A Regulatory Haze of Uncertainty Continues as the Clock Ticks Toward Phase One of FDA’s LDT Final Rule
Clinical laboratories still face uncertainty and the difficult decision of whether to start the work needed to comply with the with Phase 1 expectations under FDA’s Laboratory Developed Tests Final Rule (the “LDT Final Rule”), which remain set to go into effect on May 6, 2025.
To be sure, the shift in priorities of the new administration has kept the health care industry on its toes for the last few weeks, especially as the leadership and messaging of the Department of Health and Human Services (“HHS”) has started to come into sharper focus. The theme of ‘deregulation’, particularly when it comes to the activities of the Food and Drug Administration (“FDA”), has sparked interest and discussion among stakeholders in the life sciences industry – including clinical laboratories that are weighing how to approach the upcoming May 6 deadline for compliance.
We discussed the details of the LDT Final Rule in a previous Insight, explaining that as of the May 6, 2025 Phase 1 deadline FDA will expect all laboratories that manufacture LDTs to comply with medical device reporting (“MDR”) requirements, correction and removal reporting requirements, and quality system (“QS”) requirements regarding complaint files.
As is often the case with a major regulatory landscape change, the LDT Final Rule has been subject to scrutiny and legal challenges since its publication in May 2024. Perhaps the most watched of these is the ongoing litigation in which the American Clinical Laboratories Association (“ACLA”) and the Association for Molecular Pathology (“AMP”) have challenged the FDA’s authority to regulate LDTs by way of the LDT Final Rule. The presiding federal district court just heard arguments on the parties cross-motions for summary judgment, and noted a decision on those motions would be issued soon, likely before the Phase 1 deadline. The outcome will have significant implications for labs in the U.S.
In addition to the ongoing litigation, there is a growing possibility that FDA could be instructed, whether by Congress or by leadership at HHS, to retract the LDT Final Rule or delay the implementation of Phase 1. Of note, during the previous Trump administration there was resistance to FDA’s authority to regulate LDTs, in that HHS publicly required continued enforcement discretion for LDTs during the beginning of the COVID-19 pandemic. Now, with the touted theme of deregulation and public calls by trade associations like ACLA to mitigate the impact of the LDT Final Rule, there is a chance that HHS under the new Trump administration could take a similar approach. All of this is coupled with currently mounting pressure on all federal agencies to reduce spending and regulatory oversight, which may make it increasingly difficult for FDA to enforce the rule as originally written.
Nonetheless, unless there is a definitive ruling that the LDT Final Rule is retracted, or that its implementation is delayed, laboratories developing LDTs remain subject to the Final Rule’s Phase 1 requirements at this time. Arguably, even if the outcome results in removal, delay, or a change to the LDT Final Rule, the political cycle could flip again with reinvigorated efforts to bring more regulation around LDTs, whether through Congress or again through the rulemaking process.
EBG will continue to monitor these developments closely, as well as the forthcoming court ruling, and any potential administrative actions that could significantly reshape the regulatory landscape for LDTs.
Update of German Law Aspects of Crypto Assets
Our recently updated article considers how EU and German civil and regulatory law approach crypto assets with a particular focus on how those types of crypto assets are dealt with in an insolvency.
In this article we explore the different types of crypto assets there are, the legal nature of them, how crypto assets are dealt with in insolvency proceedings and the recovery of such assets.
TSCA Developments — A Conversation with Richard E. Engler, Ph.D. [Podcast]
This week, I discuss Toxic Substances Control Act (TSCA) developments with my colleague, Dr. Richard E. Engler, Director of Chemistry for B&C and The Acta Group (Acta®), our consulting affiliate. The U.S. Environmental Protection Agency’s (EPA) implementation of the 2016 Frank R. Lautenberg Chemical Safety for the 21st Century Act amendments has been a dynamic, evolving, and unpredictable work in progress for almost nine years. Given the new Administration, we are at a most uncertain time because of the lack of clarity regarding what the new leaders at the Office of Chemical Safety and Pollution Prevention (OCSPP) will do to address new chemical review concerns, risk evaluation under TSCA Section 6, and risk management actions resulting from those evaluations. As listeners know, all final risk management rules are being challenged and the disposition of those cases is the subject of considerable speculation. So also is OCSPP’s consideration of not yet final risk evaluations and how the new Administration intends to interpret TSCA Section 6 in general. There are growing calls for legislative action to remedy some of Lautenberg’s deficits, particularly in the area of new chemicals, another important variable that is destabilizing the status quo. Rich and I discuss these topics and many others.
President Trump Signs New Executive Order: “Implementing the President’s ‘Department of Government Efficiency’ Cost Efficiency Initiative”—What Federal Contractors Need to Know
On February 26, 2025, President Trump signed an Executive Order (“EO”) that states that it “commences a transformation in Federal spending on contracts, grants, and loans to ensure Government spending is transparent and Government employees are accountable to the American public.” Here’s what government contractors need to know.
Who Does the EO Apply To?
The EO is primarily directed at Agency Heads and contemplates that each Agency Head will work closely with its Department of Government Efficiency (“DOGE”) Team Lead on a number of activities intended to reduce federal spending and root out fraud, waste, and abuse. (On January 20, 2025, President Trump signed EO 14158 establishing DOGE and requiring each agency to have a DOGE Team Lead to “advise their respective Agency Heads on implementing the President’s DOGE Agenda.”).
Are All Federal Contracts and Grants Covered by This New EO?
No. The EO only applies to “covered contracts and grants,” which is defined as “discretionary spending through Federal contracts, grants, loans, and related instruments, but excludes direct assistance to individuals; expenditures related to immigration enforcement, law enforcement, the military, public safety, and the intelligence community; and other critical, acute, or emergency spending, as determined by the relevant Agency Head. Notification shall be made to the agency’s DOGE Team Lead.”
The EO specifically excludes contracts and grants directly related to the enforcement of Federal criminal or immigration law; U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement; the Uniformed Services, as defined in 20 C.F.R. 404.1330; classified information or classified systems; and “any other covered grant or contract, agency component, or real property that the relevant Agency Head exempts in writing from all or part of this order, in consultation with the agency’s DOGE Team Lead and the Director of OMB.”
What Does the EO Require Agency Heads to Do?
Build agency-specific centralized systems to record payments to all contractors and grantees. The EO does not direct how this must be done or set a deadline for completion. Presumably building these systems will require the issuance of new contracts, and the EO notes that “implementation is subject to the availability of appropriations.” The EO contemplates that these systems will “seamlessly record every payment issued by the agency” and include brief, written justifications for each payment, submitted by the agency employee who approved the payment. The EO also contemplates that “[t]o the maximum extent permitted by law, and to the maximum extent deemed practicable by the Agency Head,” these payment justifications “shall be posted publicly.” The planned systems will seemingly differ from existing databases such as the Federal Procurement Data System (“FPDS”), which tracks contract actions (e.g., modifications and awards), in that the new systems will track individual payments. Making this directive a reality, even assuming the availability of appropriations, will be a complex undertaking to connect and achieve interoperability among existing government software systems. The EO states that DOGE Team Leads will submit monthly reports to the DOGE Administrator about contracting activities, including “all payment justifications” reported in each agency’s centralized payment system.
Review, with the DOGE Team Lead, all existing “covered contracts and grants” within 30 days to identify opportunities to terminate or modify covered contracts and grants “to reduce overall Federal spending or reallocate spending to promote efficiency and advance the policies of [the Trump] Administration.”
Review, with the DOGE Team Lead, contracting policies, procedures, and personnel within 30 days. The EO does not specify criteria to guide these reviews. Once these reviews are completed, but prior to entering into new contracts, Agency Heads and their DOGE Team Leads must issue guidance on signing new contracts or modifying existing contracts—topics already covered in existing acquisition regulations—“to promote Government efficiency and the policies of [the Trump] Administration.” Prior to issuing such guidance, agency heads may approve new contracts on a case-by-case basis.
Build a new technological system—seemingly distinct from the system mentioned above that will track payments—within each agency to centrally record approval for federally funded travel for conferences and other non-essential purposes. Once each agency’s new system is in place, agency employees will be prohibited from federally funded travel for conferences or other non-essential purposes unless the system contains a brief, written justification from the travel approving official. DOGE Team Leads will submit monthly reports to the DOGE Administrator detailing each agency’s justifications for non-essential travel, and these justifications “shall be posted publicly unless prohibited by law or unless the Agency Head grants an exemption from this requirement.”
What Can Contractors Do?
Assess whether your contract arguably falls within any of the stated exclusions, which could be interpreted broadly. For instance, the exclusion for “the military” could arguably cover all Department of Defense contracts. Agency Heads appear to have some degree of discretion to decide whether a contract falls within the stated exclusions. They could leverage the fact that key terms in the exclusion such as “critical” and “acute” are undefined. Moreover, Agency Heads can exempt particular contracts from this EO’s coverage. Confer with counsel regarding planning to request or confirm that relevant Agency Heads will exclude your contract(s) from coverage of this EO.
Carefully monitor prompt payment obligations under existing contracts. Under the Prompt Payment Act, the government is required to pay contractors within 30 days of a properly submitted invoice. For prime contractors that subcontract with small businesses and small business primes, the government should pay within 15 days to “the fullest extent permitted by law.” This is implemented into federal contracts via FAR 52.232-25, FAR 52.232-40, and FAR 52.212-4(i). While interest should accrue and be paid automatically, working with the contracting officer (“CO”) and contracting officer representative (“COR”) can facilitate timely payment without the Prompt Payment Act. This coordination may be even more important to facilitate written payment justifications under the new EO once the new payment system is implemented.
FCC Unanimously Votes to Keep Blocking: Expanding Call Blocking Requirements to Cover More VSPs
At the FCC’s open meeting this morning under the gavel of newly appointed Chairman Carr they unanimously approved the NPRM for Strengthening Call Blocking Rules, docket number 17-59. What will this new order impose:
Expand the range of voice service providers that block based on a reasonable do-not-originate list from only gateway providers to all voice service providers in a call path. A do-not-originate list may include unused, unallocated, or invalid numbers, as well as numbers for which a subscriber has requested blocking.
Modify the existing requirement for voice service providers to immediately notify callers when providers block calls based on reasonable analytics by requiring the use of Session Initiation Protocol (SIP) code 603+ and eliminating the use of SIP codes 603, 607, and 608 for this purpose. This will better ensure a fast resolution of any erroneous blocking.
We all know that call blocking is a real problem and as Troutman laid it out for you just a few weeks ago, this is most likely not going to be a solution and may be even a bigger issue for small business.
Commissioner Starks stated, “this is why the FCC needs to do everything in its power to close the vectors for fraud in its network and on that account I would have hoped that this item would address robotexts and go further to block Robo calls.”
While Chairman Carr shared “Illegal Robocalls are a nuisance and the annoy far too many Americans far too often and the commission is going to continue its work to accelerate on this crackdown on the scourge of illegal Robocalls. Americans are fed up and tired of unknown numbers calling at all hours or spoof numbers that appear to come from a trusted source. A lot of people have just given up and not answering the phones. And although there is no silver bullet here, the FCC needs to keep pushing on multiple fronts. We do so today by taking two important steps. Both of these actions are designed to stop illegal calls before they ever reach consumers.”
We will keep our eye on this as it goes through the process of becoming a final rule and provide effective dates once published in the Federal Register. Read the NPRM HERE.
Constitutional Clash: Trump Administration Appeals Ruling Blocking DEI Orders As More Challenges Filed
While the Trump administration appeals a recent federal court ruling that blocked enforcement of key parts of two executive orders (EO) to restrict diversity, equity, and inclusion (DEI) programs and initiatives, the administration faces additional legal challenges alleging the DEI executive orders and an order claiming that there are only two sexes are constitutional.
The legal challenges to the EOs raise constitutional and other legal grounds to enjoin and limit the EOs and other executive actions, which have caused significant compliance concerns for federal contractors, federal money recipients and private sector employers.
Quick Hits
The Trump administration is appealing a preliminary injunction that blocks key components of two executive orders aimed at restricting DEI programs.
The administration also faces at least three additional recently filed lawsuits from civil rights and LGBTQ+ advocacy groups challenging the constitutionality of these orders.
The lawsuits argue that the executive orders are unconstitutionally vague, violate the First Amendment by chilling free speech, and exceed the president’s authority, among other grounds, potentially impacting federal agencies, federal contractors, federal money recipients, and private-sector employers.
Despite the injunction, the executive orders have already caused significant disruptions to diversity, equity, inclusion, and accessibility (DEIA) initiatives, prompting some federal agencies to revise guidance to comply with the administration’s directives.
On February 24, 2025, the Trump administration filed a notice of appeal to challenge the February 21 preliminary injunction ruling holding key portions of the EOs are likely unconstitutionally vague and violate the First Amendment. The administration also filed a motion to stay the injunction’s enforcement pending the appeal.
Specifically, the preliminary injunction ruling blocked enforcement of provisions requiring federal agencies to terminate “equity-related grants or contracts,” requiring federal contractors to certify under potential False Claims Act (FCA) liability that they do not operate unlawful DEI programs and to certify they do not engage in unlawful discrimination, and directing the attorney general to target DEI programs in the private sector.
The ruling came in a lawsuit filed in the U.S. District Court in Maryland on February 3 by a coalition of DEI advocates—the National Association of Diversity Officers in Higher Education, the American Association of University Professors, Restaurant Opportunities Centers United, and the mayor and city council of Baltimore.
The groups targeted two of President Donald Trump’s EOs signed in his first days in office on January 20 and 21, 2025—EO 14151, “Ending Radical and Wasteful Government DEI Programs and Preferencing,” and EO 14173, “Ending Illegal Discrimination and Restoring Merit-Based Opportunity.”
New Challenges
Many legal challenges have been made to Trump’s EOs. While the Trump administration seeks to appeal the preliminary injunction in the Maryland lawsuit, it faces at least three more legal challenges to the DEI orders.
On February 26, 2025, the nonprofit group Chicago Women in Trades filed a lawsuit in the U.S. District Court for the Northern District of Illinois.
On February 20, 2025, a group of LGBTQ+ rights groups and AIDS activists represented by Lambda Legal Defense and Education Fund, Inc. filed a similar challenge in the U.S. District Court for the Northern District of California.
On February 19, 2025, civil rights groups—the National Urban League (NUL), the National Fair Housing Alliance (NFHA), and the AIDS Foundation of Chicago (AFC)—filed a lawsuit on February 19, 2025, in the U.S. District Court for the District of Columbia.
Like the Maryland case, the new suits name President Trump and several federal agencies, including the U.S. Department of Labor (DOL), the Office of Federal Contract Compliance Programs (OFCC), and the U.S. Department of Justice, among others. They seek injunctions to block the EOs and force agencies to reverse their actions to implement the orders.
Both the Lambda Legal and the National Urban League lawsuits additionally target the president’s January 20, 2025, EO 14168, “Defending Women From Gender Ideology Extremism and Restoring Biological Truth to the Federal Government,” which outlined the federal government’s new policy to only “recognize two sexes, male and female.”
The lawsuits raise similar claims:
Unconstitutionally Vague—The suits alleged that the EOs contain vague and undefined language that fails to provide clear guidance on prohibited DEI or diversity, equity, inclusion, and accessibility (DEIA) activities.
First Amendment—The suits alleged that the EOs are designed to chill speech disfavored by the administration, resulting in viewpoint discrimination prohibited by the First Amendment. They allege the EOs put organizations in a position where they must decide whether to continue their missions or lose federal funding.
Due Process—The suits further alleged that the executive orders violate the Due Process Clause of the Fifth Amendment because they are impermissibly vague, suppress free speech, and are discriminatory against protected groups.
Ultra Vires—The suits also alleged that the EOs exceeded the president’s authority and usurped legislative functions.
Impact on DEI Programs
Despite the preliminary injunction, President Trump’s EOs have already significantly disrupted lawful DEIA with both federal contractors/grant recipients and the private sector. Even though enjoined, the EOs continue to create concerns for companies that they could be targeted for programs or initiatives that could arguably be classified as “illegal” DEIA despite that term being undefined in the EOs.
Federal agencies have begun rescinding or revising guidance to align with the president’s EOs. For instance, the U.S. Equal Employment Opportunity Commission (EEOC) has rolled back much of the EEOC’s prior guidance related to issues of gender identity discrimination and harassment against LGBTQ+ individuals.
Notably, the recent injunction does not block portions of the EOs that directed the attorney general to prepare reports and pursue enforcement actions to stop DEIA programs and initiatives in the private sector. U.S. Attorney General Pamela Bondi has already said the Department of Justice (DOJ) Civil Rights Division “will investigate, eliminate, and penalize illegal DEI and DEIA” programs in the private sector and educational institutions that receive federal funds.”
Next Steps
The outcome of these cases could have far-reaching implications for DEIA programs and the ongoing civil rights issues in the United States. As the cases progress, employers may want to monitor how the courts address the complex constitutional and administrative law issues in these lawsuits.
Corporate Transparency Act Filing Requirement Is Back
The new deadline to comply with the Beneficial Ownership Information (BOI) reporting requirements under the Corporate Transparency Act is March 21, 2025, as the nationwide injunctions preventing enforcement by the Financial Crimes Enforcement Network (FinCEN) have been lifted1. Most entities (corporations, limited liability companies, and limited partnerships) have until March 21, 2025, to file initial, corrected, and updated BOI reports. Newly formed entities will have 30 days from the date of formation to file their initial BOI reports. Reporting companies that previously submitted BOI reports do not need to take any further action unless there has been a change to the initially reported information.
A “reporting company” is a domestic entity created by filing with the Secretary of State of any state or a foreign entity registered to do business with the Secretary of State of any state, subject to 23 exemptions. Reporting companies must report the full legal name, birthdate, residential address, and a unique identifying number from a passport or driver’s license (along with a copy of the passport or driver’s license) for any person who directly or indirectly has at least a 25% ownership interest in the reporting company or exercises substantial control over the reporting company. Reporting companies can complete the BOI reports directly through FinCEN’s website.
FinCEN has also announced its intention to revise the BOI reporting rule to reduce the burden on “lower-risk entities.2” However, FinCEN has not provided details on the nature of the proposed revisions.
The Corporate Transparency Act is still being challenged in several cases across the country. On February 10, 2025, the U.S. House of Representatives unanimously passed a bill that would extend the filing deadline for reporting companies formed before January 1, 2024, by one year, to January 1, 20263. The bill has been referred to the Senate Committee on Banking, Housing, and Urban Affairs, but no action has been taken.
We continue to monitor ongoing legal challenges and proposed legislation related to the Corporate Transparency Act.
1 Smith, et al. v. U.S. Department of the Treasury
2 https://www.fincen.gov/sites/default/files/shared/FinCEN-BOI-Notice-Deadline-Extension-508FINAL.pdf
3 H.R.736 – Protect Small Businesses from Excessive Paperwork Act of 2025
SEC Cracks Down on Unregistered Broker-Dealers
StraightPath Venture Partners, LLC and PMAC Consulting have recently reached settlements with the US Securities and Exchange Commission (SEC) following SEC enforcement actions against them.
More specifically, the SEC alleged that StraightPath and PMAC engaged in unregistered “broker” activity under the Securities Exchange Act of 1934 (34 Act), i.e., brokered transactions without first satisfying the corresponding registration requirements thereunder. The settlements will cost these firms hundreds of thousands in civil penalties and millions in settlement fees.
These actions highlight the SEC’s continued focus on holding unregistered broker-dealers accountable, and serves as a crucial reminder that those involved in the buying and selling of securities should carefully consider their broker-dealer status before engaging in what could be viewed as broker activity, as well as the status of third parties with whom they do business.
Broker Dealer Registration Requirements
Who Needs to Register?
Under the 34 Act, those engaging in the regular business of buying and selling securities, whether for their own account or others, is considered a “Broker” or “Dealer” and must abide by the regulations imposed under the 34 Act. Among those requirements, broker-dealers must register by filing and regularly updating Form BD, join a self-regulating organization, and file a Form U-4 for any “associated person.” The 34 Act defines an “associated person” broadly, to include anyone who is a manager, director, part owner, or employee of a broker-dealer whose work is not purely clerical. It also includes anyone with whom a broker dealer has common control. The Investment Advisers Act of 1940 contains similar regulations for investment advisors, including criteria for determining who qualifies as an “associated person.”
Broker-Dealer or Finder?
Some third-party arrangements may trigger broker-dealer status under the 34 Act. For example, private equity funds may wish to pay a fee to “finders” or “business brokers” who connect an investor, but if the fee recipient is not registered as a broker-dealer, the SEC may regard this as unregistered broker-dealer activity. The SEC considers several factors when making this assessment, including (1) whether the fee is contingent on investment, (2) whether the fee increases relative to the size of the investment, and (3) the timing of when the finder is engaged in broker dealer activity. The SEC also will evaluate whether the individual participated in solicitation, negotiation, or execution of the transaction.
StraightPath Settlements
In a January 14 order describing the terms of the settlement, the SEC stated that three principals of VCP Financial LLC acted as unregistered brokers when they sold membership interests in limited liability companies claiming to invest in pre-initial public offerings (IPO). Specifically, the order stated that the principals solicited investors in StraightPath, a company offering membership interests in private companies which could later become public.
The SEC alleged that due to the transaction-based compensation received by each principal, they provided brokerage services in violation of Section 15(a) of the 34 Act. Further, the SEC alleged that VCP failed to appropriately manage a conflict of interest when it required clients to disclaim VCP’s role as an investment advisor, which was inconsistent with the firm’s marketing materials and in violation of Section 206(2) of the Advisers Act.
The SEC previously charged StraightPath with fraud in 2022 in an unrelated case where the SEC alleged that StraightPath deceived investors about the fees it collected and sold shares in pre-IPO companies that StraightPath did not own. The SEC alleged in its complaint that two of the founders of the brokerage firm engaged in brokerage activities despite being barred from the brokerage industry.
The three principals accused of unregistered broker-dealer activity paid disgorgement of transaction-based compensation received from of the alleged activity totaling over $345,000 and civil penalties totaling $100,000. VCP also paid a civil penalty of $100,000.
PMAC Consulting Settlement
In a similar settlement, the SEC charged PMAC Consulting and its owner with engaging in unregistered broker activity despite an agreement barring the PMAC’s broker dealer activity after an unrelated 2016 investigation. The SEC stated that despite this ban, the owner transferred clients from a previous organization and told them that “nothing would change as far as business goes.”Without admitting or denying the findings of the order, the owner and firm agreed on a settlement that included industry and penny stock bars, and a civil penalty of $3 million.
Takeaways
Despite the recent appointment of SEC Chair Mark T. Uyeda and changes in the White House, the SEC has maintained laser focus on fraud prevention and enforcement of unregistered broker-dealer regulations. Accordingly, unregistered broker-dealers are well advised to remain hypervigilant with respect to engaging in activities that could necessitate registration as a broker-dealer under the 34 Act.
In addition, individuals and entities involved in the buying and selling of securities, including those seeking to raise capital, will need to be cautious about engaging with third parties that buy and sell securities.
Why President Trump Can’t Just Re-Write the Rules: The EB-5 Program’s Congressional Lock
The EB-5 Immigrant Investor Program, created in 1990 under the Immigration Act, provides a pathway for foreign nationals to obtain U.S. residency through investments in American businesses that generate jobs. Yesterday, President Donald Trump proposed a new immigration initiative, introducing a “gold card” visa that would grant wealthy foreign nationals U.S. residency and a pathway to citizenship in exchange for a $5 million investment. This proposal aims to replace the existing EB-5 Immigrant Investor Program. While this program is subject to scrutiny, it is important to clarify why the president cannot unilaterally modify or terminate it without legislative action from Congress or replace it with other immigrant investment models.
Congressional Authority Over Immigration Law
The U.S. Constitution grants Congress the power to regulate immigration laws, including programs like EB-5 (see Article I, Section 8 of the Constitution), and the Supreme Court has consistently reaffirmed this power (see, e.g., Fiallo v. Bell, 1977). The Immigration and Nationality Act (INA) governs these policies, which includes the structure of visa categories, eligibility criteria, and investment requirements under the EB-5 program. As such, any fundamental changes to the program would require an amendment to the INA, which only Congress can enact. The president’s role in immigration policy, while significant in areas of enforcement and policy interpretation, does not extend to altering or terminating visa programs established by Congress. In 2022, Congress reauthorized EB-5 through 2027 under the EB-5 Reform and Integrity Act (RIA), meaning any attempt to dismantle the program would require new legislation — not an executive order.
Limits on Executive Power
While the president oversees immigration agencies such as U.S. Citizenship and Immigration Services (USCIS), executive authority is confined to administering and enforcing laws as they are written. The president may direct how immigration laws are implemented or prioritize certain enforcement strategies but cannot create new laws or eliminate existing ones. This separation of powers ensures that changes to programs like EB-5 cannot occur at the whim of a single branch of government.
For example, any alterations to investment thresholds, visa allocations, or job creation requirements under the EB-5 Program must be passed through the legislative process, which involves both chambers of Congress. Even if the president disapproves of the program, without Congress enacting legislation to terminate or reform it, the program will remain intact. Moreover, any new visa program, such as the proposed “gold card,” would generally require congressional approval to become law.
Executive Orders vs. Legislative Power
Executive orders and policy memos can shape the way the EB-5 Program is executed, such as altering processing priorities or tightening enforcement measures, but they cannot fundamentally alter or dissolve the program itself. Any attempt by the president to terminate EB-5 without congressional involvement would likely face legal challenges, as it would be considered an overreach of executive power.
Potential Legal Challenges
When faced with challenges to unilateral executive actions regarding immigration policy, courts have historically upheld the principle that significant changes to immigration policy require legislative action. Trump has faced significant legal challenges to his executive orders on immigration, with courts frequently ruling that his actions overstep the authority granted to the executive branch.
Refugee Admissions Suspension – In January 2025, Trump issued an executive order suspending the U.S. refugee resettlement program. This action was challenged by refugee aid organizations, leading to a federal judge in Seattle issuing a preliminary injunction. The judge determined that the executive order likely violated the Refugee Act of 1980, the Administrative Procedure Act, and the Fifth Amendment’s due process clause, emphasizing that the president’s authority has limits and cannot override laws passed by Congress.
Birthright Citizenship – In January 2025, Trump signed an executive order attempting to end birthright citizenship for children born in the U.S. to unauthorized immigrants and certain legal immigrants. This order faced immediate legal challenges, with multiple federal judges issuing preliminary injunctions blocking its enforcement. The courts ruled that the executive order was likely unconstitutional, as it sought to eliminate a fundamental right protected by the 14th Amendment, which grants citizenship to all persons born or naturalized in the United States.
Asylum and Immigration Enforcement – Trump’s executive orders aimed at curbing asylum claims and enhancing immigration enforcement have also encountered legal obstacles. For instance, an executive order suspending the entry of undocumented migrants under any circumstances, citing an “invasion,” has been challenged in court. Critics argue that such actions violate U.S. treaty obligations related to the protection of refugees and overstep the president’s constitutional authority.
These legal challenges underscore the ongoing tension between executive actions and judicial oversight in the realm of immigration policy. The courts have consistently emphasized the need for executive actions to align with constitutional principles and legislative intent, reinforcing the system of checks and balances inherent in the U.S. government. While the president controls immigration enforcement, he cannot override a federal statute. Any executive action targeting EB-5 would likely face immediate legal challenges, as courts have blocked similar overreaches in the past (see also DHS v. Regents of the University of California, 2020).
Prospective EB-5 Investors
For prospective EB-5 projects and investors, it is an excellent time to apply through the EB-5 Program, and many benefits remain in place. Under the Department of State’s upcoming “Visa Bulletin,” all nationalities, including Indian- and Chinese-born nationals, remain current through certain expedited regional center projects and can therefore still take advantage of quick processing times and fast green card issuance.
Conclusion
The EB-5 Program is part of the broader immigration framework established by Congress. While the president can influence the administration of the program, any effort to modify or terminate it requires the action of Congress. The legislative process ensures that significant changes to immigration programs, such as EB-5, are subject to debate and oversight, preserving the balance of powers as outlined by the U.S. Constitution. While the president can propose new immigration policies, the creation of a new visa program like the “gold card” would require congressional approval to ensure its legality and alignment with existing immigration laws. Without such legislative action, the president cannot unilaterally enact the proposed “gold card” visa program.
Listen to this post
The Why Behind the HHS Proposed Security Rule Updates
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the justifications for the proposed updates to the Security Rule. Last week’s post on the updates related to Vulnerability Management, Incident Response & Contingency Plans can be found here.
Background
Throughout this series, we have discussed updates to various aspects of the Security Rule and explored how HHS seeks to implement new security requirements and implementation specifications for regulated entities. This week, we discuss the justifications behind HHS’s move and the challenges entities face in complying with the existing rule.
Justifications
HHS discussed multiple reasons for this Security Rule update, and a few are discussed below:
Importance of Strong Security Posture of Regulated Entities – The preamble to the NPRM posits that the increase in use of certified electronic health records (80% of physicians’ offices and 96% of hospitals as of 2021) fundamentally shifted the landscape of healthcare delivery. As a result, the security posture of regulated entities must be updated to accommodate such advancement. As treatment is increasingly provided electronically, the additional volume of sensitive patient information to protect continues to grow.
Increase Cybersecurity Incident Risks – HHS cites the heightened risk to patient safety during cybersecurity incidents and ransomware attacks as a key reason for these updates. The current state of the healthcare delivery system is propelled by deep digital connectivity as prompted by the HITECH and 21st Century Cures Act. If this system is connected but insecure, the connectivity could compromise patient safety, subjecting patients to unnecessary risk and forcing them to bear unaffordable personal costs. During a cybersecurity incident, patients’ health, and potentially their lives, may be at risk where such an incident creates impediments to the provision of healthcare. Serious consequences can result from interference with the operations of a critical medical device or obstructions to the administrative or clinical operations of a regulated entity, such as preventing the scheduling of appointments or viewing of an individual’s health history.
The Healthcare Industry Could Benefit from Centralized Security Standards Due to Inconsistent Implementation of Current Voluntary Standards – Despite the proliferation of voluntary cybersecurity standards, industry guidelines, and best practices, HHS found that many regulated entities have been slow to strengthen their security measures to protect ePHI and their information systems. HHS also noted that recent case law, including University of Texas M.D. Anderson Cancer Center v. HHS, has not accurately set forth the steps regulated entities must take to adequately protect the confidentiality, integrity, and availability of ePHI, as required by the statute. In that case, the Fifth Circuit vacated HIPAA penalties against MD Anderson, ruling that HHS acted arbitrarily and capriciously under the Administrative Procedure Act. The court found that MD Anderson met its obligations by implementing an encryption mechanism for ePHI. HHS disagrees with whether the encryption mechanism was sufficient and asserted its authority under HIPAA to mandate strengthened security standards for ePHI. This ruling and lack of adoption of the voluntary cybersecurity standards by regulated entities has led to inconsistencies in the implementation of the Security Rule at regulated entities and providing clearer and mandatory standards were noted justifications for these revisions.
Takeaways
In 2021, Congress amended the HITECH Act, requiring HHS to assess whether an entity followed recognized cybersecurity practices in line with HHS guidance over the prior 12 months to qualify for HIPAA penalty reductions. In response to this requirement, HHS could have taken the approach of acknowledging recognized frameworks that offer robust safeguards to clarify expectations, enhance the overall security posture of covered entities, and reduce compliance gaps. While HHS refers to NIST frameworks in discussions on security, it has not formally recognized any specific frameworks to qualify for this so called “safe harbor” incentive. Instead, HHS uses this NPRM to embark on a more prescriptive approach to the substantive rule based on its evaluation of various frameworks.
HHS maintains that these Security Rule updates still allow for flexibility and scalability in its implementation. However, the revisions would limit the flexibility and raise the standards for protection beyond what was deemed acceptable in the past Security Rule iterations. Given that the Security Rule’s standard of “reasonable and appropriate” safeguards must account for cost, size, complexity, and capabilities, the more prescriptive proposals in the NPRM and lack of addressable requirements present a heavy burden — especially on smaller providers.
Whether these Security Rule revisions become finalized in the current form, a revised form, or at all remains an open item for the healthcare industry. Notably, the NPRM was published under the Xavier Becerra administration at HHS and prior to the confirmation of Robert F. Kennedy, Jr. as the new secretary of HHS. The current administration has not provided comment on its plans related to this NPRM, but we will continue to watch this as the March 7, 2025, deadline for public comment is inching closer.
Stay tuned to this series as our next and final blogpost on the NPRM will consider how HHS views the application of artificial intelligence and other emerging technologies under the HHS Security Rule.
Please visit the HIPAA Security Rule NPRM and the HHS Fact Sheet for additional resources.
Listen to this post
The EU Suspends Certain Sanctions on Syria to Support Economic Stabilization, Political Transition, and Reconstruction
To encourage democratic development and achieve a peaceful and inclusive political transition, and to aid the swift reconstruction and economic recovery of the country and facilitate its eventual reincorporation into the global financial system, the European Council decided yesterday to suspend with immediate effect a number of sanctions and restrictive measures that had targeted key sectors of the Syrian economy, including its banking, energy, and transport sectors.
In this article, we summarize the suspensions and consider the positive change that they may foreshadow for all Syrians, in the country and diaspora.
Suspended Sanctions/Restrictive Measures
The five specific actions that the European Council took following a meeting yesterday in Brussels are as follows:
Suspending sectoral measures in the energy (oil, gas, and electricity) and transport sectors;
Removing five entities (Agricultural Cooperative Bank, Industrial Bank, Popular Credit Bank, Saving Bank, and Syrian Arab Airlines) from the list of those subject to asset freezes, and allowing financial resources to be made available to the Syrian Central Bank;
Introducing exemptions to the prohibition on banking relations between Syrian banks and financial institutions in EU member states to permit transactions related to the energy and transport sectors and those necessary for reconstruction purposes;
Extending indefinitely the existing exemption for transactions for humanitarian purposes; and
Introducing an exemption to the prohibition on the export of luxury goods to Syria for personal usage.
The European Council announced that it will continuously monitor the situation in Syria to assess whether the suspensions remain appropriate and/or whether further sanctions and restrictive measures could be suspended.
Additional Considerations
While many commentators will champion the deferral of sweeping sectoral sanctions because of the unintended negative consequences that they can have, such as impeding economic stability and denying the ordinary person access to essential services such as electricity, water, healthcare and education, the European Council has seen fit to maintain other important sanctions and restrictive measures that were imposed during the previous regime, including those related to:
Arms trafficking;
Chemical weaponry;
Dual-use goods;
Equipment misused for internal repression;
Narcotics smuggling;
Software misused for interception and surveillance; and
Trade of Syrian cultural heritage items.
However, the EU’s stated goal when it enacted these sanctions was to protect the civilian population from the previous regime. Now that Syria is under new leadership, its people have the opportunity to earn a wind-down of all remaining sanctions and restrictive measures, and for its war-torn economy to benefit from resurgent EU-Syria economic relations and trade flows.
TCPA Revocation of Consent Rule Effective April 2025
As previously blogged about in detail here, the TCPA rules on revoking consent for unwanted robocalls and robotexts becomes effective in April 2025.
Revocation of prior express consent for autodialed, prerecorded or artificial voice calls (and autodialed texts) must be permitted to be made by “any reasonable means.” Additionally, callers may not infringe on that right by designating an exclusive means to revoke consent that precludes the use of any other reasonable method.
Callers are required to honor do-not-call and consent revocation requests within a reasonable time not to exceed ten (10) business days of receipt of the request. Text message senders are limited to a one SMS text message confirming that no further text messages are to be transmitted. Such confirmation messages must be sent promptly following receipt of the opt-out request. The FCC will monitor compliance with this obligation to ensure that such requests are honored in a timely manner.
Importantly, when a consumer revokes robocall or robotext telemarketing consent under the Telephone Consumer Protection Act – unless a separate intent to opt-out therefrom is expressed – a caller may continue to reach the consumer if it is an exempt informational call. A revocation request in response to an exempt informational call shall be considered a request to opt-out of all non-emergency robocalls and robotexts.
Takeaway: Digital marketers should consult with an experienced FTC compliance and defense lawyer to discuss the scope of the new rule, the implementation of compliance strategies and training materials, how to ensure that revocation requests are honored, and the identification of non-regulated technologies.