CISA added CVE-2024-21182 to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by June 4, 2026, under BOD 22-01. The flaw affects Oracle WebLogic Server and is actively exploited; all organizations are urged to patch immediately.
CISA added CVE-2025-48595 (Android Framework) and CVE-2022-0492 (Linux kernel) to its Known Exploited Vulnerabilities catalog. Federal agencies must patch by June 5, 2026, under BOD 22-01. All organizations should prioritize patching due to active exploitation.
The White House issued a revised AI executive order reducing the voluntary pre-release testing period for frontier AI models from 90 to 30 days. It establishes an AI cybersecurity clearinghouse led by the Treasury and directs federal agencies to identify grant funding for AI vulnerability detection, but does not impose mandatory licensing.
President Trump signed an executive order on June 2, 2026, creating a voluntary framework for federal vetting of advanced AI systems up to 30 days before public release. The order targets frontier AI labs and tasks the NSA director with determining which models qualify, signaling increased national security scrutiny for AI developers.
The GENIUS Act establishes a regulatory framework for stablecoins in the US, requiring financial institutions to comply with KYC/AML standards and select partners across issuance, custody, infrastructure, compliance, and system integration. This signals increased regulatory scrutiny and compliance obligations for stablecoin adoption.
The Faster Labor Contracts Act would amend the National Labor Relations Act to require mediation and arbitration to shorten collective bargaining negotiations. The bill faces strong opposition from business groups like SHRM, but if passed, it would significantly alter labor management relations and HR compliance in the US.
The Supreme Court ruled that actuarial assumptions for calculating withdrawal liability from multiemployer pension funds need not be fixed on the measurement date, resolving a circuit split. Employers can no longer challenge assumptions solely on timing but may still contest substantive reasonableness.
The Supreme Court will hear Crowther v. Board of Regents to resolve whether employees of federally funded educational institutions can sue under Title IX for sex discrimination. The decision could expand litigation risks and require policy adjustments for schools and universities.
The DOL issued Opinion Letter FLSA2026-7 confirming that voluntary off-site travel during a bona fide meal period does not make the meal period compensable under the FLSA. Employers may require employees to remain on premises without converting meal periods into work time, but state laws may impose stricter requirements.
The US Department of Labor cited RBG Foods Inc. for willful and serious OSHA violations after a worker suffered an amputation. Proposed penalties total $196,251, highlighting enforcement of machine guarding, lockout/tagout, and injury reporting requirements.
The U.S. Department of Labor issued an opinion letter confirming that FLSA-exempt employees may perform nonexempt duties without losing exempt status, provided primary duties remain exempt. This clarification impacts overtime calculation and job classification for hybrid roles.
The SEC has proposed rescinding its climate disclosure rule, which would have required public companies to report climate-related risks and emissions. If approved, this reduces compliance burdens but creates investor uncertainty.
The DOL Opinion Letter FLSA2026-8 clarifies that pre-shift work integral to principal duties is compensable, the de minimis doctrine faces heightened scrutiny for regular off-the-clock work, and rounding practices must be neutral. Employers should review timekeeping policies to ensure compliance.
Connecticut has passed a law regulating employers' use of AI in employment decisions, including a novel pilot program for independent verification of AI systems against risk mitigation and safety standards. Companies using AI for hiring, promotion, or other employment decisions in Connecticut must prepare for compliance.
The U.S. DOL issued Opinion Letter FLSA2026-5 confirming that exempt employees can receive hourly pay for nonexempt work if their primary duty remains exempt and salary basis is maintained. Employers must monitor job duties to ensure exemption is preserved.
The SEC has initiated a formal process to rescind its corporate climate disclosure rules, which would remove mandatory climate reporting requirements for US public companies. This represents a significant regulatory reversal that companies should monitor closely.
CISA added CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass flaw, to its Known Exploited Vulnerabilities catalog. Federal agencies must remediate by June 1, 2026, and all organizations are urged to apply patches or mitigations due to active exploitation.
The SEC has rescinded its climate disclosure rule that would have required public companies to disclose climate-related risks, emissions, and governance. Investors express disappointment but indicate voluntary disclosures will continue.
The SEC has formally proposed to rescind the 2024 climate disclosure rules that required public companies to report climate risks, financial impacts of severe weather, and greenhouse gas emissions. The agency cites lack of statutory authority and excessive costs, but the proposal faces a 60-day comment period and likely legal challenges.
The US Department of Labor finalized a rule modernizing Form LM-2 reporting for larger unions and creating an enhanced LM-2 Long Form for the largest unions. It also raises filing thresholds for smaller unions to reduce burden.
No articles specifically tagged for United States yet. Check our blog for general compliance coverage.