enabled high-precision printing of structural components off-site, reducing construction errors and improving overall efficiency. The components were then assembled quickly on-site using ABB’s robot. The building was assembled in one single night after the last train departed, and it was ready before morning train operations resumed.
This achievement highlights the benefits of using robotics in construction – they improve efficiency, reduce waste and shorten project times. Automation also allows for the completion of projects in locations where traditional building methods would be fraught with difficulties and delays. It also highlights how robotics and automation are expanding beyond manufacturing into sectors such as construction, logistics and infrastructure development. --- Suzanne Y. Pierce
| | |
“Once complete, the Berkeley County campus, about an hour northwest of Virginia’s Data Center Alley, will total about 1.9 million square feet and deliver 600 megawatts of power output.”
Why this is important: Penzance Management plans a $4 billion privately funded data center campus in West Virginia’s Eastern Panhandle, totaling roughly 1.9 million square feet and 600 megawatts of capacity. The project, which is expected to generate about 1,000 construction jobs, was driven largely by West Virginia’s business-friendly regulatory framework. Notably, the state is not contributing direct funding and is instead relying on private capital attracted by expedited approvals and energy policy advantages. This development underscores the increasing importance of regulatory arbitrage in site selection. For such projects, stakeholders must carefully evaluate permitting timelines, resource availability, and legislative incentives as material project risks and opportunities. It also highlights the need for sophisticated contract structuring around evolving infrastructure demands, as well as heightened due diligence and coordination with both public and private entities. --- Jonathan A. Deasy
| | |
“Rep. Mike Armanini (R-Elk/Clearfield) said data centers could be the next ‘industrial revolution.’”
Why this is important: Pennsylvania continues to be a state to watch in terms of stricter data center regulation as state lawmakers advance bills through committee to require data centers to report annual water and energy uses, as well as to create a model law that municipalities could use as a template to set local guidelines. These developments come as polls from earlier this year showed that residents and lawmakers are split on the issue: On one hand, many Pennsylvanians are concerned about the negative effects of data centers—like pollution or a strain on energy prices—and want to make sure that reporting is transparent so that the impact can be monitored. Others worry that the state will miss an opportunity for economic investment and growth if data centers are strictly regulated. While new regulations are not going to be put in place overnight, these developments could be an important consideration for companies planning to site projects in Pennsylvania in the future. --- Jamie L. Martines
| |
“The value debate is shifting away from scarcity alone toward execution, distribution, and brand strength.”
Why this is important: An NFT (non-fungible token) is a unique digital asset representing ownership of one-of-a-kind items, e.g., art, music, or game assets, stored on a blockchain. After the hype, the NFT market is changing, being forced into a more selective phase focused on durability of value. Some industry leaders believe there’s been a shift from scarcity-led speculation, or “Fear of Missing Out” (FOMO), which can drive value, to companies engaging in real-world branding around their intellectual property (IP). Gaming has been one of the areas testing this transition. Value would no longer be tied to the pace of reward realization, but rather whether the underlying game can sustain engagement without relying on constant token incentives. Another emerging way to unlock value is the tokenization of NFT IP. However, by making NFT IP more liquid, the concern becomes whether the brand will be the priority over price exposure and short-term upside, which could negatively impact brand direction. Industry leaders warn against the success of NFTs if branding considerations are not prioritized. --- Jennifer A. Baker
| Data Centers, Power Markets, and the Economy: How the AI Buildout is Reshaping Energy Costs and the Grid | |
By Barry A. Naum
Data centers – driven by artificial intelligence, cloud computing, and hyperscale digital infrastructure – are the new reality and are emerging as a consequential force in the United States economy. What was once a niche planning issue for utilities has now become a national debate as power-intensive data center loads are already impacting electricity rates, grid reliability, inflation, and economic development. Over the past several months, and especially in early 2026, nearly all sectors have begun to grapple with how the demands of the digital economy are reshaping energy systems and household costs, often resulting in significant public and policy-driven backlash.
Click here to read the entire article.
| |
“The recent investments are concentrated in the southern U.S., home to some of the largest natural gas deposits in the world.”
Why this is important: Leading tech companies like Meta, Microsoft, and Google are all making moves to lock up power sources to run their data centers. These companies are betting on natural gas to be the primary energy source to power artificial intelligence. Tech companies have begun working with natural gas suppliers to build power plants that will connect directly to their data centers. By supplying power directly to their data centers, these companies can argue that they are generating their own electricity rather than drawing from the grid. As noted in the article, however, these actions could still impact electric prices for all consumers by straining natural gas resources used to power other electric generation resources that serve the electric grid.
Similarly, the surge in natural gas power plant production has already caused a shortage of gas turbines. Prices of the turbines are expected to grow by 195 percent by the end of the year compared to 2019 prices. The equipment costs for power plants are around 20 to 30 percent. Equipment orders for these new power plants are already getting delayed, and that will impact all power consumers.
The steps taken by tech companies indicate that they expect the current surge in AI demand to persist and intensify in the years ahead. They are planning for a future in which AI’s growth will require ever-increasing amounts of power. Natural gas is positioned to be a major factor in the coming years when it comes to AI, and the tech companies do not want to miss their chance to have a stake in this finite resource. --- Nicholas A. Muto
| | |
This is an attorney advertisement. Your receipt and/or use of this material does not constitute or create an attorney-client relationship between you and Spilman Thomas & Battle, PLLC or any attorney associated with the firm. This e-mail publication is distributed with the understanding that the author, publisher and distributor are not rendering legal or other professional advice on specific facts or matters and, accordingly, assume no liability whatsoever in connection with its use.
Responsible Attorney: Michael J. Basile, 800-967-8251
| | | | |
