Important disclosure and disclaimer — read carefully
Docket Daily does NOT guarantee that it finds, captures, or displays every relevant bill, rule, opinion, order, or announcement. Public sites change without notice, feeds fail, keywords and filters omit edge cases, and automated pipelines can miss or delay items. You must always independently research and verify any citation or legal development before relying on it professionally or in any filing or proceeding.
The list below describes what we attempt to scan on a recurring daily basis. It is illustrative, and NOT a warranty of completeness, accuracy, or timeliness.
Editorial pillars
What Docket Daily Covers
Docket Daily monitors AI, privacy, data, and cybersecurity governance law across all 50 states, the District of Columbia, and the federal government — updated daily. Our coverage spans proposed bills, enacted statutes, administrative regulations, executive orders, and court decisions that establish compliance obligations, enforcement authority, or legal rights in these four pillars. We track the law that governs how AI systems are built and deployed, how personal data is collected and protected, how organizations respond to data breaches, and how cybersecurity standards are set and enforced. We do not cover general criminal prosecutions, routine civil tort matters, or regulatory actions unrelated to technology governance. Every item in Docket Daily represents a legal instrument that a compliance officer, privacy attorney, technology counsel, or AI governance professional needs to know about.
AI Law
Mandatory disclosure and transparency requirements for AI systems used in consequential decisions
Algorithmic impact assessment and bias audit obligations
Human oversight mandates for AI in healthcare, insurance, employment, and benefits
Frontier model safety reporting and incident disclosure requirements
Prohibitions on AI-generated deepfakes, synthetic media, and nudification technology
Chatbot safety standards, professional service restrictions, and minor protections
State and local government cybersecurity standards and incident response obligations
Insurance sector cybersecurity regulation under NAIC model law frameworks
Critical infrastructure protection obligations and sector-specific security requirements
Vendor and third-party security contracting mandates
Docket Daily focuses on AI law, data law, privacy law, and cybersecurity law. We pull from public, official sources and organize what we find into the digest period you choose, with clear federal and state views. A licensed attorney reviews each item that reaches your digest to confirm which of those four pillars it belongs under (and the finer subtopic under each). The product also reflects multiple layers of attorney-developed rules and checks beyond that labeling step. Those safeguards exist so you can treat the feed as a strong starting point for research—but never as a substitute for reading the original source and applying your own professional judgment.
Categorization and per-pillar summaries
Docket Daily uses four editorial pillars — AI law, Data law, Privacy law, and Cybersecurity law — each with finer subcategories (for example, consumer data brokers, breach notification, or algorithmic transparency). Attorney review confirms which pillars fit before an item is treated as ready for your workspace. When an instrument meaningfully implicates more than one pillar, it is listed under every pillar that applies(up to all four), not just a single "primary" topic.
For reviewed items, the workspace presents a Plain English summary and a contextual review for each pillar that applies. Multi-pillar entries use clear headings in those panels so you can scan AI-, Data-, Privacy-, and Cybersecurity-law angles separately while still opening one official source.
Federal legislation
Congress.gov API
GovInfo and Congress.gov
State legislation
State bills and measures are discovered through direct daily scraping of each state's official legislature website — all 50 states and the District of Columbia. For each state and the District of Columbia, we use that state's official daily update feed plus an advanced keyword search pass using a comprehensive master keyword list covering hundreds of terms across AI law, data law, privacy law, and cybersecurity law. Candidates are then run through our topic gate and signal-tiering logic before reaching your digest.
Federal regulations
Federal regulations are discovered through the Federal Register API using batched keyword searches across our full master term list. We surface final rules, interim final rules, proposed rules, NPRMs, guidance documents, and enforcement actions that fall within our four pillars.
CISA — Cybersecurity and Infrastructure Security Agency
Known Exploited Vulnerabilities (KEV) Catalog — daily direct fetch of the CISA KEV JSON feed. Each alert date is cataloged as a single entry with all CVEs added in that alert cycle. Entries include federal remediation deadlines under BOD 22-01.
Cybersecurity Directives — Binding Operational Directives (BODs) and Emergency Directives (EDs), including versioned amendments. These are mandatory compliance instruments for all FCEB agencies and the primary source for federal cybersecurity patch and remediation obligations.
Cybersecurity Advisories (AA-series) — joint advisories co-authored with NSA, FBI, and international partners covering active threat actor TTPs and critical vulnerability exploitation.
ICS and ICS Medical Advisories — vulnerability disclosures specific to industrial control systems, operational technology, and medical device environments.
StopRansomware advisories — ransomware threat actor profiles and mitigation guidance.
Federal agency enforcement, guidance, and rulemaking
Beyond the Federal Register, Docket Daily directly monitors the following federal agencies for pillar-relevant publications:
FTC (Federal Trade Commission) — press releases covering enforcement orders, consent decrees, policy statements, and reports. Filtered for AI, privacy, data security, and cybersecurity content. Reports to Congress (including RANSOMWARE Act mandated reports) included.
OMB (Office of Management and Budget) — memoranda covering federal technology policy, software and hardware security, AI governance, and cybersecurity obligations for FCEB agencies. OMB memos are mandatory compliance instruments for federal agencies and procurement benchmarks for federal contractors.
NIST (National Institute of Standards and Technology) — AI Risk Management Framework (AI RMF) publications, profiles, playbooks, and concept notes from the NIST AI RMF page and AI Resource Center. NIST CSRC cybersecurity publications including SP 800-series standards, FIPS, and NIST IR reports.
HHS/OCR (Department of Health and Human Services, Office for Civil Rights) — HIPAA Privacy Rule, Security Rule, and Breach Notification Rule enforcement: resolution agreements, civil monetary penalties, and corrective action plans.
TSA (Transportation Security Administration) — Security Directives for pipeline, surface transportation, and aviation cybersecurity. TSA SDs are mandatory compliance instruments for covered critical infrastructure operators.
FDA — AI/ML-enabled medical device guidance, Software as a Medical Device (SaMD) publications, and Predetermined Change Control Plan guidance.
DOJ National Security Division — Data Security Program publications, compliance guides, and enforcement actions under the final rule restricting bulk data transfers to countries of concern.
Courts
Federal courts. We pull from official opinion channels for the Supreme Court of the United States, every federal circuit court of appeals, every federal district court, and U.S. Bankruptcy Courts.
State supreme and appellate courts. We maintain a curated list of official opinion or decision pages for each state's high court and, where it exists, its intermediate appellate courts. We run routine health checks on those URLs and adjust when courts redesign or move content.
How court items are chosen for you. Attorney-guided rules and review narrow the opinions that meaningfully discuss AI, data, privacy, or cybersecurity.
Executive orders
Presidential and state governor executive orders
Attorney General & agency enforcement actions
State attorney general enforcement actions and press releases — Tier 1 state AGs scraped daily or weekly: California AG, Texas AG, Connecticut AG, Colorado AG, New York AG. Tier 2 AGs scraped weekly with keyword filtering: Illinois, Massachusetts, Washington, Florida, New Jersey, Pennsylvania, Virginia, Oregon, Minnesota, and North Carolina.
California Privacy Protection Agency (CPPA) — enforcement decisions, stipulated final orders, rulemaking packages, and DROP system requirements. The only dedicated state privacy regulatory body with rulemaking authority independent of the AG.
New York Department of Financial Services (NY DFS) — 23 NYCRR Part 500 cybersecurity regulation enforcement, consent orders, and guidance letters covering all DFS-licensed entities: banks, insurers, mortgage servicers, fintech lenders, and virtual currency businesses.
National Association of Insurance Commissioners (NAIC) — model laws, model bulletins, and AI governance guidance adopted by individual state insurance departments across all 50 states.
AP News headlines (AI)
Article headlines from apnews.com with links to the articles
Editorial review and quality controls
Docket Daily is built so that multiple independent safeguards work together, and not just a single pass or a black box. We combine automated screening with attorney-designed criteria, human attorney editorial judgment where it matters, and ongoing URL health checks when sources move or break. The aim is a feed you can scan quickly, then confidently click through to the original source.
Layered relevance and quality gates so off-topic or low-signal material is far less likely to clutter your workspace.
Structured summaries and fields, including plain English summaries and contextual review drafted per applicable pillar (AI, Data, Privacy, Cybersecurity) when an item crosses topics, and always alongside the primary source link.
attorney review that confirms which of the four pillars each entry belongs under, and broader checks for what we publish as ready for client-facing use, consistent with our product design.
What we do not claim:
Exhaustive coverage of every jurisdiction, docket, or agency
Real-time or same-day publication for every source
Legal advice or a substitute for primary sources and professional research tools.
Schedule
The consolidated catalog and digest views treat January 1, 2026 as the beginning of the coverage window for AI, data, privacy, and cybersecurity instruments we surface in the workspace (subject to source availability and attorney review). We continued tightening searches, source lists, and workflows through early 2026; earlier periods may look thinner or less consistent where we were still calibrating how we find, filter, and confirm items before they reach you.