EPA Provides Technical Support for Companies Submitting New Chemical Data
On April 25, 2025, the U.S. Environmental Protection Agency (EPA) announced the availability of new resources intended to help companies with the requirements described in EPA’s December 2024 final rule governing the review of new chemicals under the Toxic Substances Control Act (TSCA). According to EPA, the new materials “provide companies with clear instructions on how to include required data elements in the current system used for new chemical submissions while the agency works to update that system.” EPA’s final rule clarifies the level of detail for the data elements that submitters are required to provide with new chemical notices whenever that information is known to or reasonably ascertainable by the submitter. EPA states that “[a]s noted in the preamble to the final rule, enhancements to the Central Data Exchange (CDX) for submitting the data elements were not finalized concurrently with the amendments.” Until then, submitters can provide the required information using the existing CDX workflow. The new information on EPA’s website describes how submitters can satisfy the amended data requirements pending updates to CDX. EPA states that once it completes the CDX updates, it intends to conduct stakeholder outreach before rolling the updates out “so that users know all data elements are included in CDX and that the use of this supplemental information” will no longer be necessary.
North Dakota Expands Data Security Requirements and Issues New Licensing Requirements for Brokers
On April 11, North Dakota enacted HB 1127, overhauling its regulatory framework for financial institutions and nonbank financial service providers. The law amends multiple chapters of the North Dakota Century Code and creates a new data security mandate for financial corporations—a category that includes non-depository entities regulated by the Department of Financial Institutions (DFI). It also expands the licensing requirement for brokers to include “alternative financing products,” potentially impacting a broad array of fintech providers.
The law introduces sweeping data protection obligations for nonbank financial corporations through new requirements created in Chapter 13-01.2. Specifically, covered entities must:
Implement an information security program. This includes administrative, technical, and physical safeguards, based on a written risk assessment.
Designate a qualified individual. Each financial corporation must designate a qualified individual responsible for overseeing the security program and report annually to its board or a senior officer.
Conduct regular testing. Annual penetration tests and biannual vulnerability assessments are mandatory unless continuous monitoring is in place.
Secure consumer data. Encryption of data in transit and at rest is required unless a compensating control is approved. Multifactor authentication is also mandatory.
Notify regulators of breaches. A data breach involving 500 or more consumers must be reported to the Commissioner within 45 days.
The bill also amends North Dakota’s broker licensing laws to authorize the DFI to classify certain alternative financing arrangements as “loans.”
Putting It Into Practice: Of the many amendments here, North Dakota’s expansion of licensing requirements for brokers of alternative financing products may have the biggest impact for institutions, especially fintechs.
Beltway Buzz, April 25, 2025
The Beltway Buzz™ is a weekly update summarizing labor and employment news from inside the Beltway and clarifying how what’s happening in Washington, D.C., could impact your business.
Congress Out, Agenda Delayed. The U.S. Congress is currently in the second week of its spring break recess and will return to Washington, D.C., on April 28, 2025. Upon returning, Republican leaders are expected to move forward with their budget reconciliation package that is expected to address military spending, energy production, taxes, and immigration. The Buzz will also be monitoring potential U.S. Senate confirmation hearings for individuals nominated to lead labor and employment–related agencies. President Donald Trump has nominated individuals to lead the U.S. Department of Labor’s (DOL) Occupational Safety and Health Administration and Wage and Hour Division, as well as the General Counsel’s office of the National Labor Relations Board, but those nominees have not yet had their Senate confirmation hearings.
Executive Order Seeks to Limit Use of Disparate-Impact Liability. On April 23, 2025, President Trump issued an executive order (EO) titled “Restoring Equality of Opportunity and Meritocracy.” The EO states, “It is the policy of the United States to eliminate the use of disparate-impact liability in all contexts to the maximum degree possible.” Currently, employers may be held liable under a disparate-impact theory of discrimination if an otherwise neutral employment policy or practice results in an adverse impact on a protected class. The EO directs all federal agencies to “deprioritize enforcement of all statutes and regulations to the extent they include disparate-impact liability” and further instructs the attorney general and the chair of the U.S. Equal Employment Opportunity Commission to review all current legal matters that rely on a theory of disparate-impact liability, and to “take appropriate action with respect to such matters consistent with the policy of th[e] order.” T. Scott Kelly, Nonnie L. Shivers, and Zachary V. Zagger have the details.
Disparate-impact liability in employment discrimination cases was first established by the Supreme Court of the United States in 1971 and codified by Congress in the Civil Rights Act of 1991. In February 2025, U.S. Attorney General Pam Bondi issued a memorandum instructing U.S. Department of Justice (DOJ) officials to deemphasize disparate-impact theories of liability.
Senate HELP Committee Chair Outlines Independent Contractor Proposals. Senator Bill Cassidy (R-LA), chairman of the Senate Committee on Health, Education, Labor, and Pensions, has released a white paper advocating for various legislative proposals related to independent contractors. The white paper, titled, “Portable Benefits: Paving the Way Toward a Better Deal for Independent Workers,” builds on Cassidy’s 2024 “request for information seeking feedback from stakeholders on ways to remove federal legal and regulatory barriers to portable benefits for independent workers.” Among the proposals advanced in the paper are a single statutory test for determining employment status, as well as legislation that would allow employers to provide health and retirement benefits to workers without those benefits triggering employment status. (The Buzz recently detailed bills in the U.S. House of Representatives that address these issues.)
Immigration Policy Update. Recent developments in the immigration policy arena include the following:
The U.S. District Court for the District of Massachusetts issued an order blocking the Trump administration’s rescission of Cuba, Haiti, Nicaragua, and Venezuela (CHNV) humanitarian parole program. Emphasizing the need for a case-by-case review prior to revoking grants of parole, the judge ruled that the “categorical termination of existing grants of parole was arbitrary and capricious.” Amanda M. Mullane and Daniela Medrano Sullivan have the details.
Secretary of State Marco Rubio announced sweeping changes to the operational structure of the U.S. Department of State. While the Bureau of Consular Affairs—the subagency within the State Department responsible for issuing visas—does not appear to be impacted at this early stage, the Buzz will continue to monitor the situation as it develops.
DOL Staff Exit. Workers at the DOL are leaving, either pursuant to deferred-resignation offers from the new administration or involuntary reductions in force.
Deferred Resignations. Almost 20 percent of the DOL’s employees will reportedly leave their positions in September 2025 after accepting deferred-resignation offers.
OFCCP Continues to Shrink. According to media reports, most employees in the Office of Federal Contract Compliance Programs’ (OFCCP) enforcement division’s national office and five of its six regional offices have been placed on administrative leave in advance of planned reductions in force at the agency. (Employees in the Southwest and Rocky Mountain Region—often referred to by practitioners as “SWARM”—were not impacted.) The action follows on the heels of a February 2025 DOL memo indicating that 90 percent of OFCCP employees would eventually be removed from their positions. A group of Democratic senators and representatives wrote a letter to Secretary of Labor Lori Chavez-DeRemer, warning that the dramatic reduction in staff at OFCCP would leave veterans and individuals with disabilities vulnerable to discrimination.
The Buzz will keep tabs on how staff reductions at the DOL in general, and OFCCP specifically, will impact the department’s regulatory and enforcement agendas.
Remember the Maine! On April 25, 1898, Congress declared war on Spain. The Cuban War of Independence, the rise of sensationalistic “yellow journalism,” U.S. self-interest, and the February 15, 1898, explosion of the USS Maine in Havana Harbor all contributed to a series of congressional actions that culminated in a declaration of war. The declaration read:
A bill declaring that war exists between the United States of America and the Kingdom of Spain.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, first. That war be, and the same is hereby, declared to exist, and that war has existed since the twenty-first day of April, A.D. 1898, including said day, between the United States of America and the Kingdom of Spain.
Second. That the President of the United States be, and he hereby is, directed and empowered to use the entire land and naval forces of the United States, and to call into the actual service of the United States the militia of the several States, to such extent as may be necessary to carry this act into effect.
Approved, April 25, 1898.
The war ended several months later with the signing of the Treaty of Paris on December 10, 1898, and resulted in the United States’ acquisition of Puerto Rico, Guam, and the Philippines.
Unprecedented Nullification of the Biannual Public Tender Formedicine Procurement
Following up on our March newsletter No. 5, on April 8, 2025, the Ministry for AntiCorruption and Good Government declared the nullity of the entire public tender forthe 2025–2026 consolidated procurement of medicines, coordinated by BIRMEX,and ordered the procedure to be restarted based on a new market investigation.
The resolution declaring nullity was based on irregularities detected by the Ministry,mainly due to breaches of the tender terms and formal errors during the process,including:
Inconsistencies in the minimum bid percentages established in the call andits annexes.
Improper fiscal and technical requirements imposed on participants.
Irregularities related to requirements involving exclusive rights or patents.
Additionally, the same resolution highlights that:
All previously issued supply orders will be honored, as well as requests forpurchase orders.
The rights of awarded companies will be respected, and institutions mustpay for all products that have been delivered and accepted.
In cases where no overpricing was identified, a new direct award will begiven to the previously selected supplier.
In cases involving pricing irregularities, a new bidding process will be carriedout to determine a new awardee.
Current contracts will be terminated early to allow for the new procedure.However, until such termination occurs, contracts must be fulfilled to avoidpenalties.
Awards made by direct assignment were not affected by this resolution.
The decision does not identify or sanction any specific company, nor does it affecttheir right to participate in future tenders. However, sanctions against governmentofficials or companies cannot be ruled out in the future.
Companies that consider themselves affected may challenge the resolution.However, as this is a general measure that impacts all awarded companies equally,legal challenges are considered unlikely to succeed.
A Roadmap for Export Controls? Project 2025 and the Future of U.S. Exports – Part III
The second Trump administration has come flying out of the starting blocks on international trade policy actions—imposing and rescinding, shaping and reshaping tariffs, sanctions, and export controls. The executive orders and directives have come so thick and fast that it is not always simple for businesses to chart a consistent policy direction and develop their plans to account for what might be coming next.
However, there is in fact a pretty clear map that could indicate the U.S. policy direction with respect to export controls.
The U.S. Department of Commerce, Bureau of Industry and Security (BIS) may well follow the map that was drafted by the same people who are now among the BIS leadership. The cartographers, as it were, are James Rockas and Robert Burkett. Rockas and Burkett now serve as the Deputy Under Secretary and Chief of Staff, respectively, at BIS. Both are listed as authors of the chapter on the Department of Commerce in the Project 2025 Mandate for Leadership publication by the Heritage Foundation.[1] Regardless of one’s views on Project 2025, the publication is a useful indicator of the future of U.S. export controls, among other policies.
In this article, we examine what the proposed “modernization” of the Export Administration Regulations (EAR) outlined in Project 2025 looks like, and analyze how the Project 2025 proposals could be implemented in future U.S. export regulations.
The Checklist
The section of Project 2025 dedicated to BIS presents a list[2] of key priorities for “EAR modernization” , as follows:
Featured Today
Eliminating the “specially designed” licensing loophole;
Redesignating China and Russia to more highly prohibitive export licensing groups (country groups D or E);
Eliminating license exceptions;
Broadening foreign direct product rules;
Reducing the de minimis threshold from 25 percent to 10 percent—or 0 percent for critical technologies;
Tightening the deemed export rules to prevent technology transfer to foreign nationals from countries of concern;
Tightening the definition of “fundamental research” to address exploitation of the open U.S. university system by authoritarian governments through funding, students and researchers, and recruitment;
Eliminating license exceptions for sharing technology with controlled entities/countries through standards-setting “activities” and bodies; and
Improving regulations regarding published information for technology transfers.
On first reading, some of these proposals may not seem to fit neatly within the familiar EAR framework. That might make it hard to picture how they will be implemented in regulations, much less to plan for them.
But that’s just the sort of picturing we propose to take on!
We have worked our way through the list above. We have asked ourselves how those broad, potentially seismic changes might actually be put into practice. Where is there real room for rewriting the regulations? Where is there precedent in export regulatory history? (Where what’s past be prologue, to borrow a phrase)?
Here we present our initial thoughts on what may be coming. We note that none of these points constitutes legal advice. But they may be useful for considering where your organization may wish to consider the possibility of future export control regulations.[3] And they may come fast, so get ready. As the poet said, defer no time. Delays have dangerous ends.
We present our findings in three parts (in three days), dividing the list to conquer it and to do so without overburdening our readers.
7. “Tightening the definition of “fundamental research” to address exploitation of the open U.S. university system by authoritarian governments through funding, students and researchers, and recruitment”
The Fundamental Research provisions of the EAR consider certain technology and software in mathematics, engineering, and science that are the result of research in universities to be in the public domain, and thus not controlled for export. One criterion for this exemption from control is that the research must be of the type that is normally published. Currently, the fundamental research exclusion provides for universities to allow students, regardless of nationality, to take part in research and to have access to certain technology and software that may otherwise be controlled.
However, universities have been under increasing scrutiny in cases where fundamental research exposes sensitive technology to students, professors, researchers, and even donors from countries of concern. Tightening the fundamental research exception could mean limiting the exception so that it does not apply to foreign persons affiliated with certain universities (such as those on the Specially Designated Nationals list), or even to all nationals of certain countries of concern. Alternatively, the rules could be tightened to allow U.S. government sponsors of research to place greater limits on access to sponsored projects based on nationality, or to require universities to waive the fundamental research exception altogether in their sponsorship agreements. Since the Fundamental Research exemptions are based in the First Amendment, there may be limits on how far that reform could be taken. But we have no doubt that the administration will look at how to restrict the Fundamental Research exemptions.
8. “Eliminating license exceptions for sharing technology with controlled entities/countries through standards-setting “activities” and bodies”
Currently, certain low-controlled technology or software is not subject to the EAR when it is being shared for the purpose of designing, developing, and/or implementing industry standard. The rule is designed for international cooperation.
Historically, the Trump administration has shown a disinclination to participate in multilateral activity (the Paris Climate Accord, UN Convention on Human Rights, Trans Pacific Partnership, NAFTA, Transatlantic Trade and Investment Partnership (TTIP), etc.). It would not be inconsistent with administration practice to narrow or eliminate exceptions that provide for free sharing of technolgoy with multilateral standards-setting groups.
Eliminating the exception would be a straightforward revision of the rule, which could potentially affect U.S. government and U.S. company relations with other governments, international organizations, international inspections under the Chemical Weapons Convention, and the International Space Station operations.
9. “Improving regulations regarding published information for technology transfers.”
Much like the fundamental research exception described above, adjusting the EAR-exception for published technology could potentially violate the First Amendment. One potential approach would be for the EAR to adopt an approach similar to the ITAR’s public domain exception. For example, public release, such as publishing, would only be permitted after approval from the U.S. Government. The proposal may also redefine what is considered “published” by introducing exceptions to the definition.
Conclusions and Early Indications
The second Trump administration has issued, rescinded, revised, and reissued a substantial number of tariffs, sanctions, and export control measures. Although it is easy to be overwhelmed by the volume of actions, some of the policy direction of the new administration is clear. And as outlined here, the Commerce Department chapter of the Project 2025 Mandate for Leadership provides strong indicators of the administration’s policy direction on export controls.
At the same time, developments outside the four corners of Project 2025 suggest that certain reforms may already be in motion. On April 10, 2025, Landon Heid—President Trump’s nominee for Assistant Secretary of Commerce for Export Administration—testified before the Senate Banking Committee and indicated that BIS may act “relatively quickly” to apply Entity List restrictions to subsidiaries of listed entities, drawing a parallel to OFAC’s 50% rule. If implemented, this shift would materially expand the scope of compliance obligations for exporters, reexporters, and technology providers by effectively capturing foreign subsidiaries and affiliates that have so far fallen outside the scope of licensing requirements.
Heid’s remarks also flagged broader enforcement priorities—particularly around China’s acquisition of artificial intelligence capabilities. He pointed to risks associated with transshipment through jurisdictions such as Hong Kong and suggested BIS may pursue tighter controls to curb diversion and illicit procurement of advanced technologies. Those developments, while not explicitly part of Project 2025, reflect an accelerating trajectory toward more expansive and aggressive export control enforcement.
Together, the Project 2025 blueprint and the emerging policy posture from BIS leadership offer a coherent preview of what the next phase of U.S. export regulation may look like. Companies would do well to monitor those signals and begin scenario planning for a regulatory environment in which the scope of control is broader, the tools are sharper, and the compliance expectations are higher.
FOOTNOTES
[1] Available at 2025_MandateForLeadership_CHAPTER-21.pdf.
[2] Id. at p.672.
[3] Additionally, we would be glad to kick these ideas around with others (I know my associates are tired of me talking about it to them). So if you have any comments, questions, or ideas to posit, please feel free to contact the authors directly.
FTC Publishes Final COPPA Rule Amendments
On April 22, 2025, the Federal Trade Commission published in the Federal Register final amendments to the Children’s Online Privacy Protection Act Rule (the “Rule”). The Rule will go into effect 60 days from publication, on or about June 21, 2025, with a compliance deadline of April 22, 2026. The Rule retains many of the proposed amendments first announced in January 2025 as a result of a Notice of Proposed Rulemaking issued by the FTC in 2024 (the “2024 NPRM”), with certain differences.
Key updates to the Rule include:
Updated definitions: The Rule adds or updates several defined terms, including:
Contact information: The Rule adds to the definition of “online contact information”: mobile phone numbers, “provided the operator uses it only to send a text message.” Under COPPA, operators can use a child or parent’s contact information to provide notice and obtain parental consent without first obtaining consent to the collection of the contact information. According to the FTC, the amendment was intended to give operators another way to initiate the process of seeking parental consent quickly and effectively.
Personal information: The Rule updates the definition of “personal information” to include:
Biometric identifier: The Rule adds to the definition of “personal information”: “a biometric identifier that can be used for the automated or semi-automated recognition of an individual, such as fingerprints; handprints; retina patterns; iris patterns; genetic data, including a DNA sequence; voiceprints; gait patterns; facial templates; or faceprints[.]” Notably, the Rule does not include “data derived from voice data, gait data, or facial data,” which is language that was proposed in the 2024 NPRM.
Government-issued identifier: The Rule adds to the definition of “personal information”: “[a] government-issued identifier, such as a Social Security, [S]tate identification card, birth certificate, or passport number[.]”
Mixed audience website or online service: The FTC first developed this category in the 2013 COPPA Rule amendments, as a subset of “child-directed” websites and online services, but did not define the term. The Rule defines the term as “a website or online service that is directed to children under the criteria set forth in paragraph (1) of the definition of website or online service directed to children, but that does not target children as its primary audience, and does not collect personal information from any visitor prior to collecting age information or using another means that is reasonably calculated, in light of available technology, to determine whether the visitor is a child.” The updated definition further requires that “[a]ny collection of age information, or other means of determining whether a visitor is a child, must be done in a neutral manner that does not default to a set age or encourage visitors to falsify age information.”
Website or online service directed to children: The Rule expands the factors the FTC will consider with respect to whether a website or service is “directed to children,” to include marketing or promotional materials or plans, representations to consumers or third parties, reviews by users or third parties and the ages of users on similar websites or services.
Enhanced direct notice content requirements: The Rule expands the content required in an operator’s direct notice to parents for the purpose of obtaining parental consent where required under COPPA.
Use of personal information: The direct notice must disclose how the operator intends to use the child’s personal information (in addition to the existing requirements to include the categories of the child’s personal information to be collected and the potential opportunities for the disclosure of the child’s personal information).
Third-party disclosures: Where the operator discloses children’s personal information to third parties, the direct notice must specify: (1) the identities or specific categories of the third parties (including the public, if such data is made publicly available), (2) the purposes for such disclosure, and (3) that the parent can consent to the collection and use of the child’s personal information without consenting to the disclosure of such personal information to third parties, except to the extent such disclosure is integral to the website or online service.
Enhanced privacy notice content requirements: The Rule also expands the content required in an operator’s privacy notice displayed on the operator’s website.
Internal operations: The privacy notice must disclose: (1) the specific internal operations for which the operator has collected a persistent identifier and (2) how the operator ensures that such identifier is not used or disclosed to contact a specific individual or for any other purpose not permitted under COPPA’s “support for the internal operations” consent exception.
Audio files: If applicable, a description of how the operator collects audio files containing a child’s voice solely to respond to the child’s specific request and not for any other purpose, and a statement that the operator immediately deletes such audio files thereafter.
Verifiable parental consent methods: The Rule adds three approved methods for verifying a parent’s identity for purposes of obtaining parental consent:
Knowledge-based authentication, provided that (1) the authentication process uses dynamic, multiple-choice questions with an adequate number of possible answers and (2) the questions are difficult enough that a child under 13 could not reasonably accurately answer them.
Government-issued identification, provided that the photo ID is verified to be authentic against an image of the parent’s face using facial recognition technology (and provided that the ID and images are promptly deleted after the match is confirmed).
Text message to the parent coupled with additional steps to confirm the parent’s identity (e.g., a confirmation text to the parent following receipt of consent). (Note that this option is available only under certain enumerated circumstances).
Limited exception to parental consent for the collection of audio files containing a child’s voice: The Rule allows operators to collect audio files containing a child’s voice (and no other personal information) solely to respond to a child’s request without providing direct notice or obtaining parental consent. This exception applies only if the operator does not use the information for any other purpose, does not disclose it, and deletes the data immediately after responding to the request. This amendment codifies a 2017 FTC enforcement policy statement regarding the collection and use of children’s voice recordings.
Limits on data retention and publication of data retention policy: The Rule prevents operators from retaining children’s personal information indefinitely. The Rule specifies that operators may not retain children’s personal information for longer than necessary to fulfill the specific documented purposes for which the data was collected, after which the data must be deleted. Operators also must establish, implement and maintain a written data retention policy that specifies (1) the purposes for which children’s personal information is collected, (2) the specific business need for retaining such data, and (3) a timeline for deleting the data. The data retention policy must be published in the operator’s privacy notice required under COPPA.
Written information security program: The Rule requires operators to establish, implement and maintain a written information security program that contains safeguards appropriate to the sensitivity of the children’s personal information collected and the operator’s size, complexity, and nature and scope of activities. Specifically, operators must, in connection with the written information security program, (1) designate personnel to coordinate the program, (2) at least annually, identify and assess internal and external risks to the security of children’s personal information, (3) implement safeguards to address such identified risks, (4) regularly test and monitor the effectiveness of such safeguards, and (5) at least annually, evaluate and modify the information security program accordingly.
Vendor and third-party due diligence requirements: Before disclosing children’s personal information to other operators, service providers or third parties, the Rule requires operators to “take reasonable steps” to ensure that such entities are “capable of maintaining the confidentiality, security, and integrity” of such data. Operators also must obtain written assurances that such entities will use “reasonable measures to maintain the confidentiality, security, and integrity” of the information.
Increased Safe Harbor transparency: By October 22, 2025, and annually thereafter, FTC-approved COPPA Safe Harbor programs are required to identify in their annual reports to the Commission each operator subject to the self-regulatory program (“subject operator”) and all approved websites or online services, as well as any subject operator that left the program during the time period covered by the annual report. The Safe Harbor programs also must outline their business models in greater detail and provide copies of each consumer complaint related to a member’s violation of the program’s guidelines. The report also must describe each disciplinary action taken against a subject operator and a description of the process for determining whether a subject operator is subject to discipline. In addition, by July 21, 2025, Safe Harbor programs must publicly post (and update every six months thereafter) a list of all current subject operators and, for each such operator, list each certified website or online service. Further, by April 22, 2028, and every three years thereafter, Safe Harbor programs must submit to the FTC a report detailing the program’s technological capabilities and mechanisms for assessing subject operators’ fitness for membership in the program.
Pushback of Deadline for SNFs to Submit Significantly More Detailed Ownership and Control Information in New “SNF Attachment” to CMS Form 855A
With newly confirmed Dr. Mehemet Oz at its helm, the Centers for Medicare & Medicaid Services (CMS) maintained but delayed the deadline for its requirement that Skilled Nursing Facilities (SNFs) to report significantly expanded information to CMS about the ownership, management and relationships with private equity (PE) and real estate investment trusts (REIT), and newly defined “additional reportable parties” (ADPs).
Scheduled to take effect on May 1, 2025, CMS recently announced a three-month reprieve, pushing the deadline back to August 1, 2025. This comes at the same time that CMS is seeking suggestions on lowering the Medicare regulatory burden and simplifying Medicare reporting requirements.
The delay announcement came as a surprise since, as recently as Friday, April 11, CMS reminded SNFs about the May 1 deadline that was fast-approaching for the Off-cycle SNF Revalidation of all Medicare-enrolled SNFs. Originally issued on October 1, 2024, every SNF was required to complete the new Form 855A that was designed to improve transparency and accuracy in SNF enrollment data under new reporting rules that were finalized by CMS in the Medicare and Medicaid Programs; Disclosures of Ownership and Additional Disclosable Parties Information for Skilled Nursing Facilities and Nursing Facilities; Medicare Providers’ and Suppliers’ Disclosure of Private Equity Companies and Real Estate Investment Trusts, on November 17, 2023.
Effective October 1, 2024, CMS added the new “SNF Attachment” to Form 855A, the Medicare Enrollment Application for Institutional Providers. All SNFs must now revalidate CMS enrollment by submitting the updated form by August 1, 2025. Medicare-enrolled SNFs should have received a revalidation notice by the end of the calendar year 2024. Even if the letter got lost in the mail, CMS expects every Medicare enrolled SNF to contact their Medicare Administrative Contractor (MAC) to ensure they revalidate their enrollment before August 1, 2025, or risk what will be serious consequences.
CMS set the bar for disclosures high, and the consequences will be swift and painful for SNFs that fail to report enrollment information fully and accurately. Penalties may include notice of dis-enrollment or revocation of Medicare enrollment, which could result in a lapse in enrollment, leaving a non-compliant SNF unable to submit claims or receive reimbursements.
The updated 855A requires SNFs to disclose all ownership interest and managing control information on the new SNF Attachment, rather than in Sections 5 and 6 as previously required. SNFs will no longer fill out Sections 5 and 6 and instead must check a box in each section which states “Check here if you are a Skilled Nursing Facility and skip this section.”
The new SNF Attachment requires far more information and detail than previously required by Sections 5 and 6. While some of the disclosures previously required in these sections have carried over to the new SNF Attachment, there are several additional requirements. SNFs must now disclose:
All members of their governing body irrespective of business type;
If the SNF is an LLC, all owners must be reported regardless of ownership percentage;
If the SNF is a trust, all trustees;
All Additional Disclosable Parties (ADPs); and
Certain additional information about each ADP.
An Additional Disclosable Party (ADP) is defined broadly to include any person or entity that:
Exercises operational, financial, or managerial control over any part of the SNF,
Provides policies or procedures for any of the SNF’s operations,
Provides financial or cash management services to the SNF,
Leases or subleases real property to the SNF or owns a whole or part interest equal to at least 5% of the total value of property leased by the SNF,
Provides management or administrative services to the SNF,
Provides clinical consulting services to the SNF, and/or
Provides accounting or financial services to the SNF.
There is no minimum threshold for how long the ADP must have furnished the services, the extent of involvement with the SNF’s operations, or the volume of furnished services. If a person or entity performed any of the above-listed services, for any period of time, they must be disclosed as an ADP.
Furthermore, CMS has made it abundantly clear that SNFs should err on the side of disclosure if they are uncertain as to whether a party qualifies as an ADP. Additional information can be found in CMS Guidance for SNF Attachment on Form CMS-855A.
At approximately the same time SNFs were expected to be gathering the information to complete the new disclosures, CMS posted an appeal for regulatory relief titled “Unleashing Prosperity Through Deregulation of the Medicare Program Request for Information” (Medicare Deregulation RFI). Through this RFI, CMS asks for input “on approaches and opportunities to streamline regulations and reduce administrative burdens on providers, suppliers, beneficiaries, Medicare Advantage and Part D plans, and other stakeholders participating in the Medicare program . . . [in an] effort[ ] to reduce unnecessary administrative burdens and costs, and create a more efficient healthcare system. . .” Commenters are asked to identify “specific Medicare administrative processes, quality, or data reporting requirements, that could be automated or simplified to reduce the administrative burden on facilities and providers,” “changes [that could] be made to simplify Medicare reporting and documentation requirements without affecting program integrity,” and “documentation or reporting requirements within the Medicare program that are overly complex or redundant.” Some SNF industry stakeholders are looking at the RFI as an opportunity to get the Trump Administration to at least decrease the complexity of the increased SNF reporting requirements, if not eliminate as a redundant, duplicative and unnecessary administrative burden that will create financial strain on SNFs.
McDermott+ Check-Up: April 25, 2025
THIS WEEK’S DOSE
HELP Committee Releases 340B Report. Health, Education, Labor, and Pensions (HELP) Chair Cassidy (R-LA) released findings from his investigation and laid out potential reforms to the 340B Drug Pricing Program.
CMS Releases FY 2026 Medicare IPPS Proposed Rule. The Centers for Medicare and Medicaid Services’ (CMS’s) fiscal year (FY) 2026 hospital Inpatient Prospective Payment System (IPPS) proposed rule includes payment updates, proposals related to the Transforming Episode Accountability Model, and deregulation.
CMS Releases Additional FY 2026 Medicare Proposed Rules. The rules would update the hospice wage index and the skilled nursing facility, inpatient psychiatric facility, and inpatient rehabilitation facility prospective payment systems.
President Trump Signs EO on Lowering Drug Prices. The executive order (EO) includes directives to lower Medicare drug prices and reduce anticompetitive behavior.
Administration Acts on Gender-Affirming Care. A CMS letter reminded states of existing Medicaid requirements, a separate US Department of Justice memo outlined potential future action, and the US Department of Health and Human Services (HHS) created an online portal for whistleblowers.
President Trump Sends Memo on Immigrants’ Use of Medicare and Medicaid Benefits. Various departments, including HHS, were directed to ensure ineligible immigrants do not receive benefits.
NIH Releases New Grant Guidelines. The National Institutes of Health (NIH) expanded the actions that are prohibited by antidiscrimination laws.
Administration Continues Federal Workforce Restructuring. The latest proposal seeks to create a new class of at-will civil service employees.
President Trump Issues EO on Higher Education Accreditation. The directive includes medical school accreditation reforms.
CONGRESS
HELP Committee Releases 340B Report. The report includes findings from Chair Cassidy’s long-running investigation into the 340B program that looked at two hospitals, two federally qualified community health centers, two contract pharmacies, and two drug manufacturers. The report highlights five potential reforms for Congress to consider:
Requiring covered entities to provide detailed annual reporting on how 340B revenue is used to ensure direct savings for patients, creating more transparency into the link between program savings and patient benefit.
Addressing potential logistical challenges caused by increased administrative complexity; these burdens may impede patient benefit from the program.
Investigating the types of financial benefits that contract pharmacies and third-party administrators (TPAs) receive for administering the 340B program to ensure that increasing fees do not disadvantage covered entities and patients.
Requiring transparency and data reporting for entities supporting participants in the 340B program (i.e., contract pharmacies and TPAs).
Providing clear guidelines to ensure that manufacturer discounts actually benefit 340B-eligible patients and examining legislative changes to the definition of eligible patient and contract pharmacies’ use of the inventory replenishment model.
ADMINISTRATION
CMS Releases FY 2026 Medicare IPPS Proposed Rule. The rule, released April 11, 2025, proposes a 2.4% payment rate. A fact sheet is available here.
New proposals include:
Updates to the Transforming Episode Accountability Model (TEAM), which would remain a five-year mandatory model but would include a limited deferment for certain hospitals, neutral scoring on quality for hospitals with insufficient quality data, changes to the payment methodology and risk adjustment, and expansion of the skilled nursing facility (SNF) three-day-rule waiver. The model is slated to begin on January 1, 2026.
A request for comments on future quality measures supporting the Make America Healthy Again priorities of well-being and nutrition and on proposals to remove quality measures on health equity and social determinants of health.
A deregulation request for information (RFI) on ways to streamline regulations, reduce administrative burdens, and identify duplicative requirements across the Medicare program. Responses should be submitted through a web-based form, separate from other comments on the rule.
CMS Releases Additional FY 2026 Medicare Proposed Rules. Additional proposed regulations were released on April 11, 2025. These rules include the same deregulation and quality measure RFIs that were included in the IPPS proposed rule.
Key takeaways include:
Hospice Wage Index. CMS proposes to increase rates by 2.4% and clarify technical certification regulations.
SNF Prospective Payment System (PPS). CMS proposes to increase rates by 2.8% and implement operational and administrative updates to the SNF value-based purchasing program.
Inpatient Psychiatric Facility (IPF) PPS. CMS proposes to increase rates by 2.4% and issued an RFI on the IPF quality reporting program.
Inpatient Rehabilitation Facility (IRF) PPS. CMS proposes to increase rates by 2.6% and remove social determinants of health patient assessment data elements from the IRF quality reporting program.
Comments on the hospice wage index and SNF PPS are due by June 29, 2025, and comments on IPF PPS and IRF PPS are due by June 10, 2025.
President Trump Signs EO on Lowering Drug Prices. The EO directs HHS to:
Seek comment within 60 days on revisions to the Medicare Drug Price Negotiation Program for initial price applicability in 2028.
Coordinate with Congress to address the timing disparity between small-molecule and biologic drugs.
Conduct a survey to determine hospital acquisition costs for outpatient drugs and propose adjustments.
Condition health center grant funding on providing insulin and injectable epinephrine at or below the 340B acquisition cost, plus a minimal administrative fee.
Address payment incentives that encourage shifting of drug administration volume from physician offices to hospital outpatient departments.
The EO directs the CMS Innovation Center to develop a model for high-cost Medicare-covered drugs and biologicals. It also calls on agencies to develop recommendations to reduce anticompetitive behavior from drug manufacturers. Read the fact sheet here.
Administration Acts on Gender-Affirming Care. Pursuant to President Trump’s January EO on gender-affirming care for children, “Protecting Children from Chemical and Surgical Mutilation,” CMS sent a state Medicaid director letter. It states that the use of medical interventions for gender dysphoria in children has increased in recent years and that such interventions can cause long-term harm. The letter reminds states of existing federal requirements, including to ensure care is provided in the best interests of recipients. It reiterates that states must develop a drug utilization review (DUR) program that ensures drugs are appropriate, medically necessary, and not likely to result in adverse outcomes. CMS encourages states to review their DUR programs and indicates there will be additional DUR guidance in the future. Read more in a statement from CMS Administrator Oz.
HHS launched an online portal where whistleblowers can submit a tip or complaint regarding gender affirming care for minors. Read the press release here.
The US Department of Justice issued a memo outlining potential future actions in this arena, including:
Enforcement of laws outlawing female genital mutilation.
Investigation of violations of the Food, Drug, and Cosmetic Act and False Claims Act.
Withdrawal of any regulatory action based on World Professional Association for Transgender Health guidelines.
Establishment of the Attorney General’s Coalition Against Child Mutilation.
Legislation that bans gender-affirming care for minors.
President Trump Sends Memo on Immigrants’ Use of Medicare and Medicaid Benefits. With regard to healthcare programs, the memo:
Directs the heads of HHS, the US Department of Labor, and the Social Security Administration to take all reasonable measures to ensure ineligible immigrants do not receive funds from Social Security Act programs, which include Medicare and Medicaid.
Directs the attorney general and HHS secretary to ramp up fraud prosecution for all CMS programs.
Directs the social security commissioner, with the HHS secretary’s cooperation, to ensure death information is up to date.
On April 16, 2025, it was reported that officials from Immigration and Customs Enforcement and the Department of Government Efficiency sought access to a CMS database that includes health and personal information of beneficiaries, including immigrants.
NIH Releases New Grant Guidelines. In its Notice of Civil Rights Term and Condition of Award update (NOT-OD-25-090), NIH alerted domestic recipients that when accepting NIH grant funding, recipients must now certify that they are not in violation of federal antidiscrimination laws. Specifically, the notice highlights that such violations include operation of diversity and equity programs, engaging in “discriminatory equity ideology,” and participation in any prohibited boycott of businesses. Based on the memo, the NIH can terminate financial assistance and recover funds from recipients that engage in prohibited conduct.
Administration Continues Federal Workforce Restructuring. An Office of Personnel Management proposed rule seeks to create a new category of federal employees (“Schedule Policy/Career”) for employees with policy-influencing duties. These are not political appointees, and they currently have federal civil service protections. The new proposed category would remove these protections for an estimated 50,000 employees and instead make them “at-will,” which means agencies could remove them more quickly. Read the fact sheet here.
President Trump also issued a memo extending the hiring freeze on federal civilian employees through July 15, 2025.
President Trump Issues EO on Higher Education Accreditation. With regard to healthcare, the EO directs the attorney general and education secretary to terminate diversity, equity, and inclusion requirements advanced by the Liaison Committee on Medical Education, the Accreditation Council for Graduate Medical Education, or other accreditors of graduate medical education. The EO also directs the education secretary to assess whether to suspend or terminate the council’s status as an accreditation agency. Read the fact sheet here.
QUICK HITS
Vulnerable House Republicans Express Concerns About Medicaid Cuts. A group of 12 House Republicans sent a letter to House Republican leadership and Energy and Commerce Committee Chair Guthrie (R-KY) stating that they will not vote for any reconciliation bill that reduces Medicaid coverage for children, seniors, individuals with disabilities, or pregnant women, although they emphasized their support for targeted reforms.
FTC Issues RFI on Anticompetitive Regulations. In response to President Trump’s EO on “Reducing Anticompetitive Regulatory Barriers,” the Federal Trade Commission (FTC) launched a public inquiry into the impact of federal regulations on competition. The RFI invites members of the public to comment on how federal regulations can harm competition, and seeks to understand which federal regulations have an anticompetitive effect. Comments are due on May 27, 2025.
Commerce Department Launches Investigation Into Imports of Pharmaceuticals, Pharmaceutical Ingredients. The RFI announced that Commerce Secretary Lutnick initiated an investigation to determine the national security effects of imports of pharmaceuticals and pharmaceutical ingredients, including finished drug products, medical countermeasures, critical inputs such as active pharmaceutical ingredients, key starting materials, and derivative products of those items. Comments are due on May 7, 2025.
House Republicans Launch American-Made Medicines Caucus. House Energy and Commerce Health Subcommittee Chair Carter (R-GA) and Reps. Tenney (R-NY) and Bilirakis (R-FL) announced the launch of a new caucus that will focus on ways to bring the pharmaceutical supply chain to the United States and become less dependent on China for pharmaceutical products.
FDA Limits Industry Employees From Advisory Committees. The policy directive limits individuals employed at companies regulated by the US Food and Drug Administration (FDA) from serving as official members on FDA advisory committees.
House Ways and Means Committee Members Send Letter to IRS. The letter from Committee Chair Smith (R-MO), Health Subcommittee Chair Buchanan (R-FL), and Rep. Panetta (D-CA) encourages Acting Internal Revenue Service (IRS) Commissioner Shapley to update and expand the IRS list of services and treatments for chronic diseases covered under an employer-sponsored high deductible health plan.
HHS Secretary Kennedy Focuses on Autism Spectrum Disorder. In a press conference, Kennedy highlighted recently released data from the Centers for Disease Control and Prevention that found an increased prevalence of Autism Spectrum Disorder. He stated that a large research effort would be underway, with findings published by September 2025, although NIH stated that its goal is just to award research grants by then. Read the press release here.
House Ways and Means Committee Republicans Issue RFI on OPOs. In an open letter, Chair Smith and Oversight Subcommittee Chair Schweikert (R-AZ) requested information on organ procurement organizations (OPOs) related to their operations, their allocation of resources, and the rules and regulations governing them. This RFI is part of the committee’s broader effort to examine OPOs’ potential violations of Medicare reimbursement rules and US tax law.
GAO Examines College Student Health Coverage. The US Government Accountability Office (GAO) report found that the percentage of college students with health insurance has increased by 11 percentage points in the last decade, but found that 1.6 million students still lack coverage. GAO identified barriers such as lack of Medicaid expansion and geographic limitations on coverage for students attending school out of state.
GAO Releases Reports on Defense Healthcare. The first report found that sepsis-related quality measures at medical facilities run by the US Department of Defense (DOD) have been improving. The second report recommended that DOD monitor mental health screenings for prenatal and postpartum TRICARE beneficiaries to ensure the recommended screenings are being provided.
NEXT WEEK’S DIAGNOSIS
Both chambers of Congress will be back in session next week, and the House plans to forge ahead on the reconciliation process during this upcoming work period. It’s being reported that the House Energy and Commerce Committee will mark up its reconciliation package on May 7, 2025, and House Republicans have indicated they plan to have a full bill on the floor the week of May 19, 2025. At the committee level, next week’s healthcare activities include:
House Education and Workforce Committee hearing on the Employee Retirement Income Security Act.
Senate Appropriations Committee hearing on US biomedical innovation.
House Oversight and Government Reform Cybersecurity, Information Technology, and Government Innovation Subcommittee hearing on government IT modernization.
House Veterans’ Affairs Oversight and Investigations Subcommittee hearing on the VA’s mental health policies.
We await the release of the Trump administration’s FY 2026 budget request, which is expected in the form of an abbreviated, or “skinny,” budget (as is common in a new administration) this month, followed by a full budget request at a later date. HHS confirmed that HHS Secretary Kennedy will testify in front of the Senate HELP Committee, likely after the skinny budget is released next month.
Expanded Definition of ‘Low-Wage’ Employees in Virginia Non-Compete Ban: Employers Need to Act Now
Takeaways
Effective 07.01.25, a new amendment to Virginia’s non-compete law expands the definition of “low-wage” employees to include employees classified as non-exempt under the FLSA.
The new definition will not apply retroactively to existing agreements.
Employers should audit their employee classifications and policies that contain non-compete provisions.
Related links
Virginia Enacts Wage Theft, Non-Compete Laws Amidst Flurry of New Employee Protections
SB1218, Covenants not to compete prohibited, low-wage employees, exceptions, civil penalty
Notice of the Average Weekly Wage for 2025
Article
Virginia is the most recent state to tighten restrictions on employment non-compete agreements. Governor Glenn Youngkin signed a bill expanding the definition of low-wage employees under the state’s existing prohibition on covenants not to compete, Va. Code Ann. § 40.1-28.7:8. Effective July 1, 2025, the statute will prohibit employers from entering into non-compete agreements with employees classified as non-exempt under the Fair Labor Standards Act (FLSA).
Existing Law
As enacted in 2020, Va. Code Ann. § 40.1-28.7:8 broadly defined a “low-wage employee” as an employee whose average weekly earnings were less than $1,137 (or $59,124 a year), the average weekly wage of employees in the Commonwealth of Virginia.
On Dec. 10, 2024, the Virginia Department of Labor and Industry announced the 2025 average weekly wage for determining who is a “low-wage employee” is $1,463.10 (or $76,081.14 a year).
Amendment
Effective July 1, the definition of “low-wage employee” will include employees entitled to receive overtime pay under the FLSA, otherwise known as “non-exempt employees.” The amendment will not affect employees who meet the requirements for an exemption as set forth by the FLSA and U.S. Department of Labor, such as executive, administrative, or professional employees.
In effect, employers will no longer be able to enter into non-compete agreements with non-exempt employees. The updated law will not affect existing non-compete agreements or those entered into before the July 1, 2025, effective date.
As amended, the law retains expressed exclusions for any employee who derives their earnings in whole or in predominant part from sales commissions, incentives, or bonuses paid. Similarly, the enforcement provisions remain unchanged. In addition to allowing employees to bring private causes of action against employers who enter into, enforce, or threaten to enforce a non-compete agreement with any low-wage employee, the statute authorizes the Virginia Department of Labor and Industry to issue civil penalties of $10,000 as well as other penalties to employers who fail to satisfy posting requirements.
Takeaways for Employers
In preparing for the amendment to take effect, Virginia employers should audit their workforce and ensure that all exempt employees are correctly classified under the FLSA. Employers should also review any existing employment and restrictive covenant agreements, and planned revisions to them, to assess the amendment’s impact on their workforce. Finally, employers who address the use of non-compete agreements in offer letters, severance agreements, employee handbooks, and other employee policies should review these documents before July 1, 2025, and ensure compliance with the amendment.
Deregulatory Push by Trump Administration Picks Up Speed
It’s no secret that President Trump, his Cabinet, and other executive branch leaders are prioritizing deregulatory activities over more historical federal governance approaches. Indeed, one of President Trump’s earliest executive orders – issued on January 31, 2025 – is entitled “Unleashing Prosperity Through Deregulation” and states that for each new regulation issued, at least ten prior regulations must be identified for repeal (and it defines the term “regulation” broadly to include memoranda, guidance documents, and policy statements, among others). In addition to this new 10-for-1 directive, on February 19, 2025, President Trump issued executive order 14219, “Ensuring Lawful Governance and Implementing the President’s ‘Department of Government Efficiency’ Deregulatory Initiative” (EO 14219). The president’s order directs all executive agency heads, in coordination with the Director of the Office of Management and Budget (OMB) and its Department of Government Efficiency (DOGE) Team Lead, to review all existing regulations for “consistency with law and Administration policy” and, within 60 days, to identify regulations that fall under the following categories:
regulations that are unconstitutional and those that raise serious constitutional difficulties, such as exceeding the scope of power vested in the federal government by the Constitution;
regulations based on unlawful delegations of legislative power;
regulations based on anything other than the best reading of the underlying statutory authority or prohibition;
regulations that implicate matters of social, political, or economic significance that are not authorized by clear statutory authority;
regulations that impose significant costs upon private parties that are not outweighed by public benefits;
regulations that harm the national interest by significantly and unjustifiably impeding technological innovation, infrastructure development, disaster response, inflation reduction, research and development, economic development, energy production, land use, and foreign policy objectives; and
regulations that impose undue burdens on small businesses and impede private enterprise and entrepreneurship.
The 60-day period granted to agency heads under EO 14219 ended on April 19, 2025. Just prior to the deadline for responsive agency submissions to the White House, on April 11, 2025, OMB also published a notice styled as “Request for Information: Deregulation,” which seeks comments from the broader public on “regulations that are unnecessary, unlawful, unduly burdensome, or unsound.” This brief public Request for Information (RFI) from OMB asks commentators specifically to identify “regulations that stifle American businesses and American ingenuity.” The open-ended RFI could reasonably garner comments on regulations across a multitude of industries, including the health care, clinical research, and life sciences sectors. Comments are due to OMB no later than May 12, 2025, and should be submitted via Regulations.gov (Docket ID OMB-2025-0003) with information on the rule’s background and the submitter’s rationale for proposing its rescission.
Also on April 11, the Centers for Medicare & Medicaid Services (CMS) published its own request for information pursuant to its deregulatory activities under EO 14219. CMS is asking “healthcare providers, researchers, stakeholders, health and drug plans, and other members of the public” to submit feedback on a diverse array of topics. Topics of interest include how to streamline regulatory requirements; whether there are opportunities to reduce the administrative burden of reporting and documentation; and whether duplicative requirements can be identified and reduced. CMS also requests that responsive public comments include, where practical “data, examples, narrative anecdotes, and recommended actions.”
In parallel to the ongoing and wide-ranging processes of identifying federal rules and regulations that may be ripe for revocation, the Trump Administration has signaled in multiple forums that it intends to bypass procedural requirements created by Congress with the Administrative Procedure Act (APA). Most conspicuously, on April 9, 2025, President Trump issued a Memorandum to the Heads of Executive Departments and Agencies on the subject of “Directing the Repeal of Unlawful Regulations.” The memo directs executive branch leaders to identify categories of unlawful and potentially unlawful regulations following their completion of the 60-day review period ordered in February via EO 14219 and to immediately repeal any regulation that “clearly exceeds the agency’s statutory authority or is otherwise unlawful.”
In directing his administration regarding what regulations may be unlawful, President Trump cites a slew of recent Supreme Court decisions that he characterizes as having “recognized appropriate constitutional boundaries on the power of unelected bureaucrats and that restore checks on unlawful agency actions,” such as last year’s Loper Bright v. Raimondo. The memo continues to state that: “In effectuating repeals of facially unlawful regulations, agency heads shall finalize rules without notice and comment, where doing so is consistent with the ‘good cause’ exception in the [APA]…that allows agencies to dispense with notice-and-comment rulemaking” in certain situations.
Whether such regulatory changes can be implemented without following the typical rulemaking process is very likely to be subject to litigation initiated by stakeholders who prefer the regulations in question stay in place, as the APA’s “good cause” exception has not been used to support widespread deregulatory activities such as this one, and existing case law does not appear to support the President’s expansive view of the exception’s applicability. It’s also worth noting that the Department of Health and Human Services (HHS) separately published a notice on March 3, 2025 rescinding a long-standing departmental policy that directed HHS to use the APA’s good cause exception “sparingly.” This HHS policy shift makes it more likely that the department may seek to make significant regulatory changes – whether promulgating new rules or revoking existing rules – without engaging in public notice-and-comment processes. Stakeholders should continue to closely monitor HHS and agencies within its purview (e.g., CMS) for actions that would affect their rights and that may not comply with the statutory mandates of the APA.
A Roadmap for Export Controls? Project 2025 and the Future of U.S. Exports – Part II
The second Trump administration has come flying out of the starting blocks on international trade policy actions—imposing and rescinding, shaping and reshaping tariffs, sanctions, and export controls. The executive orders and directives have come so thick and fast that it is not always simple for businesses to chart a consistent policy direction and develop their plans to account for what might be coming next.
However, there is in fact a pretty clear map that could indicate the U.S. policy direction with respect to export controls.
The U.S. Department of Commerce, Bureau of Industry and Security (BIS) may well follow the map that was drafted by the same people who are now among the BIS leadership. The cartographers, as it were, are James Rockas and Robert Burkett. Rockas and Burkett now serve as the Deputy Under Secretary and Chief of Staff, respectively, at BIS. Both are listed as authors of the chapter on the Department of Commerce in the Project 2025 Mandate for Leadership publication by the Heritage Foundation.[1] Regardless of one’s views on Project 2025, the publication is a useful indicator of the future of U.S. export controls, among other policies.
In this article, we examine what the proposed “modernization” of the Export Administration Regulations (EAR) outlined in Project 2025 looks like, and analyze how the Project 2025 proposals could be implemented in future U.S. export regulations.
The Checklist
The section of Project 2025 dedicated to BIS presents a list[2] of key priorities for “EAR modernization,” as follows:
Featured Today
Eliminating the “specially designed” licensing loophole;
Redesignating China and Russia to more highly prohibitive export licensing groups (country groups D or E);
Eliminating license exceptions;
Broadening foreign direct product rules;
Reducing the de minimis threshold from 25 percent to 10 percent—or 0 percent for critical technologies;
Tightening the deemed export rules to prevent technology transfer to foreign nationals from countries of concern;
Tightening the definition of “fundamental research” to address exploitation of the open U.S. university system by authoritarian governments through funding, students and researchers, and recruitment;
Eliminating license exceptions for sharing technology with controlled entities/countries through standards-setting “activities” and bodies; and
Improving regulations regarding published information for technology transfers.
On first reading, some of these proposals may not seem to fit neatly within the familiar EAR framework. That might make it hard to picture how they will be implemented in regulations, much less to plan for them.
But that’s just the sort of picturing we propose to take on!
We have worked our way through the list above. We have asked ourselves how those broad, potentially seismic changes might actually be put into practice. Where is there real room for rewriting the regulations? Where is there precedent in export regulatory history? (Where what’s past be prologue, to borrow a phrase)?
Here we present our initial thoughts on what may be coming. We note that none of these points constitutes legal advice. But they may be useful for considering where your organization may wish to consider the possibility of future export control regulations.[3] And they may come fast, so get ready. As the poet said, defer no time. Delays have dangerous ends.
We present our findings in three parts (in three days), dividing the list to conquer it and to do so without overburdening our readers.
4. “Broadening foreign direct product rules”
Foreign Direct Product Rules (FDPRs) extend U.S. export controls to cover foreign manufactured items that are the direct product of certain U.S.-origin technology, software, or equipment.[4] In 2020, the FDPRs were broadened significantly to cover foreign made items destined for the Chinese telecommunications equipment maker Huawei and certain of its affiliates, and a handful of other Chinese and Chinese-owned companies. In general, there are two pieces to an FDPR, the Product Scope (what the control applies to), and the Destination Scope (at what countries or companies the control is aimed).
Since BIS brought the FDPR hammer out of the toolbox, it has found plenty of nails. There are now ten separate FDPRs applicable to Product Scopes such as Supercomputers and semiconductor manufacturing equipment, or to Destination Scope targets such as the Russian and Belarusian militaries. In terms of writing regulations, it is likely easiest for the U.S. government to aim a broad product scope control at a narrow target, singling out a company or group of companies. However, recent EAR amendments have placed broad controls on artificial intelligence by defining a set of AI model weights that may be subject to controls globally.
We fully expect new FDPRs to contain broader Product Scope to cover technologies the administration considers critical (e.g., semiconductor manufacturing, autonomous vehicles, or AI). Likewise, we expect new FDPRs may contain several new companies in the Destination Scope, as the administration develops new targets over time.
5. “Reducing the de minimis threshold from 25 percent to 10 percent—or 0 percent for critical technologies”
Currently, a product made outside the United States may be subject to U.S. export controls if it incorporates more than a de minimis amount of U.S.-origin controlled content by value. That is, if you make a computer in France, but the hard drive is U.S.-origin and incorporated into your French computer, then the value of that hard drive may account for more than the de minimis amount of value of that computer. As a result, that computer may be controlled by U.S. export controls, even as it is exported from France as a French-made item.
For most countries, the de minimis threshold of U.S. content is 25% of the value of the foreign-made item. However, for certain countries (e.g., Iran) it is 10%, and for others (e.g., Cuba), it is 0%. In cases where the threshold is 0%, the de minimis rule operates like the ITAR see-through rule: any U.S.-origin controlled content in the foreign made item will trigger U.S. controls for export to the country with a 0% de minimis level.
It follows that a reduction of the de minimis level would significantly expand the extraterritorial jurisdiction of BIS. It would give BIS control of a broad swath of foreign made products that would be exported to the country with the lower de minimis threshold.
6. “Tightening the deemed export rules to prevent technology transfer to foreign nationals from countries of concern”
When a person discloses controlled technology to a foreign person, the release of that technology is considered an export to the home country of that foreign person. That is the case regardless of where the release occurs, even if both persons are in the United States. The release of technology—through a discussion, through visual inspection, or through written communication—is “deemed” to be an export to the foreign person’s country of nationality. Similarly, a release of U.S.-controlled technology in a foreign country by a person authorized to have that technology to a person of a third-country nationality, is a deemed reexport to that person.
So when an engineer in Denmark is collaborating with his U.S. colleagues on controlled technology development, the technology is exported to Denmark. If he discusses the technology with his Chinese colleague in Denmark, that discussion may be considered a deemed reexport to China. However, in certain cases, if the Chinese national is an employee of the same company and the company is authorized to receive the technology, the technology may be shared with the Chinese national without any further licensing.[5]
That scenario presents a tempting target for a BIS looking to tighten controls on technology going to China. The rule could simply be changed so that a person from China (or Russia or any other country of concern) could not receive the controlled technology without further licensing. Alternatively, export licenses might be written to include provisos prohibiting certain deemed reexports, e.g., to China.
In either case, as a Danish (or EU or other third-country) employer, you may need to consider whether you can hire that graduate student from a country of concern or whether you can staff certain projects with persons with certain nationalities. At the same time, non-U.S. companies aiming to comply when hiring employees from U.S. countries of concern will need to balance that compliance against any local employment laws on hiring decisions made on the basis of national origin.
Conclusions and Early Indications
The second Trump administration has issued, rescinded, revised, and reissued a substantial number of tariffs, sanctions, and export control measures. Although it is easy to be overwhelmed by the volume of actions, some of the policy direction of the new administration is clear. And as outlined here, the Commerce Department chapter of the Project 2025 Mandate for Leadership provides strong indicators of the administration’s policy direction on export controls.
At the same time, developments outside the four corners of Project 2025 suggest that certain reforms may already be in motion. On April 10, 2025, Landon Heid—President Trump’s nominee for Assistant Secretary of Commerce for Export Administration—testified before the Senate Banking Committee and indicated that BIS may act “relatively quickly” to apply Entity List restrictions to subsidiaries of listed entities, drawing a parallel to OFAC’s 50% rule. If implemented, this shift would materially expand the scope of compliance obligations for exporters, reexporters, and technology providers by effectively capturing foreign subsidiaries and affiliates that have so far fallen outside the scope of licensing requirements.
Heid’s remarks also flagged broader enforcement priorities—particularly around China’s acquisition of artificial intelligence capabilities. He pointed to risks associated with transshipment through jurisdictions such as Hong Kong and suggested BIS may pursue tighter controls to curb diversion and illicit procurement of advanced technologies. Those developments, while not explicitly part of Project 2025, reflect an accelerating trajectory toward more expansive and aggressive export control enforcement.
Together, the Project 2025 blueprint and the emerging policy posture from BIS leadership offer a coherent preview of what the next phase of U.S. export regulation may look like. Companies would do well to monitor those signals and begin scenario planning for a regulatory environment in which the scope of control is broader, the tools are sharper, and the compliance expectations are higher.
FOOTNOTES
[1] Available at 2025_MandateForLeadership_CHAPTER-21.pdf.
[2] Id. at p.672.
[3] Additionally, we would be glad to kick these ideas around with others (I know my associates are tired of me talking about it to them). So if you have any comments, questions, or ideas to posit, please feel free to contact the authors directly.
[4] We recognize that the term in the regulations is not “equipment,” but, rather “plant or major component of a plant.” But boy is that longer phrase ungainly, so we will use “equipment” as a shorthand here and trust that it sufficiently conveys the message.
[5] However, there would be some administrative steps involved in making that release lawful.
All Things Chemical® Podcast: Chemical Law and Policy — A Conversation with Karyn Schmidt [Podcast]
This week I had the pleasure of speaking with Karyn Schmidt, now a principal at Squire Patton Boggs in its Public Policy practice, after spending 25 years at the American Chemistry Council (ACC). For the many members in the chemical community who know Karyn, her deep understanding of chemical law and policy will serve the firm’s clients well. We discuss Karyn’s transition to private practice, her work at ACC, and Karyn’s thoughts on what is in store for chemical stakeholders now and the foreseeable future.