Nonprofits and Associations in 2026: A Checklist for Leadership’s Top 10 Legal Issues

We are working with our clients across all of these areas and more, and we offer here a checklist to address some of the most consequential issues for executives and boards as they prepare their 2026 agenda.

1. AI: IP, Privacy, and Contract Management

Artificial intelligence (AI) tools are now embedded in development, communications, research, and back-office functions. That ubiquity carries three immediate legal questions. First, intellectual property (IP) ownership and protection. Works created solely by generative AI are not protected by US copyright, and training- or output-related risks, including inadvertent replication, create exposure. Second, confidentiality and privacy. Model and tool selection must align with data minimization, retention, security, and contractual restrictions on donor, beneficiary, and employee data. Third, vendor governance. Agreements should address training sources, indemnities for infringement and privacy violations, audit and security commitments, output usage rights, transparency and disclosure compliance obligations, and termination or transition mechanics.

An updated AI use policy, training, and vendor terms will pay dividends across the organization.

2. Cybersecurity, Ransomware, and the Patchwork of Notifications

Data security remains a top enterprise risk. Ransomware and credential-theft tactics continue to evolve, and the legal aftermath of an incident is complex. Organizations must navigate Office of Foreign Assets Control (OFAC) constraints on ransom payments, multi-state individual and regulatory breach notification obligations with short deadlines, contractual notice and other breach-related obligations, insurance conditions, and potential regulatory, class action, and brand exposure. In 2026, expect continued tightening of audit, governance, and breach reporting requirements at the federal and state levels, and more funders conditioning awards on specific security controls.

Validate incident response plans with tabletop exercises; lock in counsel, forensics, crisis communications, and e-discovery vendors; ensure vendors are subject to strict due diligence, security controls, and monitoring; align cyber insurance with your risk profile; and confirm that data maps and retention schedules reflect current reality.

3. Fundraising Compliance and the New Enforcement Reality

Fundraising remains mission-critical and heavily regulated. State charity officials continue active enforcement of registration, disclosure, and reporting obligations, reaching beyond organizations to professional fundraisers, crowdfunding intermediaries, and cause-marketing partners. Some fundraising platforms are increasingly using automated compliance checks by suspending organizations delinquent with their state filings and cutting off access to online giving until filings are current.

Leadership should confirm that solicitation footprints are mapped, registrations and renewals are up to date, donor acknowledgments align with Internal Revenue Service rules, and agreements with professional fundraisers, cause-marketing partners, and fundraising platforms comply with applicable state laws. Where online giving is central, ensure agreements with fundraising platforms address data ownership, use of donor information, suspension triggers, and dispute resolution.

4. Federal Funding and Policy Shifts

Organizations relying on federal grants or contracts continue to face evolving directives and restrictions that can disrupt funding, program design, or compliance obligations as agencies implement Executive Order 14332, Improving Oversight of Federal Grantmaking, and other administration priorities. Key questions for 2026 include: how the battle over caps on indirect cost rates will evolve and be resolved; whether other agencies will follow the US Department of Agriculture in prohibiting grant awards to entities under foreign ownership, control, or influence of countries of concern (including China); how aggressive each agency will be in policing whether existing awards are used consistent with current Administration priorities; how effectively, fairly, and quickly the government will address requests for equitable adjustment and termination settlement proposals where an award is suspended, terminated, or rendered impractical; and how to mitigate the risk of erroneous or politically driven actions. Boards should also evaluate whether elements of their mission could trigger heightened scrutiny as a result of the general prohibitions in Executive Order 14332 or current industry-specific policy priorities, and what contingency plans, if any, are warranted.

Most organizations already were compelled in 2025 to decide whether to continue to remain eligible for federal funding or to seek alternative funding streams in view of the significant changes under the new Administration. Nonetheless, actively monitoring new developments remains critical in the fast-changing environment. With allegations of grant fraud in the national news, organizations are also well advised to bolster their internal audit function to proactively identify and, as needed, mitigate or remediate any potential missteps. Maintaining appropriate documentation and following internal policies is essential. Maintain appropriate grant files, program records, and escalation protocols for inquiries, subpoenas, and site visits.

5. Employment Law: Employees, Contractors, and Workforce Resilience

Worker classification continues to be a flashpoint. The “economic reality” factors used to distinguish employees from independent contractors require an individualized analysis of control, permanence, exclusivity, investment, profit or loss opportunities, integration with core operations, and skill or initiative. Many nonprofits commonly deploy contractors to scale programs, but misclassification carries wage-and-hour, tax, benefits, employment law, and liability exposure. Update position analyses, contracts, and onboarding workflows to align with current tests; review volunteer and intern roles for compliance; and refresh wage, overtime, and leave policies across jurisdictions. In parallel, boards should confront the operational realities of layoffs and furloughs, including selection criteria, notice, severance pay, benefits continuation, and separation agreement and other documentation standards to manage litigation and reputational risk.

6. Digital Operations: Terms of Use, Enforceability, and Online Risks

Your website and app terms are only as good as your ability to enforce them. Courts have scrutinized interface design, assent flows, link prominence, and contradictory representations when evaluating online agreements. Outdated screens or “browsewrap” approaches routinely fail.

Review all digital terms and privacy notices for clarity, accuracy, and consistency with product features and data practices. Check for current IP protections, warranty and liability limitations, and dispute resolution provisions. Ensure that consent mechanisms, including for cookies, texts, and emails, comply with applicable privacy and communications laws, and that donor and member communications align with your disclosures.

7. Lobbying and Political Campaign Intervention

If your organization engages with policymakers or the public on legislative or policy questions, now is the time to reassess your compliance with the applicable lobbying rules that apply to your organization. Nonprofits are subject to different rules under the tax laws depending on their tax-exempt status. Section 501(c)(3) public charities may engage in some legislative lobbying, but Section 501(c)(3) private foundations may not. Section 501(c)(4) and (c)(6) organizations are subject to different rules and have more latitude to engage in lobbying. They are also permitted to engage in limited amounts of political campaign intervention, where Section 501(c)(3) organizations are prohibited entirely from intervening in political campaigns. Organizations are also subject to campaign finance, the Lobbying Disclosure Act of 1995, and other federal, state, and local laws.

Training for staff and volunteers on lobbying and political campaign activity, and reviewing and updating policies as needed, can help mitigate compliance risk.

8. Antitrust: Association Activities Under the Microscope

Trade and professional associations remain in the crosshairs of antitrust regulators and plaintiffs. Information exchanges, surveys, joint ventures, certification programs, and standard-setting demand tailored antitrust guardrails. Withdrawn federal “safety zone” guidance means associations must rely on current enforcement positions and case law. Organizations should update their antitrust policies, train staff and volunteer leaders, and implement pre-clearance for sensitive collaborations. They also should ensure competitively sensitive data is aggregated, aged, and anonymized; establish “clean teams” where appropriate; and document pro-competitive justifications.

9. Real Estate: Leases, Debt, and Tax Considerations in a Changing Market

Office demand, lender behavior, and occupancy strategies remain in flux. Tenants should evaluate landlord solvency and consider negotiating subordination, non‑disturbance, and attornment protections to preserve tenancy through foreclosure. Landlords and owner‑operators face increased requests to downsize, assign, or terminate, necessitating active portfolio management. Organizations that lease excess space to third parties should consider the income tax implications of the third-party lease. While passive income from rental activities is generally exempt from unrelated business income tax in most circumstances, such income may no longer be considered passive if the organization provides services in conjunction with the rental of property. Rental income from debt-financed property could also result in unrelated business taxable income even absent the provision of services, and income from debt-financed property cannot be offset with losses from other unrelated trade or business activities. Organizations that lease bond-financed property to third parties should also monitor private business use limits. Coordinate facilities decisions with tax, covenant, and mission considerations before locking in terms or capital commitments.

10. Document Management and Readiness for Inquiries

Good document housekeeping is strategic — and often a financial imperative. Tighten document retention schedules and train staff on day-to-day email and file hygiene so ordinary business records do not become litigation liabilities. Establish immediate-response playbooks for government inquiries, subpoenas, or warrants, including designated points of contact, counsel engagement, and instructions on preserving (not producing) information pending legal guidance. In parallel, a short, staff-facing “front-desk” protocol can prevent missteps.

2026 Nonprofit Leadership Checklist of Key Actions

Policies

• Adopt and continue to revise an AI use policy for staff, board, and vendors.

• Refresh lobbying and political campaign activity policies, training, and approvals aligned to your tax status.

• Refresh website or app terms for enforceable assent and aligned disclosures and liability limitations; confirm consent mechanisms.

• Test cybersecurity incident response plans, validate cyber insurance, and update retention schedules.

• Update antitrust policy and training for all association programs and collaborations.

• Review document retention policies and practices and update as needed.

• Train staff on subpoena or warrant protocols and records hygiene.

• Confirm Digital Millennium Copyright Act processes and registration are in place, if applicable, based on user-uploaded materials.

• Calibrate communications policies and escalation paths to respond to crises.

Compliance

• Confirm charitable solicitation registrations are up to date and procedures are in place to maintain compliance.

• Track and evaluate revenue streams to confirm unrelated business income tax positions.

• Inventory grants and contracts and document compliance.

• Confirm OFAC sanctions screening processes, anti-terrorism certifications, Foreign Agents Registration Act compliance, and controls for high-risk jurisdictions.

• Review anti-bribery and corruption compliance, including policies aligned with the Foreign Corrupt Practices Act and local laws.

• Reassess worker classification, wage‑and‑hour compliance, and volunteer/intern programs.

Finance and Contracts

• Review leases, lender relationships, and tax consequences of subleases and services.

• Audit IP portfolios; clarify ownership in contractor agreements.

• Conduct financial stress testing and, if necessary, early-stage restructuring assessments.