Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,500 words, this briefing is about a 7-minute read.
At a glance.
- Senate parliamentarian allows GOP to keep state AI ban.
- KOSA garners significant attention.
State AI moratorium clears Senate hurdle.
The news.
On Monday, the Senate parliamentarian decided to allow the controversial state AI ban to remain in the reconciliation bill. With this decision, the provision has passed the Byrd Rule, which restricts reconciliation legislation by preventing the inclusion of any “extraneous” provisions. Notably, if this proposal were to be signed into law, the provision would block states from regulating artificial intelligence (AI) systems as a condition for receiving Broadband Equity, Access, and Deployment (BEAD) program funds.
Notably, the Senate’s version of this provision is slightly different than the version passed by the House. In the Senate’s version, Senator Ted Cruz altered the language of the bill to make it compliant with the Byrd Rule.
Despite clearing this procedural obstacle, it is unclear how the provision will fare given its divisive nature. With many Democratic lawmakers opposed to the provision, along with Republican lawmakers divided on it, it is unlikely that the provision will survive in its current form.
The knowledge.
Since passing the House, the broader reconciliation bill has drawn significant scrutiny, especially after this provision was discovered post-vote. Originally, this provision was put into HR1, which narrowly passed in a 215 to 214 vote, and it calls for a ten-year moratorium on state AI laws. Meaning, if passed, the moratorium would nullify any existing state regulations and prevent new ones from being enacted.
Proponents have argued that the moratorium removes confusion and supports greater innovation. After passing HR1, Representative Russ Fulcher commented on the provision’s necessity, stating that “a patchwork of various state laws is not good for innovation, for business or consumers, and that is what we’re trying to avoid.” Alongside Republicans voicing support, Adam Thierer, a senior fellow for R Street Institute, testified on the provisions' value, stating that “costly, contradictory regulation is a surefire recipe for destroying a technological revolution and decimating little tech innovators.”
However, the provision’s critics have expressed concerns about the impacts of suddenly removing state regulations. In a letter to Congress, state lawmakers collectively wrote:
“As AI technology develops at a rapid pace, state and local governments are more nimble in their response than Congress and federal agencies. Legislation that cuts off this democratic dialogue at the state level would freeze policy innovation in developing the best practices for AI governance at a time when experimentation is vital.”
The impact.
As the reconciliation bill is debated in the Senate, this provision will likely be a major tension point for both sides of the aisle. While Democratic lawmakers are largely opposed to the moratorium, it is still unclear how many Republican senators support the effort. Regardless, it is unlikely that the reconciliation bill will be identical to the version passed by the House, meaning that this matter will likely be debated, modified, and potentially removed altogether over the coming month before the August recess.
Nonetheless, people who develop, deploy, or rely on AI systems should understand the implications of this moratorium. If enacted, the moratorium would significantly impact current state AI policies and regulations and could change innovation strategies across the country.
KOSA garners significant attention.
The news.
The Kids Online Safety Act (KOSA) has long been a contentious piece of legislation, being routinely debated for years. However, with Senators Blackburn and Blumenthal reintroducing the legislation in May 2025, the bill has seen a renewed momentum push, drawing support and criticism alike.
While KOSA has bipartisan support among lawmakers, externally, people are split, with critics claiming the bill can be weaponized and supporters arguing the measures will better hold social media companies accountable. In a letter, digital rights nonprofit Fight for the Future warned:
“[KOSA] would give the Trump administration the ability to censor LGBTQ+ content online simply by claiming it can harm children by making them ‘anxious’ or ‘depressed.’”
However, supporters of KOSA have pushed back on the free speech infringement claims. Mariana Rosenblat, a policy advisor for New York University, noted that while the bill is not perfect, she believes it aims to hold online platforms accountable for design features and not content. Rosenblat also emphasized that “any law can be weaponized by any administration that is willing to push beyond constitutional boundaries.”
For context, last year, the Senate overwhelmingly passed KOSA in a 91-3 vote. However, the House did not bring the bill forward for a vote. It remains unclear when KOSA will next be voted upon.
The knowledge.
Since being originally introduced in 2022, KOSA has faced numerous challenges as people have specifically expressed concerns about freedom of speech, among other concerns. Originally, KOSA empowered the Federal Trade Commission (FTC) to sue applications and websites that did not take measures to protect minors from accessing harmful content. However, the language surrounding what is harmful has consistently been criticized as vague and gives too much discretion to the FTC to interpret, potentially allowing for political abuse.
Since KOSA’s original introduction, the Electronic Frontier Foundation (EFF) has been and has continued to be a strong critic of the bill. Specifically, the EFF took issue with the bill’s vague “duty of care” requirement, which the EFF has suggested could cover a “broad swath of online services, and [require] them to mitigate specific harms based on the content of online speech” or face regulatory punishments.
While KOSA has been amended to address these concerns, such as changing how KOSA regulates design elements and enforcement methods, the EFF notes how the duty of care provision has largely remained unchanged. Pointedly, the EFF emphasized how this provision is very similar to previous legislation targeting bookseller. The EFF noted how these other case attempted to prevent booksellers from distributing specific texts and how each of those previous attempts were found to be unconstitutional.
The impact.
While KOSA still has a long road ahead of it, the conversation surrounding it is unlikely to fade. Whether this bill passes or another replaces it, this pressure to address harmful online content will continue to mount until Congress passes meaningful legislation.
For now, parents, children, and tech companies alike should stay informed about what KOSA could mean for digital rights, parental control, and online accountability.
Highlighting key conversations.
In this week’s Caveat Podcast, our team sat down with Andy Boyd, the former Director of the CIA’s Center for Cyber Intelligence (CCI) and current operating partner at AE Industrial Partners. Throughout this conversation, our team and Andy discussed his extensive career, both leading the CCI and how he has continued to contribute to national security and cyber conversations since retiring from the CIA.
Like what you read, and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other noteworthy stories.
WhatsApp banned on House of Representatives devices.
What: The House of Representatives has banned the use of WhatsApp on government devices.
Why: On Monday, a memo was sent to House staff members banning the use of WhatsApp. In the Memo, the Office of Cybersecurity wrote:
“[The] Office of Cybersecurity has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.”
AT&T $177 million data breach settlement wins US court approval.
What: A US judge granted preliminary approval for AT&T’s settlement.
Why: On Friday, US District Judge Ada Brown ruled that AT&T’s settlement was fair and reasonable. This lawsuit dates back to a series of breaches that occurred in 2024, which exposed personal information.
With this settlement, AT&T has agreed to pay up to $2,500 or $5,000 to customers who suffered losses. Alongside this payment, AT&T has denied allegations that it was responsible for the criminal acts. Furthermore, AT&T stated that “we have agreed to this settlement to avoid the expense and uncertainty of protracted litigation.”
Trump extends TikTok ban deadline.
What: President Trump has extended the deadline for ByteDance to divest from TikTok.
Why: Last Thursday, President Trump signed another Executive Order extending the deadline giving ByteDance, TikTok’s parent company, an additional ninety days to divest from the social media platform. The new deadline is September 17th.
With this order, TikTok released a statement, writing: “We are grateful for President Trump’s leadership and support in ensuring that TikTok continues to be available for more than 170 million American users and 7.5 million US businesses.”
This is the third time that President Trump has extended this deadline.