Tariffs on Mexico, Canada Paused for 30 Days
Earlier today, President Trump announced that he agreed to delay imposing the additional 25% tariff on Mexican products for 30 days after Mexican President Claudia Sheinbaum promised to send soldiers to the US-Mexican border to help stop the flow of fentanyl and migrants into the United States. The two Presidents also agreed to negotiations to be held between the U.S. Secretary of State, Secretary of Treasury and Secretary of Commerce, and certain Mexican government officials.
Similarly, after finishing a conference call this afternoon with President Trump, Canadian Prime Minister Justin Trudeau announced that President Trump agreed to delay imposing the additional 25% tariff on Canadian imports for 30 days in consideration for Canada implementing a $1.3 billion border plan to reinforce the border to stop the flow of fentanyl, including appointing 10,000 frontline personnel and appointing a “Fentanyl Czar.”
The 10% additional tariff on Chinese imports are still set to become effective on February 4, 2025 (see China EO).
The additional IEEPA national security tariffs to be imposed on Mexican and Canadian goods pursuant to President Trump’s executive orders have not been canceled. The imposition of the tariffs has been just suspended to allow further bi-lateral negotiations to occur.
Due to current uncertainty, importers of Mexican and Canadian goods may seek to stock up on inventories over the next 30 days, which could cause logistical problems and major traffic at U.S. ports. Importers, however, will likely be exempt from the additional tariffs only if they meet the deadlines stated in the executive orders. These dates will most likely be updated to reflect the delayed implementation of the goods.
But any such imported goods will be exempt from the additional tariffs only if they meet the deadlines stated in the executive orders, which dates may or may not be updated to reflect the delayed implementation of the executive orders. Thus, importers need to closely monitor whether and how the timing for assessment of additional tariffs will be changed in any future pronouncements. The current executive orders provide that, in order to be exempt from the additional tariffs, the imported goods must have either (i) cleared U.S. customs, or (ii) been loaded or in transit on the final mode of transit on the way to the United States as of a certain date and time, as follows:
Such rate of duty shall apply with respect to goods entered for consumption, or withdrawn from warehouse for consumption, on or after 12:01 a.m. eastern time on February 4, 2025, except that goods entered for consumption, or withdrawn from warehouse for consumption, after such time that were loaded onto a vessel at the port of loading or in transit on the final mode of transport prior to entry into the United States before 12:01 a.m. eastern time on February 1, 2025, shall not be subject to such additional duty, only if the importer certifies to CBP as specified in the Federal Register notice (see Section 2(a) of the Mexico EO and the Canada EO).
In sum, as of the close of business today, the 25% tariffs on Mexican and Canadian imports that were promulgated pursuant to the Mexico EO and the Canada EO have been suspended for 30 days. Thus far, however, the additional 10% tariff to be imposed on Chinese imports still remains intact.
Cybersecurity in the Marine Transportation System: What You Need to Know About the Coast Guard’s Final Rule
The U.S. Coast Guard (“USCG”) published a final rule on January 17, 2025, addressing Cybersecurity in the Marine Transportation System (the “Final Rule”), which seeks to minimize cybersecurity related transportation security incidents (“TSIs”) within the maritime transportation system (“MTS”) by establishing requirements to enhance the detection, response, and recovery from cybersecurity risks. Effective July 16, 2025, the Final Rule will apply to U.S.-flagged vessels, as well as Outer Continental Shelf and onshore facilities subject to the Maritime Transportation Security Act of 2002 (“MTSA”). The USCG is also seeking comments on a potential two-to-five-year delay of implementation for U.S.-flagged vessels. Comments are due March 18, 2025.
Background
The need for enhanced cybersecurity protocols within the MTS has long been recognized. MTSA laid the groundwork for addressing various security threats in 2002 and provided the USCG with broad authority to take action and set requirements to prevent TSIs. MTSA was amended in 2018 to make clear that cybersecurity related risks that may cause TSIs fall squarely within MTSA and USCG authority.
Over the years, the USCG, as well as the International Maritime Organization, have dedicated resources and published guidelines related to addressing the growing cybersecurity threats arising as technology is integrated more and more into all aspects of the MTS. The USCG expanded its efforts to address cybersecurity threats throughout the MTS in its latest rulemaking, publishing the original Notice of Proposed Rulemaking (“NPRM”) on February 22, 2024. The NPRM received significant public feedback, leading to the development of the Final Rule.
Final Rule
In its Final Rule, the USCG addresses the many comments received on the NPRM and sets forth minimum cybersecurity requirements for U.S.-flagged vessels and applicable facilities.
Training. Within six months of the Final Rule’s effective date, training must be conducted on recognition and detection of cybersecurity threats and all types of cyber incidents, techniques used to circumvent cyber security measures, and reporting procedures, among others. Key personnel are required to complete more in-depth training.
Assessment and Plans. The Final Rule requires owners and operators of U.S.-flagged vessels and applicable facilities to conduct a Cybersecurity Assessment, develop a Cybersecurity Plan and Cyber Incident Response Plan, and appoint a Cybersecurity Officer that meets specified requirements within 24 months of the effective date. There are a host of requirements for the Cybersecurity Plan, including, among others: provisions for account security, device protection, data safeguarding, training, drills and exercises, risk management practices, strategies for mitigating supply chain risks, penetration testing, resilience planning, network segmentation, reporting protocols, and physical security measures. Additionally, the Cyber Incident Response Plan must provide instructions for responding to cyber incidents and delineate the key roles, responsibilities, and decision-making authorities among staff.
Plan Approval and Audits. The Final Rule requires Cybersecurity Plans be submitted to the USCG for review and approval within 24 months of the effective date of the Final Rule, unless a waiver or equivalence is granted. The Rule also gives the USCG the power to perform inspections and audits to verify the implementation of the Cybersecurity Plan.
Reporting. The Final Rule requires reporting of “reportable cyber incidents”[1] to the National Response Center without delay. The reporting requirement is effective immediately on July 16, 2025. Further, the Final Rule revises the definition of “hazardous condition” to expressly include cyber incidents.
Potential Waivers. The Final Rule allows for limited waivers or equivalence determinations. A waiver may be granted if the owner or operator demonstrates that the cybersecurity requirements are unnecessary given the specific nature or operating conditions. An equivalence determination may be granted if the owner or operator demonstrates that the U.S.-flagged vessel or facility complies with international conventions or standards that provide an equivalent level of security. Each waiver or equivalence request will be evaluated on a case-by-case basis.
Potential Delay in Implementation. Due to a number of comments received related to the ability of U.S.-flagged vessels to meet the implementation schedule, the Final rule seeks comments on whether a delay of an additional two to five years is appropriate.
Conclusion
As automation and digitalization continue to advance within the maritime sector, it is imperative to develop cyber security strategies tailored to specific management and operational needs of each company, facility, and vessel. Owners and operators of U.S.-flagged vessels and MTSA facilities are advised to review the new regulations closely and begin preparations for the new cybersecurity requirements at the earliest opportunity. Stakeholders are also encouraged to provide comments before March 18, 2025, addressing the potential two-to-five-year delay in implementation for U.S.-flagged vessels.
[1] A reportable cyber incident is defined as an incident that leads to, or, if still under investigation, can reasonably lead to any of the following: (1) substantial loss of confidentiality, integrity, or availability of a covered information system, network, or operational technology system; (2) disruption or significant adverse impact on the reporting entity’s ability to engage in business operations or deliver goods or services, including those that have a potential for significant impact on public health or safety or may cause serious injury or death; (3) disclosure or unauthorized access directly or indirectly of non-public personal information of a significant number of individuals; (4) other potential operational disruption to critical infrastructure systems or assets; or (5) incidents that otherwise may lead to a TSI as defined in 33 C.F.R. 101.105.
Federal Grant Funding: A Thaw in the Freeze?
Last week was a roller coaster ride for health care providers and other recipients of federal grant funding. Here’s a quick recap of everything that’s happened since our last e-alert:
OMB Memo Rescinded – On January 29, the OMB issued a rescission of the memorandum (M-25-13) that contained the agency directive to review federal grant programs and the corresponding funding pause (the “OMB Memo”). Providers and other outside observers could be forgiven for making the assumption that this would be the end of the story for the time being.
The Story Continues – Shortly after the OMB rescinded the OMB Memo, communication from the White House, including posts on X from the Press Secretary, indicated that the rescission applied to the OMB Memo only and that the White House still intended to freeze federal funds and enforce the Executive Orders.
Normalcy? Returns– Thursday evening into Friday morning, Medicaid agencies reported irregularities in accessing funding portals and drawing down federal funds. We have heard from providers that access to their 330 PHS grant funds has been restored. At the same time, we have reports that some agencies (such as the National Science Foundation) are still reviewing grant programs for compliance with the Trump Administration’s Executive Orders. For now, however, the status quo for grant funding seems largely to have been preserved.
The Legal Battle Continues – A coalition of Democratic Attorneys General filed a lawsuit in Rhode Island earlier this week to oppose the OMB Memo and associated funding freeze.1 The judge in that case held a hearing to determine whether the legal challenge was moot, given the rescission of the OMB Memo. Citing communication from the press secretary, Judge McConnell indicated a willingness to still enter some kind of protective order related to the actions underlying the OMB Memo, even if the OMB Memo itself had been rescinded. Late afternoon on January 31, Judge McConnell issued a temporary restraining order in this case, which will last through a hearing and decision on the states’ motion for a preliminary injunction.2 On the morning of February 3, the DOJ responded with a notice of compliance outlining the Administration’s response to the TRO.
What Now? – Whatever the final legal outcome from the Rhode Island case, it seems clear that the Executive Branch is intent on reviewing federal grant programs for compliance with its policy directives. We know, based on OMB’s rescinded Memo, the initial list of programs on the Administration’s radar. Subject to any final disposition in the AG suit, we expect additional action in the coming weeks and months with respect to these programs, and providers should be aware of the potential impact on their organizations up to and including the inability to access funds previously appropriated and awarded.
Attached to this e-alert is an Excel tool that identifies the grant programs identified in OMB’s rescinded Memo. Providers and other grant recipients should use this tool to inventory their current grant funding streams, assess organizational risk moving forward and make plans in the event of future disruption.
[1] A copy of the states’ request for a temporary restraining order is available here: https://ag.ny.gov/sites/default/files/court-filings/new-york-et-al-v-trump-et-al-complaint-2025.pdf.
[2] A copy of the preliminary injunction is available here: https://storage.courtlistener.com/recap/gov.uscourts.rid.58912/gov.uscourts.rid.58912.50.0_2.pdf.
Grant Review Tool
DOJ Compliance Notice
Healthcare Preview for the Week of: February 3, 2025 [Podcast]
Senate Committee to Vote on RFK Jr. Nomination, House Tries to Move Forward on Budget Resolution
The Senate Finance Committee is set to vote on the confirmation of Robert F. Kennedy (RFK) Jr., President Trump’s nominee for Secretary of the US Department of Health and Human Services (HHS), on Tuesday morning. All eyes are on Senator Cassidy (R-LA), who publicly struggled at the Senate Committee on Health, Education, Labor, & Pensions hearing last week with whether to support RFK Jr. for the role of HHS Secretary. If Senator Cassidy and all Democrats on the Finance Committee vote against RFK Jr.’s confirmation, the committee would need to move him to a full floor vote without the committee’s support.
Last week, House Republicans used a retreat to try to coalesce around the reconciliation process. The House Budget Committee should hold a markup of the budget resolution this week to meet the schedule put forth by Speaker Johnson. However, so far no scheduled meeting has been posted. The House Budget Committee includes Rep. Chip Roy (R-TX) and some other very conservative members who appear to be raising concerns about the committee directives that might appear in the budget resolution – and are seeking to have higher numbers inserted than leadership had intended, because their top concern is lowering federal spending.
Turning to the Administration, there was a lot of activity over the weekend that included shutting down agency websites, Department of Government Efficiency representatives gaining access to closely controlled government databases, and layoffs of government employees.
Also over the weekend, President Trump imposed tariffs on Canada, China, and Mexico, reportedly for their roles in illegal immigration into the United States, and in producing and trafficking fentanyl. President Trump called the flow of contraband drugs into the United States a national emergency and public health crisis. On Monday morning, President Trump paused the new tariffs on Mexico for one month after Mexico agreed to reinforce its northern border with 10,000 National Guard members. Canada and Mexico indicated that they may to impose tariffs on the United States as well.
Today’s Podcast
In this week’s Healthcare Preview, Debbie Curtis and Rodney Whitlock join Julia Grabo to discuss the next steps in Robert F. Kennedy Jr.’s Senate confirmation process, budget reconciliation in the House, and the flurry of recent activity from the White House.
UK ICO Sets Out Proposals to Promote Sustainable Economic Growth
On January 24, 2025, the UK Information Commissioner’s Office (“ICO”) published the letter it sent to the UK Prime Minister, Chancellor of the Exchequer, and Secretary of State for Business and Trade, in response to their request for proposals to boost business confidence, improve the investment climate, and foster sustainable economic growth in the UK. In the letter, the ICO sets out its proposals for doing so, including:
New rules for AI: The ICO recognizes that regulatory uncertainty can be a barrier to innovation, so it proposes a single set of rules for those developing or deploying AI products, supporting the UK government in legislating for such rules.
New guidance on other emerging technologies: The ICO will support businesses and “innovators” by publishing innovation focused guidance in areas such as neurotech, cloud computing and Internet of Things devices.
Reducing costs for small and medium-sized companies (“SMEs”): Focusing on the administrative burden that SMEs face when complying with a complex regulatory framework, the ICO commits to simplifying existing requirements and easing the burden of compliance, including by launching a Data Essentials training and assurance programme for SMEs during 2025/26.
Sandboxes: The ICO will expand on its previous sandbox services by launching an “experimentation program” where companies will get a “time-limited derogation” from specific legal requirements, under the strict control of the ICO, to test new ideas. The ICO would support legislation from UK government in this area.
Privacy-preserving digital advertising: The ICO recognizes the financial and societal benefits provided by the digital advertising economy but notes there are aspects of the regulatory landscape that businesses find difficult to navigate. The ICO wishes to help reduce the burdens for both businesses and customers related to digital advertising. To do so, the ICO, amongst other things, referred to its approach to regulating digital advertising as detailed in the 2025 Online Tracking Strategy (as discussed here).
International transfers: Recognizing the importance of international transfers to the UK economy, the ICO will, amongst other things, publish new guidance to enable quicker and easier transfers of data, and work through international fora, such as G7, to build international agreement on increasing data transfer mechanisms.
Promote information sharing between regulators: The ICO acknowledges that engaging with multiple regulators can be resource intensive, especially for SMEs. The ICO will work with the Digital Regulation Cooperation Forum to simplify this process, and would encourage legislation to simplify information sharing between regulators.
Read the letter from the ICO.
Trump Department of Labor Signals Likely Retreat from Biden Era Independent Contractor Classification Rule
We’ve written before about the “tennis match” that describes how, with changes in presidential parties, the Department of Labor (DOL) has proposed different tests to determine whether workers are “employes” covered by the Fair Labor Standards Act (FLSA) or “independent contractors” who are exempt from FLSA coverage. Indeed, with the new administration taking office last month, the DOL looks to be setting up a new volley in this ongoing match.
Current Status: Incoming DOL Leadership Is Reassessing the Agency’s Position
The Trump 2.0-era DOL had been slated to defend the Biden-era DOL Independent Contractor Rule (the “2024 Independent Contractor Rule”) in oral arguments before a federal appeals court in early February 2025. See Frisard’s Transp., LLC v. United States DOL, No. 24-30223.
But the DOL secured a postponement to decide how to proceed and is now due to provide the court a status update by March 25, 2025. (Frisard’s is one of five lawsuits challenging the 2024 Independent Contractor Rule.)
Likely Future Status: Farewell to the Short-Lived 2024 Independent Contractor Rule
We can expect that the DOL will drop its defense of the 2024 Independent Contractor Rule, which had rescinded the Trump 1.0-era test for independent contractor classification under the FLSA (the “2021 Independent Contractor Rule”).
Incoming DOL leadership might restore the 2021 Independent Contractor Rule or might just let courts analyze classification questions without agency guidance.
What Does This All Mean for Employers?
The back-and-forth over different administrations’ DOL rules can leave one’s head spinning. Let’s review what this latest volley will mean for employers.
If the 2021 Independent Contractor Rule is restored, it means a five-factor test to determine worker classification, with two being “core” factors: the nature and degree of the worker’s control over the work, and the worker’s opportunity for profit or loss. (By contrast, the 2024 Independent Contractor Rule being challenged uses a six-factor test, with a “totality of circumstances approach.”) The 2021 Independent Contractor Rule was generally viewed as simpler and more employer friendly, but it was no free pass, either. It made clear that actual practice dictates whether a worker is properly classified, not contractual labels or the parties’ preference.
If the DOL declines to issue guidance, courts will continue to do what they’ve long done anyway — reference their own precedents, which frankly consider the same types of factors identified in the both the 2021 and 2024 Independent Contractor Rules to determine if a worker is an employee or independent contractor. These classification analyses are fact-intensive and case-specific.
Amidst Flip-Flopping, Constant Good Advice: Be Careful When Classifying Workers as Independent Contractors
That fact-intensive judicial analysis is good reason to proceed with caution when classifying workers as independent contractors, even with an anticipated pro-employer bend at the DOL. (Indeed, the game-changing Loper Bright decision last summer means any DOL interpretation of the arguably ambiguous term “employee” in the FLSA is not entitled to judicial deference, anyway.) Therefore, it still behooves employers to ask themselves some key questions when classifying workers as independent contractors:
What is the nature and degree of control that the worker has over their own work? For example, does the company set the worker’s schedule, supervise their performance, or control pricing for their services?
What type of opportunity for profit or loss does the worker have? For example, is the worker making entrepreneurial investments in their services?
Is the relationship with the worker non-exclusive?
Is the worker providing services on a project-specific or sporadic basis, rather than indefinitely or continuously?
Are the worker’s services integral to the company’s principal business?
Do company employees perform the same type of services as the worker?
Does the worker bring a special or unique skill?
Where is the worker located? Remember, some states have very stringent so-called ABC-tests that would classify many workers as employees, even if the other factors outlined above are satisfied.
Companies uncertain about their classification decisions should reach out to counsel for advice.
Wearable Technologies and Employment Risks – EEOC Issues New Guidance
From smart watches to exoskeletons, wearable technologies are quickly changing the landscape of the American workplace. Several states and administrative agencies have responded to this shift by enacting new laws and issuing regulatory guidance concerning the use of such technologies. The latest of these responses includes a fact sheet issued by the U.S. Equal Employment Opportunity Commission (EEOC) titled “Wearables in the Workplace: Using Wearable Technologies Under Federal Employment Discrimination Laws.” The fact sheet provides guidance on how employers can use wearable technologies while maintaining compliance with various federal employment laws. More broadly, the fact sheet signals growing concern over the use of employee-monitoring technologies.
The General State of Wearable Technologies
Wearable technologies are digital devices worn or carried by employees that are used to track and collect certain types of information. Smart watches and GPS devices are common examples of wearable technologies. However, wearable technologies include a broad range of devices, such as environmental or proximity sensors which alert employees of nearby hazards, smart glasses or helmets which measure electrical activity in the brain, and exoskeletons which provide employees with increased strength and mobility.
Wearable technologies are becoming increasingly common in the workplace – and for good reason. By augmenting employees’ physical and perceptual abilities, these technologies can enhance workplace productivity and safety. Wearable technologies can be particularly valuable for companies struggling with an aging workforce or shortages of skilled labor. They can also be particularly valuable in construction, manufacturing, and warehousing industries which experience hundreds of thousands of non-fatal injuries and thousands of fatal injuries per year.
However, these benefits come with risks. One of the biggest risks is employee privacy. Several state and federal laws, such as the Americans with Disabilities Act (ADA) and state biometric information laws, protect certain information given by employees to their employers. Other risks include employee health, data security, and data interpretation. Since the wearable technologies industry is likely to expand in the future, government regulators have started to enact new laws and to adapt existing laws to account for these risks. The EEOC fact sheet on wearable technologies represents one piece related to this growing concern.
EEOC Guidance on Wearable Technologies
The EEOC’s recent guidance on wearable technologies provides several important considerations for employers. The EEOC has explained how employers can implement wearable technologies in the workplace while maintaining compliance with a variety of federal employment laws. It remains to be seen whether the EEOC under the Trump Administration will rescind or amend this guidance that was issued at the end of Biden’s Administration.
Medical Examinations and Disability-Related Inquiries
The EEOC’s guidance provides that wearable technologies may constitute “medical examinations” and/or “disability-related inquiries” in violation of the ADA.
To determine whether a test or procedure is a medical examination under the ADA, the EEOC will consider several factors, including whether the test measures an employee’s performance, whether the test is normally given in a medical setting, and whether medical equipment is used. Wearable technologies may be deemed to be conducting medical examinations when they track and collect information about an employee’s physical or mental condition, such as blood pressure monitors and eye trackers. Wearable technologies may also be deemed to be conducting medical examinations where they are conducting diagnostic testing, such as EEGs.
Disability-related inquiries, on the other hand, are questions that are likely to elicit information about an employee’s disability. Employers may be making disability-related inquiries where employees are required to provide health information, such as information about prescription drug use or a disability, in connection with using wearable technologies.
The ADA generally limits medical examinations and disability-related inquiries to situations where they are “job related and consistent with business necessity.” This may include situations where an employee makes a request for reasonable accommodation or where an employer is concerned that an employee poses a direct threat of serious harm due to their medical condition. Medical examinations and disability-related inquiries are also permitted: (1) when required under federal law or safety regulations; (2) for certain employees in positions affecting public safety, such as police officers or firefighters; and (3) when they are voluntary and part of an employee health program. If an employer uses wearable technologies to conduct medical examinations or disability-related inquiries outside of one of these exceptions, under the EEOC’s guidance, the employer risks violating the ADA.
Non-Discrimination
The EEOC’s guidance also provides that employers must not use information collected by wearable technologies to discriminate against employees based on a protected characteristic. Protected characteristics include, but are not limited to, race, color, religion, sex, national origin, age, disability, and genetic information.
For example, according to the EEOC, employers may violate non-discrimination laws by:
Using data from wearable technologies to infer that an employee is pregnant, then taking an adverse action against the employee as a result.
Relying on data from wearable technologies which produces less accurate results for certain protected classes, then taking adverse actions against those employees based on that data.
Tracking an employee to a medical center and then researching the purpose of the employee’s visit in a way that elicits genetic information.
Moreover, employers may not selectively use wearable technologies on a discriminatory basis nor use information from wearable technologies to make employment decisions which have a disproportionate adverse effect on the basis of a protected characteristic.
Reasonable Accommodations
The EEOC’s guidance also suggests that employers may need to make exceptions to the use of wearable technologies as reasonable accommodations under Title VII (religious belief, practice, or observance), the ADA (disability), or the Pregnant Workers Fairness Act (pregnancy, childbirth or related medical conditions).
Confidentiality
If an employer collects medical or disability-related data from wearable technologies, the employer, generally, must maintain that data in separate medical files and treat it as confidential medical information.
Other Laws and Guidance on Wearable Technologies
The guidance expressed in the EEOC fact sheet is similar to that presented by other administrative agencies. For example, the National Labor Relations Board’s (NLRB) former General Counsel Jennifer Abruzzo issued a memorandum in October 2022 addressing various technologies in the workplace, including wearable technologies. The memorandum warned that wearable technologies may impair or negate employees’ ability to engage in protected activity due to “the potential for omnipresent surveillance.”
In addition, several state legislatures have enacted laws regulating employee-monitoring technologies, including wearable technologies. Some of these laws regulate the collection and handling of employee biometric information.[1] Other laws regulate certain forms of employee location tracking,[2] or regulate employee surveillance more broadly.[3]
Key Takeaways
Employers who use wearable technologies in the workplace should:
Assess the type of information collected by the wearable technologies and determine whether that collection would constitute an improper medical examination or disability-related inquiry under the ADA.
Evaluate the accuracy and validity of the information collected by the wearable technologies before making any adverse employment decisions based on that information.
Refrain from using information collected by wearable technologies to discriminate against employees on the basis of a protected characteristic.
Consider whether any state or local laws govern the use of wearable technologies or the information collected by the wearable technologies.
Because the legal framework governing wearable technologies is quickly evolving, employers would be wise to consult with employment counsel to ensure their continued compliance with federal and state laws, regulations, and guidance.
Note: Since this post was written, the EEOC Fact Sheet appears to have been removed from the EEOC website. This may indicate that the new administration is not inclined to follow or issue the same guidance.
FOOTNOTES
[1] See, e.g., 740 Ill. Comp. Stat. 14/1 et seq.; Tex. Bus. & Com. Code § 503.001; Wash. Rev. Code § 19.375; H.B. 24-1130, 74th Gen. Assemb., 2nd Reg Sess. (Colo. 2024).
[2] See, e.g., Haw. Rev. Stat. § 378‑102; N.J. Stat. Ann. § 34:6B-22; Cal. Penal Code § 637.7; N.H. Rev. Stat. § 644-A:4.
[3] See, e.g., N.Y. Civ. Rights Law § 52-C; Conn. Gen. Stat. Ann. § 31-48d.
Listen to this article
Rohit Chopra Out, Scott Bessent In (Temporarily) at the CFPB
In a familiar move, President Donald Trump has designated the current head of another executive agency, this time newly sworn in Secretary of the Department of the Treasury Scott Bessent to simultaneously lead the Consumer Financial Protection Bureau (CFPB) in an acting capacity. The move was announced via a short press release issued by the CFPB on February 3, 2025, but importantly notes that Trump made the decision on January 31, 2025.
Reports first began circulating on Saturday, February 1, 2025, that the now-former director of the CFPB, Rohit Chopra, had been fired by Trump. Chopra confirmed his departure from the agency in a letter that he posted online later that day.
Bessent will be the third acting director in the CFPB’s short history, and the second acting CFPB director to simultaneously serve as the head of multiple federal agencies. In 2017, when then-director Richard Cordray resigned, Trump tapped Mick Mulvaney, who was also serving as the director of the Office of Management and Budget (OMB), to serve as the acting director of the CFPB. Then, in 2021 when Kathleen Kraninger resigned as the CFPB’s director, Dave Uejio was designated by President Joe Biden to serve as the CFPB’s acting director.
The Federal Vacancies Reform Act of 1998 governs the president of the United States’ ability to designate who may serve in an acting capacity when there is a vacancy at the top of an executive agency, a role that requires a presidential appointment and Senate confirmation. In addition to specifying who the president may tap to serve in such a role until a new director is confirmed, the law also limits how long a person may serve in an acting capacity. As a starting point, the Vacancies Reform Act specifies that the “first assistant to the office” becomes the acting director when there is a vacancy in the director role. However, the president has the authority to override the default rule by designating someone else to serve in an acting capacity. Specifically, the president can nominate someone who either (1) is serving in another role that required the president’s appointment and Senate confirmation, or (2) is currently working in the agency with the vacancy so long as the person worked at the agency for 90 days or more within the prior year.
In the present case, Trump chose to place Treasury Secretary Bessent into the role of acting director of the CFPB, which appears consistent with the Vacancies Reform Act because Bessent was previously confirmed by the Senate and sworn in as treasury secretary on January 28, 2025. Otherwise, it appears likely that Zixta Martinez, the CFPB’s deputy director, would have been the acting director by default pursuant to the Vacancies Reform Act.
Moving forward, the Vacancies Reform Act dictates that someone serving in an acting capacity as the head of an executive agency may only do so for up to 210 days, though the limit can be extended once someone else is nominated, as well as if a first or second nomination is rejected, withdrawn or returned by the Senate. This is where the January 31, 2025, date in the CFPB’s press release likely becomes important. It signifies that, subject to whether someone else is nominated in the interim, Bessent may serve as the acting director of the CFPB until August 29, 2025.
We will continue to track developments with the CFPB and its leadership, and the impacts of those developments, moving forward.
Listen to this post
Proposition 65: California’s Office of Environmental Health Hazard Assessment Adopts Changes to the “Short-Form” Warning
California’s Safe Drinking Water and Toxic Enforcement Act of 1986, Health & Safety Code Section 25249.5 et seq. (“Proposition 65”) prohibits manufacturers, suppliers, distributors, retailers, and other entities in the stream of commerce from knowingly and intentionally exposing California consumers to certain listed chemicals above a safe harbor level without first providing a “clear and reasonable” warning to such individuals. (Health & Safety Code § 25249.6). The law applies to consumer product exposures, occupational exposures, and environmental exposures that occur in California. Presently, there are approximately 900 listed chemicals known by the State of California to cause cancer, reproductive harm, or both.
Since 2016, many businesses selling to California consumers have utilized “short-form warnings” on products, which alert consumers to possible risks of cancer or reproductive harm without identifying the specific chemical in the product. These abbreviated warning labels have remained popular for businesses because they streamline the process of providing necessary warnings to consumers while also protecting the businesses from costly enforcement actions brought either by the California Attorney General or private enforcers.
Following several years of failed attempts by California’s Office of Environmental Health Hazard Assessment (“OEHHA”) to limit the use of short-form warnings to products contained in or on small packaging, on December 6, 2024, OEHHA amended Proposition 65 to require companies to add at least one chemical name to the warning language—or the name of two chemicals, if the warning covers both cancer and reproductive toxicity, unless the same chemical is listed for both endpoints. While the changes are effective as of January 1, 2025, OEHHA is providing a three-year runway for companies to comply (until January 1, 2028). Importantly, products manufactured and labeled prior to January 1, 2028 using the old short-form warning do not have to be relabeled thereby providing an effective unlimited sell-through period.
These amendments do make an important concession to companies selling into California, however. Businesses now have the option to use words in the warning labels to clarify that they are specifically limited to California. But while this does allay years of concerns expressed by companies within and outside of California that the warning labels confused out of state consumers, the short-form is not really all that short anymore. Businesses selling products with truly small packaging will need to identify creative ways to label products with limited real estate.
These 2025 amendments also make explicit that: (1) short-form warnings may be used to provide safe harbor warnings for food products but do not require the yellow triangle symbol; (2) provide a 60-day transition period during the three-year implementation period for retailers to update online short-form warnings after notice from a manufacturer; and (3) provide new tailored safe harbor warnings for passenger or off-highway motor vehicle parts and recreational marine vessel parts.
While businesses in all consumer product industries have quite a bit of time to update their short form warning labels, it is important to make sure that business partners and affiliates all along the supply chain are aware of the upcoming changes and align their quality assurance testing and labeling processes to ensure timely compliance. Moreover, while the amendments do allow a lengthy sell off period for products manufactured and labeled on or before December 31, 2027, there is no doubt private enforcers will be on the hunt for non-compliant labeling. Therefore, if businesses do decide to sell off old labeling into 2028 and beyond, meticulous records should be kept of the manufacturing and labeling date on those products to allow for ease of tracking and use as an affirmative defense.
TPS Program Updates
This post serves as a regularly updated resource to keep employers informed regarding TPS designations, extensions, cancellations, and other policy changes. This post was last updated on February 3, 2025.
Venezuela
More than 600,000 Venezuelan citizens in the United States have benefitted from Temporary Protected Status (TPS) since 2021. In January 2025, the program was extended until October 2, 2026, by then Department of Homeland Security (DHS) Secretary Alejandro Mayorkas. TPS allows Venezuelans to remain in the United States and work lawfully because the conditions in Venezuela are not safe for them to return to: limited access to basic services, collapse of the healthcare system, dilapidated infrastructure, and the ongoing economic crisis.
On January 29, 2025, Kristi Noem, the new DHS Secretary, reversed the extension of TPS for Venezuela. When a TPS program is allowed to expire, a 6-month extension of TPS and work authorization is automatically granted, resulting in the final date of Venezuelan TPS of April 2, 2026. Secretary Noem reversed the extension even though the State Department’s Travel Advisory for US citizens interested in traveling to Venezuela is “Level 4 – Do Not Travel”.
When TPS expires for Venezuelans on April 2, 2026, they will revert to the US immigration status they held prior to the TPS designation, unless they have acquired another immigration status allowing them to lawfully remain in the United States. For many in this program, their prior underlying immigration status has expired, leaving them unable to lawfully remain in the United States and work, making them subject to removal from the United States.
Rules on AI Literacy and Prohibited Systems Under the EU AI Act Become Applicable
On February 2, 2025, the EU AI Act’s rules on AI literacy, along with the prohibition of certain types of AI system, became applicable in the EU.
Under the new AI literacy obligations, providers and deployers will be required to ensure a sufficient level of AI literacy for their staff and other persons working with AI systems on their behalf. For this purpose, organizations should put in place robust AI training programs.
Additionally, under the new rules, the placing on the market, the putting into service or the use of AI systems that present unacceptable risks to the fundamental rights of individuals will be prohibited in the EU. AI systems covered by the new prohibition include AI used for:
social scoring for public and private purposes;
exploitation of vulnerabilities of persons through the use of subliminal techniques;
real time remote biometric identification in publicly accessible spaces by law enforcement, subject to narrow exceptions;
biometric categorization of natural persons based on biometric data to deduce or infer their race, political opinions, trade union membership, religious or philosophical beliefs or sexual orientation;
individual predictive policing;
emotion recognition in the workplace and education institutions, unless for medical or safety reasons; and
untargeted scraping of Internet or CCTV for facial images to build-up or expand databases.
Literacy and prohibitions of the abovementioned AI systems will be the first obligations under the AI Act to become applicable. The remaining will apply to entities under scope in stages following a transition period. The length of the transition period will vary depending on the type of AI system or model.
Specific obligations applicable to general-purpose AI models will become applicable on August 2, 2025.
Most obligations under the AI Act, including the rules applicable to high-risk AI systems under Annex III and systems subject to specific transparency requirements will become applicable on August 2, 2026.
Obligations related to high-risk systems included in Annex I of the AI Act will become applicable on August 2, 2027.
Certain AI systems and models already on the market may be exempt or have longer compliance deadlines.
Read the AI Act.
Fraud Section’s 2024 Year in Review Shows Enforcement Uptick
The Fraud Section of the U.S. Department of Justice’s Criminal Division published its Year in Review last month, which showed an uptick for white collar enforcement in foreign corruption, financial and health care fraud. The enforcement affected a range of industries including telecommunications, defense contracting, software services, aviation, consulting, and financial services. Below we highlight the enforcement trends and identify our key takeaways for 2025.
Foreign Corruption
DOJ resolved eight criminal corporate cases and entered into one declination pursuant to its Corporate Enforcement and Voluntary Self-Disclosure Policy (“CEP”). The schemes involved bribery of officials in Latin America, Africa, the Middle East, and South and East Asia and over $1.1 billion on criminal fines and disgorgement. One of the matters included the first coordinated resolution with Ecuador and the third with South Africa. Four trials involving individuals charged with FCPA violations were held this year.
In late 2023, the DOJ created the Criminal Division’s International Corporate Anti-Bribery (“ICAB”) initiative aimed to grow the Department’s foreign law enforcement partnerships. Several prosecutors serve as regional ICAB representatives and DOJ has stated that ICAB members helped bring several of this year’s global FCPA resolutions.
Securities, Commodities & Cryptocurrency Enforcement
DOJ’s Market Integrity and Major Frauds Unit resolved three corporate matters and one CEP declination involving over $200 million in criminal penalties. The unit also charged 75 individuals. The schemes involved alleged abuses of 10b5-1 trading plans, insider trading in the equities and commodities market, the largest cryptocurrency nonfungible-token scheme, and the first cryptocurrency open-market manipulation case.
Federal Procurement & Program Fraud
DOJ’s Market Integrity and Major Frauds Unit also investigated and prosecuted fraud in federal procurement and programs. In 2024, DOJ also reached two corporate resolutions with major defense contractors for defective and fraudulent pricing, diversion of federal program funding, and counterfeit electronic parts used by the U.S. military in sensitive defense applications.
Health Care Fraud
DOJ charged 147 individuals for alleged scheme involving more than $3.26 billion in false and fraudulent claims. The Health Care Fraud Unit currently has strike force teams in 26 cities across the nation. Data analytics continues to be a major investigation predicate. The unit’s Data Analytics Team completed 3,229 data requests and 151 proactive investigative referrals. The schemes involved cardio genetic testing, amniotic wound grafts, controlled substance wholesalers, addiction treatment facilities, misbranded medication, laboratory testing, durable medical equipment, and telemedicine.
According to DOJ, telemedicine fraud schemes have “exploded” over the last five years and the Department has responded with seven nationwide enforcement actions. Pharmaceutical distributors also remain an area of focus with ten executives, sales representative, and brokers charged in October 2024 in four federal districts. DOJ also expanded its Sober Homes initiative to combat fraudulent addiction and rehabilitation schemes that targeted Native Americans in Arizona. The initiative has resulted in the over $1.2 billion in alleged false billings for fraudulent tests and treatments for drug and/or alcohol addiction. The Fraud Section has partnered with the U.S. Attorney’s Office for the District of Arizona in this initiative.
False Claims Act
Although not a criminal statute, the False Claims Act is another tool used to combat federal procurement, federal program, and health care fraud. 2024 was a record year for False Claims Act settlements, which exceeded $2.9 billion. The government and whistleblowers were party to 558 settlements and judgments, the second highest total after last year’s record of 566 recoveries, and whistleblowers filed 979 qui tam lawsuits, the highest number in a single year. Settlements and judgments since 1986 exceed $78 billion.
Takeaways
As we look back at the enforcement trends from 2024, there are several key takeaways to consider for the year ahead:
Data Analytics continues to be a mainstay tool for proactive detection and leads in foreign corruption, health care, and financial fraud enforcement. The Fraud Section’s data analytics team identifies outliers, trends, and patterns in federal health care benefit program billing, market activity against public filing disclosures, and even analyzes data compiled in public sources for foreign corruption matters.
Whistleblower and Voluntary Self-Disclosure Programs appear to be working. We previously wrote about each of these programs here and here. According to DOJ, the programs have resulted in 180 tips on new or existing investigations. Companies should implement a robust internal reporting system that allows employees to report potential misconduct comfortably and confidentially. Effectively responding to internal complaints can deter whistleblowers from bypassing the company’s reporting system and provides the company with a documented response to present to the DOJ if necessary.
Foreign Corruption enforcement will continue to expand its international footprint. 2024 resolutions included companies based in China, Germany, Brazil, Spain, Australia, Switzerland, and South Africa. Look to even more enforcement in 2025 with enhanced tools like the Foreign Extortion Prevention Act, the Criminal Division’s International Corporate Anti-Bribery initiative, and the Administration’s renewed focus on Latin America.
Health Care Fraud enforcement provides an average return on investment of $73.04 per $1 spent and over $3 billion in projected savings. Telemedicine, genetic testing, pharmaceutical distributors, and durable medical equipment will remain areas of enforcement focus.
Cryptocurrency remains in focus as the market continues to be fertile ground of market manipulation and schemes that exploit decentralized finance and automated trading. Enforcement will likely continue to include domestic and international laundering of crypto-fraud proceeds.
A copy of the full Year in Review report may be found here.