🎙️ Episode 29 is live
SCOTUS clears app-store age checks; seven deadlines in three weeks · ~8 min listen
The Supreme Court declined to block Texas's app-store age-verification law on 6 July — the first appellate green light for device-level age checks in the United States — even as a federal judge in Nebraska enjoined that state's parallel mandate days earlier. Meanwhile China promulgated mandatory annual data-security risk assessments, the EDPB reset the anonymisation bar, and seven hard deadlines land between today and 2 August.
Top 5 Stories
SCOTUS leaves Texas SB 2420 enforceable. On 6 July the Court denied applications to vacate the Fifth Circuit's stay (Nos. 25A1389, 25A1390), leaving app-store age-category and parental-consent duties enforceable during appeal. Brief, unsigned, no noted dissent — not a merits ruling.
Nebraska LB 383's age-verification core preliminarily enjoined. Judge John Gerrard granted NetChoice's motion in part on 27 June, holding third-party age verification and express parental consent likely violate the First Amendment. Unenjoined provisions took effect 1 July.
CAC Order No. 24 — annual data risk assessments, effective 20 August. Article 5 mandates an annual assessment for important-data processors; Article 16 requires filing within 20 working days; Article 12 bars the same assessor for more than three consecutive years; Article 19 permits suspension of important-data processing entirely.
FedRAMP Ready retires 28 July. No new Ready submissions after 28 July. Existing holders move through Ready Conversion. Temporary Rev5 Program Certification opens 10 August; FedRAMP 20x Class A opens 3 August; CR26 mandatory for every offering 1 January 2027.
UK BNPL enters the FCA perimeter 15 July. S.I. 2025/1154 brings deferred payment credit into scope of s.189 Consumer Credit Act 1974. Authorisation or temporary permission, affordability checks, Consumer Duty, s.75 protections and FOS jurisdiction all attach.
Deadlines
Jul 10 — AMLA Single Rulebook standards due to Commission
Jul 14 — CNIL pixel-use notice window closes
Jul 15 — UK BNPL becomes regulated deferred payment credit; China's anthropomorphic-AI measures take effect
Jul 17 — Member States must identify critical entities under the CER Directive
Jul 18 — GENIUS Act stablecoin final-rule deadline; Canada's Bill C-16 in force
Jul 25 — Ofcom's statutory age-assurance report due under OSA s.157
Jul 28 — FedRAMP Ready designation retires
Aug 02 — EU AI Act Art. 50 + GPAI penalty powers apply; CA SB 942 operative
Aug 20 — CAC Order No. 24 network data risk assessments take effect
CyberEyeQ — Actionable Regulatory Intelligence. This episode is for informational purposes only and does not constitute legal advice.