Decoded - Technology Law Insights, V 6, Issue 7, July 2025

Nicholas Mooney II, Shane Riley, Alison Sacriponte, Alexander Turner
Spilman Thomas & Battle, PLLC
Contact
LinkedIn
Facebook
X
Send
Embed
 

Volume 6, Issue 7

Welcome

Welcome to our seventh issue of 2025 of Decoded - our technology law insights e-newsletter.

We hope you enjoy this issue and thank you for reading.

What does the US GENIUS Act Mean for Stablecoins?

“The White House categorically states it is a historic piece of legislation that will pave the way for the US to lead the global digital asset revolution.”

Why this is important: The GENIUS Act is a newly passed legislative act that seeks to pave the way for the United States to lead the world in the “global digital asset revolution.” The Act establishes a regulatory framework and guidelines for stablecoins, which will go a long way in bringing stability to a previously chaotic part of the cryptocurrency market.

Stablecoins have, before the passing of the GENIUS Act, existed in a legal grey zone where they remained largely unregulated. Despite this uncertainty, stablecoins have shown tremendous growth, and by mid-2025, they “surged past $230 billion” in circulating supply. Fundamentally, the GENUIS Act introduces “a clear and enforceable structure for issuing, backing and regulating stablecoins in the U.S.” in order to fully unlock the potential of the stablecoin market. The Act also restricts who can issue stablecoins (U.S. Banks, non-bank financial companies licensed by the OCC, and qualified state-regulated institutions), how the reserves that an issuer keeps must be managed, and general consumer protection similar to that offered to consumers in the banking industry.

While the GENUIS Act does establish new requirements for stablecoin issuers, it is not merely a compliance checklist. The Act completely reshapes the stablecoin market in the U.S. and now gives institutions interested in entering the stablecoin market clear regulation and oversight, and establishes the legitimacy of stablecoins with the American consumer. While more cryptocurrency regulation is sure to follow, likely expanding past mere stablecoin regulation, the GENUIS Act is a crucial first step in establishing a clear and transparent regulatory framework for cryptocurrency in the United States. --- Jonathan E. Gharib, Summer Associate

Mexico Makes Biometric Identifier Mandatory for All Citizens

“The mandatory CURP will contain personal and biometric information, including a photograph and a QR code containing biometric fingerprint and iris data.”

Why this is important: Mexico has enacted a law making its biometric-based citizen identifier, the CURP (Clave Única de Registro de Población), mandatory for all citizens. The updated CURP will include biometric data such as fingerprints, iris scans, a photo, and a QR code, and is expected to be fully implemented by February 2026. A Unified Identity Platform linking the CURP to various government databases must be created within 90 days, with biometric data collection for minors starting within 120 days.

While the government argues this will enhance administrative efficiency and help address issues like disappearances, privacy advocates warn it could lead to mass surveillance, data misuse, and increased risk of identity theft. Critics are particularly concerned about the lack of transparency around data access and potential sharing with foreign governments, including U.S. law enforcement. Rights groups argue the system lacks safeguards and oversight, despite official claims that existing privacy laws provide adequate protection.

Mexico’s implementation of biometric identifiers follows a trend worldwide toward national biometric identification programs. However, rushing toward these programs for ease and convenience is met with pause, particularly in liberal democratic nations, due to their high potential for data privacy leaks and government surveillance overreach. --- Shane P. Riley

Dwindling Federal Cyber Support for Critical Infrastructure Raises Alarms

“A plan to transfer cybersecurity and resilience responsibilities to states could have major unintended consequences.”

Why this is important: We’ve reported in prior issues of Decoded how the country’s critical infrastructure is often targeted by threat actors for cybersecurity attacks. The federal government has now announced a plan to decrease its cybersecurity support for critical infrastructure and leave it to the states to lead. In his March executive order, President Trump stated, “Preparedness is most effectively owned and managed at the state, local, and even individual levels, supported by a competent, accessible, and efficient Federal Government.” However, this plan has caused much concern and criticism. The article argues that this decrease in support will exacerbate already alarming cybersecurity weaknesses throughout the nation’s hospitals, ports, railways and other vital systems. It argues that small infrastructure operators, like rural hospitals and water facilities, will bear the brunt of the decrease, which will leave them scrambling to afford expensive new cybersecurity advice and assistance. Some worry that states are already cash-strapped and won’t be able to afford adequate defenses against government-backed attackers in China and Russia. --- Nicholas P. Mooney II

UN Leader Makes Data Center Plea Amid New Growth Projections

“It signals how AI's massive energy thirst is high on the climate world's radar as hyperscalers expand infrastructure for training and use of powerful AI tools.”

Why this is important: In a major address on climate change, UN Secretary-General António Guterres called for lower-carbon data center development, highlighting the collision of technological expansion and climate concerns. Global demand for data centers is soaring, and with the explosive growth of AI, projections expect that demand to continue rising. Data centers consume significant amounts of energy, increasing rapidly with AI's computing demands. This massive energy thirst is on the world’s radar as nations grapple with climate change. Guterres noted that by 2030, data centers could consume as much electricity as all of Japan. He urged tech firms to power all data centers with 100 percent renewables by 2030. We can expect to learn more about clean energy commitments and goals around data centers at COP30, the 30th United Nations Climate Change Conference, in November. --- Alison M. Sacriponte

Retail Accelerates Investments in Generative AI

“The industry is also one of the leaders of AI agent and multiagent system adoption, according to a Capgemini report.”

Why this is important: Generative AI is set to transform the activity of many industries, not least of which will be the retail industry. In fact, AI has “dominated the retail landscape with its various use cases from content creation to consumer-facing tools and more.” Companies as disparate as small businesses to retail titans are all preparing the use of generative AI in their everyday retail activities. While these generative AI systems are offering many positive developments, businesses should be cautious as many consumers already believe “[t]he shopping journey has become far more automated than [they] prefer.”

While widespread generative AI is rather new, over one-half of retail organizations have “upped their generative AI investments compared to last year” in preparation for a change in everyday business practices. Retail, as an industry, is among “the top five industries” adopting the widespread use of AI agents, with almost 20 percent of businesses in the industry already having adopted some form of generative AI. Businesses across industries have tracked the ROI on AI investment and found that there are “positive returns . . . within one to three years,” which encourages businesses to invest as soon and as heavily as possible for the quickest positive results.

As generative AI continues to improve and businesses across industries continue to adopt the new technology en masse, those that invest in their AI systems early will gain a competitive advantage. This advantage may mean the difference between incredible growth and a business shuttering its doors, and as such, we will likely see businesses of all sizes race to acquire AI systems to help in their business operations. --- Jonathan E. Gharib, Summer Associate

Reddit Sues Anthropic Over Unauthorized AI Training

“The Reddit suit claims that Anthropic began regularly scraping the site in December 2021.”

Why this is important: Reddit is suing AI company Anthropic, creator of the Claude chatbot, for unauthorized scraping of Reddit content to train its AI models. Reddit alleges Anthropic scraped its site over 100,000 times after publicly stating it had stopped, despite being offered a paid licensing deal, which Anthropic declined. Reddit has similar lucrative deals with OpenAI and Google, earning over $130 million annually from licensing.

This lawsuit stands out because Anthropic markets itself as a leader in ethical AI, yet it is accused of violating Reddit’s terms, infringing user privacy, and disregarding consent. Reddit calls Anthropic’s ethical branding a “facade.” The company has faced two other lawsuits for scraping song lyrics and copyrighted books without permission.

Anthropic, which spun out of OpenAI over safety concerns, now faces the same dilemma: AI needs massive data, but ethical and legal constraints are tightening. While larger competitors can afford licensing deals, Anthropic has been labeled as one of the most aggressive scrapers online and is under increasing scrutiny, including an antitrust investigation in the U.K. into its partnerships with Google and Amazon.

The legal landscape around AI training on public content remains unsettled, with ongoing lawsuits and conflicting views on whether such data use is or should be lawful. --- Shane P. Riley

This $900 Million Solar Farm in Texas is Going 100% to Data Centers

“Once it’s up and running, every bit of Clear Fork’s electricity will go to Meta Platforms under a long-term contract.”

Why this is important: A 600 megawatt solar farm is under construction near San Antonio, Texas. Once it comes online in 2027, all of the energy it generates will go to Meta to help run its data centers. The article reports on how this contract for the purchase of the entirety of the energy reflects the “growing demand for renewable power across North America from blue-chip companies involved in technology and data center operations.” Technology companies like Meta, Amazon, and Google have been racing to obtain renewable energy contracts to power their fleets of data centers, which use vast amounts of energy. Last year, the U.S. had over 5,000 data centers, and that number is continuing to rise. The increase in the number of data centers will bring an increased amount of legal issues, including site selection, permitting, and data security. If your company has questions about any of the legal issues surrounding data centers, contact Spilman’s Cybersecurity and Data Protection Practice Group. --- Nicholas P. Mooney II

How AI is Changing Telemedicine in 2025

“AI is virtually expanding, reshaping and personalizing telehealth practices in triaging, image analysis, patient diagnoses, treatment planning, monitoring and mental health.”

Why this is important: Artificial intelligence (AI) is a growing phenomenon in today’s world. Whether it’s writing emails, creating marketing tools, drafting speeches, making lesson plans, or answering everyday questions, AI is all around us and making big impacts. Specifically, in the medical and healthcare world, AI is expanding, reshaping, and personalizing telehealth practices in a variety of ways.

Take a moment to think about the process of making and then subsequently going to a doctor’s appointment. You first have to make the appointment, either through a phone call or now with the use of AI through contact center assistance. AI-powered assistance can handle scheduling, provide appointment reminders, provide medication reminders, and even answer simple medical questions. Not only that, but innovative AI chatbots can conduct intake before provider visits, possibly reducing wait time and increasing patient engagement. Not only does the new technology of AI assist during pre-appointment, but AI is also being used during medical evaluations for medical image analysis, patient diagnosis, treatment plans, and patient monitoring. All of which improve care, shorten wait times, and provide support to medical staff and personnel.

While the rise of AI in the medical world most certainly has benefits, it also has significant drawbacks. Not only is implementing AI tools expensive, but it also comes with risks to patient privacy and HIPAA violations. In addition, patients may feel less connected or supported by their providers, which is especially important for medical fields dealing with mental and behavioral health. Human interaction is what makes us feel like we have a community -- like we are heard, wanted, and seen. Perhaps AI in the healthcare world is creating easier access and options for individuals to get care, but the question remains as to whether AI can, in fact, meet all of our needs. Is the tradeoff of quick care for human interaction and connection enough to support the push for AI? Maybe in certain practices, the pros outweigh the cons, such as emergency medicine, where time and efficiency are of the essence. But, maybe in other practice areas, the need for human support and community requires less reliance on AI and more reliance on building rapport with patients.

All doctors take an oath to cure and to care, to do no harm, and to put their patients above all else. If the use of AI violates these promises, then, regardless of the benefits, it may be time to take a second look at the reasons behind the need or want for AI in the healthcare world. --- Addelyn C. Slyh, Summer Associate

Data Breach Hits Pennsylvania’s Largest Workers and Teachers’ Union PSEA, Impacting Over 500,000 People

“The Harrisburg-based organization launched an investigation that concluded on February 18, 2025, that the cyber incident enabled a threat actor to access certain files containing personal information.”

Why this is important: A data breach at the Pennsylvania State Education Association (PSEA), Pennsylvania’s largest workers and teachers’ union, exposed the personal, financial, and health data of over 517,000 individuals. The breach occurred in July 2024 and was confirmed after an investigation concluded in February 2025. Leaked data included social security numbers, driver's licenses and passport numbers, account and payment card information, and health insurance and medical records.

The Rhysida ransomware gang claimed responsibility, demanding a $1.1 million ransom (in the form of 20 Bitcoin) and briefly listed the stolen data online, indicating the ransom may have been paid.

In response, PSEA first notified the authorities and victims and has offered 12 months of credit and cyber-attack monitoring. They have also urged individuals to monitor financial activity and consider credit freezes.

Rhysida, a hacker group active since May 2023, has been linked to multiple high-profile breaches and is believed to have ties to Vice Society. U.S. agencies, including the FBI and CISA, have issued warnings about its growing threat, especially to sectors like education and healthcare.

Ransomware hacks are an ever-growing problem and no organization, small or large, public or private, is truly safe. Savvy business leaders will be prepared with a plan and able to jump into action as soon as the bad actors strike. Reach out to Spilman to discuss strengthening your cybersecurity plan and response protocols. --- Shane P. Riley

Amazon and Pennsylvania Join the Leaders in Pursuing Creative, Renewable Solution to Data Center Energy Requirements

By Barry A. Naum

As the popularity and use of language learning models such as Chat-GPT and Co-Pilot and other Artificial Intelligence (AI) products rapidly expand and as data centers continue to search for building and electric capacity to manage that demand, big business has begun to seek approval from states in a race to see who will become the front-runner in the new AI industry. Making huge steps in this endeavor, Amazon Web Services (AWS) seeks to establish its dominance in the AI industry with a $20 billion investment to build two new data centers in Pennsylvania over the next 10 years, fueled by carbon-free nuclear power.

Click here to read the entire article.

Patient Death Linked to Ransomware Attack on Pathology Services Provide

“This is one of the first times that a patient’s death has been directly linked to a cyberattack.”

Why this is important: Synnovis, a pathology services provider to the National Health Service (NHS) in the United Kingdom, fell victim to a ransomware attack on June 3, 2024. The attack was conducted by a group known for engaging in ransomware attacks and caused massive disruption across healthcare services in London. The attack resulted in over 10,000 appointments being cancelled, and the problems caused by the attack lasted for several months. The attack was so disruptive that it led to a blood shortage in the impacted areas and caused healthcare providers “to use O-negative blood due to limitations placed on blood matching due to the attack.”

The Kings Collect Hospital NHS Foundation, after a lengthy investigation, confirmed that the death of a patient, which occurred during the attack, was caused in part by the chaos that the cyberattack caused. Specifically, the patient had to wait longer than normal for results of a blood test due to the impact of the attack, and this caused their care to diminish and eventually contributed to their death. In addition to this solemn consequence, around 1,000,000 patients had their data (including names, dates of birth, and medical history) stolen during the attack, and the attack caused over $40 million in damages.

The massive amount of private, sensitive data stolen and the tragic death of a patient shine a light on the need for increased and improved cybersecurity. Much has been said, and rightfully so, in recent years about the need for Americans to improve their cybersecurity infrastructure to prevent attacks such as this on sectors important for national security. While less attention is paid to sectors of the economy traditionally considered to be primarily civilian-focused, it is clear they can no longer be ignored. This attack in the U.K. shows the damage even a relatively small attack can do and should motivate us to improve our cybersecurity capabilities quickly. --- Jonathan E. Gharib, Summer Associate

 

 

 

 

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Spilman Thomas & Battle, PLLC

Written by:

Spilman Thomas & Battle, PLLC
Spilman Thomas & Battle, PLLC
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Spilman Thomas & Battle, PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide