The European Commission’s Clean Industrial Deal
On February 26, 2025, the European Commission (EC) published a Communication titled “The Clean Industrial Deal: A joint roadmap for competitiveness and decarbonisation,[1]” encompassing a set of measures with the objective of enhancing competitiveness and resilience of EU industries while advancing decarbonisation. The two key focus areas of the Clean Industrial Deal are energy-intensive industries and the clean-tech sector.
The Deal also emphasizes circular economy principles to reduce reliance on external suppliers for raw materials, ensuring sustainable use of Europe’s limited resources. Importantly, the Clean Industrial Deal confirmed the adoption of the Chemicals Industry Package for the end of 2025. According to the Clean Industrial Deal Communication, the chemical package will “recognise the strategic role of the chemicals sector as ‘industry of industries’ and of critical molecules.”
The main legislative proposals and measures from the Clean Industrial Deal include:
The Industrial Decarbonisation Accelerator Act, to accelerate permitting for industrial access to energy and decarbonisation efforts, including the modernization of steel production facilities. It will also introduce a low-carbon product label for steel and, eventually, cement, enabling companies to benefit from a green premium and providing consumers with information on the carbon intensity of products.
The revision of the Public Procurement Directive
The Circular Economy Act, which will establish a Single Market for waste and reusable materials
A new Clean Industrial Deal State Aid Framework, to enable faster approval of State aid measures to promote renewable energy deployment, industrial decarbonisation, and ensure adequate manufacturing capacity for clean technologies
The delegated act on low-carbon hydrogen: This act will define the conditions for producing low-carbon hydrogen in a practical way. It complements the comprehensive regulatory framework on hydrogen, providing industry with greater certainty and predictability, both of which are essential for encouraging investment.
The strengthening and expansion of the Carbon Border Adjustment Mechanism to other ETS sectors and downstream products
The Clean Industrial Deal marks a step for Europe to maintain its industrial strength while driving forward its green transition. The Commission also published a set of Questions and Answers[2] and a Factsheet document[3].
[1] https://commission.europa.eu/document/download/9db1c5c8-9e82-467b-ab6a-905feeb4b6b0_en
[2] https://ec.europa.eu/commission/presscorner/detail/en/qanda_25_551
[3] https://ec.europa.eu/commission/presscorner/api/files/attachment/880548/Factsheet Clean Industrial Deal.pdf
Environmental Law Monitor: Navigating the Shifts in Environmental Policy and Law Under the Trump Administration [Podcast]
On this episode of the Environmental Law Monitor, Daniel Pope and Taylor Stuart discuss the shifting landscape under the new Trump administration, comparing regulatory actions and priorities with those of previous administration, and delve into the complexities of NEPA regulations, endangered species and the impact of political changes on environmental legal practice. They explore how these transitions will affect legal practitioners and the energy sector and speculate on what to expect in the coming months.
Episode Highlights
[2:50] The Trump Administration’s Approach to NEPA: Taylor and Daniel discuss the significant actions from the Trump administration impacting environmental law, namely the Council on Environmental Quality’[JP1] s action to remove NEPA regulations from the Code of Federal Regulations. They briefly review the current state of NEPA and its impact on federal agencies.
[9:05] The Impact of Federal Workforce Downsizing on Environmental Law Space: Environmental legal practitioners will likely see a shift in their day-to-day work, particularly if they communicate often with agencies. Taylor expects to see an uptick in citizen lawsuits by NGOs challenging Trump’s administrative actions.
[12:51] The Trump Administration’s Efforts to Roll Back Environmental Regulations: Taylor and Daniel discuss the current administration’s positions on the Good Neighbor Rule and the Endangered Species Act, litigation surrounding these regulations/rules and the complexities around overturning them.
[24:28] Trump 2.0 vs. Trump 1.0: Compared to the first administration, the second Trump administration is much more prepared to carry out its environment agenda. Taylor expects to see progress on and clarity around energy and environmental issues, especially given the administration’s prioritization of energy independence.
DHS Revises Haiti TPS Extension, Accelerates Registration Period
On February 24, 2025, U.S. Department of Homeland Security (DHS) Secretary Kristi Noem amended the extension and designation period for temporary protected status (TPS) for Haiti and accelerated the initial registration period for new applications under the new designation from February 3, 2026, to August 3, 2025.
Quick Hits
In July 2024, TPS for Haiti was redesignated and extended until February 3, 2026.
DHS Secretary Kristi Noem reconsidered and partially vacated the 2024 decision, reducing the designation and extension period from eighteen months to twelve months.
The initial registration period for new applicants under the 2024 designation and the 2024 Haiti TPS extension will remain in effect until August 3, 2025.
On February 24, 2025, U.S. Citizenship and Immigration Services (USCIS) published a partial vacatur of the 2024 TPS decision for Haiti in the Federal Register. The partial vacatur reduces the designation period from eighteen months to twelve months, with the new TPS extension and designation set to expire on August 3, 2025, instead of February 3, 2026.
USCIS will apply an expiration date of August 3, 2025, to any applications for employment authorization, initial registration, and re-registration filed pursuant to the July 1, 2024, notice that are still pending with the agency. Previously approved TPS-related documentation that shows a February 3, 2026, expiration will not be recalled by USCIS but will remain valid only until the end of the new TPS designation period on August 3, 2025.
The notice states that all employers and federal, state, and local government agencies (including the Department of Motor Vehicles) must update their records to reflect the new expiration date of August 3, 2025, for Haiti TPS-related documents. If an employer or agency receives an Employment Authorization Document (EAD) with the TPS category codes A12 or C19 that is set to expire on February 3, 2026, the employer or agency must record the earlier expiration date of August 3, 2025.
DHS originally designated Haiti for TPS on January 21, 2010, following a devastating 7.0-magnitude earthquake. The Department of State and DHS conducted an initial review of the conditions in Haiti and determined that the extent of destruction and the humanitarian challenges present constituted extraordinary and temporary conditions, preventing Haitian nationals (and individuals without nationality who last resided in Haiti) from safely returning. DHS redesignated and extended TPS for Haiti in 2011, 2013, 2015, and 2017. On January 18, 2018, DHS announced the termination of the TPS designation, noting that the conditions in Haiti no longer supported the designation. To provide time for an orderly transition, the DHS set a termination date of July 22, 2019. Due to multiple lawsuits challenging the program’s termination, DHS stated that it would “continue to extend the benefit and documents if required to comply with court orders.”
On August 3, 2021, DHS announced a new eighteen-month designation of TPS for Haiti. This designation allowed Haitian nationals (and individuals without nationality who last resided in Haiti) to file initial applications for TPS if they were residing in the United States as of May 21, 2021, and met the eligibility requirements. DHS designated Haiti for TPS due to severe and extraordinary conditions, including serious security concerns, social unrest, an increase in human rights abuses, crippling poverty, and lack of basic resources, all of which were exacerbated by the COVID-19 pandemic. DHS extended and redesignated TPS for Haiti in 2023 and again in 2024, with the designation lasting until February 3, 2026. However, in partially vacating the 2024 extension and designation, DHS Secretary Noem cited national security concerns and changing conditions in Haiti. She also noted that there was no explanation provided for selecting an eighteen-month extension instead of a six-month or twelve-month extension.
Next Steps
DHS Secretary Noem will need to review the current conditions in Haiti to assess whether they continue to meet the requirements for TPS designation. This review must occur at least 60 days before the end of the current extension period. Consequently, the agency is required to announce its decision regarding the extension or termination of TPS for Haiti by June 4, 2025. If no determination is made by this deadline, the 2024 designation will automatically extend for an additional six months beyond its expiration date of August 3, 2025. If TPS for Haiti is terminated, beneficiaries must obtain alternative immigration status and employment authorization by the applicable termination date to remain in the United States.
Arzate v. ACE American Insurance Company: Employer Not Required to Initiate Arbitration in Defense of Itself
On June 18, 2021, a group of ACE American Insurance Company employees filed a class action suit alleging that ACE misclassified them as exempt employees.
ACE moved to compel arbitration based on arbitration agreements that each of the plaintiffs had signed as a condition of their employment where they agreed to “submit [employment claims] to final and binding neutral third-party arbitration.”
The agreement made clear that employees “cannot bring any employment related claim in court,” and further stated that the “party who wants to start the Arbitration Procedure” is required to begin the process by filing a demand for arbitration, which in this case was within 30 days of the court’s order.
On March 14, 2023, the trial court determined that the case fell within the scope of the arbitration agreement, granted the motion to compel, and stayed the case pending the outcome of arbitration. The court did not clarify which party was required to actually start arbitration.
On August 24, 2023, the plaintiffs filed a motion asking the court to lift the stay, arguing that ACE was required to initiate the arbitration process as they were the party who wanted arbitration, and by failing to do so within the agreement’s 30-day period, ACE had waived its right to arbitrate. The trial court agreed with this reasoning and found that ACE’s inaction “was inconsistent with its right to arbitrate,” finding that even though the plaintiffs were the ones who initiated the claims, they did not want to arbitrate and in fact, wanted to continue to litigate the claims in court.
ACE appealed arguing that the court misinterpreted the contractual language. The appellate court agreed with ACE, finding the trial court erred by considering provisions of the arbitration agreement in isolation instead of construing the agreement as a whole. The agreement required the party who “wants” arbitration to initiate arbitration, but also states that if a plaintiff has “employment related legal claims, [they] will submit them to … arbitration.” The appellate court held that the term “want[ing] to start the Arbitration Procedure” could not refer to a preference for arbitration as the parties had contractually agreed to rule out litigation as a viable forum. Accordingly, it was the plaintiffs who were required to initiate the arbitration proceedings.
Implications for Employers
This decision highlights the importance of ensuring that arbitration agreements are clear on what procedures apply should an employee bring legal claims. Ambiguities about who must file for arbitration and what rules will apply during the arbitral process should be eliminated wherever possible.
FTC Launches Task Force to Protect Competition in Labor Markets, Scrutinize Noncompete Agreements
On February 26, 2025, Federal Trade Commission (FTC) Chairman Andrew N. Ferguson directed the agency to form a new “Joint Labor Task Force” that will focus on enforcing federal antitrust laws to protect competition in labor markets and consumer protection, including targeting unreasonable noncompete agreements, no-poach, non-solicitation, and no-hire agreements, and unlawful use of diversity, equity, and inclusion (DEI) metrics.
Quick Hits
The FTC is establishing a task force aimed at enforcing antitrust laws in labor markets, including where unreasonable noncompete agreements and other restrictive employment practices implicate antitrust issues.
Aligning with the Trump administration’s “populist” agenda, the task force is focused on easing “restraints both on the competition side and the consumer protection side that make it harder for Americans to earn a living.”
Notwithstanding this agenda, it is very unlikely that the FTC will attempt to solve these issues through the rulemaking that was emblematic of the FTC during the Biden administration. At the time, then-FTC Chair Lina Khan championed the FTC’s rule banning noncompete agreements, and then-Member Ferguson called it unlawful and “the most extraordinary assertion of authority in the Commission’s history.”
Chairman Ferguson issued a memorandum directing the heads of the FTC’s Bureaus of Competition, Consumer Protection, and Economics and the Office of Policy Planning to form the “Joint Labor Task Force” that will “prioritize investigation and prosecution of deceptive, unfair, or anticompetitive labor market conduct.”
This new Joint Labor Task Force underscores the “populist” agenda in the new Trump administration, which has echoes of the first Trump administration and even of the Biden administration.
Enforcement Focus
According to the memorandum, the task force will coordinate investigations and enforcement actions across the FTC’s bureaus, create information-sharing processes, and facilitate the exchange of best practices for investigating such conduct. The task force will also work to develop research on anticompetitive conduct and “identify opportunities for advocacy on legislative or regulatory changes that would remove barriers to labor market participation, mobility, and competition.”
Specifically, the memorandum highlighted conduct that falls under the FTC’s jurisdiction in connection with antitrust implications, including:
“No-poach, non-solicitation, or no-hire agreements”—“where employers agree to refrain from hiring each other’s employees.”
“Wage-fixing agreements”—“where employers agree to fix the level of wages they offer to employees.”
“Noncompete agreements”—that “impose unnecessary, onerous, and often lengthy restrictions on former employees’ ability to take new jobs in the same industry after they leave their employment.”
“Labor-contract termination penalties”—that impede workers from taking new jobs with competitors by imposing “unjustified fees” for workers to end contracts.
“Labor market monopsonies”—that use “anticompetitive methods to create or maintain significant buyer power in a market for labor.”
“Collusion or unlawful coordination on DEI metrics”—which the memo stated could “have the effect of diminishing labor competition by excluding certain workers from markets, or students from professional training schools, on the basis of race, sex, or sexual orientation.”
New Policy Focus
The memorandum and announcement of the task force come just days after Chairman Ferguson said the FTC would seek out “restraints both on the competition side and the consumer protection side that make it harder for Americans to earn a living,” during an event hosted by the Washington Reporter and Coalition for App Fairness.
“One of the ways we combat inflation is by making sure that wages stay up,” Chairman Ferguson said during his talk, which was posted to social media. “The FTC is going to focus on this area, potentially, by making sure that unfair competition or deception or unfairness do not suppress Americans’ wages and what they earn as they go about their day-to-day trying to put food on the table for their families. This is going to be one of the priorities of the Trump-Vance FTC.”
On President Trump’s first day in office, January 20, 2025, he designated Ferguson as chairman. Ferguson previously served as a member of the five-member commission.
In April 2024, the FTC voted 3–2 to adopt a rule that would have banned nearly all noncompete agreements in employment, with the Republican commissioners all dissenting, including then-Member Ferguson. Federal courts in Florida and Texas ultimately invalidated and/or enjoined the rule. Both of those decisions are currently being considered on appeal and are very likely to be affirmed. At the time, then-Member Ferguson called the rule unlawful and “the most extraordinary assertion of authority in the Commission’s history.”
While the Trump administration FTC will not pursue rulemaking, Chairman Ferguson’s recent comments indicate the FTC will continue to scrutinize unreasonable noncompete agreements that restrict competition in the labor markets in violation of federal antitrust laws.
Under Chairman Ferguson, the FTC is also continuing its enforcement focus on mergers and acquisitions, announcing on February 18, 2025, that the FTC and the U.S. Department of Justice’s (DOJ) 2023 Merger Guidelines would remain in effect. Those guidelines scrutinize a merger’s impact on labor markets, among other things.
Next Steps
While employers received a reprieve from the FTC’s noncompete ban after it was struck down in court, the FTC’s latest moves show that the Trump administration will continue to efforts to scrutinize noncompete agreements, non-solicit agreements between businesses, and other restrictive covenants that may impact labor markets—but will not attempt to do so through rulemaking.
The memorandum further indicates that the FTC may target employers’ DEI programs or initiatives, alleging that may unlawfully exclude workers. That focus aligns with President Donald Trump’s policy priority to eliminate DEI, as outlined in his recent executive orders.
To increase chances of withstanding scrutiny under the FTC’s latest agenda and under state law, employers should continue to ensure that restrictive covenants are tailored as needed to protect their legitimate business interests, including with respect to confidential information (trade secrets), goodwill in customers and employees, and unfair competition.
SEC Staff Issues Statement on Meme Coins
On February 27, 2025, staff in the SEC’s Division of Corporation Finance issued a public statement on so-called meme coins. According to the statement, meme coins meeting certain specified conditions will not be deemed securities for purposes of the federal securities laws.
The statement defines a “meme coin” as “a type of crypto asset inspired by internet memes, characters, current events, or trends for which the promoter seeks to attract an enthusiastic online community to purchase the meme coin and engage in its trading.” According to the statement, meme coins “typically are purchased for entertainment, social interaction, and cultural purposes, and their value is driven primarily by market demand and speculation.”
Citing the SEC’s Howey test, the staff statement provides a conditioned analysis around why meme coins should not be considered securities under federal law:
The offer and sale of meme coins does not involve an investment in an enterprise nor is it undertaken with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others. First, meme coin purchasers are not making an investment in an enterprise. That is, their funds are not pooled together to be deployed by promoters or other third parties for developing the coin or a related enterprise. Second, any expectation of profits that meme coin purchasers have is not derived from the efforts of others. That is, the value of meme coins is derived from speculative trading and the collective sentiment of the market, like a collectible. Moreover, the promoters of meme coins are not undertaking (or indicating an intention to undertake) managerial and entrepreneurial efforts from which purchasers could reasonably expect profit.
While the SEC staff’s logic would apply equally to other classes of digital assets, such as non-fungible tokens, the statement is careful to warn that it “does not extend to the offer and sale of meme coins that are inconsistent with the descriptions set forth above, or products that are labeled ‘meme coins’ in an effort to evade the application of the federal securities laws by disguising a product that otherwise would constitute a security.” SEC Commissioner Caroline Crenshaw also issued her own statement disagreeing with the staff’s reasoned analysis. Nevertheless, the staff’s action represents the latest example of the agency’s reconsideration of its prior positions on crypto assets.
OFCCP Reportedly to Reduce Staff by 90% and Continue Veterans and Individuals with Disabilities Enforcement Efforts
According to Washington Post and Bloomberg press reports, on February 25, 2025, OFCCP Acting Director Michael Schloss submitted a memorandum to Acting Secretary of Labor, Vincent Micone, outlining OFCCP’s plan to significantly reduce its workforce and focus the agency’s efforts on enforcing contractor compliance with veterans and individuals with disabilities obligations in the wake of President Trump’s revocation of Executive Order 11246.
The memorandum has not been made public, but according to the reports, it includes the following points:
As part of the reduction, OFCCP will close 51 of its 55 offices, and reduce its staff from 279 employees to a “limited field presence” of 50 employees, who will conduct compliance reviews.
As restructured, OFCCP will “focus its mission” on enforcing protections under the Vietnam Era Veterans’ Readjustment Assistance Act (“VEVRAA”) and Section 503 of the Rehabilitation Act.
The OFCCP division responsible for conducting statistical analyses would be eliminated as those “skillsets are no longer needed” for OFCCP’s future VEVRAA and Section 503 compliance efforts.
A five-person policy division will review and suggest changes to OFCCP’s regulations “designed to reflect the removal of EO 11246” and the agency’s focus on VEVRAA and Section 503.
42 OFCCP employees have already chosen to participate in the federal government’s resignation program, and OFCCP will need additional funding for separation incentives and other severance pay in order to conduct the additional planned personnel cuts.
Preserving and Maximizing Defense Coverage Through Final Adjudication
Last week, the Ninth Circuit affirmed fraud convictions for Theranos’ former CEO, Elizabeth Holmes, and former COO, Ramesh Balwani, upholding an order finding both defendants personally liable for $452 million in restitution to various Theranos investors. While it remains to be seen whether the embattled executives will pursue further appeals to the US Supreme Court, the years of litigation and appeals following Theranos’s untimely demise in 2018 highlight the importance of directors and officers having robust “final adjudication” language in conduct exclusions found in all D&O liability policies.
Modern D&O policies contain exclusions for fraudulent or criminal acts. But those exclusions usually cannot apply until a “final adjudication” establishes that the alleged fraudulent or criminal conduct actually occurred. The result is that individuals defending against alleged fraud get the benefit of a defense funded by the D&O policy unless and until the fraud is finally proven. And even where fraud is finally adjudicated, the onus is placed on the insurer to try to recover those costs from the policyholder, which is easier said than done when an entity is insolvent or a beleaguered individual endured years of litigation and appeals. In both cases, the insured may be unable to repay thousands if not millions of dollars in advanced legal fees and expenses if dragged into a new lawsuit by the D&O insurer.
The importance of securing timely and robust defense coverage cannot be overstated. In the case of Theranos, some investors have alleged that the company maintained at least $30 million in D&O coverage. Yet Elizabeth Holmes’ defense alone reportedly cost in excess of $30 million.
When reviewing your D&O policy with an eye towards maximizing executive protection and defense coverage, consider these key issues:
What is a “final adjudication”? Negotiate triggers in conduct exclusions to be as narrow as possible. If the policy requires a final adjudication, how is that defined? Some policies specify complete exhaustion of all appeals, while others may trigger at earlier stages. Does the exclusion contemplate adjudications in the underlying action only or in other actions, like those initiated by the insurer to determine coverage under the policy? Are defense expenses expressly carved out from the exclusion? Slight variations can materially impact whether coverage is preserved.
What are the insurer’s advancement obligations? A narrow conduct exclusion is only effective if the policyholder can receive the benefits of full and efficient reimbursement of ongoing defense costs in litigation prior to any final adjudication. At a minimum, the policy should make clear that the insurer has a duty to advance defense costs until it is determined that the previously advanced defense costs are not insured.
But how quickly must those payments be made? And what happens if there is a dispute where the insurer is claiming that uncovered parties, claims, or matters allow for limited defense reimbursement under the policy’s “allocation” provision? Following the flow of money from the insurer to the individual (and perhaps back again in a repayment situation) will ensure there are no reimbursement snafus in the midst of contentious litigation that distracts from the underlying defense.
How to ensure protection for “innocent” insureds? If one bad actor commits fraud and loses coverage, it should not impact coverage for other individual defendants. Pay close attention to “severability” provisions. Does the policy provide full or limited severability? When, if at all, can wrongful acts committed by one insured by imputed to other insureds who were not involved in the wrongdoing? How does the policy treat other misrepresentations, like those in applications?
How to protect executives when the company cannot? Under most D&O policies, the company has access to the same set of limits that otherwise would be available to protect individual insureds. If the company can indemnify and advance legal fees for its executives, those shared limits are usually not problematic. But when the company is insolvent and in bankruptcy, as was the case with Theranos, the D&O policy is the only source of protection preventing executives from personal exposure.
The solution is purchasing dedicated “Side A” coverage that sets aside separate limits that are available exclusively for the benefit of directors and officers when the company is unable or unwilling to provide indemnification. Some D&O policy forms provide built-in dedicated Side A-only limits, but many times they are purchased through standalone policies. Structuring a D&O program with adequate Side A coverage can ensure executives have an insurance backstop to defend, settle, and pay claims when they need it most.
For corporate executives, these small but important aspects of defense coverage under D&O policies can be the difference between executives being fully protected in protracted litigation and being left uninsured and subject to personal exposure.
Increased Tariffs on Imports from Canada, Mexico and China Set to Take Effect March 4
Absent further action from President Trump today, new tariffs of up to 25% on U.S. imports of goods originating in Canada and Mexico are set to go into effect at 12:01 am ET March 4, 2025. Trump has also announced a 10% increase in duties on U.S. imports of goods from China (now totaling 20%). Are you ready?
On February 1, 2025, President Trump utilized emergency powers to impose 25% tariffs on U.S. imports of goods from Mexico and most goods from Canada, and 10% tariffs on U.S. imports of goods from China and energy resources from Canada, effective Tuesday, February 4. On February 3, shortly before the tariffs went into effect, Trump reached deals with Mexican President Claudia Sheinbaum and Canadian Prime Minister Justin Trudeau to pause implementation of the tariffs until March 4. These deferrals were implemented through new Executive Orders, which stated that Canada and Mexico had taken steps to address the President’s concerns regarding migration and fentanyl flows meriting a pause in the tariffs.
Meanwhile, the 10% tariffs on Chinese imports moved forward.
As of the time of this alert, no deal has yet been reached to further defer the tariffs on imports originating from Canada and Mexico – and, if permitted to go into effect, duties will be collected for all entries on or after 12:01 am ET tomorrow, March 4. However, in statements yesterday, March 2, Secretary of Commerce Howard Lutnik stated that the imposition of tariffs remained “a fluid situation” and signaled that the imposed tariffs may be lower than the current levels slated for imposition following the February 3 Executive Orders. “There are going to be tariffs on Tuesday on Mexico and Canada,” he stated, “Exactly what they are, we’re going to leave that for the president and his team to negotiate.”
Representatives from Canada and Mexico have stated that each country is prepared to respond to any tariffs implemented by the U.S.
In addition, Trump has announced through TruthSocial that he intends to increase the 10% emergency tariffs on Chinese imports to 20%, also effective tomorrow, March 4. No formal proclamation has yet been issued implementing this change.
Stay tuned to this page for updates regarding implementation or deferral over the coming days.
The More Things Change… DOJ’s Latest Cyber Settlement Shows Continued False Claims Act Risk
Although the change in administrations has heralded shifting enforcement priorities at the U.S. Department of Justice (DOJ), cybersecurity enforcement under the False Claims Act (FCA) appears to be alive and well. That is the takeaway from the recent DOJ announcement that Health Net Federal Services and its parent, Centene Corporation, have agreed to pay over US$11 million to resolve a FCA matter alleging cybersecurity violations.
The Health Net Settlement
According to DOJ, Health Net entered into a contract with the Department of Defense to administer the Defense Health Agency’s TRICARE health benefits program. Health Net allegedly failed to meet certain cybersecurity controls as part of its government contract and falsely certified compliance with those requirements in annual reports to the government. The government alleged that the company failed to timely scan for known vulnerabilities and to remedy security flaws on its networks and systems. In addition, according to the government, Health Net allegedly ignored reports from third-party security auditors and its own audit department regarding cybersecurity risks on the company’s networks and systems. Those risks related to, among other things, asset management, firewalls, patch management, and password policies. The government alleged that, as a result of these purported failures, the company’s claims for reimbursement under the contract were false, even if there was not any exfiltration or compromise of data or protected health information.
This latest settlement builds on prior DOJ actions against government contractors for alleged cybersecurity failures. Foley has reported on those prior actions here and here, including DOJ’s FCA suit against Georgia Tech, which remains pending.
The Health Net settlement demonstrates that the Trump Administration’s DOJ remains focused on cybersecurity enforcement, particularly pursuant to the FCA. This is not surprising, given the administration’s pronouncements about stamping out alleged fraud, waste, and abuse. Further, this was a theme echoed by several DOJ speakers at a national qui tam conference in Washington, D.C. in February 2025.
Also, where a federal contract involves the military, as was the case with the Health Net settlement, this administration is likely to be especially committed in its investigative and prosecution efforts. Indeed, it is notable that the Health Net settlement does not appear to have arisen from a qui tam suit, which would mean the government initiated the investigation on its own. Finally, the fact remains that cybersecurity has always been a bipartisan issue.
Recommendations
In light of the Health Net settlement and the new administration’s interest in cybersecurity enforcement, companies and other recipients of federal funds (including colleges and universities) should consider the following steps to enhance cybersecurity compliance and reduce FCA risk:
Catalogue and monitor compliance with all government-imposed cybersecurity standards. This includes not only ongoing knowledge of the organization’s contracts, but also continuously monitoring and assessing the organization’s cybersecurity program to identify and patch vulnerabilities and to assess compliance with those contractual cybersecurity standards.
Develop and maintain a robust and effective compliance program that addresses cybersecurity issues. In many companies, the compliance program and information security functions are not well integrated. An effective compliance program will address cybersecurity concerns and encourage employees to report such concerns. When concerns are identified, it is critical to escalate and investigate them promptly. Because the FCA’s qui tam provisions allow employees and others to file suit on behalf of the United States, it is critical to respond to employees’ concerns effectively.
Where non-compliance with cybersecurity standards is identified, organizations should evaluate potential next steps. This includes whether to disclose the matter to the government and cooperate with government investigators. Organizations should work with experienced counsel in this regard. Proactively mapping out a strategy for investigating and responding to potential non-compliance can instill discipline to the process and streamline the organization’s approach.
Out With a Bang: Treasury Restricts Corporate Transparency Act to Foreign Reporting Companies
On March 2, 2025, the Treasury Department announced suspension of the March 21, 2025 deadline for filing under the Corporate Transparency Act (CTA) for any domestic companies or U.S. citizens.
Treasury said that it is preparing a proposed rulemaking to narrow the scope of the rule to foreign reporting companies only. “Foreign reporting companies,” under the present formulation, are entities (including corporations and limited liability companies) formed under the law of a foreign country that have registered to do business in the U.S. by filing a document with a secretary of state or any similar office.
While the rule may be subject to legal challenge, as the narrowing proposed by the Treasury Department is inconsistent with the text of the CTA itself, it is not clear who, if anyone, would challenge the new proposed rules. Congress is also contemplating changes to the law.
The determination from Treasury follows the February 17, 2025 decision out of the Eastern District of Texas in Smith v. United States Department of the Treasury, which lifted the last remaining nationwide preliminary injunction on enforcement of the filing deadline, following the Supreme Court’s stay of the injunction in Texas Top Cop Shop, Inc., et al. v. Merrick Garland, et al., earlier this year.
Passed in the first Trump Administration but implemented during the Biden presidency, the CTA — an anti-money laundering law designed to combat terrorist financing, seize proceeds of drug trafficking, and root out illicit assets of sanctioned parties and foreign criminals in the U.S. — faced legal challenges around the country, many of which are still pending before appellate courts.
Treasury has not announced what will happen to the information provided by entities that have already filed under the CTA. However, domestic companies and U.S. citizens are no longer under any obligation to keep that information up to date given the suspension of enforcement.
New Lawsuit Challenges Maryland’s Age-Appropriate Design Code Act
NetChoice has filed a lawsuit challenging Maryland’s Age-Appropriate Design Code Act (“AADC”) on constitutional grounds, arguing that the law’s requirements, including requirements to perform data protection impact assessments, inhibit free speech. The AADC imposes requirements on companies to provide certain protections for consumer personal data where the company knows or has reason to know the consumer is a child under the age of 18. The AADC’s obligations apply to covered entities that offer online products “reasonably likely” to be accessed by children based on at least one of various enumerated criteria in the law. The AADC took effect on October 1, 2024, and sets a deadline of April 1, 2026 for the first data protection impact assessments required under the law. In its suit, NetChoice claims that the AADC’s “best interests of children” standard leads to impermissible state authority to restrict speech available to minors and that the required data protection impact assessments effectively compel speech from covered entities.
NetChoice brought a similar lawsuit challenging California’s Age-Appropriate Design Code. Most recently, the Ninth Circuit Court of Appeals overturned a lower court injunction blocking most of the California law from taking effect, but upheld the injunction blocking implementation of the Act’s data protection impact assessment requirements.