Communications, Media & Internet – Page 9

CONFIDENTIAL?: AmEx Compels Individual TCPA Suit to Arbitration And I am Intrigued

Arbitration provisions can by a TCPA defendant’s best friend, but usually that’s to avoid class litigation.
While a TCPA suit can–and very often is–be filed as a class action in court such cases are not permitted under most arbitration provisions. That means if a defendant can successfully compel arbitration it may take a billion dollar exposure case and take it down to $500.00. Not a bad day in court.
But there are other reasons to seek arbitration where available, even in an individual suit as AmEx just demonstrated.
In Adler v. American Express Co., 2025 WL 904462 (N.D. Oh. March 25, 2025) AmEx compelled an individual TCPA claim to arbitration.
The background facts here are interesting. Plaintiff claims AmEx was mistakenly calling him repeatedly–say, 15 times a month– for years with prerecorded calls related to a debt he didn’t owe.
If these allegations are true Plaintiff seemingly has a six figure case against AmEx ($500.00 is the MINIMUM liability for such errant robocalls to a cellular phone) but the good news for AmEx is that the suit was brought on an individual basis.
Despite the individual nature of the suit AmEx asked the court to compel arbitration. Plaintiff opposed arguing the calls at issue were not related to HIS account but the Court determined that did not matter– any dispute between the parties had to go to arbitration. And since Plaintiff was a cardholder who had accepted the arbitration provision by using the card he was a party stuck bringing suit in arbitration only.
So this was a fine win by AmEx but only because it will make it harder for everyone to find out what happened in the lawsuit. Everything that happens in federal court is public, but arbitrations are private proceedings. So we may never know what happened with Mr. Adler.
Folks facing TCPA trouble should ALWAYS think about compelling arbitration– and anyone in the lead gen space should be leveraging these provisions as part of every form.

DOJ Issues Guidance, FAQs and Implementation Policy on Bulk Transfers of Sensitive U.S. Personal and Government Data

On April 11, 2025, the U.S. Department of Justice (“DOJ”) issued a compliance guide, FAQs and an Implementation and Enforcement Policy to assist organizations to comply with the DOJ’s final rule implementing Executive Order 14117 (Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern). The guidance comes just days after certain of the final rule’s provisions became effective on April 8, 2025.
Compliance Guide
The compliance guide identifies best practices for complying with the final rule and offers guidance on defined terms, prohibited and restricted transactions and requirements for building a compliance program. The guide also provide best practices for complying with the final rule’s audit and recordkeeping requirements, which go into effect on October 6, 2025.
FAQs
The FAQs aim to provide further clarity on the DOJ’s final rule. In particular, the FAQs provide general information about the DOJ final rule and address a number of different issues related to the rule, including prohibited, restricted and exempt transactions, compliance requirements and DOJ advisory opinions under the rule. The FAQs reflect feedback and common issues the DOJ addressed through the rulemaking process. The DOJ will update the FAQs as necessary to address additional questions raised by the public.
Implementation and Enforcement Policy
Under the new Implementation and Enforcement Policy, the DOJ recognizes that companies may need to take steps to determine whether the final rule applies to their activities and to create new or update existing policies and other compliance processes. While certain of the rule’s provisions became effective on April 8, 2025, the DOJ will not prioritize civil enforcement actions against any person for violations of the rule that occur from April 8 through July 8, 2025, provided the person is taking measures to comply with the rule during that time.

German Federal Labor Court Finds Certain Virtual Stock Option Forfeiture Clauses May Unreasonably Disadvantage Employees

On March 19, 2025, the German Federal Labor Court (Bundesarbeitsgericht or BAG) held in Case No.: 10 AZR 67/24 that certain forfeiture clauses in General Terms and Conditions of Business (Allgemeine Geschäftsbedingungen or AGB) regarding the expiration of virtual stock options upon termination of employment are invalid.

Quick Hits

The German Federal Labor Court ruled on March 19, 2025, that certain forfeiture clauses in General Terms and Conditions of Business regarding the expiration of virtual stock options upon termination of employment are invalid.
The court found that such forfeiture clauses unreasonably disadvantage employees by not adequately considering the work already performed and the associated entitlement to the options.
International companies might benefit from decoupling employee ownership at least from the German employment relationship to avoid legal uncertainties and enhance the attractiveness of their programs.

Background
Virtual stock options are a popular form of employee ownership. They allow employees to participate in the economic success of the company without actually purchasing shares. These options are often subject to certain conditions, such as length of service. Employees often acquire rights to virtual options in different tranches. This staggered acquisition of rights is called vesting. In addition, the exercise of vested rights is often dependent on an event beyond the employee’s control, such as an initial public offering (IPO) of the company. This often results in a situation where the value of virtual stock options can only be realized after a significant delay.
Many programs contain clauses that provide for the forfeiture of vested options when the employee leaves the company. The German Federal Labor Court has now ruled that such forfeiture clauses can be invalid if they unreasonably disadvantage the employee.
Case History
In the present case, the plaintiff was employed by the defendant from April 1, 2018, to August 31, 2020. The employment relationship was terminated by a timely voluntary resignation. In 2019, the plaintiff received and accepted an offer to be granted twenty-three virtual stock options. According to the employee stock option plan (ESOP), the exercise of the options required their exercisability after the expiration of a vesting period and an exercise event such as an IPO. The options could generally be exercised in stages after a minimum waiting period of twelve months within a total vesting period of four years.
At the time of the plaintiff’s resignation, 31.25 percent of the options granted to the plaintiff were vested.
The defendant rejected the plaintiff’s claim to these options based on the forfeiture clauses. The plaintiff argued that the forfeiture clauses were invalid because the options were an integral part of his compensation package.
The German Federal Labor Court’s Ruling
The Tenth Senate of the German Federal Labor Court ruled in favor of the plaintiff and found the following: the vested virtual stock options had not expired; the forfeiture clauses in the ESOP unreasonably disadvantaged the employee and were therefore invalid; the vested options constituted compensation for the work performed by the plaintiff; and the immediate forfeiture upon termination of employment did not adequately take into account the employee’s interests and was contrary to the legal concept of Section 611a (2) of the German Civil Code (BGB). In addition, the court found that the termination of the vested virtual stock options could be seen as an unjustified restriction to end the employment and seek a new job.
Issue of Restricted Exercisability Upon Voluntary Resignation
A key issue highlighted by the BAG in its decision is the restricted exercisability of options in the event of voluntary termination by the employee. These clauses unreasonably disadvantage the employee because they do not sufficiently consider the work already performed and the associated entitlement to the options. The immediate or accelerated forfeiture of already vested options upon voluntary resignation constitutes an unfair disadvantage and may act as a disincentive to resign, as employees may refrain from resigning in order to avoid financial losses.
In particular, international companies could consider decoupling employee ownership from the employment relationship and structuring it according to a different legal regime. This can help avoid legal uncertainty and make the programs more flexible and attractive to employees.

Cyber Risks: Is Your Business Exposed?

In today’s interconnected digital landscape, cybersecurity has emerged as a critical concern for businesses across all sectors. The increasing frequency and sophistication of cyber threats necessitates a comprehensive understanding of both legal and financial implications associated with cyber risks. This article delves into the essential legal and financial terms related to cybersecurity to highlight their significance and provide insights into best practices for mitigating risk.
Defining ‘Cyber Risk’
Cyber risk refers to the potential for financial loss, disruption, or damage to an organization’s reputation due to failures in its information technology systems. These risks can arise from various sources, including cyberattacks, data breaches, system failures, or unauthorized access to sensitive information. Understanding cyber risk involves assessing both the impact a cyber incident can cause and the probability of such an incident occurring.
Sean Griffin, partner at Longman & Van Glack, underscores the legal liabilities of data breaches, explaining that failure to implement proper cybersecurity controls could expose companies to litigation and government enforcement actions.
The Role of Risk Management
Effective risk management is crucial in identifying, assessing, and mitigating cyber risks. Organizations typically adopt one or more of the following strategies:

Risk Acceptance: Acknowledging the risk and choosing to accept it without implementing additional controls, often because the cost of mitigation exceeds the potential loss.
Risk Avoidance: Eliminating activities that introduce risk, thereby avoiding the potential threat altogether.
Risk Mitigation: Implementing measures to reduce the likelihood or impact of a cyber incident, such as deploying security technologies or enhancing employee training.
Risk Transfer: Shifting the financial consequences of a risk to a third party, typically through purchasing cyber insurance policies.

Legal Frameworks and Regulations
Navigating the complex landscape of cybersecurity requires adherence to various legal frameworks and regulations designed to protect data and ensure organizational accountability. The legal framework governing the mitigation and prevention of cyber-risks includes federal and state regulations like the following:
Federal Trade Commission (FTC) Safeguards Rule
The FTC’s Safeguards Rule mandates that financial institutions develop, implement, and maintain comprehensive information security programs to protect customer information. The rule was updated to include more specific requirements, such as designating a qualified individual to oversee cybersecurity compliance, conducting regular risk assessments, and implementing access controls and encryption. Notably, the definition of ‘financial institutions’ has been expanded to encompass a broader range of companies, increasing the scope of entities required to comply.
New York Department of Financial Services (NYDFS) Cybersecurity Regulation
The NYDFS Cybersecurity Regulation (23 NYCRR Part 500) establishes cybersecurity requirements for financial services companies operating in New York. The regulation requires entities to implement a cybersecurity program, adopt a written policy, designate a Chief Information Security Officer (CISO), and comply with various technical controls. Recent amendments have introduced more stringent requirements, such as enhanced governance obligations and expanded definitions of key terms, reflecting the evolving nature of cyber threats.
Securities and Exchange Commission (SEC) Cybersecurity Disclosure Rules
The SEC has implemented rules requiring publicly traded companies to disclose material cybersecurity incidents within four business days of determining their materiality. This mandate emphasizes the importance of transparency and timely communication with investors regarding cyber risks and incidents. The disclosure should include the nature, scope, and potential impact of the incident on the company’s operations and financial condition.
Jonathan Friedland of Much Shelist emphasizes the importance of transparency in cybersecurity. He highlights that businesses must disclose cyber risks and incidents promptly to avoid regulatory scrutiny and loss of trust.
Financial Implications of Cyber Risks
Cyber incidents can have profound financial consequences for businesses, including direct costs such as regulatory fines, legal fees, and remediation expenses, as well as indirect costs like reputational damage and loss of customer trust.
Key financial considerations include:
Cyber Insurance
To mitigate potential financial losses from cyber incidents, organizations often invest in cyber insurance policies. These policies can cover various expenses, including data breach notifications, legal fees, and business interruption losses. However, it’s essential for organizations to thoroughly understand the terms, coverage limits, and exclusions of their policies to ensure adequate protection.
Regulatory Fines and Penalties
Non-compliance with cybersecurity regulations can result in substantial fines and penalties. For instance, under the updated FTC Safeguards Rule, financial institutions that fail to implement required security measures may face enforcement actions. Similarly, the NYDFS Cybersecurity Regulation imposes penalties on entities that do not adhere to its stringent requirements.
Best Practices for Cybersecurity
To strengthen cybersecurity defenses, organizations should adopt the following best practices:

Implement a Robust Incident Response Plan: The term, ‘Incident Response Plan’ (IRP), refers to a documented strategy outlining the procedures an organization will follow in the event of a cybersecurity incident. It typically includes steps for detection, containment, eradication, recovery, and post-incident analysis to mitigate damage and prevent future occurrences. Alex Sharpe of Sharpe Consulting suggests continuous monitoring and real-time threat detection rather than a solely reactive approach to cyber incidents.
Conduct Regular Security Audits and Risk Assessments: Identifying vulnerabilities proactively helps in mitigating potential threats before they are exploited.
Enhance Employee Training and Awareness Programs: Employees are the first line of defense against cyber threats; regular training can reduce human error and increase vigilance.
Encrypt Sensitive Data: Data encryption can protect critical information even if it is intercepted or stolen.
Utilize Multi-Factor Authentication (MFA): Enforcing MFA across all systems can significantly reduce the risk of unauthorized access.
Monitor and Respond to Threat Intelligence: Keeping up-to-date with emerging threats and attack trends allows organizations to adjust their defenses accordingly.

Conclusion
As cyber threats continue to evolve, businesses must remain vigilant in safeguarding their digital assets. Implementing proactive security measures, adhering to regulatory requirements, and fostering a culture of cybersecurity awareness are crucial for mitigating risk.
Cybersecurity is not merely an IT issue but a fundamental business imperative that impacts legal, financial, and operational stability. By staying informed, leveraging best practices, and continuously updating security protocols, organizations can enhance their resilience against cyber threats and protect their most valuable assets — data, reputation, and customer trust.

To learn more about this topic, view Corporate Risk Management / Cyber Risks: Every Business is Exposed Whether You Know it or Not. The quoted remarks referenced in this article were made either during this webinar or shortly thereafter during post-webinar interviews with the panelists. Readers may also be interested to read other articles about cybersecurity.
This article was originally published here.
©2025. DailyDACTM, LLC d/b/a/ Financial PoiseTM. This article is subject to the disclaimers found here.

CONSENT DOESN’T HELP: Travel and Leisure Co. Stuck in TCPA Class Action As Court Refuses to Credit Consent at the Pleadings Stage

Nothing more frustrating for a TCPA defendant than to be stuck in a class action when the named plaintiff provided consent to be contacted in the first place.
However the rules of litigation often prevent that issue from being addressed until much later in the case–sometimes even after expensive class discovery– which is why so many TCPA plaintiffs file frivolous lawsuits and manage to extract a high-dollar settlement.
Take the case of Hodge v. Tavel + Leisure Co., 2025 WL 1093243 (N.D. Cal. April 11, 2025). There the Defendant moved to dismiss arguing the Plaintiff had consented to receive the calls at issue. But the Court was unimpressed noting it would only credit the allegations of the complaint at this stage:
Hodge therefore had no obligation to negate Defendant’s claim of express consent through her allegations, and the Court can only dismiss Hodge’s TCPA claim on the consent defense if the “allegations in the complaint suffice to establish” consent. Sams v. Yahoo! Inc., 713 F.3d 1175, 1179 (9th Cir. 2013) (quoting Jones v. Bock, 549 U.S. 199, 215 (2007)). Nothing in the SAC, when construed in Hodge’s favor, shows that she consented to artificial or prerecorded messages.
Get it?
Even though the defendant might have a complete defense it is simply too early in the case for the Court to throw out the class action. As a result the defendant must litigate and deal with discovery demands– all of which gives Plaintiff’s counsel the opportunity to extort… er.. extract a high dollar resolution.
There are some tricks to get past the pleadings stage limitation on extrinsic consent evidence–Troutman Amin, LLP has earned great pleadings stage wins for example– but anytime there is a dispute of fact on consent you are DEFINITELY not going to win at the pleadings stage, and maybe not even at the MSJ stage. So be careful.
At the end of the day making outbound prerecorded or artificial voice calls (including voicemails) carries substantial risk. Make sure you know the rules of the game before playing!

False Claims Act Settlements in Q1 Shows Scope of Frauds Targeted by Government as DOJ Official Promises “Aggressive” Enforcement

During the first quarter of 2025, the U.S. Department of Justice (DOJ) announced a number of False Claims Act (FCA) settlements and judgements, many of which resolved qui tam lawsuits filed by whistleblowers. The settlements and judgements showcase the variety of frauds which the government is pursuing and which False Claims Act whistleblowers can report.
Under the False Claims Act’s qui tam provisions, whistleblowers can file a qui tam lawsuit alleging violations of the FCA on behalf of the government, which then has the option to intervene and take over the lawsuit. Regardless of whether the government intervenes, whistleblowers whose qui tam suits result in successful cases are eligible to receive between 15-30% of the funds collected in the case.
The types of fraud targeted in settlements and judgments announced in the first quarter of 2025 include Medicare Part C fraud, cybersecurity fraud, illegal kickbacks and defense contract fraud.
In a keynote address at the Federal Bar Association’s annual qui tam conference in February, Deputy Assistant Attorney General Michael Granston promised that moving forward the Department of Justice “plans to continue to aggressively enforce the False Claims Act.”
$62 Million Settlement Over Medicare Part C Fraud Allegations
On March 26, the DOJ announced that Seoul Medical Group Inc., its subsidiary and majority owner, and Renaissance Imaging Medical Associates Inc., a radiology group that worked with Seoul Medical, agreed to pay a total of $62 million to resolve False Claims Act allegations relating to the submission of false diagnosis codes for two spinal conditions to increase payments from the Medicare Advantage program (Medicare Part C).
According to the DOJ, Seoul Medical and its owner “submitted diagnoses for two severe spinal conditions, spinal enthesopathy and sacroiliitis, for patients who did not suffer from either of these conditions” and “enlisted the assistance of Renaissance Imaging Medical Associates to create radiology reports that appeared to support the spinal enthesopathy diagnosis.”
These diagnoses allegedly led to the increased payment to Seoul Medical under Medicare Part C.
“Medicare Advantage is a vital program for our seniors and the government expects healthcare providers who participate in the program to provide truthful and accurate information,” said Acting Assistant Attorney General Yaakov M. Roth of the Justice Department’s Civil Division. “Today’s result sends a clear message to the Medicare Advantage community that the United States will zealously pursue appropriate action against those who knowingly submit false claims for taxpayer funds.”
The settlement resolved a qui tam whistleblower suit filed by Paul Pew, the former Vice President and Chief Financial Officer of Advanced Medical Management. Pew’s share of the recovery had not been determined at the time of the settlement.
$4.6 Million Settlement Over Cybersecurity Fraud Allegations
On March 26, the DOJ also announced a $4.6 million settlement MORSECORP Inc. resolving allegations that MORES violated the FCA by failing to comply with cybersecurity requirements in its contracts with the Departments of the Army and Air Force.
According to the DOJ, MORSE “submitted false or fraudulent claims for payment on contracts with the Departments of the Army and Air Force” and “those claims were false or fraudulent because Morse knew it had not complied with those contracts’ cybersecurity requirements.”
Among other things, the DOJ accused MORSE of “use[ing] a third-party company to host MORSE’s emails without requiring and ensuring that the third party met security requirements equivalent to the Federal Risk and Authorization Management Program Moderate baseline and complied with the Department of Defense’s requirements for cyber incident reporting, malicious software, media preservation and protection, access to additional information and equipment necessary for forensic analysis and cyber incident damage assessment.”
“Federal contractors must fulfill their obligations to protect sensitive government information from cyber threats,” said U.S. Attorney Leah B. Foley for the District of Massachusetts. “We will continue to hold contractors to their commitments to follow cybersecurity standards to ensure that federal agencies and taxpayers get what they paid for, and make sure that contractors who follow the rules are not at a competitive disadvantage.”
The settlement stemmed from a qui tam lawsuit filed by a whistleblower who is set to receive an $851,000 share of the settlement amount.
$15 Million Settlement Over Defense Contract Fraud Allegations
On April 1, the DOJ announced that DRI Relays Inc. agreed to pay $15.7 million to resolve allegations that it violated the FCA by supplying military parts that did not meet military specifications.
According to the DOJ, “between 2015 and 2021, under various Department of Defense (DoD) contracts and subcontracts, DRI invoiced for military grade electrical relays and sockets when it knew those parts had not met the testing requirements to be deemed military grade.”
“It is essential to the safety and operational readiness of our military that contractors comply with applicable military specifications,” said Acting Assistant Attorney General Yaakov M. Roth of the Justice Department’s Civil Division. “We will continue to hold accountable those who knowingly supply equipment to the U.S. military that fails to meet their contract obligations.”
$1.9 Million Settlement Over Kickback Allegations
On March 6, the DOJ announced that a group of health care providers and laboratory marketers agreed to pay a total of $1.9 million to resolve FCA allegations arising from their involvement in laboratory kickback schemes.
According to the DOJ, “health care providers received kickbacks in return for their referrals to a laboratory in Anderson, South Carolina” and “a marketer and his marketing company received kickbacks from that South Carolina laboratory to arrange for laboratory testing referrals.”
For example, according to the DOJ, one doctor and his medical practices “agreed to pay $400,000 to resolve allegations that from May 2016 to November 2021, they received thousands of dollars in remuneration disguised as purported office space rental and phlebotomy payments from the South Carolina laboratory in return for ordering testing.”
These alleged kickbacks were in violation of the Anti-Kickback Statute.
“Integrity must be the standard in our health care system,” said Acting U.S. Attorney Brook B. Andrews for the District of South Carolina. “Kickback schemes divert funds and focus away from patients and their medical needs.”
Conclusion
As these settlements show, the False Claims Act remains America’s number one anti-fraud law, covering a wide range of fraud affecting the federal government. Since 1986, the FCA has allowed the government to recover over $78 billion, with more than $55 billion stemming from qui tam whistleblower lawsuits.
Individuals looking to file a qui tam lawsuit alleging False Claims Act violations should consult an experienced whistleblower attorney.
Geoff Schweller also contributed to this article.

FCC Grants Narrow One Year Effective Date Extension of TCPA Consent Revocation Requirement

Readers may recall that in February 2024, the FCC adopted a Report and Order imposing a number of new TCPA caller and texter compliance obligations in connection with consumer revocation requests, which are applicable to calls and text messages that otherwise require consent under the TCPA and the FCC’s rules. Those rules are slated to go into effect on April 11, 2025.
The FCC, however, has now issued a narrow, limited waiver of one aspect of those rules in the new Section 64.1200(a)(10) of its rules, extending the effective date of that section until April 11, 2026, to the extent the new rule requires callers and texters “to treat a request to revoke consent made by a called party in response to one type of message as applicable to all future robocalls and robotexts from that caller on unrelated matters.” The waiver was granted in response to requests from several associations of banks and financial institutions, supported by a healthcare industry vendor, stating that additional time is needed to ensure that entities can accurately apply revocation requests sent in response to one business unit’s calls or messages to future communications from its other business units.
Note that the waiver order emphasized that the one-year extension applies “only to section 64.1200(a)(10) to the extent discussed” in the order, and that it was only “delay[ing] the effective date of any such requirement” in the rule to treat an opt out from one messaging program of a caller as an opt out of all other messaging programs requiring consent. Thus, other aspects of the new rule appear unaffected by the waiver order, and are slated to go into effect on April 11, 2025 as previously announced.
These include, that callers and senders, as applicable: (i) must honor revocation requests made using an automated, interactive voice or key press-activated opt-out mechanism on a call; (ii) must honor revocation requests through seven specific texted back keywords (stop, quit, end, revoke, opt out, cancel, and unsubscribe); (iii) must treat other natural language text-backs by consumers as a valid revocation request if “a reasonable person” would understand those words to have conveyed a request to revoke consent; (iv) must honor revocation requests in a reasonable period of time, not to exceed 10 day; and (iv) may not designate an exclusive means to request revocation of consent.
Note too, that the February 2024 revocation mandate Report and Order included a wide range of revocation and consent issues not covered in the waiver order, as well as adopting additional rule sections. All of these likewise remain unaffected by the waiver order, which you can read about in our earlier our previous blog post here.

CFPB Drops Lawsuit Against Money Transmitter

On April 8, a federal court granted the CFPB’s motion to withdraw from its joint enforcement action against a global money transmitter. The lawsuit, originally filed in April 2022 in partnership with the New York Attorney General, alleged violations of the Electronic Fund Transfer Act (EFTA), including the Remittance Rule under its implementing Regulation E.
The complaint detailed a range of statutory and regulatory violations affecting remittance transfers used by consumers to send funds abroad. The core allegations included:

Inaccurate availability disclosures. The company allegedly failed to accurately disclose the date on which funds would be available to recipients.
Deficient error resolution. The company purportedly failed to promptly investigate consumer complaints, issue required fee refunds, or provide mandated explanations and documentation.
Noncompliant internal procedures. Regulators alleged the company lacked adequate written policies to identify covered errors, ensure timely investigations, and retain necessary compliance documentation.
Unfair acts under the CFPA. The Bureau and the New York AG alleged that the company unnecessarily delayed remittance transfers and refunds after completing internal screenings, leaving consumers without timely access to funds.

The lawsuit will now proceed with the New York AG as the sole plaintiff.
Putting It Into Practice: The CFPB’s withdrawal from this case is consistent with a broader trend of reassessing enforcement actions initiated under prior leadership (previously discussed here and here). While the Bureau appears to be narrowing its enforcement focus, state regulators—such as the New York Attorney General—continue to pursue consumer protection matters with vigor (discussed here). Financial services companies should not interpret reduced federal activity as a reprieve.

The BR International Trade Report: April 2025

Welcome to this month’s issue of The BR International Trade Report, Blank Rome’s monthly digital newsletter highlighting international trade, sanctions, cross-border investment, geopolitical risk issues, trends, and laws impacting businesses domestically and abroad.

Recent Developments
United States implements universal baseline tariffs while pausing reciprocal tariffs—except against China.

On April 2, President Trump announced reciprocal tariffs on almost all imports into the United States, which his administration rolled out in two phases:

On April 5, imports from all countries became subject to a 10 percent baseline tariff.
On April 9, the tariff rate increased for imports from 56 countries and the European Union, countries with which the United States has determined it has the largest trade deficits. This included a 34% tariff on Chinese goods.

Later, in response to China’s retaliatory tariffs of 34% on U.S. goods (see below), President Trump levied an additional 50% in tariffs on Chinese goods, which China then matched.
On April 9, President Trump announced a 90-day pause on implementation of the second wave of reciprocal tariffs noted above, except with respect to import of Chinese goods, which saw a further increase in tariffs to 125%.
Notably, certain products are excluded from the new tariff program, including items subject to Section 232 tariffs and articles that comply with United States-Mexico-Canada Act (“USMCA”) preferential origin rules. See our alert for more details.

Global trading partners react to United States reciprocal tariffs. In the aftermath of President Trump’s reciprocal tariffs announcement, U.S. trading partners have taken differing approaches to President Trump’s new tariffs.

Some, like Israel, India, and Vietnam, reportedly have contacted the White House to negotiate a deal. When President Trump announced on Truth Social that he was postponing the tariffs, he claimed that more than 75 countries have reached out to negotiate.
China, in stark contrast, announced retaliatory tariffs of 34 percent, expanded its export controls, and vowed to “fight to the end.” In response, President Trump increased the U.S. tariff on Chinese goods. After a series of escalating moves, at press time, the U.S tariff on Chinese goods stood at 145% (125% for reciprocal tariffs plus a 20% tariff related to the fentanyl crisis), while China is imposing a 125% retaliatory tariff on U.S. goods.
Meanwhile, the European Union reportedly is doing both: authorizing retaliatory tariffs on around €22 billion of imports of U.S. goods into Europe, while offering a “zero for zero” tariff deal for cars and other industrial products. In response to the Trump Administration’s pause on reciprocal tariffs, the EU has paused its retaliatory measures.

China, Japan, and South Korea meet to discuss possible free trade agreement. On March 30, the three countries held their first economic talks in years, agreeing to “closely cooperate for a comprehensive and high-level” dialogue on a free trade agreement to promote “regional and global trade.” Chinese state media took things a step further, claiming that the countries had agreed to coordinate their response to U.S. tariffs, which South Korea described as “somewhat exaggerated” and which Japan denied.
White House releases public summary of the Report to the President on the America First Trade Policy. On April 3, the White House publicized a summary of various U.S. government agencies’ April 1 report to President Trump on the implementation of his “America First” trade policy, although the summary did not provide definitive details regarding the report’s contents. The summary notes that the report examined a range of China-related trade actions, as well as “simpler, stricter, and more effective” export controls and possible expanded U.S. government review of outbound U.S. investment into China.
President Trump orders new CFIUS review of Nippon Steel’s proposed acquisition of U.S. Steel. On April 7, President Trump called for the Committee on Foreign Investment in the United States (“CFIUS”) to conduct a de novo review of the proposed acquisition of U.S. Steel by Japan’s Nippon Steel. President Trump’s directive comes after former President Joe Biden blocked the acquisition of U.S. Steel prior to his departure from the White House.
European Union considering joining Canada in World Trade Organization case against U.S. steel and aluminum tariffs. On March 12, Canada filed a request for consultations at the World Trade Organization (“WTO”), alleging that U.S. steel and aluminum tariffs are “inconsistent with the United States’ obligations under the [General Agreement on Tariffs and Trade 1994].” Reports indicate that the European Union may join Canada’s complaint as the economic “bloc has a ‘substantial trade interest’ in the issue.” The dispute complaint is largely symbolic in nature, as since 2019, the WTO’s appellate body has been nonfunctioning.
Coalition government formed in Germany amid economic uncertainty. The German center-right Christian Democratic Union (“CDU”), led by Chancellor-in-waiting Friedrich Merz, and the center-left Social Democratic Party (“SPD”) reached an agreement to form a coalition government. The need for a centrist coalition was driven by uncertainty regarding American tariffs and the continuation of the Ukraine War, along with an impetus to keep the Alternative for Germany (“AfD”) party out of power. Merz has touted the agreement as evidence that Germany will be a reliable and capable force in Europe.
Democratic Republic of the Congo seeks critical minerals deal with the United States. Representative Ronny Jackson (R-TX) met with Democratic Republic of the Congo (“DRC”) President Felix Tshisekedi in late March to discuss a potential critical minerals deal between the countries. The potential deal comes as the DRC seeks to secure funding to contain the conflict with the Rwandan-backed M23 rebels in its east. Massad Boulos, President Donald Trump’s senior advisor for Africa, indicated that the White House had reviewed a minerals agreement between the United States and the DRC and that President Trump and Boulos had “agreed on a path forward for its development.”
President Trump extends TikTok sale deadline. On April 4, President Donald Trump announced that he would pause the upcoming ban of TikTok, set for April 5 under a law that President Biden signed last year requiring divestiture of TikTok’s U.S. operations, for another seventy-five days. The extension comes after representatives of ByteDance, TikTok’s parent, reportedly told the White House that the Chinese government would not approve a sale of the company without negotiations over tariffs. President Trump has suggested that he may lower tariffs on U.S. imports of Chinese-origin items if Beijing approves the sale.
Impeached South Korean President Yoon Suk Yeol removed from office. On April 4, South Korea’s Constitutional Court voted unanimously to remove Yoon Suk Yeol, the country’s impeached president, from office for his December 2024 martial law declaration. South Korea will hold a snap presidential election on June 3, 2025.

In Case You Missed It…
Liberation Day: President Trump Unveils Global, Reciprocal Tariffs – What You Need to KnowBlank Rome partner Joanne E. Osendarp, of counsel Timothy J. Hruby, senior counsel Alan G. Kashdan, and associates Brenden S. Saslow, Rachel D. Evans, and Christopher A. Kimura authored this alert assessing the recently announced global tariffs initiated by the Trump administration.
Read More > >
Christopher A. Kimura also contributed to this article.

Hong Kong SFC’s New Roadmap to Develop Hong Kong as a Global Virtual Asset Hub: ASPIRe

The Hong Kong Securities and Futures Commission (SFC) has recently unveiled a growth plan for the virtual asset (VA) industry, outlined in a five-pillar roadmap called “A-S-P-I-Re.” This roadmap consists of 12 initiatives organized into five categories: Access, Safeguards, Products, Infrastructure, and Relationships.
Pillar “A” (Access) – Expanding Opportunities for Investors
Initiative 1: Establish Licensing for OTC Trading and Custody Services
The SFC will support a licensing framework for over-the-counter (OTC) trading, ensuring parity between OTC operators and VA trading platforms (VATPs). A separate licensing regime for custody services will create a two-tier structure for trading and custody.
Initiative 2: Attract Global Platforms and Liquidity Providers
The SFC aims to encourage international VA platforms to set up local operations and streamline onboarding for institutional-grade liquidity providers, enhancing market liquidity.
Pillar “S” (Safeguards) – Balancing Investor Protection with Flexible Regulations
Initiative 3: Dynamic Custody Technologies
The SFC will explore emerging custody technologies, moving away from rigid cold storage mandates to more flexible and security-focused frameworks.
Initiative 4: Enhance Insurance and Compensation Frameworks
The SFC will align compensation and insurance requirements with global standards, allowing VA service providers to tailor their arrangements.
Initiative 5: Clarify Onboarding and Product Categorization
The SFC will clarify investor onboarding processes and create a classification system for VA products based on their nature and associated risks.
Pillar “P” (Products) – Diversifying VA Offerings
Initiative 6: Regulatory Framework for Professional Investors
The SFC will consider allowing professional investors to participate in new token listings and trade VA derivatives, contingent on due diligence and risk management.
Initiative 7: Margin Financing Requirements
The SFC will introduce margin financing requirements for VA, making it easier for traditional finance to engage with familiar risk practices.
Initiative 8: Staking and Borrowing/Lending Services
The SFC will evaluate the possibility of allowing staking and borrowing/lending services for professional investors, supported by appropriate risk management safeguards. As a follow-on action, on 7 April 2025, the SFC issued guidelines on licensed VATPs and authorized funds in relation to the provision of staking services.
Pillar “I” (Infrastructure) – Improving Market Monitoring and Collaboration
Initiative 9: Advanced Reporting and Surveillance Tools
The SFC will implement blockchain analytics tools and transaction monitoring systems to combat fraud and market misconduct.
Initiative 10: Strengthen Cross-Agency and Cross-Border Collaboration
The SFC will promote local and global collaboration to establish a comprehensive framework for risk monitoring and asset recovery.
Pillar “Re” (Relationships) – Fostering Education, Engagement, and Transparency
Initiative 11: Guidelines for Financial Influencers
The SFC will introduce guidelines for financial influencers (Finfluencers) to encourage responsible communication and protect investor interests.
Initiative 12: Build a Sustainable Communication and Talent Network
The SFC will work with stakeholders through the Virtual Asset Consultative Panel and support training programs.
Conclusion
The A-S-P-I-Re roadmap presents a comprehensive strategy to sustain Hong Kong’s VA market by integrating traditional finance with blockchain innovation. By addressing regulatory gaps and promoting collaboration, the SFC is positioning Hong Kong as a global leader in the VA industry.

California DFPI Proposes Digital Asset Licensing Rule

On April 4, the California Department of Financial Protection and Innovation (DFPI) issued proposed regulations under the Digital Financial Assets Law (DFAL). The proposal provides clarification on DFAL’s licensing framework and identifies when digital asset activity may qualify for exemptions under California’s Money Transmission Act.
The proposal builds on legislation passed in 2023 and 2024—including Assembly Bill 39, Senate Bill 401, and Assembly Bill 1934—which established the DFAL and later pushed back its implementation deadline. Beginning July 1, 2026, companies engaging in covered digital financial asset business activity with or on behalf of California residents must be licensed by DFPI, have a pending application on file, or qualify for an exemption.
The proposed regulations aim to implement the Digital Financial Assets Law by clarifying licensing procedures, exemptions, and reporting obligations. The rule is intended to enhance transparency, improve oversight, and support the development of a safe, regulated digital asset market in California. Key provisions include:

License application procedures. The proposed regulations detail how covered persons must apply for licensure, including the use of the Nationwide Multistate Licensing System and Registry (NMLS) and required supporting materials.
Surety bond requirements. The proposal explains how licensees must demonstrate compliance with DFAL’s surety bond obligations, including documentation standards.
Material change notifications. Applicants and licensees must notify the DFPI of any changes to application information, including business addresses and control persons.
Kiosk disclosures. Operators of digital financial asset kiosks must report locations and provide updates to the Department as changes occur.
Exemption from MTA Licensure. The rule clarifies that money transmission incidental to digital asset activity does not trigger licensure under California’s Money Transmission Act.

The DFPI has invited written public comment through May 19, 2025, and will hold a hearing if requested by April 30. The Department estimates that compliance with the proposed regulations will cost approximately $8,190.18 in the first full year, with $150 in annual fees thereafter.
Putting It Into Practice: The proposed regulations represent California’s first substantive rulemaking under DFAL and reinforce the state’s intent to become a leader in digital financial asset oversight. The move follows several digital asset regulations enacted by several states (previously discussed here and here). With California now entering the crypto regulatory space, other states are likely to follow.

Category: Communications, Media & Internet