7-minute read | 1,650 words
What to know this week
Trump blocks a chip deal over China-related concerns.
President Trump has blocked HieFo Corp’s $3 million acquisition of Emcore.
State privacy laws come into enforcement.
With 2026 starting, a host of new state privacy laws have come into effect.
This week's full stories
Trump blocks chip deal.
THE NEWS
On Friday, President Trump blocked HieFo Corp’s $3 million acquisition of EMCORE, citing concerns related to both national security and ties to China via Executive Order (EO). Through this EO, President Trump stated that the US photonics firm was “controlled by a citizen of the People’s Republic of China” and that the acquisition could negatively affect national security.
While the EO did not explicitly name the individual of concern related to this acquisition, the order did state that “the transaction is hereby prohibited” and that HieFo is required to “divest all interests and rights in the Emcore Assets, wherever located” within 180 days.
This order follows an investigation by the Committee on Foreign Investment in the United States (CFIUS). In their investigation, CFIUS noted that they “identified a national security risk arising from the transaction relating to potential access to EMCORE’s intellectual property, proprietary know-how, and expertise, and to the potential diversion of supply of indium phosphide chips manufactured by the EMCORE Digital Chips Business.”
THE KNOWLEDGE
The blocking of this deal ties back to several recent actions taken by the Trump administration aimed at more closely monitoring the ties that advanced technology companies have with China and the associated potential national security risks.
Alongside this most recent development, CFIUS also reviewed and investigated Suirui’s ownership of Jupiter Systems, LLC in July 2025, and identified this as a national security risk. More specifically, CFIUS found a potential compromise of Jupiter’s products used in military and critical infrastructure environments. Similarly, following this CFIUS investigation, President Trump released an order stating that Suirui’s ownership threatened national security and that the foreign company must divest from Jupiter Systems.
In another instance, the Trump administration also turned its attention to TP-Link Systems over its ties to China. In December 2025, the US Federal Trade Commission (FTC) announced that it was examining whether the router manufacturer deceived consumers by concealing its connections to China. While the FTC did not file a formal complaint, this investigation followed previous pressures in November 2025, when various US agencies were looking to ban the company’s routers. In this effort, the Commerce Department stated:
“Commerce officials concluded TP-Link Systems products pose a risk because the US-based company’s products handle sensitive American data and because the officials believe it remains subject to jurisdiction or influence by the Chinese government.”
Though the Trump administration has begun relaxing export controls related to advanced semiconductor chips, this does not necessarily mean that the administration is looking to thaw tensions between China and the US. While these two approaches seem to be at odds with each other, they do demonstrate a strategy where the Trump administration is comfortable exporting technologies provided it has oversight of this process, but is uncomfortable with Chinese businesses buying stakes in advanced US technology companies.
THE IMPACT
The Trump administration’s crackdown on Chinese-linked acquisitions underscores a broader strategy to prevent control of advanced US technologies, while maintaining careful oversight of exports. This approach signals that the US is increasingly vigilant about intellectual property, supply chains, and critical technologies that could have military or infrastructure applications.
For companies, this means heightened scrutiny for any deal involving Chinese ownership or influence, especially in sectors like semiconductor, photonics, artificial intelligence, and regulatory investigations may become more common, making due diligence on foreign partnerships and corporations more critical than ever.
Overall, the EMCORE-HieFo EO is not solely about this single deal; rather, it represents a continuing trend of the US government asserting control over strategic technology assets to safeguard national security.
California Delete Act comes into force.
THE NEWS
As 2026 kicked off, California’s major privacy law came into effect, marking a significant change in how the state addresses data brokers. SB-362, also known as the Delete Act, was passed in 2023 and expanded the privacy rights for California, which were originally established in the California Consumer Privacy Act in 2018.
Through the Delete Act, the state has established the DROP platform. This platform now allows Californians to delete the information that data brokers have collected and better control how their personal data is used and sold.
More specifically, data brokers will now be required to do the following:
- Register with CalPrivacy annually.
- Report the types of information they collect and share.
- Process deletion requests submitted through the DROP system.
- Undergo audits to ensure compliance with the Delete Act.
Matt Schwartz, a policy analyst for Consumer Reports, commented on the Act, emphasizing:
“California has the most advanced approach to data brokers of any state. The Delete Act is a great example of a law that gives meaningful control back to consumers.”
Notably, while the DROP platform is open for Californians to submit deletion requests, brokers will not be required to process deletion requests until August 1, 2026. For data brokers found not to be complying with these data deletion requests, they will face daily fines.
THE KNOWLEDGE
Alongside the Delete Act, several other states have also had notable privacy laws come into enforcement. Some of these more significant privacy laws include:
- Indiana’s Consumer Data Protection Act (ICDPA)
- Kentucky’s Consumer Data Protection Act (KCDPA)
- Rhode Island’s Data Transparency & Privacy Protection Act
Both the ICDPA and the KCDPA also went into effect on January 1st, 2026, and are similar to Virginia’s Consumer Data Protection Act (VCDPA). Like the Virginia law, these two privacy laws focus on expanding consumer protection rights for data, such as establishing rights to access data, request that their personal information be deleted, or opt out of data collection efforts. While each of these laws differs slightly, they mark a notable shift in how states are looking to address privacy requirements without a significant federal policy.
Rhode Island’s privacy law provides similar protections as other data protection laws, but notably has instituted civil penalties of up to $10,000 per violation, and does not provide controllers a cure period to remedy alleged violations. Additionally, unlike other states, Rhode Island has not mandated the use of a universal opt-out mechanism, a tool often required to allow consumers to communicate privacy preferences.
THE IMPACT
Each of these laws represents a significant change across the nation for how states are collectively beginning to address privacy needs. While each of these state laws differs from the other, they are more similar than not, as each provides consumers with greater privacy rights and creates stronger requirements for data collectors and brokers.
As each of these and other similar laws go into effect, consumers in impacted states should take time to understand what new rights they have been granted and how they can utilize these new rights. Additionally, businesses operating in these states should understand the various requirements, differences, and penalties of these laws to ensure that they are compliant and avoid unnecessary legal ramifications.
This Week's Caveat Podcast: Your data, your rules.
Dave Bittner and Ben Yelin sit down to discuss how California, Virginia, and Texas are already leading the way for privacy enforcement. During this conversation, our team looks at how these states are looking to address these issues, such as California restricting how location data is collected, Texas restricting how applications engage with minors and collect their data, and Virginia is looking to focus heavily on social media and data through the Virginia Consumer Data Protection Act.
OTHER NOTEWORTHY STORIES
China issues draft rules for regulating AI.
What: China’s cyber regulator issued draft rules that aim to increase oversight of AI services mimicking human personalities
Why: Last week, China released draft rules for public comment. In these rules, the nation aims to increase its oversight of AI products and services designed to simulate human personalities, thinking, and those that interact with users emotionally.
Currently, AI providers would be required to assume safety responsibilities during the AI’s lifecycle, alongside creating procedures to increase data security and mitigate algorithm risks. Additionally, the drafted rules also look to address the psychological dangers associated with AI by requiring providers to identify user states and assess emotions. If users are found to be under duress or showing addictive behaviors, then providers will be required to intervene.
DEC 29, 2025 | Source: Reuters
Trump removes Intellexa spyware trio from sanctions list.
What: The Trump administration has removed three Iranians accused of working for Intellexa from the sanctions list.
Why: On Friday, the Trump administration removed sanctions against the trio, who were believed to be working for Intellexa. Intellexa is a consortium that created the Predator spyware, which has been used to circumvent safeguards.
These sanctions were originally imposed in 2024 under the Biden administration and were a part of a larger effort by the Trump administration to revise existing sanctions. When issuing this removal, a US official commented:
“This removal was done as part of the normal administrative process in response to a petition request for reconsideration. Each individual has demonstrated measures to separate themselves from the Intellexa Consortium.”
JAN 2, 2026 | Source: CyberScoop
Chinese cyberattacks on Taiwan averaged 2.6 million a day in 2025.
What: Cyberattacks against Taiwan’s key infrastructure rose 6% in 2025.
Why: On Sunday, Taiwan’s National Security Bureau released a report on the threats facing the island. In this report, the agency found that the island faced an average of 2.6 million attacks a day, representing a 6% increase from 2024. The report stated:
“Such a trend indicates a deliberate attempt by China to compromise Taiwan’s crucial infrastructure comprehensively and to disrupt or paralyze Taiwanese government and social functions.”
Additionally, the agency also stated that these cyber attacks often coincided with military and political coercion efforts.
JAN 4, 2026 | Source: Reuters