What the U.S. Presidential Election Results Mean for Digital Compliance Policies

As we process the results of the recent U.S. presidential and congressional elections, one thing is certain: 2025 and beyond could bring substantial shifts in the landscape of digital compliance. A Republican mandate in the White House and Senate, possibly extending to the House, points towards a potential pivot in executive policy, particularly regarding digital regulation and artificial intelligence (AI). While many details are yet to be clarified, a deregulatory approach with a focus on fostering innovation, especially in the face of global competition, appears likely.

AI Executive Order: A possible overhaul

President-elect Donald Trump has expressed a commitment to revisiting and potentially overhauling the Biden administration’s AI executive order. Celebrating its first anniversary, this order currently requires companies developing dual-use foundation models to report on their training and security processes. It also tasks the National Institute for Standards and Technology (NIST) with providing guidance to mitigate bias and discrimination in AI.

However, the new administration’s stance suggests that these anti-bias components may face scrutiny. Proponents of a more relaxed regulatory framework argue that such requirements could stifle innovation and deter potential AI advancements. As it stands, while a repeal of the executive order may not happen immediately, elements that prioritize fairness and anti-discrimination in AI could be deprioritized.

Digital trade and trans-border data flows

Another area of digital compliance that could see adjustments is digital trade policy and trans-border data flows. The EU-U.S. Data Protection Framework (DPF), originally developed under Trump’s first administration as a response to the invalidation of the Privacy Shield, was further operationalized by the Biden administration. While the DPF is unlikely to be directly affected, the framework remains at risk of further challenges in EU courts.

Digital trade policies, however, might face a reset. The Biden administration shifted away from unrestricted data flow, citing national security concerns. Given Trump’s historical skepticism towards China and emphasis on safeguarding U.S. interests, it’s anticipated that the new administration will prioritize stricter policies for critical infrastructure security and data flow, likely with a regulatory lens aimed at foreign competitors.

Cybersecurity law and critical infrastructure

Cybersecurity policy could also experience shifts. Traditionally, Republican-led administrations favor a pro-business approach, but Trump’s stance diverges from conventional conservative views. A focus on national security could lead to a continuation of Biden-era initiatives targeting cybersecurity, especially in critical infrastructure.

The Department of Defense’s Cybersecurity Maturity Model Certification program, designed to ensure defense contractors meet rigorous cybersecurity standards, is unlikely to be derailed. Additionally, the Justice Department’s impending final rule on sensitive data exports is expected to withstand any challenges from the new administration, although it may face legal hurdles.

Healthcare cybersecurity, particularly regarding reproductive health information post-Dobbs, could see less regulatory support. Changes introduced under Biden to enhance HIPAA’s privacy protections for reproductive health may be downplayed or deprioritized under the new administration.

Federal Trade Commission (FTC) and consumer protection

A reshuffling at the FTC appears imminent. Chairwoman Lina Khan’s term is set to expire, and it’s unlikely she will be reappointed. The transition to a new chair, potentially one of the two existing Republican commissioners, could shift the agency's approach towards consumer protection and digital privacy.

The FTC’s ongoing work on a rulemaking proposal for commercial surveillance may or may not reach completion before year-end. If finalized, this framework could lay the groundwork for future digital compliance structures, regardless of the administration in power.

Federal privacy law: An uncertain future

A comprehensive federal privacy law remains an elusive goal. The American Privacy Rights Act (APRA) made progress in 2024, only to lose momentum as election activities intensified. While state preemption is a priority for some Republican lawmakers, privacy and AI regulation may not top the Republican agenda. The issue of federal preemption, particularly for states with stringent privacy laws like California, is likely to persist.

State laws, however, will continue to shape the privacy landscape in the absence of federal action. Texas, for example, has emerged as a privacy enforcement leader, and Democratic-controlled states may pursue even stronger privacy legislation in response to federal regulatory shifts.

Implications for state privacy laws

Without a comprehensive federal framework, states are likely to resume their roles as key drivers of privacy regulation. States such as Colorado, Connecticut, and Washington are expected to push forward with their respective privacy and AI bills, influenced by the election’s outcome and the public’s evolving stance on data protection.

In particular, Democrat-controlled states may respond to federal deregulatory trends with more aggressive data privacy legislation. For example, in response to the Supreme Court’s Dobbs decision, Washington passed the My Health My Data Act, illustrating the potential for significant state-level action in response to national policy shifts.

Preparing for a new era in digital compliance

As the new administration takes office, organizations need to stay attuned to potential regulatory shifts in AI, cybersecurity, and digital trade. While a deregulatory agenda may create opportunities for innovation, it could also complicate the compliance landscape as state and federal priorities diverge.