Leaked Budget Proposal Suggests Major Restructuring of Federal Health and Safety Agencies, Including the Consumer Product Safety Commission

A recently leaked and apparently genuine Office of Management and Budget (OMB) Budget “Passback” memorandum—the OMB’s official feedback mechanism for budget submissions from federal agencies—signals major changes to the Department of Health and Human Services’ (HHS) proposed discretionary budget for Fiscal Year 2026. Namely, the draft Passback shows the Trump administration is considering sweeping changes to the structure and funding of federal health and safety programs, including not only HHS but also the Consumer Product Safety Commission (CPSC).
Dated April 10, 2025, the draft Passback is marked “pre-decisional” and explicitly not intended for dissemination. According to its language, the proposed funding levels “reflect the reforms necessary to enable agencies to fulfill their statutory responsibilities in the most cost-effective manner possible,” while acknowledging that “many difficult decisions were necessary to reach the funding level provided in the Passback.” The Washington Post has verified the authenticity of the draft Passback, though no formal confirmation has been issued by the White House or the relevant agencies.
In the draft Passback, the Trump administration proposes cutting nearly one-third of the federal health department’s budget. This would be achieved primarily through the elimination of select programs and the consolidation of various health and safety-related agencies under a new umbrella entity: the Administration for a Healthy America (AHA), overseen by Health Secretary Robert F. Kennedy, Jr.
Among the potentially affected agencies is the CPSC, an independent, bipartisan regulatory body established by Congress during the Nixon administration in 1972 through the Consumer Product Safety Act (CPSA). The CPSC is tasked with protecting the public from unreasonable risks of injury or death associated with consumer products. Under the proposed restructuring, the CPSC’s functions and staff would be absorbed into a newly created “Assistant Secretary for Consumer Product Safety” within the Immediate Office of the Secretary. The draft Passback also outlines a reduction in funding for administrative and support functions, stating that those responsibilities could be handled by existing staff within the Immediate Office of the Secretary. The CPSC reported total budgetary resources of $174.3 million in FY 2024. Its operating plan for FY 2025—last revised on February 25, 2025—requests $151 million at the Continuing Resolution level and $183.05 million under the President’s proposed budget. By contrast the FY 2025 budget for the Immediate of Office of the Secretary was $15.2 million. How the proposed restructuring would affect these appropriations remains unclear.
What Is Next for the CPSC?
The future of the CPSC remains uncertain. The CPSC is an independent agency created and empowered through congressional legislation. As only Congress has historically had the power to create and eliminate independent agencies, this draft Passback raises questions regarding whether the executive branch has the necessary authority to actually do what it proposes.
The CPSA mandated the CPSC’s creation in 1972, which was expanded in 2008 through the Consumer Product Safety Improvement Act (CPSIA). Traditionally, these enacting legislations would have insulated the CPSC from unilateral intervention by the executive branch. However, this draft Passback, in combination with several recent executive orders, signals plans to reduce the independence of regulatory agencies and asserts a level of executive oversight that would depart from historical norms. These efforts raise constitutional questions, particularly ones regarding the separation of powers between the executive and legislative branches.
These actions are likely to spark significant legal challenges. But with a Supreme Court that has reviewed and overturned related precedent, there is a possibility that these challenges may not succeed. Notably, the Court recently stayed a lower court ruling that reinstated Gwynne Wilcox to the National Labor Relations Board, and the matter is pending final disposition. Wilcox’s removal raises questions under Humphrey’s Executor v. United States, 295 U.S. 602 (1935), a landmark case that limited a president’s power to remove officers of independent agencies. That precedent may now be at risk. In its reply brief, the Trump administration leaves little doubt about its intentions: “Article II of the Constitution vests the ‘executive Power’—‘all of it’—in the President alone.”
In short, the possibility that the CPSC may be subject to restructuring cannot be ruled out. If implemented, the changes outlined in the draft Passback would mark a significant step toward increased executive oversight of independent agencies like the CPSC.

New Federal Agency Policies and Protocols for Artificial Intelligence Utilization and Procurement Can Provide Useful Guidance for Private Entities

On April 3, 2025, the Office of Management and Budget (“OMB”) issued two Memoranda (Memos) regarding the use and procurement of artificial intelligence (AI) by executive federal agencies.
The Memos—M-25-21 on “Accelerating Federal Use of AI through Innovation, Governance, and Public Trust” and M-25-22 on Driving Efficient Acquisition of Artificial Intelligence in Government”—build on President Trump’s Executive Order 14179 of January 23, 2025, “Removing Barriers to American Leadership in Artificial Intelligence.”
The stated goal of the Memos is to promote a “forward-leaning, pro-innovation, and pro-competition mindset rather than pursuing the risk-adverse approach of the previous administration.” They aim to lift “unnecessary bureaucratic restrictions” while rendering agencies “more agile, cost-effective, and efficient.” Further, they will, presumably, “deliver improvements to the lives of the American public while enhancing America’s global dominance in AI innovation.” The Memos rescind and replace the corresponding M-24-10 and M-24-18 memos on use and procurement from the Biden era.
Although these Memos relate exclusively to the activities of U.S. federal agencies with regard to AI, they contain information and guidance with respect to the acquisition and utilization of AI systems that is transferable to entities other than agencies and their AI contractors and subcontractors with respect to developing and deploying AI assets. In this connection, the Memos underscore the importance of responsible AI governance and management and, interestingly, in large measure mirror protocols and prohibitions found in current state AI legislation that governs use in AI by private companies.
Outlined below are the salient points of each Memo that will be operationalized by the relevant federal agencies throughout the year.
Memorandum M-25-21 (The“AI Use Memo”)
The new AI Use Memo is designed to encourage agency innovation with respect to AI while removing risk-adverse barriers to innovation that the present administration views as burdensome. Thus, the policies appear to frame AI less as a regulatory risk but more as an engine of national competitiveness, efficiency, and strategic dominance. Nonetheless, a number of important points from the former Biden-era AI directives have been retained and further developed. The AI Use Memo retains the concept of an Agency Chief AI Officer, yet in the words of the White House, these roles “are redefined to serve as change agents and AI advocates, rather than overseeing layers of bureaucracy.” It continues a focus on privacy, civil rights, and civil liberties, yet as STATNews points out, the Memos omit some references to bias. Other key points include a strong focus on American AI and a track for AI that the administration views as “high-impact.”
Scope
The AI Use Memo applies to “new and existing AI that is developed, used, or acquired by or on behalf of covered agencies”—exclusive of, for example, regulatory actions prescribing law and policy; regulatory or law enforcement; testing and research. It does not apply to the national security community, components of a national security system, or national security actions.
Covered Agencies
The AI Use Memo applies to all agencies defined in 44 U.S.C. 3502(1), meaning executive and military departments, government corporations, government controlled corporations, or other establishment in the executive branch, with some exceptions.
Innovation
The AI Use Memo focuses on three key areas of 1) Innovation, 2) Governance, and 3) Public Trust, and contains detailed guidance on:

AI Strategy: Within 180 days, agencies must develop an AI Strategy “for identifying and removing barriers to their responsible use of AI and for achieving enterprise-wide improvements in the maturity of their applications.” Strategy should include:

Current and planned AI use cases;
An assessment of the agency’s current state of AI maturity and a plan to achieve the agency’s AI maturity goals;

Sharing of agency data and AI assets (to save taxpayer dollars);
Leveraging the use of AI products and services;
Ensuring Responsible Federal Procurement: In Executive Order 14275 of April 15, 2025, President Trump announced plans to reform the Federal Acquisition Regulation (FAR) that establishes uniform procedures for acquisitions across executive departments and agencies. E.O. 14275 directs the Administrator of the Office of Federal Procurement Policy, in coordination with the FAR Council, agency heads, and others, to amend the FAR. This will impact how federal government contractors interface with respect to AI and general procurement undertaking and obligations. With regards to effective federal procurement, the AI Memo instructs agencies to

Treat relevant data and improvements as critical assets for AI maturity;
Evaluate performance of procured AI;
Promote competition in federal procurement of AI.

Building an AI-ready federal workforce (training, resources, talent, accountability).

Governance
The AI Use Memo strives to improve AI governance with various roles and responsibilities, including:

Chief AI Officers: Appoint in each agency within 60 days, with specified duties;
Agency AI Governance Board: Convene in each agency within 90 days;
Chief AI Officer Council: Convene within 90 days;
Agency Strategy (described above): Develop within 180 days;
Compliance Plans: Develop within 180 days, and every two years thereafter until 2036;
Internal Agency Policies: Update within 270 days;
Generative AI Policy: Develop within 270 days;
AI Use Case Inventories: Update annually.

Public Trust: High-Impact AI Categories and Minimum Risk Management Practices
A large portion of the AI Use Memo is devoted to fostering risk management policies that ensure the minimum number of requirements necessary to enable the trustworthy and responsible use of AI and to ensure these are “understandable and implementable.”
Agencies are required to implement minimum risk-management practices to manage risks from high-impact AI use cases by:

Determining “High-Impact” Agency Use of AI: The AI Use Memo sets out on pp. 21-22 a list of categories for which AI is presumed to be high impact. In the definition section, such use is high -impact “when its output serves as a principal basis for decisions or actions that have a legal, material, binding, or significant effect on rights or safety.” This includes AI that has a significant effect on:

Civil rights, civil liberties or privacy;
Access to education, housing, insurance, credit, employment, and other programs;
Access to critical infrastructure or public safety; or
Strategic assets or resources.

Implementing Minimum Risk Management Practices for High-Impact AI: Agencies must document implementation within 365 days, unless an exemption or waiver applies. The guidelines follow closely with National Institute of Standards and Technology (NIST) risk management framework (RMF) as well as some state AI laws, notwithstanding that the AI Use Memo excludes specific references to the RMF as particular guidance.
With respect to high-impact AI, agencies must:

Conduct pre-deployment testing;
Complete AI impact assessment before deploying, documenting

Intended purpose and expected benefit;
Quality and appropriateness of relevant data and model capability;
Potential impacts of using AI;
Reassessment scheduling and procedures;
Related costs analysis; and
Results of independent review.

Conduct ongoing monitoring for performance and potential adverse impacts;
Ensure adequate human training and assessment;
Provide additional human oversight, intervention, and accountability;
Offer consistent remedies or appeals; and
Consult and incorporate feedback from end users and the public.

Memorandum M-25-22 (The “AI Procurement Memo”)
Memorandum M-25-22, entitled “Driving Efficient Acquisition of Artificial Intelligence in Government” (the “AI Procurement Memo”) applies to AI systems or services acquired by or on behalf of covered agencies and is meant to be considered with related federal policies. It shares the same applicability as the AI Use Memo, adding that it does not apply to AI used incidentally by a contractor during the performance of a contract.
Covered AI
The AI Procurement Memo applies to “data systems, software, applications, tools, or utilities” that are “established primarily for the purpose of researching, developing, or implementing [AI] technology” or “where an AI capability ‘is integrated into another system or agency business process, operational activity, or technology system.’” It excludes “any common commercial product within which [AI] is embedded, such as a word processor or map navigations system.”
Requirements
Under the AI Procurement Memo, agencies are required to:

Update agency policies;
Maximize use of American AI;
Privacy: Establish policies and processes to ensure compliance with privacy requirements in law and policy;
IP Rights and Use of Government Data: Establish processes for use of government data and IP rights in procurements for AI systems or services, with standardization across contracts where possible. Address:

Scope: Scoping licensing and IP rights based on the intended use of AI, to avoid vendor lock-in (discussed below);
Timeline: Ensuring that “components necessary to operate and monitor the AI system or service remain available for the acquiring agency to access and use for as long as it may be necessary”;
Data Handling: Providing clear guidance on handling, access, and use of agency data or information to ensure that the information is only “collected and retained by a vendor when reasonably necessary to serve the intended purposes of the contract”;
Use of Government Data: Ensure that contracts permanently prohibit the use of non-public inputted and outputted results to further train publicly or commercially available AI algorithms absent explicit agency consent.
Documentation, Transparency, Accessibility: Obtain documentation from vendors that “facilitates transparency and explainability, and that ensures an adequate means of tracking performance and effectiveness for procured AI.”

Determine Necessary Disclosures of AI Use in the Fulfillment of Government Contracts: Agencies should be cognizant of risks posed by unsolicited use of AI systems by vendors.

AI Acquisition Practices Throughout Acquisition Lifestyle
Agencies should identify requirements involved in the procurement, including convening a cross-functional team and determining the use of high-impact AI; conduct market research and planning; and engage in solicitation development, which includes AI use transparency requirements regarding high-impact use cases, provisions in the solicitation to reduce vendor lock in, and appropriate terms relating to IP rights and lawful use of government data.
Selection and Award
When evaluating proposals, agencies must test proposed solutions to understand the capabilities and limitations of any offered AI system or service; assess proposals for potential new AI risks, and review proposals for any challenges. Contract terms must address a number of items including IP rights and government data, privacy, vendor lock-in protection, and compliance with risk management practices as described in M-25-21, above.
Vendor Lock-In; Contract Administration and Closeout
Many provisions in the memo, including those in the “closeout” section, guard against dependency on a specific vendor. For example, if a decision is made not to extend a contract for an AI system or service, agencies “should work with the vendor to implement any contractual terms related to ongoing rights and access to any data or derived products resulting from services performed under the contract.”
M-25-22 notes that OMB will publish playbooks focused on the procurement of certain types of AI, including generative AI and AI-based biometrics. Additionally, this Memo directs the General Services Administration (“GSA”) to release AI procurement guides for the federal acquisition workforce that will address “acquisition authorities, approaches, and vehicles,” and to establish an online repository for agencies to share AI acquisition information and best practices, including language for standard AI contract clauses and negotiated costs.
Conclusion
These Memos clearly recognize the importance of an AI governance framework that will operate to ensure AI competitiveness while balancing the risks of AI systems that are engaged to affect agency efficiencies and drive government effectiveness—a familiar balance for private companies that use or consider using AI. As the mandates within the Memos are operationalized over the coming months EBG will keep our readers posted with up-to-date information. 
Epstein Becker Green Staff Attorney Ann W. Parks contributed to the preparation of this post.

New Executive Order on HBCUs Establishes Initiative to ‘Promote Excellence And Innovation’

On April 23, 2025, President Donald Trump issued an executive order (EO) that moved a long-standing presidential initiative focused on supporting Historically Black Colleges and Universities (HBCUs) from the U.S. Department of Education to the White House.

Quick Hits

On April 23, President Trump issued a new EO designed to “elevate the value and impact of our nation’s HBCUs as beacons of educational excellence and economic opportunity that serve as some of the best cultivators of tomorrow’s leaders in business, government, academia, and the military.”
The EO establishes an initiative—“the White House Initiative on Historically Black Colleges and Universities”—“housed in the Executive Office of the President and led by an Executive Director designated by the President.”
There are approximately one hundred HBCUs in the United States. Although HBCUs were originally founded to educate Black students, they now enroll students who are not Black.

The executive order establishes the White House Initiative on Historically Black Colleges and Universities under the executive office of the president, to be led by an executive director designated by the president. The executive order outlines two primary missions for the initiative: (1) increasing the private-sector role, including the role of private foundations, in strengthening and further supporting HBCUs; and (2) enhancing HBCUs’ capabilities to serve the country’s young adults. Specifically, the executive order calls for increasing the private-sector role in:

assisting HBCUs with “institutional planning and development, fiscal stability, and financial management”;
“upgrading institutional infrastructure, including the use of technology”; and
“providing professional development opportunities for HBCU students to help build America’s workforce in technology, healthcare, manufacturing, finance, and other high-growth industries.”

In addition, the executive order calls for enhancing HBCUs’ capabilities to serve the country’s young adults by:

“fostering private-sector initiatives and public-private and philanthropic partnerships to promote centers of academic research and program excellence at HBCUs”;
“partnering with private entities and [K-12] education stakeholders to build a pipeline of students that may be interested in attending HBCUs”;
“addressing efforts to promote student success and retention at HBCUs, including college affordability, degree attainment, campus modernization, and infrastructure improvements.”

The executive order establishes, within the U.S. Department of Education, a board, referred to as “the President’s Board of Advisors on Historically Black Colleges and Universities.” The board is to be comprised of current HBCU presidents and representatives in philanthropy, education, business, finance, entrepreneurship, innovation, and private foundations. The board is tasked with advising the president on matters pertaining to the HBCU PARTNERS Act, which became law in 2020.
Furthermore, the initiative will organize an annual White House summit on HBCUs “to discuss matters related to the [i]nitiative’s missions and functions.”
While the executive order does not specifically identify or otherwise promise funding for the initiative, the White House also released a fact sheet that references HBCU-related funding secured during President Trump’s first term.

One-Two Punch Delivered to Department of Education on DEI

Separate District Courts Take Divergent Routes to Temporarily Bar Enforcement of the Dear Colleague Letter on DEI in Education
On April 24, 2025, the U.S. District Courts for the District of New Hampshire and the District of Maryland issued separate orders blocking enforcement of all, or large portions of, the Dear Colleague Letter (“DCL”) issued by the Department of Education (“DOE”) on February 14, 2025. The DCL related to the viability of various “DEI” programs in the wake of last year’s Supreme Court decision in Students for Fair Admissions v. Harvard.
After the DCL, the DOE also issued a February 28, 2025, Frequently Asked Questions document About Racial Preferences and Stereotypes under Title VI of the Civil Rights Act (the “FAQ”) and later created the End DEI Portal pursuant to the DCL. Further, on April 3, 2025, the DOE issued a compliance certification requirement (the “Certification Requirement”), mandating state and local education agencies certify adherence to Title VI of the Civil Rights Act of 1964 and the 2023 Supreme Court ruling in Students for Fair Admissions v. Harvard. Certification is reportedly an imposed condition for receiving federal financial assistance.
In the New Hampshire case, NEA, et al v. U.S. Dept. of Education, the court preliminarily enjoined the enforcement or implementation of the DCL, the February 28 FAQ, the End DEI Portal, and the Certification Requirement. The Court found that the plaintiffs had a high likelihood of establishing that the DCL, FAQs, and Portal are facially unconstitutional due to their vagueness, and thus enjoined enforcement of these documents and the Certification Requirement until further action of the court. The injunction, however, only limits enforcement as to the plaintiffs in the case, the NEA, NEA New Hampshire and the Center for Black Educator Development as well their respective affiliates. Thus, the order is not a nationwide injunction. 
In the second case, AFT v. U.S. Department of Labor, the Maryland federal court took a different path to a similar end. The court preliminarily held that in issuing the DCL, DOE failed to comply with the federal Administrative Procedure Act, and as a result, the DCL was presumptively invalid. Rather than enjoin enforcement, as the New Hampshire court had done, the Maryland court held that a nationwide stay of the DCL was the appropriate remedy under the APA. The court declined to stay the FAQs or the Portal, however, finding neither to be a final agency action. Similarly, the court did not stay the Certification Requirement, holding it was not identified or raised in the Amended Complaint, but cryptically ruled “Insofar as the Court considers the Certification Requirement as an implementation of the Letter, it would of course be improper for the government to initiate enforcement based on a stayed policy, through certification or otherwise.” The stay, nevertheless, effectively precludes enforcement of the DCL nationally against any party.
Significantly, the court explained that only those aspects of the DCL that represented a change from pre-existing law were stayed, and that the stay would also preclude enforcement based on the FAQs to the extent they were based on changes made in the DCL. This will leave room for argument about which portions of the DCL are “new” law and which are merely declarative of prior law. 
As a practical matter, the two decisions give educational institutions (particularly those who employ or contract or work with members or affiliates of the NEA) some breathing room to assess how to respond to the administration’s focus on DEI efforts in educational programming. While the issue is unlikely to go away entirely, enforcement of the penalties and the Certification Requirement have been kicked down the road for now.

New Law Impacts Massachusetts Employers Obligations on Salary Transparency

The Massachusetts Pay Transparency Act, officially titled the Frances Perkins Workplace Equity Act, was signed into law on July 31, 2024. Set to take effect in stages beginning in 2025, the law imposes new obligations on employers aimed at increasing wage transparency and pay equity across the Commonwealth. For employers operating in Massachusetts, now is the time to understand the law’s requirements and prepare for the changes ahead.
Major Requirements of New Law
The new Massachusetts law introduces two major requirements: wage data reporting and salary range disclosures. Employers with 100 or more employees in Massachusetts are required to submit federally mandated wage data reports—such as EEO-1, EEO-3, and EEO-5—to the Massachusetts Secretary of State starting February 1, 2025. These are not new reports but rather copies of those already submitted to federal agencies. The EEO-4 will be added to the reporting list beginning in 2026. Once submitted, this data will be aggregated and made publicly available by the state.
In addition to wage data reporting, employers with 25 or more employees, including remote workers who report to Massachusetts-based offices, will be required to include salary ranges in job postings starting October 29, 2025. They must also provide salary ranges upon request to current employees, regardless of whether a job is actively posted. These ranges must reflect what the employer “reasonably and in good faith” expects to pay for a given role.
Consequences for Not Following the Law
Enforcement of the salary range provision is under the exclusive jurisdiction of the Attorney General’s Office. Employers found in violation will first receive a warning. Penalties increase with repeated offenses, starting at $500 and rising to as much as $25,000 for persistent non-compliance. Importantly, for the first two years following the law’s effective date, employers will be given two business days to cure any salary range violation after receiving notice from the state. Even though the initial penalties are modest, the public disclosure of wage data and salary ranges introduces broader risks.
Employers should expect employees to take note of posted salary ranges and ask questions—sometimes uncomfortable ones—about pay equity. If a current employee notices a posted range that exceeds their salary for the same role, they may request a raise. Employers should be ready to respond with clear, objective reasoning based on established salary criteria. In cases where an objective explanation is lacking, the prudent response may be to adjust the salary accordingly. These situations underscore the need for internal alignment among HR, management, and legal teams to ensure consistent, fair, and well-documented compensation practices.
Employers Need to Protect Themselves
To mitigate risk and build trust, employers are encouraged to proactively conduct internal pay equity audits. These self-evaluations not only help identify and correct discrepancies but also serve as an affirmative defense under the Massachusetts Equal Pay Act—provided they are documented, reasonable in scope, and completed within the past three years. Employers should make measurable progress toward eliminating wage differentials and maintain records of any changes implemented.
Establishing and maintaining well-defined salary ranges is now a business imperative. Employers should base these ranges on market research, geographic cost of living, and industry benchmarks. They should consider factors such as seniority, performance metrics, production output, geographic location, education, and experience, applying them uniformly across comparable roles. Regular reviews are essential to ensure salary ranges remain aligned with market conditions and internal expectations. Employers must also reassess positions periodically, especially as roles evolve or teams consolidate.
Additional Steps
Transparent communication will be just as important as compliance. Companies should consider sharing internal memorandums when posting new jobs, clarifying how salary ranges are determined, and setting expectations for how employees can move within those ranges. Training managers on how to communicate compensation is critical. A lack of coordination can lead to inconsistent messaging and employee dissatisfaction. To prevent this, employers should implement a centralized oversight process, especially for salary adjustments and raises.
The Massachusetts Pay Transparency Act introduces a more transparent compensation framework, but it also places the burden on employers to manage the cultural and practical challenges that come with greater visibility. By taking early, thoughtful steps—such as conducting pay audits, developing consistent salary ranges, and training leadership—employers can not only comply with the law but also foster a more equitable and engaged workforce.
For further guidance, employers can review the official Attorney General’s Office Guidance on the Wage Transparency Act.

Tough Timetable Pushed Through To Update CSRD’s Reporting Standards

On 25 April 2025, the sustainability reporting board (“SRB”) of the European Financial Reporting Advisory Group (“EFRAG”), agreed the internal timeline for delivering advice to the European Commission on the simplification of the European Sustainability Reporting Standards (“ESRS”), which is at the centre of the Corporate Sustainability Reporting Directive’s requirements.
This followed the initial failure to do so, which we reported on here, on 15 April which had been the target date to approve the timeline.
The timetable is ambitious:

Activity
Timing

1. Establishing a vision on actionable levers for substantial simplification (to be confirmed following the stakeholders’ feedback)
April to mid-May 2025

2. Gathering evidence from stakeholders, analysis of the issued reports and other sources
April to mid-May 2025

3. Drafting and approving the Exposure Drafts amending ESRS
Second half of May to July 2025

4. Publishing the Exposure Drafts, receiving and analysing feedback from stakeholders
August and September 2025

5. Finalising and delivering the technical advice to the European Commission
October 2025

The public consolidation will start at the very end of July, for a short window, combined with some public feedback events tabled for the beginning of September 2025.

Cybersecurity: Salt Typhoon’s Persistence is a Cruel Lesson for Smaller Providers

In December 2024, the White House’s Deputy National Security Adviser for Cyber and Emerging Technology confirmed that foreign actors, sponsored by the People’s Republic of China, infiltrated at least nine U.S. communications companies. The attacks, allegedly conducted by China’s state-sponsored Salt Typhoon hacking group, compromised sensitive systems, and exposed vulnerabilities in critical telecommunications infrastructure.
All communications service providers across the U.S. are at risk to this threat, especially those located near a U.S. military facility. To combat this threat, it is important for communications service providers to adopt and implement cybersecurity best practices in alignment with the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework 2.0 and/or the Cybersecurity and Infrastructure Security Agency’s (CISA) Cross-Sector Cybersecurity Performance Goals.
In response to the Salt Typhoon threat, in January of this year, the FCC adopted a Declaratory Ruling and a Notice of Proposed Rulemaking to affirm and increase the cybersecurity obligations of communications service providers. The Declaratory Ruling clarifies that Section 105 of the Communications Assistance for Law Enforcement Act (CALEA) creates legal obligation for telecommunications carriers to secure their networks against unlawful access and interception. Telecommunications carriers’ duties under section 105 of CALEA extend not only to the equipment they choose to use in their networks, but also to how they manage their networks. Such carriers must work to prevent any unauthorized interception or access into their network (and maintain records thereof). This requires basic cybersecurity hygiene practices such as:

Implementing role-based access controls;
Changing default passwords;
Requiring minimum password strength; and
Adopting multifactor authentication.

Falling short of fulfilling this statutory obligation may include failing to patch known vulnerabilities or not employing best practices that are known to be necessary in response to identified exploits.
The Notice of Proposed Rulemaking, if adopted, would require providers to adopt and implement cybersecurity and supply chain risk management plans as well as certify compliance with these plans annually to the FCC. The proposed rule would apply to a wide array of providers including facilities-based providers, broadcast stations, television stations, cable systems, AM & FM commercial radio operators, TRS providers, satellite communications providers, and all international section 214 authorization holders. Participants of the FCC’s Enhanced A-CAM Program and NTIA’s BEAD Program are already subject to this requirement.
Ultimately, more FCC regulation is coming. At the same time, cyber incidents are increasing. Communications service providers should consider creating both a cybersecurity and supply chain risk management plan as well as a cybersecurity incident response plan. Such plans should reflect industry best practices outlined in federal guidance documents as described above.
In addition, carriers should review their cybersecurity liability insurance policies to ensure they have sufficient coverage. It’s also critical to review and update vendor and partner contracts for security and supply chain risk management clauses to include provisions for incident response, liability, and retention of information.
Finally, communications service providers should also consider engaging legal counsel to assist their efforts in ensuring that they are adequately protected.
Womble Bond Dickinson has developed a cybersecurity retainer that captures the requirements and proactive procedures necessary to meet the regulations, protect your networks and deal with the fallout of cybersecurity breach including insurance recovery and class action litigation from a cybersecurity data breach.

When Is a Final Approval Not the Final Word? Empire Wind Halt Raises Questions About Managing Risk for Previously Approved Infrastructure Projects

BOEM Halts Construction of Empire Wind 1
On April 16, 2025, the Bureau of Ocean Energy Management (BOEM) issued a formal director’s order instructing Empire Offshore Wind LLC to cease all construction activities related to the Empire Wind 1 offshore wind project. The directive, citing concerns the National Oceanic and Atmospheric Administration (NOAA) raised about the project’s environmental analyses, stems from a broader offshore wind review President Trump’s January 2025 memorandum (90 Fed. Reg. 8363 (Jan. 29, 2025)) initiated. In the January 2025 executive order, Trump cited concerns over “alleged legal deficiencies underlying the federal government’s leasing and permitting of onshore and offshore wind projects,” which could lead to “grave harm—including negative impacts on navigational safety interests, transportation interests, national security interests, commercial interests and marine mammals.”
Although Empire Wind 1 had already received all necessary federal approvals based on a previous NEPA review and begun early-stage construction, BOEM invoked its authority under the Outer Continental Shelf Lands Act and 30 C.F.R. Part 585 to halt activities while the agency reexamines the project’s compliance. The directive requires Empire to remain paused until the review is complete and outlines potential enforcement actions for noncompliance. Work on the project has reportedly been halted.
State Officials’ Response
Gov. Kathy Hochul criticized the move, vowing to oppose what she characterized as federal overreach. “Every single day, I’m working to make energy more affordable, reliable and abundant in New York, and the federal government should be supporting those efforts rather than undermining them,” she stated. The federal halt also drew criticism from Rory M. Christian, chair of the New York State Public Service Commission (PSC), with both officials emphasizing the project’s scale and importance—delivering 800 megawatts of offshore wind energy, powering over 500,000 homes, and supporting more than 1,000 union jobs tied to the South Brooklyn Marine Terminal’s redevelopment.
Permitting Reversals and Political Instability
BOEM’s authority to halt offshore activities is grounded in the Outer Continental Shelf Lands Act and its implementing regulations. See 43 U.S.C. § 1337(p)(4); 30 C.F.R. § 585.102(b). 
Federal action to stop work on previously approved projects is rare and typically limited to instances where agencies assert violations of those approvals rather than a re-thinking of the approvals themselves. The reversal of Empire Wind follows a separate determination by the Trump Administration to revoke the 2024 approval of New York’s congestion pricing program after completing environmental review under NEPA and SEQRA.[1] Congestion pricing is continuing right now, but the revocation decision is currently being litigated in the courts.[2] Both cases reveal that even where fully permitted, project sponsors and those financing these undertakings should not discount continued regulatory uncertainty during project construction. It is likely that eventually court decisions will provide further guidance on the level of discretion that federal agencies have to rescind prior project approvals. However, until such guidance is forthcoming this new regulatory environment may lead project applicants to consider a reevaluation of risk allocation in construction agreements and financing for major infrastructure projects. 

[1] See Final Environmental Assessment for the Central Business District Tolling Program, U.S. Dep’t of Transp., Fed. Highway Admin. (June 2023), FHWA Approval 88 Fed. Reg. 41999 (June 28, 2023); see also 23 U.S.C. § 109(h).
[2] See e.g., Metro. Transp. Auth. v. U.S. Dep’t of Transp., No. 1:25-cv-01413-LJL (S.D.N.Y. filed Feb. 19, 2025) (seeking declaratory and injunctive relief to prevent the federal government from rescinding prior approval of New York City’s congestion pricing program under the Value Pricing Pilot Program).; State of New Jersey v. U.S. Dep’t of Transp., No. 2:23-cv-03885-LMG-LDW (D.N.J. filed July 21, 2023) (challenging the Federal Highway Administration’s approval of New York’s Central Business District Tolling Program under NEPA and the APA based on alleged environmental and procedural deficiencies).

FTC Antitrust Enforcement Under the Second Trump Administration

During the first week of April, the Annual ABA Spring Meeting wrapped up, and there was much conversation about the future of antitrust enforcement. The Spring Meeting panel discussions and an analysis of recent FTC statements and enforcement actions shed light on where antitrust enforcement may be headed over the next four years.
As of this posting, the Federal Trade Commission (“FTC”) how three Republican commissioners. President Trump fired the two Democratic commissioners, Rebecca Slaughter and Alvaro Bedoya, on March 18, and Mark Meador was sworn in as the third Republican Commissioner on April 16, 2025. Removal of an FTC commissioner by a President has happened only once before. In 1933, President Franklin D. Roosevelt wrote Republican FTC Commissioner William E. Humphrey a letter removing him from his position. See Humphrey’s Executor v. United States, 295 U.S. 602 (1935) (holding the President’s removal unlawful because it was not for a cause under the FTC Act).
Commissioners Slaughter and Bedoya swiftly filed a lawsuit seeking declaratory and injunctive relief to serve out the remainder of their terms. Slaughter et al. v. Trump, No. 1:25-cv-00909 (D.D.C. Mar. 27, 2025). This case is likely headed to the Supreme Court to revisit the Court’s view of the scope of Humphry’s Executor. Now, with only three FTC Commissioners, some question whether the agency is operating lawfully pursuant to the text of the FTC Act, which states the Commission there in “shall be composed of five Commissioners” with no more than three from the same political party. 15 U.S.C. § 41. Yet, according to Rule 4.14, a quorum is a “majority of members” who are “not recused from participating in a matter.” 16 CFR § 4.14. Further, there is precedent the FTC voting to authorize a complaint with only two commissioners voting. During part of the first Trump Administration in 2017 to 2018, the FTC was comprised of two commissioners (Maureen Ohlhausen (R) and Terrell McSweeney (D)), and the FTC voted to challenge five mergers.
Commissioners Slaughter and Bedoya’s firings have resulted in uncertainty for pending FTC enforcement actions. Most recently, the removal of Slaughter and Bedoya caused the FTC to put an administrative complaint filed in September 2024 against pharmacy benefit managers (“PBMs”) on hold for 105 days because there were no sitting commissioners available to participate. Commissioners Ferguson and Holyoak were recused from the case, and former Chair Lina Khan resigned at the transition of Administrations. On April 3, 2025, Chair Ferguson issued a statement that after consultation with the FTC’s Designated Agency Ethics Official, he will no longer recuse himself from the matter “to ensure that the case can continue.”[1] Commissioner Holyoak issued a statement on April 4, 2025 stating that she would remain recused.[2]
Despite the FTC’s makeup being in flux, continuity in enforcement of certain topics from the Biden Administration to the Trump Administration likely exist, particularly in merger enforcement and in the healthcare and labor markets. However, the FTC’s approach to the Robinson-Patman Act (“RPA”) and the agency’s attitude toward private equity in merger challenges are likely to change under Chair Ferguson.
Merger Enforcement
Merger enforcement will likely see continuity going forward. Chair Ferguson has publicly supported the 2023 versions of the Merger Guidelines[3] (along with DOJ Assistant Attorney General for the Antitrust Division, Gail Slater[4]) and the revised HSR Rules.[5] Further, Chair Ferguson and Commissioner Holyoak voted with the Democratic commissioners to bring merger challenges in the past, including:

Tapestry, Inc.’s Acquisition of Capri Holdings Limited: In April 2024, the FTC brought an enforcement action seeking to block Tapestry’s acquisition of Capri alleging the acquisition may substantially lessen competition or tend to create a monopoly in the market for “accessible luxury” handbags in the US. The acquisition would have combined Tapestry’s Coach and Kate Spade brands with Capri’s Michael Kors brand. The district court granted the FTC’s motion for preliminary injunction, and the parties subsequently abandoned the transaction.
Tempur Sealy’s Acquisition of Mattress Firm: In July 2024, the FTC brought an enforcement action seeking to block the vertical merger alleging the consummation may substantially lessen competition or tend to create a monopoly in the market for premium mattresses in the US. Commissioner Holyoak issued a statement saying that many vertical mergers are procompetitive or benign but in this case, the facts warranted enforcement action.[6] The FTC sought a preliminary injunction in the District Court for the Southern District of Texas to halt the closing of the acquisition, which was denied mainly as a result of the court rejecting the FTC’s relevant market definition of the “premium” mattress market priced over $2,000.
GTCR BC Holdings, LLC’s Acquisition of Surmodics, Inc.: In March 2025, the FTC brought an enforcement action seeking to block private equity firm GTCR’s acquisition of Surmodics alleging the consummation may substantially lessen competition in outsourced hydrophilic coatings marketed in the US.

There may also be some shifts in the FTC’s enforcement approach, such as the FTC’s attitude and views towards private equity (“PE”). Former Chair Khan and former DOJ Assistant Attorney General for the Antitrust Division Jonathan Kanter publicly voiced hostility towards PE firms.[7] And, recently in a concurring statement[8] on the FTC’s enforcement action against GTCR’s acquisition of Surmodics, Commissioners Slaughter and Bedoya issued a statement highlighting the fact that the acquirer, GTCR, is a PE firm. By contrast, Chair Ferguson and Commissioner Holyoak stated in a concurring statement regarding a settlement with PE firm Welsh Carson that it was irrelevant that Welsh Carson was a PE firm, and “the antitrust analysis would be the same if Welsh Carson were, for an example, an individual or institutional investor.”[9] It is therefore unlikely going forward that PE firms will be under the same microscope in merger enforcement matters as they were under the Biden Administration.
As for the merger review process, Chair Ferguson has stated publicly that if the FTC does not see competitive issues with mergers during the initial review, the FTC will “get out of the way” to allow the majority of M&A activity to proceed. The FTC has also reinstated issuing early terminations (“ETs”) which had been put on hold during the Biden Administration. The FTC has granted nine ETs in March of 2025.[10]
Additionally, the FTC and DOJ will likely be more open to entering into merger remedies rather than challenging mergers outright, even if the merging companies have offered a settlement. Commissioner Holyoak has stated that the FTC should be “pragmatic” with remedies, contrasting Chair Khan’s dogmatic “approach” that favored litigation instead of remedies.[11] Recently, Chair Ferguson stated he would take a less aggressive approach to merger enforcement than his predecessor by being more willing to entertain remedies.[12] DOJ antitrust chief Gail Slater echoed the Republican FTC member’s sentiment towards remedies.[13]
Robinson-Patman Act (“RPA”) & Price Discrimination
The Robinson-Patman Act saw new life when the FTC brought enforcement actions against Southern Glazer and Pepsi in December 2024 and January 2025, respectively. The last RPA enforcement action brought by the FTC was in 2000 and resulted in settlement.[14] The RPA prohibits sellers from (1) charging different prices to competing buyers for the same or similar products (“price discrimination”) or (2) favoring customers in the provision of advertising, promotional, or merchandising allowances to assist in the resale of products.
Chair Ferguson and Commissioners Holyoak and Meador have all stated that the RPA should be enforced in the proper situation.[15] Particularly, Meador is a proponent of bringing “RPA cases where it has evidence that consumers are harmed by price discrimination.”[16] Yet, the cases against Southern Glazer and Pepsi were not proper, according to Commissioners Ferguson and Holyoak, who dissented in both actions. Thus, it would not be surprising if the FTC dismissed the RPA enforcement actions against Southern Glazer and Pepsi. Commissioner Ferguson’s dissent in Southern Glazer’s action stated that the Commission is “unlikely to prevail even on its own theory of the [RPA], and it would be an imprudent use of the Commission’s enforcement resources even if it were likely to prevail.”[17]
Antitrust Enforcement in Healthcare and Labor Markets
Enforcement in the healthcare and labor markets over the last four years, will likely see continuity from the previous Administration’s enforcement focuses. In February, Chair Ferguson appointed Daniel Guarnera as the Director of Bureau of Competition. In highlighting Guarnera’s experience with antitrust enforcement to promote competition in the healthcare and labor market, Chair Ferguson stated those were two of his top priorities.[18]
The FTC is likely to continue focusing on noncompete agreements, but the FTC’s rule prohibiting all noncompetes on a nationwide basis is likely dead. Commissioner Ferguson and Commissioner Holyoak dissented in the FTC’s vote to issue the final rule on noncompetes in June 2024.[19] The dissent authored by Commissioner Ferguson and joined by Commissioner Holyoak, stated that such sweeping lawmaking by an administrative agency offends Article I’s constitutional designation of legislative power to Congress.[20] The Commissioners noted that in banning all employee noncompete agreements, the Non-Compete Clause Rule invalidated 30 million existing contracts, preempted the law of 46 states, and categorically prohibited a business practice that had been lawful for centuries.[21] Two federal courts—one in Texas and one in Florida—enjoined the Final Rule in August 2024. The FTC appealed that to the Fifth Circuit and Eleventh Circuit, respectively, but the FTC recently requested a 120-day stay of both appeals[22] (prior to the firings of Commissioners Slaughter and Bedoya).
Chair Ferguson and Commissioner Holyoak are not categorically against addressing noncompete agreements. Both have stated that certain noncompetes should be prosecuted on a case-by-case basis, and noncompete agreements were highlighted by Chair Ferguson in his February 2025 memo announcing the Directive to stand up a Labor Markets Task Force.[23] This follows the FTC’s 5-0 vote to bring an enforcement action against certain “no-hire” agreements for building services contractors that operate in New York City and Northern New Jersey.[24] Further, Commissioner Meador testified during his confirmation hearing in front of the Senate Commerce Committee that noncompetes “have been overused and abused,” and that the FTC could use “traditional enforcement powers to address those harms.”[25] 
The Hunton team will continue to monitor the antitrust enforcement actions taken by the FTC as well as updates on the composition of the FTC commissioners, including whether other individuals are nominated to fill the two vacant seats and the status of the litigation over the removal of Commissioners Slaughter and Bedoya.
[1] @AFergusonFTC, X (Apr. 3, 2025, 4:38 PM).
[2] Statement on the Recusal of Comm’n Melissa Holyoak, In the Matter of Caremark, Rx, LLC, FTC Dkt. No. 9437 (Apr. 4, 2025).
[3] Memorandum from Andrew Ferguson, Merger Guidelines, FTC (Feb. 18, 2025).
[4] Abigail Slater, Responses to Written Questions of Senator Peter Welch for Hearing on “Nominations,” submitted February 17, 2025 (“[FTC] Chairman [Andrew] Ferguson has explained that the Merger Guidelines work best when there is stability across administrations, though he has also indicated that there may be some aspects he would be open to reforming. He further explained that much of what is in the current merger guidelines simply restates longstanding law.’ I agree with him. It is critical to the Antitrust Division’s law enforcement mission that its guidelines reflect the original meaning of the applicable statutory text as interpreted by the binding rules of the courts. The merger guidelines have been revised periodically when time and experience suggest changes are necessary, but when revisions are undertaken a careful and transparent process should be used to ensure our guidelines maintain the stability needed for rules of the road to serve their purpose.”).
[5] Concurring Statement of Commissioner Andrew N. Ferguson, In the Matter of Amendments to the Premerger Notification and Report Form and Instructions, and the Hart-Scott-Rodino Rule 16 C.F.R. Parts 801 and 803, FTC Matter No. P239300 (Oct. 10, 2024).
[6] Statement of Comm’n Melissa Holyoak In the Matter of Tempur Sealy Int’l, Inc. & Mattress Firm Grp. Inc., FTC Matter No. 2310016 (July 2, 2024).
[7] Remarks by Chair Lina M. Khan as Prepared for Delivery Private Capital, Public Impact Workshop on Private Equity in Healthcare, FTC (Mar. 5, 2024).
[8] Statement of Comm’n Rebecca Kelly Slaughter Joined By Comm’n Alvaro M. Bedoya In the Matter of GTCR BC Holdings/SurModics, FTC Matter No. 2410095 (Mar. 7, 2025).
[9] Concurring Statement of Comm’n Andrew N. Ferguson Joined by Comm’n Melissa Holyoak In the Matter of US Anesthesia Partners/Guardian Anesthesia, FTC Matter No. 2010031 (Jan. 17, 2025).
[10] See FTC Legal Library: Early Termination Notices.
[11] Sulaiman Abdur-Rahman, “We Should Be Pragmatic”: Meet the Possible Next FTC Chair, Nat’l L. J. (Nov. 14, 2024, 7:01PM).
[12]FTC’s Ferguson, DOJ’s Slater Signal Less Aggressive Merger Approach Than Biden Predecessors, Openness to Remedies, Vol. 13, No. 257, The Capitol Forum (Apr. 2, 2025).
[13] Id.
[14] FTC Press Release, World’s Largest Manufacturer of Spice and Seasoning Products Agrees to Settle Price Discrimination Charges (Mar. 8, 2000).
[15] See Dissenting Statement of Comm’r Ferguson, In the Matter of Southern Glazer’s Wine and Spirits, LLC, FTC Matter No. 211-0155 (Dec. 12, 2024); Dissenting Statement of Comm’r Holyoak, In the Matter of Southern Glazer’s Wine and Spirits, LLC, FTC Matter No. 211-0155 (Dec. 12, 2024); Dissenting Statement of Comm’r Ferguson In the Matter of Non-Alcoholic Beverages Price Discrimination Investigation, FTC Matter No. 2210158 (Jan. 17, 2025); Dissenting Statement of Comm’r Holyoak In the Matter of PepsiCo, Inc., FTC Matter No. 2210158 (Jan. 17, 2025); Mark Meador, Not Enforcing the Robinson-Patman Act is Lawless and Likely Harms Consumers, The Federalist Society (July 9, 2024).
[16] Mark Meador, Not Enforcing the Robinson-Patman Act is Lawless and Likely Harms Consumers, The Federalist Society (July 9, 2024).
[17] Dissenting Statement of Comm’r Ferguson, In the Matter of Southern Glazer’s Wine and Spirits, LLC, FTC Matter No. 211-0155 (Dec. 12, 2024).
[18] FTC Press Release, FTC Chairman Ferguson Appoints Daniel Guarnera as Director of Bureau of Competition (Feb. 10, 2025).
[19] Dissenting Statement of Comm’n Andrew N. Ferguson Joined by Comm’n Melissa Holyoak in the Matter of the Non-Compete Clause Rule, FTC Matter No. P201200 (June 28, 2024).
[20] U.S. Const. Art. I, § 1 (“All legislative Powers herein granted shall be vested in a Congress of the United States,”).
[21] Dissenting Statement of Comm’n Andrew N. Ferguson Joined by Comm’n Melissa Holyoak in the Matter of the Non-Compete Clause Rule, FTC Matter No. P201200 (June 28, 2024).
[22] Jared Foretek, FTC Wants Pause on Noncompete Appeals, Pending Decision, Law360 (Mar. 10, 2025, 8:24 PM EDT).
[23] Memorandum from Chairman Andrew N. Ferguson, Directive Regarding Labor Markets Task Force, FTC (Feb. 26, 2025).
[24] FTC Press Release, FTC Orders Building Service Contractors to Stop Enforcing a No-Hire Agreement (Jan. 6, 2025).
[25] Nominations Hearing for Michael Kratsios to Lead the Office of Science and Technology Policy and Mark Meador to Serve as a Federal Trade Commissioner, at 1:30:20 (Feb. 25, 2025).

California Bill May Curb the Flood of “Abusive Lawsuits” Targeting “Standard Online Business Activities”

Democratic State Senator Anna M. Caballero introduced Senate Bill 690 (S.B. 690), which aims to curb “abusive lawsuits” under the California Invasion of Privacy Act (“CIPA”) based on the use of cookies and other online technologies, on February 24, 2025, and the Bill is now scheduled to be heard by the Senate Public Safety Committee on April 29, 2025.
Over the past few years, the plaintiffs’ bar has leveraged CIPA to hold businesses ransom based on their use of everyday online technologies (e.g., cookies, pixels, beacons, chat bots, session replay and other similar technology) on their websites. The plaintiffs’ bar has claimed such technologies: (1) facilitate “wiretapping” under Section 631 of CIPA; and/or (2) constitute illegal “pen registers” or “trap and trace devices” under Section 638.50 of CIPA. Nearly every business with a public-facing website has been or may soon be targeted with threats of significant liability stemming from the availability of statutory damages under CIPA. Even those businesses that comply with the comprehensive California Consumer Privacy Act of 2018 (“CCPA”), which governs the collection and use of consumer personal information, are not immune from such threats. Faced with the threat of such aggregated statutory damages under CIPA, many businesses opt to pay out settlements to mitigate potentially enterprise-threatening risk. And those rational decisions unfortunately have spawned a cottage industry responsible for an endless stream of filed and threatened CIPA litigation that seemingly has served only to enrich the plaintiffs’ bar.
S.B. 690 might spell doom for these perceived abuses and the negative consequences they have had on online commerce. Caballero states that the bill aims to “[s]top[] the abusive lawsuits against California businesses and nonprofits under CIPA for standard online business activities that are already regulated by” the CCPA.
If enacted, S.B. 690 would exempt online technologies used for a “commercial business purpose” from wiretapping and pen register/trap-and-trace liability. Notably, the definition of “commercial business purpose” broadly encompasses the use of “personal information” in a manner already permitted by the CCPA. The exclusion of such practices from CIPA’s ambit should curb the “abusive lawsuits” cited by Caballero when she unveiled S.B. 690 and provide certainty to businesses engaged in online commerce.

Overview of Section 232 Tariffs on Steel and Aluminum: What Importers Need to Know

The implementation of new 25% Section 232 duties on steel, aluminum, and certain derivatives, effective March 12, 2025, which are in addition to any special rate of duty otherwise applicable, are affecting importers globally. Here is a breakdown of what these new tariffs entail:
1. Nature of Section 232 Tariffs and Interaction with Reciprocal Tariffs
On March 12, 2025, President Trump implemented 25% tariffs on steel and aluminum under Section 232 of the Trade Expansion Act of 1962. These duties, applied in addition to any existing special rates, aim to address national security concerns by bolstering domestic production. The additive nature of these tariffs has significantly raised the cost of imported steel and aluminum products, impacting budgets and pricing strategies for businesses reliant on these materials.
Subsequently, on April 5, 2025, the Trump Administration imposed a 10% baseline tariff on all imports to the United States, invoking the International Emergency Economic Powers Act (IEEPA) to address the national emergency posed by the persistent trade deficit. Building on this, the United States applied country-specific reciprocal tariffs as determined by the United States Trade Representative (USTR) which has been paused until July 9, 2025.
In its executive order, the Trump Administration explicitly excluded products already subject to Section 232 measures from the baseline and reciprocal tariff regime. Consequently, while Section 232 duties have increased the costs of imports like steel and aluminum, these products do not face additional tariffs under the reciprocal system as of this writing.
2. Immediate application and elimination of exemptions
These duties apply to imports made from March 12, 2025, onward. Notably, the new tariffs eliminate previous country exemptions and tariff-rate quota agreements, and they terminate the product exclusion process. Consequently, no new exclusion requests will be accepted, and existing exclusions will expire without renewal.
For those reasons, imports from countries previously subject to country exemptions are now subject to these tariffs (i.e., Australia, Canada, Mexico, the EU, the UK, Japan and South Korea).
However, we might see some country-specific bilateral trade agreements in due course that could exempt certain countries from these duties.
3. Exemptions from Derivative Articles – No Duty Drawback
Critically, the additional duties on derivative steel articles would exclude steel articles that are processed in a third country from steel that was melted and poured in the United States. The same exemption applies to derivative aluminum articles. This applies to all the listed derivative HTS codes to which the new Section 232 tariffs would otherwise apply, so businesses need to start mapping their suppliers’ supply chains for products in those codes to identify US content if they have not already done so.
Unfortunately, no duty drawback is available for these duties. Businesses that would reexport the listed products from the United States to third countries should consider rearranging their shipping so that listed products ultimately destined for third countries are shipped there directly and not imported first into the United States.
4. Expansion of Previous Proclamations
This trade action, via presidential proclamation, is an expansion of President Trump’s previous proclamations from 2018, now covering all products and derivatives from the original proclamations plus additional derivative products. The 2025 proclamations rely on definitions of steel and aluminum articles from the 2018 proclamations.
For ease of reference, we provide all such descriptions and HTS codes of steel products and derivatives listed or linked below:

Steel Products Subject to the 2018 (and thus 2025) 232 Tariffs

Proclamation 9705 (Mar. 8, 2018) defined steel articles at the Harmonized Tariff Schedule (HTS) 6-digit level as: 7206.10 through 7216.50, 7216.99 through 7301.10, 7302.10, 7302.40 through 7302.90, and 7304.11 through 7306.90.
Proclamation 9980 (Jan. 24, 2020) defined derivative steel articles as an article in which:

steel accounted for, on average, at least two-thirds of the product’s total material cost; and where
import volumes of such derivative article increased year to year in comparison to import volumes the preceding two years; and
import volumes of such derivative article exceeded the 4 percent average increase in the total volume of goods imported.

Those proclamations also included the following HTS codes:

HTS Heading
Product Type
Description
Source

7208, 7209, 7210, 7211, 7212, 7225, 7226
Steel Product
Flat-rolled products
Proclamation 9705

7213, 7214, 7215, 7227, 7228
Steel Product
Bars and rods
Proclamation 9705

7216 (except subheadings 7216.61.00, 7216.69.00 or 7216.91.00)
Steel Product
Angles, shapes and sections of iron or nonalloy steel
Proclamation 9705

7217, 7229
Steel Product
Wire
Proclamation 9705

7301.10.00
Steel Product
Sheet piling
Proclamation 9705

7302.10
Steel Product
Rails
Proclamation 9705

7302.40.00
Steel Product
Fish-plates and Sole plates
Proclamation 9705

7302.90.00
Steel Product
Other products of iron or steel
Proclamation 9705

7304, 7306
Steel Product
Tubes, pipes and hollow profiles
Proclamation 9705

7305
Steel Product
Tubes and pipes
Proclamation 9705

7206, 7207, 7224
Steel Product
Ingots, other primary forms and semi-finished products
Proclamation 9705

7218, 7219, 7220, 7221, 7222, 7223
Steel Product
Products of stainless steel
Proclamation 9705

7317.00.30
Derivative Steel Product
Nails, tacks (other than thumb tacks), drawing pins, corrugated nails, staples (other than those of heading 8305) and similar articles of iron or steel, whether or not with heads of other materials (excluding such articles with heads of copper), suitable for use in powder-actuated handtools, threaded
Proclamation 9980

7317.00.5503, 7317.00.5505, 7317.00.5507, 7317.00.5560, 7317.00.5580, 7317.00.6560 only and not in other numbers of subheadings 7317.00.55 and 7317.00.65
Derivative Steel Product
Nails, tacks (other than thumb tacks), drawing pins, corrugated nails, staples (other than those of heading 8305) and similar articles of iron or steel, whether or not with heads of other materials (excluding such articles with heads of copper), of one piece construction, whether or not made of round wire
Proclamation 9980

8708.10.30
Derivative Steel Product
Bumper stampings of steel, the foregoing comprising parts and accessories of the motor vehicles of headings 8701 to 8705
Proclamation 9980

8708.29.21
Derivative Steel Product
Body stampings of steel, for tractors suitable for agricultural use
Proclamation 9980

Additional Derivative Steel Products Subject to the 2025 232 Tariffs

The exact HTS codes of additional derivative steel products subject to the new tariffs are provided in pages 12-14 of Proclamation 10896 (Feb. 10, 2025).
For any derivative steel article identified in Annex I of Proclamation 10896 that is not in Chapter 73 of the HTSUS, the additional ad valorem duty shall apply only to the steel content of the derivative steel article.

5. Calculating Section 232 Tariffs on Steel and Derivative Steel Products
The calculation of these tariffs involves determining the value of the steel or aluminum content, which is:

The total price paid or payable for the steel or aluminum content itself, excluding any costs related to transportation, insurance, and other services associated with the shipment from the country of exportation to the country of importation.
This value is typically reflected in the invoice that the buyer pays to the seller for the steel or aluminum content.

Here are some scenarios considering the HTS codes above:
SCENARIO 1–If an article is identified in Proclamation 9705 or 9980, the Section 232 tariff will apply to the entire merchandise value.

Example: A steel body stamping classified under HTS 8708.29.21 and thus classified under Proclamation 9980, has a value of $100. The Section 232 tariff will be $25.

SCENARIO 2– If the article is identified in new Proclamation 10896 and is in Chapter 73, the tariff again applies to the entire merchandise value.

Example: A stainless steel pan classified under HTS 7323.93.00 has a value of $100. Because the pan is identified by new Proclamation 10896 and is classified in Chapter 73, the value of the entire merchandise is subject to the 25% duty. Thus, the Section 232 tariff will be $25.

SCENARIO 3– If the article is identified in new Proclamation 10896 but is not in Chapter 73, the tariff applies only to the steel content value.

Example: A passenger elevator part classified under HTS 8431.31.00, with a steel content valued at $75 out of a total $100, will incur a tariff of $18.75, because only the value of the steel content is subject to the 25% duty.

The implementation of these new Section 232 duties introduces significant changes for importers of steel and aluminum products. Understanding the details of these tariffs and their implications is essential for businesses consider strategic adjustments within their supply chains to mitigate the impact of these new duties.

Financial Institutions May Have Civil and Criminal Exposure for Knowingly or Unknowingly Assisting Customers Who Support Terrorist Activities

While there have been numerous shifts in government enforcement priorities in the past three months, there does appear to be one area where the status quo has remained the same. This new administration has made it clear that preventing financial institutions from working with terrorist organizations remains a top concern. While the administration has added “new” entities to its lists in the form of drug cartels and other nefarious groups, none of this changes the fact that it is as important as ever for banks and similar financial institutions to maintain effective compliance to avoid the government’s crosshairs. Moreover, if one of these banned entities does become inadvertently involved with a financial institution, it is equally as important to know how to get in front of the issue to mitigate the relevant and serious risk. 
For decades, terrorist organizations have tried to access the U.S. financial system to fund their terrorist operations around the world. Terrorist organizations and other criminals use various strategies to conceal the nature of their activities, including money laundering and structuring. The U.S. government has multiple tools for combatting terrorists’ abuse of the U.S. financial system. Congress enacted the Currency and Foreign Transaction Reporting Act of 1970, as amended (referred to as the Bank Secrecy Act or BSA) to monitor the source, volume, and flow of currency and other monetary instruments through the U.S. financial system to detect and prevent money laundering and other criminal activities. After the terrorist attacks on Sept. 11, 2001, Congress strengthened the BSA framework through the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001. Among other things, the USA PATRIOT Act targeted terrorist financing and enhanced enforcement mechanisms to combat it. Indeed, there are numerous other statutes and regulations that may come into play in cases involving terrorist financing. Those statutes and regulations rely heavily on U.S. financial institutions to identify and report bad actors. 
The risks involved when banks fail to follow these statutes and regulations are severe, and this GT Advisory summarizes the current laws that the government uses to try to eliminate terrorist organizations’ ability to move funds for their nefarious activities. U.S. financial institutions and their employees have substantial exposure if they knowingly or unknowingly assist customers in supporting or financing terrorist activities. As mentioned above, while the new administration is changing the way the government addresses the threat of terrorist funding in some ways, the basic tools used in detecting and prosecuting remain largely the same. Some of the government’s tools that should be considered in creating effective compliance for financial institutions include the following. 
1. Terrorist Support and Financing Violations
The most powerful tool in U.S. law enforcement’s quiver in curbing terrorist financing involves statutes proscribing the provision of material support to designated terrorist organizations. The government can prosecute individuals and entities that facilitate or finance terrorism under multiple statutes: (i) 18 U.S.C. § 2339A, which prohibits persons from providing material support or resources, including financial services, knowing that they will be used in preparation for or in carrying out certain predicate offenses associated with terrorism; (ii) 18 U.S.C. § 2339B, which prohibits knowingly providing material support to designated foreign terrorist organizations; and (iii) 18 U.S.C. § 2339C, which prohibits providing or collecting funds with the knowledge or intention that they will be used to carry out a terrorist attack. The statutes are complex, but it is important to note that conspiring to commit terrorism or aiding and abetting the commission of terrorism are punishable as if the person has committed the crime himself. Moreover, under 18 U.S.C.§ 2339C, an individual or entity can be prosecuted for concealing the nature, location, source ownership, or control over any material support or resources knowing that they will be or were provided to support terrorist activity. All of these statutes include severe criminal penalties for individuals and entities. These statutes apply to banks and other financial institutions similarly to how they would apply to anyone that helps known terrorists and, consequently, contain penalties to reflect the severity of the underlying conduct.
More specifically, under 18 U.S.C. § 2339B, if a financial institution becomes aware that it has possession of or control over funds of a foreign terrorist organization or its agent, the financial institution is required to retain possession or control over the funds and report the existence of the funds to the Secretary of Treasury in accordance with the regulations. The failure to do so may result in a civil penalty equal to the greater of $50,000 per violation or twice the value of the funds over which the financial institution was supposed to retain possession or control. The material support statute specifically states that it applies extraterritorially, meaning that the law reaches individuals, companies, and conduct that is normally beyond the reach of U.S. jurisdiction. Since the statute’s inception, U.S. courts have affirmed criminal convictions and civil penalties based on its broad extraterritorial reach.
2. IEEPA Violations
While not as chilling as the threat of being charged as supporting terrorism, the executive branch also can use its emergency powers to curb and punish financial institutions that conduct transactions with designated terrorists. This issue of emergency powers has been in the news recently because of the current administration’s discussion of using these powers to curb narcotics trafficking by targeting the various drug cartels. 
Specifically, the International Emergency Economic Powers Act (IEEPA) delegates authority to the president of the United States to regulate financial transactions to address threats following the declaration of a national emergency. As mentioned above, President Trump has issued multiple executive orders (EOs) designating terrorists or terrorist groups. The EOs prohibit U.S. persons from engaging in transactions with the designated terrorists or terrorist groups. The Office of Foreign Assets Control (OFAC) enforces sanctions against U.S. persons or non-U.S. persons with a U.S. nexus who deal with designated terrorists or terrorist groups. Financial institutions must notify OFAC of any blocked transactions and file an annual report. A financial institution that willfully violates an executive order or IEEPA implementing regulation may be charged criminally. The fines for a financial institution found to have violated these orders may be high and also involve potentially damaging collateral effects, such as debarment. 
3. Money Laundering
While money laundering has always been a relevant risk for financial institutions, in light of the new administration’s views on stopping both terrorism and narcotics trafficking, the industry should expect that the administration will pursue these laundering cases with greater zeal than the prior one. If a U.S. financial institution or its employees willfully assist a customer in laundering money, the government may charge the financial institution or its employees with conspiracy to commit money laundering. While laundering may occur throughout the United States in any location where a nefarious individual is trying to hide ill-gotten proceeds, the increased focus on international criminal and terrorist activities will result in greater detection of laundered amounts and, consequently, much higher fines. 
The government may also charge international money laundering in terrorist financing cases. International money laundering is sometimes referred to as “reverse money laundering” because it involves the transfer of legitimate funds abroad for an illegal purpose. 18 U.S.C. § 1956(a)(2)(A) prohibits the transport, transmission, or transfer of funds and monetary instruments of funds from the United States to a place outside of the United States with the intent to promote a specified unlawful activity. Specified unlawful activities include the terrorism material support offenses, IEEPA violations, and other criminal activities connected to terrorism. 
Most importantly, money laundering is something that a financial institution is legally required to take steps to detect and prevent. These efforts will never be perfect but taking steps to enact effective compliance is critical to mitigating the risk of fines and penalties and, in some circumstances, may even change charging decisions. Effective compliance programs that are continuously reviewed and improved are key to mitigating the risk of fines and penalties if cases like the ones discussed above arise.
4. BSA Violations
Similar to the money laundering issues discussed above, the Bank Secrecy Act (BSA) creates challenges for financial institutions that may increase over the coming years. The BSA imposes substantial reporting and due diligence requirements on financial institutions to prevent abuse of the U.S. financial system. Among other requirements, each financial institution must: (i) develop and implement an effective anti-money laundering (AML) program; (ii) file and retain records of currency transaction reports (CTRs) to report cash transactions of $10,000 or more; (iii) file and retain records of suspicious activity reports (SARs) where the financial institution knows, suspects, or has reason to suspect, inter alia, that the money was from an illegal source or the transaction occurred in connection with a plan to violate federal law or evade reporting requirements; (iv) file and retain records of Reports of International Transportation of Currency or Monetary Instruments (CMIRs) to report the transportation of currency or monetary instruments exceeding $10,000 to or from the United States; and (v) adopt customer identification procedures and perform other due diligence measures. The BSA rules are administered by the Financial Crimes Enforcement Network (FinCEN), the Internal Revenue Service (IRS), and the federal banking agencies including the Federal Deposit Insurance Corporation, the Office of the Comptroller of Currency, and the National Credit Union Administration.
The penalties for violating BSA requirements can be severe. Potentially applicable penalties include:

Criminal Liability for Financial Institutions or Employees Who Willfully Violate BSA Reporting Requirements – A person, including a bank employee, who willfully violates the BSA reporting requirements may be subject to five years in prison and a fine of up to $250,000. The criminal penalties are increased to 10 years in prison and a fine of up to $500,000 where the person commits the BSA reporting violation in connection with another crime or engages in a pattern of illegal conduct. 
Structuring Violations – A person who structures, attempts to structure, or assists in structuring any transaction with one or more domestic financial institutions to evade a BSA reporting requirement may be guilty of a crime. Structuring involves willfully breaking a payment into smaller amounts so that they fall under the reporting threshold. Structuring is punishable by up to five years in prison and a fine of up to $250,000. Like the reporting penalties, the criminal penalties for structuring are increased to up to 10 years in prison and a fine of up to $500,000 where the person commits structuring in connection with another crime or engages in a pattern of illegal conduct exceeding more than $100,000 in a 12-month period.  
Civil Penalties – The secretary of the Treasury may impose a civil penalty of $500 for a negligent violation of the recordkeeping requirements in the BSA. The penalty can be increased by up to $50,000 where there is a pattern of negligent violations. Where a financial institution engages in certain international money-laundering violations, the secretary of Treasury may impose a penalty equal to the greater of two times the value of the transaction or $1,000,000. 
Where a financial institution’s failure to satisfy the recordkeeping requirement is willful, the civil penalty is equal to the greater of the value of the transaction or $25,000, up to a maximum of $100,000. The penalty is applied for each day the violation continues on each branch or place of business. Therefore, the civil penalties can increase significantly. The civil penalty can apply in addition to any criminal penalties. 
Egregious Violator – Where an individual willfully commits a BSA violation and the violation either facilitated money laundering or terrorist financing (i.e. the individual is an “egregious violator”), the individual is prohibited from serving on the board of directors of a U.S. financial institution for a period of 10 years commencing on the date of the conviction or judgment.

5. Internal Revenue Code Currency Violations
The Internal Revenue Service frequently uses information gathered under the BSA reporting requirements to determine if taxpayers are compliant with their U.S. tax reporting obligations. Large transfers of cash are not per se illegal; however, they may be an indicator of fraud for tax purposes. Therefore, the IRS has a strong interest in financial institutions filing timely and accurate CTRs. To this end, the Internal Revenue Code includes a parallel statute that addresses the failure to file or the filing of inaccurate CTRs. The following penalties may apply under 26 U.S.C. § 6050I:

Criminal Liability for Willful Failure to File a CTR – Any person who willfully fails to file a CTR is guilty of a felony punishable with up to five years in prison and a fine of up to $25,000 (or $100,000 in the case of a corporation). 
Criminal Liability for Willfully Filing a False CTR – Any person who willfully files a false CTR is guilty of a felony publishable with up to three years in prison or a fine of up to $100,000 (or $500,000 in the case of a corporation).  
Criminal Liability for Structuring – The Internal Revenue Code includes its own criminal provision for structuring violations. A person who structures or assists in structuring may be publishable with the same penalties that apply to a person who fails to file or files an incorrect CTR.  
Criminal Liability for Willfully Aiding or Assisting in Preparing a False CTR – Any person who aids, assists, counsels, or advises in the preparation of a false CTR is guilty of a felony punishable with up to three years in prison or a fine of up to $100,000 (or $500,000 in the case of a corporation). 
Civil Penalty – The civil penalty for failure to file or filing an incorrect CTR is equal to the greater of $25,000 or the amount of cash received in the transaction, up to a maximum of $100,000. 

6. Forfeiture Actions
In addition to civil and criminal penalties, the government can use civil and criminal forfeiture statutes to seize the property related to terrorism or money-laundering violations. This includes proceeds of the criminal activity, funds used to facilitate the criminal activity, and in some circumstances, legitimate funds that have been knowingly commingled with illegal funds. Where the illegal funds are being held abroad, the government may be able to seize assets held in correspondent accounts that foreign financial institutions maintain in the United States as a substitute. 
7. Loss of Bank Charter or Removal from Banking Activities
In addition to the civil and criminal penalties that can apply, federal banking agencies have the authority to revoke bank charters and prohibit bank employees from engaging in further banking activities. Equally concerning are the various state banking regulators that can also revoke a financial institution’s charter for violations of federal laws. Because of the regulated nature of financial institutions, the ramifications of any of the violations mentioned above, even if not particularly egregious, have the potential to cause irreparable harm to the institution. 
Conclusion
The government has numerous tools to penalize financial institutions or their employees for knowingly and unknowingly assisting customers with supporting or financing terrorism. As the strategies that terrorists use to access the U.S. financial systems continue to evolve, financial institutions may wish to consult with their advisors on the best way to prevent violations.