6-minute read | 1,550 words
What to know this week
The Supreme Court allows Texas age-verification law to stand.
The Supreme Court has allowed a Texas state law that mandates application store restrictions to stand.
European Central Bank warns of AI risks across Eurozone.
The European Central Bank gives European banks four months to develop plans to counter AI-enabled cyber threats.
This week's full stories
The Supreme Court allows Texas age-verification law.
THE NEWS
On Monday, the Supreme Court allowed Texas to temporarily enforce its App Store Accountability Act while litigation over the law’s constitutionality continues in the lower courts. More specifically, the Supreme Court issued an administrative order that temporarily allows the law to remain in effect while litigation proceeds through the lower courts.
Writing in support of the order, Justice Clarence Thomas:
“Unlike a store clerk, a website operator cannot look at its visitors and estimate their ages. Without a requirement to submit proof of age, even clearly underage minors would be able to access sexual content undetected.”
For context, the App Store Accountability Act, requires application stores, such as the Google and Apple app stores, to verify users’ ages, link minors’ accounts to a parent or guardian, and obtain parental consent before minors can download or purchase applications.
The order stems from a lawsuit filed by the Computer and Communications Industry Association (CCIA) and the Students Engaged in Advancing Texas (SEAT), which argued that the law infringes upon free speech rights. These parties argued that the law “deputizes app stores to police both minors’ and adults’ threshold access to vast amounts of online speech.”
Matt Schruers, the CCIA president who commented on the order, said they would continue to pursue the case in the lower courts, where “we will demonstrate how the Texas App Store Accountability Act violates the First Amendment.”
Although the law will now take effect, the underlying constitutional challenge remains unresolved and will continue through the federal appeals process before potentially returning to the Supreme Court for a decision on the merits.
THE KNOWLEDGE
Texas is not alone in pursuing app store-based age verification laws. Utah became the first state to enact an App Store Accountability Act in 2025, followed by similar efforts in Louisiana and Alabama. Although the specific requirements vary, each law shifts responsibility for age verification away from individual applications and toward app store operators such as Apple and Google.
Alongside numerous states enacting similar or considering enacting similar laws, several state attorneys general filed an amicus brief to the Supreme Court to support this Texas online safety law. The brief was filed by Florida Attorney General James Uthmeier argued:
“Texas is fighting for the rights of parents to direct the upbringing of their kids and those rights should not be subject to the predations of Big Tech.”
Kansas Attorney General Kris Kobach echoed the statement, writing:
It is “a meaningful first step to help prevent kids from accessing inappropriate or mature content.”
However, opponents to these bills have argued that these restrictions are subverting the legal rights of minors to access applications that would allow them to engage in free expression. Cameron Samuels, the executive director of SEAT, noted how these age verification laws create unnecessary barriers and added that “this kind of age-verification opens doors for further limiting the rights and damaging the privacy of all internet users.”
THE IMPACT
While this order does not resolve the legality of this law, it allows Texas to temporarily enforce one of the most expansive app-store age verification laws. The decision also gives other states with similar laws a clear indicator that these laws may remain in effect while legal challenges proceed.
Beyond Texas, the case could shape how states regulate children’s online safety in the future. If courts ultimately uphold the law, lawmakers may increasingly shift responsibility for age verification away from individual applications and toward centralized app store operators such as Apple and Google. If the law is struck down, states may need to pursue alternative approaches or wait for Congress to establish a national framework for age verification.
The litigation also reflects a broader policy debate over digital identity and privacy. Supporters argue that centralized age verification can better protect minors online, while opponents contend that requiring users to verify their identities before downloading applications creates new privacy risks and could expand the collection of sensitive personal information.
European Central Bank warns of AI risks.
THE NEWS
On Tuesday, the European Central Bank (ECB) announced that European banks have four months to develop countermeasures to the cyber risks created by artificial intelligence (AI).
ECB chief supervisor Claudia Buch wrote in a letter to bank executives:
“These developments have potentially profound implications for the confidentiality, integrity, and resilience of banks’ information and communication technology systems.”
Alongside this statement, the letter also instructed European banks to:
- Protect internet-facing systems.
- Strengthen monitoring capabilities.
- Accelerate vulnerability mitigation efforts.
- Modernize legacy systems.
- Improve cyber hygiene.
- Strengthen crisis management, incident response, and information sharing efforts.
With this directive, European banks have until October 31 to submit their plans to address AI-related risks. To aid in this effort, the ECB has delayed a separate IT audit and is considering adjusting its inspection schedules.
THE KNOWLEDGE
Alongside the ECB releasing this requirement, the United Kingdom’s (UK) Bank of England (BoE) announced a similar, though less restrictive AI warning. In the half-yearly assessment, the BoE found that previously identified risks had not gone away and that there were additional dangers from investors borrowing to invest in AI-related companies. However, the BoE judged that its banking system remained resilient.
After releasing this memo, BoE Governor Andrew Bailey commented:
“It's not about issuing edicts. It's about getting in a room and saying…how are we going to share our understanding of the vulnerabilities that we find in this system?”
Within the US, Federal Reserve Vice Chair for Supervision Michelle Bowman echoed a similar tone to England. Bowman emphasized the need for proportionality and “a lighter supervisory and regulatory touch.”
THE IMPACT
With each of these major powers taking a proactive approach, though at varying regulatory oversight levels, a clear effort is developing to ensure the financial sector is adequately prepared for AI. As each government mandates and reviews implemented controls and risk management policies, the impacts these efforts have on the financial sector will be critical.
The ECB’s directive also signals a broader shift in supervisory expectations. AI risk is no longer being treated as a future concern but as part of banks’ existing cybersecurity obligations. Organizations should expect regulators to increasingly evaluate AI alongside traditional cyber risks, including identity security, third-party risk, incident response, and vulnerability management. Even financial institutions outside the EU may face pressure to adopt similar controls as global regulators' expectations begin in coverage.
Whether regulators ultimately favor Europe’s more prescriptive approach or the lighter-touch models emerging in the UK and US, implementation will likely matter more than policy language alone. The effectiveness of these requirements will depend on whether they measurably improve cyber resilience without unnecessarily slowing technological innovation.
This Week's Caveat Podcast: AI sovereignty and surveillance.
Dave Bittner and Ben Yelin look at two developing stories. The first involves the European Union’s latest effort to promote stronger technological sovereignty through the EU Cloud and AI Development Act. The second story involves how AI is rapidly transforming surveillance systems that are capable of combining AI models with facial recognition technologies and digital tracking capabilities.
OTHER NOTEWORTHY STORIES
Illinois becomes first state to require third-party audit of AI models.
What: Illinois signed a new law that would mandate the largest AI platforms to obtain third-party audits of safety plans.
Why: On Monday, Illinois Governor JB Pritzker signed a bill, known as the Artificial Intelligence Safety Measures Act, that requires major AI platforms to obtain third-party audits.
When signing the law, Governor Pritzker stated:
“As AI systems become more powerful and the federal government is unwilling to step in, states have a responsibility to protect our people from the dangers of AI while still harnessing the unique potential of the technology.”
The bill passed the state legislature earlier this year and received endorsements from both OpenAI and Anthropic.
JULY 6, 2026 | Source: The Hill
Meta announces that states are seeking $1.4 trillion in penalties.
What: Meta stated in a court filing that four states are seeking over one trillion in penalties over accusations about damages to young users.
Why: On Monday, Meta pushed back on several state accusations that alleged the company’s social media platforms addicted minors and misled the public regarding safety.
In the filing, Meta stated:
“A sanction of that size has no analog in the history of consumer protection enforcement.”
Meta also alleged that these states are seeking a total of $1.4 trillion in penalties.
These claims were brought forward by California, Colorado, Kentucky, and New Jersey.
JULY 6, 2026 | Source: Reuters
CISA using Mythos to audit government software.
What: The Cybersecurity and Infrastructure Security Agency (CISA) is using Mythos to audit government software.
Why: On Monday, sources noted that CISA is using the Mythos AI model to audit government software. Reportedly, the government agency is using the model to scan code repositories for bugs that could be exploited by foreign spies and cybercriminals. The review is being conducted by CISA’s Attack Surface Evaluation team, which is tasked with conducting digital security assessments and hacking exercises for the federal government.
According to sources, the audits have discovered large amounts of vulnerabilities.
JULY 6, 2026 | Source: Reuters
