Veeam Completes Acquisition of Securiti AI to Create the Industry’s First Trusted Data Platform for Accelerating Safe AI at Scale
View
January 23, 2026
United States
A coalition of 35 U.S. state attorneys general has increased pressure on xAI over allegations that its chatbot Grok enabled the creation and spread of AI-generated nonconsensual intimate images (NCII), including content involving minors. The actions follow reports that Grok allowed users to transform ordinary images into sexually explicit content without consent.
The escalation includes a formal investigation and cease-and-desist order from California Attorney General Rob Bonta, alongside coordinated demands from multiple states for stronger safeguards, content removal, user suspensions, and reporting to law enforcement. The move signals rising state-level enforcement risk for AI developers over harmful model outputs.
January 21, 2026
Ontario, Canada
The Information and Privacy Commissioner of Ontario (IPC) and the Ontario Human Rights Commission (OHRC) have released joint Principles for the Responsible Use of Artificial Intelligence, setting expectations for organizations developing or deploying AI systems. The principles require AI to be valid and reliable, safe, privacy-protective, human-rights-affirming, transparent, and accountable throughout its lifecycle.
The guidance builds on earlier IPC-OHRC work and aligns with domestic and international AI governance frameworks. It signals that AI adoption in Ontario must balance innovation with enforceable privacy and human rights safeguards, and that failures in AI governance may attract multi-regulatory scrutiny.
January 14-16, 2026
California, United States
California Attorney General Rob Bonta has escalated enforcement action against xAI over allegations that its chatbot Grok was used to generate and distribute AI-generated nonconsensual intimate images (NCII) and child sexual abuse material (CSAM). The action follows reports that users were able to upload ordinary images and receive sexually explicit outputs without the subjects’ consent. On January 14, the California Attorney General’s Office opened a formal investigation into xAI’s practices. Just two days later, on January 16, the state issued a cease-and-desist order, demanding that xAI immediately halt the creation and dissemination of such content.
The move marks one of the most significant state-level enforcement actions to date, directly targeting AI model outputs, signaling heightened legal risk for developers whose systems enable harmful generative content.
January 13, 2026
United States
Following the Executive Order of December 11, 2026, the US Department of Justice has established an AI Litigation Task Force. Headed by the Attorney General, the group is mandated to oversee the deployment of AI within the federal government and to challenge state-level AI regulations that may conflict with federal interests or impede innovation. The Task Force will evaluate state laws on the grounds of unconstitutional interference with interstate commerce and federal preemption, with a specific focus on "onerous" requirements
The group will act as a central hub for coordinating AI-related enforcement actions and policy across different departments. While its primary focus is to promote a “minimally burdensome” standard, the group will also be working towards preventing algorithmic discrimination and ensuring that AI is used responsibly by private entities.
Overall, the creation of the Task Force, as a specialized unit, signals a shift towards centralized AI governance, as opposed to the emerging “patchwork” of AI laws.
January 21, 2026
The European Data Protection Board and the European Data Protection Supervisor have published Joint Opinion 1/2026 on proposals to simplify the implementation of harmonized AI rules under the EU’s Digital Omnibus initiative. The regulators stress that the use of special categories of personal data for bias prevention must remain exceptional, strictly necessary, and subject to supervision by data protection authorities.
The opinion also opposes removing registration obligations for certain high-risk AI systems, emphasizing the need for public transparency, and calls for mandatory DPA involvement in EU-level AI sandboxes. While supporting centralized oversight by the AI Office, the boards warn against sidelining national authorities and caution that delaying high-risk AI obligations or weakening provider responsibilities could undermine fundamental rights and create legal uncertainty.
January 13, 2026
Spain
The Spanish Data Protection Authority (AEPD) has highlighted that the use of third-party images in AI systems is not a neutral act, as any identifiable image or video remains personal data even when modified by filters or avatars.
The entire process leads to an effective loss of control for users over their personally identifiable data, as AI systems often retain "non-visible" copies and generate technical metadata that can lead to persistent identification and re-identification of the subject. Because of the deep information asymmetry between AI providers and the individuals depicted, it becomes increasingly difficult for people to exercise their rights to erasure or objection, making even "playful" uses of AI a high-risk activity for data protection.
January 12, 2026
United Kingdom
The UK’s Office of Communications (Ofcom) has launched a formal investigation into X to assess potential breaches of the Online Safety Act, following reports that the Grok chatbot was used to generate and share non-consensual sexualised images and child sexual abuse material.
The inquiry will examine whether X failed to properly assess risks, implement effective age-assurance measures, or remove illegal content promptly. While X has announced technical restrictions, Ofcom has stated the matter remains a priority. If violations are confirmed, X could face fines of up to £18 million or 10% of global turnover, and potentially court-ordered service restrictions in the UK. Read More
January 8, 2026
United Kingdom
The Information Commissioner’s Office (ICO) has released a new Tech Futures report that explores the rise of Agentic AI and its implications for consumer privacy.
Among the various AI-related predictions, notable ones relate to those of AI becoming a mainstay with capabilities of independent management of household finances, negotiating prices, and making proactive purchases based on learned preferences. While the ICO acknowledges the transformational potential of these autonomous systems, it warns that public trust depends on ensuring that technological advancements do not come at the cost of data privacy.
The Executive Director of ICO has also emphasized how ICO will be proactively monitoring developers and deployers this year to ensure agentic systems are built on strong data protection foundations. The report serves as a call to action for the industry to prioritize "privacy by design" as these digital companions move toward making independent real-world decisions.
January 7, 2026
Finland
Finland has empowered 15 national authorities to supervise the implementation of the AI Regulation. This decentralized model aims to ensure AI systems do not endanger health, safety, or fundamental rights, while fostering trust for innovation.
The Finnish Transport and Communications Agency will serve as the national contact point for coordination efforts. In contrast, the Data Protection Commissioner will serve as the market surveillance authority for high-risk systems and to monitor prohibited practices.
January 6, 2026
Italy
Italy’s Autorità Garante della Concorrenza e del Mercato (AGCM) has closed its investigation into DeepSeek following the company’s agreement to legally binding transparency commitments. The probe, launched in June 2025, concerned allegations that users were not adequately informed about the risks of AI hallucinations, inaccurate outputs, and fabricated information.
To resolve the case, DeepSeek implemented enhanced and immediate risk disclosures, including clear warnings about hallucinations and output limitations. AGCM concluded that these measures sufficiently address consumer protection concerns, bringing the investigation to a close.
January 22, 2026
South Korea
The MSIT has launched the AI Basic Law Support Desk. It will be staffed by legal, regulatory, and technical experts to provide accurate and prompt consultations. All consultations will remain confidential. General inquiries will be responded to within 72 hours on weekdays, and complex inquiries within 14 days.
This initiative supports the smooth implementation of the AI Basic Act, which is the world's second comprehensive AI law after the EU AI Act. The government has implemented a grace period of at least one year during which it will focus on consultations and education rather than investigations or administrative sanctions, helping companies determine whether their systems fall within the law's scope and how to comply accordingly.
January 22, 2026
Singapore
Singapore’s Infocomm Media Development Authority (IMDA) has unveiled the world’s first comprehensive Agentic AI System Governance Framework, announced at the World Economic Forum in Davos. Building on Singapore’s 2020 Model AI Governance Framework, the guidance applies to both in-house and third-party AI agents and focuses on practical deployment controls.
The framework addresses four core areas: risk scoping and limits on autonomy, meaningful human accountability, technical lifecycle controls (including testing and monitoring), and end-user transparency and responsibility. IMDA expects organizations globally to adapt the framework over the next 12-24 months, potentially positioning it as a de facto international standard for governing autonomous AI systems.
January 14, 2026
Australia
Australia’s Australian Signals Directorate (ASD), via the Australian Cyber Security Centre (ACSC), has released guidance on managing cybersecurity risks associated with cloud-based AI systems, in collaboration with New Zealand’s National Cyber Security Centre (NCSC-NZ) and Council of Small Business Organisations Australia (COSBOA). The guidance targets small businesses and highlights risks such as data leakage, privacy breaches, unauthorized access, output manipulation, and vendor security gaps.
Key recommendations include strengthening data governance, defining clear AI-use policies (including data that must not be uploaded), vetting AI vendors’ privacy and security practices, training staff on responsible AI use, and securing sensitive information. The guidance follows a 2025 incident involving a notifiable breach after personal and health data were uploaded to an AI system and forms part of ASD’s broader Small Business Hub resources.
January 1, 2026
Taiwan
Taiwan’s Legislative Yuan has passed the Artificial Intelligence Basic Act, establishing a national, risk-based AI governance framework aligned with international standards. The Act designates the National Science and Technology Council (NSTC) as the central authority and mandates the Ministry of Digital Affairs (MODA) to develop an interoperable AI risk classification framework. It codifies core principles including privacy, transparency, fairness, accountability, and cybersecurity.
The law does not impose immediate private-sector obligations, with detailed requirements to follow through sector-specific rules over the next two years.
Organizations should begin mapping AI systems, assessing risk, and strengthening privacy-by-design practices in anticipation of future high-risk labeling, documentation, and oversight requirements.
Virginia (US): SB 245 was referred to the Senate Committee on Education and Health, proposing tightened regulation on social media and AI by mandating age screening, prohibiting "dark patterns."
At Securiti, our mission is to enable organizations to safely harness the incredible power of Data & AI.
Copyright © 2026 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, LLC.
3155 Olsen Drive
Suite 325
San Jose, CA 95117
Type
