California’s Wait Is Nearly Over: New AI Employment Discrimination Regulations Move Toward Final Publication
The California Civil Rights Council has advanced new regulations regarding employers’ use of artificial intelligence (AI) and automated decision-making systems, clearing the way for them to take effect later this year. The new regulations will make the state one of the first to adopt comprehensive regulations regarding the growing use of such technologies to make employment decisions.
Quick Hits
The California Civil Rights Department finalized modified regulations for employers’ use of AI and automated decision-making systems.
The regulations confirm that the use of such technology to make employment decisions may violate the state’s anti-discrimination laws and clarify limits on such technology, including in conducting criminal background checks and medical/psychological inquiries.
On March 21, 2025, the Civil Rights Council, a branch of the California Civil Rights Department (CRD), voted to approve the final and modified text of California’s new “Employment Regulations Regarding Automated-Decision Systems.” The regulations were filed with the Office of Administrative Law, which must approve the regulations. At this time, it is not clear when the finalized modifications will take effect, although they are likely to become effective this year.
The CRD has been considering automated-decision system regulations for years amid concerns over employers’ increasing use of AI and other automated decision-making systems, or “Automated-Decision Systems,” to make or facilitate employment decisions, such as recruitment, hiring, and promotions.
While the final regulations have some key differences from the proposed regulations released in May 2024, they clarify that it is unlawful to use AI and automated decision-making systems to make employment decisions that discriminate against applicants or employees in a way prohibited by the California Fair Employment and Housing Act (FEHA) or other California antidiscrimination laws.
Here are some key aspects of the final regulations.
Automated-Decision Systems
The final regulations define “automated-decision system[s]” as “[a] computational process that makes a decision or facilitates human decision making regarding an employment benefit,” including processes that “may be derived from and/or use artificial intelligence, machine-learning, algorithms, statistics, and/or other data processing techniques.” This definition is narrower than the proposed regulations, which would have included any computational process that “screens, evaluates, categorizes, or otherwise makes a decision….”
Covered systems include a range of technological processes, including tests, games, or puzzles used to assess applicants or employees, processes for targeting job advertisements, screening resumes, processes to analyze “facial expression, word choice, and/or voice in online interviews,” or processes to “analyz[e] employee or applicant data acquired from third parties.” Such systems do not include “word processing software, spreadsheet software, [and] map navigation systems.”
Automated-decision systems do not include typical software or programs such as word processors, spreadsheets, map navigation systems, web hosting, firewalls, and common security software, “provided that these technologies do not make a decision regarding an employment benefit.” Notably, the final regulations do not include language from the proposed rule’s excluded technology provision that would have excluded systems used to “facilitate human decision making regarding” an employment benefit.
Other Key Terms
“Agent”—The final regulations would consider an employer’s “agent” to be an “employer” under the FEHA regulations. An “agent” would be defined as “any person acting on behalf of an employer, directly or indirectly, to exercise a function traditionally exercised by the employer or any other FEHA-regulated activity … including when such activities and decisions are conducted in whole or in part through the use of an automated decision system.” (Emphasis added.)
“Automated-Decision System Data”—The regulations define such data as “[a]ny data used to develop or customize an automated-decision system for use by a particular employer or other covered entity.” However, the final regulations narrow what is included as “automated-decision system data,” removing language from the proposed regulations that would have included “[a]ny data used in the process of developing and/or applying machine learning, algorithms, and/or artificial intelligence” used in an automated-decision system, including “data used to train a machine learning algorithm.” (Emphasis added.)
“Artificial Intelligence”—The regulations define AI as “[a] machine-based system that infers, from the input it receives, how to generate outputs,” which can include “predictions, content, recommendations, or decisions.” The proposed regulations had included “machine learning system[s] that can, for a given set of human defined objectives, make predictions, recommendations, or decisions.”
“Machine Learning”—The term is defined as the “ability for a computer to use and learn from its own analysis of data or experience and apply this learning automatically in future calculations or tasks.”
Unlawful Selection Criteria
Potentially discriminatory hiring tools have long been unlawful in California, but the final regulations confirm that those antidiscrimination laws apply to potential discrimination on the basis of protected class or disability that is carried out by AI or automated decision-making systems. Specifically, the regulations state that it is “unlawful for an employer or other covered entity to use an automated-decision system or selection criteria (including a qualification standard, employment test, or proxy) that discriminates against an applicant or employee or a class of applicants or employees on a basis protected” by FEHA.
Removal of Disparate Impact
However, the final regulations do not include the proposed definition of “adverse impact” caused by an automated-decision system under the FEHA regulations. The prior proposed regulations had specified that an adverse impact includes “disparate impact” theories and may be the result of a “facially neutral practice that negatively limits, screens out, tends to limit or screen out, ranks, or prioritizes applicants or employees on a basis protected by” FEHA. Further, the final regulations do not include similar language defining automated-decision systems to include systems that screen out or make decisions related to employment benefits.
Pre-Employment Practices
The final regulations further clarify that the use of online application technology that “screens out, ranks, or prioritizes applicants based on” scheduling restrictions “may discriminate against applicants based on their religious creed, disability, or medical condition,” unless it is job-related and required by business necessity and there is a mechanism for the applicant to request an accommodation.
The regulations specify that this would apply to automated-decision systems. The regulations state that use of such a system “that, for example, measures an applicant’s skill, dexterity, reaction time, and/or other abilities or characteristics may discriminate against individuals with certain disabilities or other characteristics protected under the Act” without reasonable accommodation may result in unlawful discrimination. Similarly, a system that “analyzes an applicant’s tone of voice, facial expressions or other physical characteristics or behavior may discriminate against individuals based on race, national origin, gender, disability, or other” protected characteristic may result in unlawful discrimination.
Criminal Records
California law provides that before employers deny applicants based on a criminal record, the employer “must first make an individualized assessment of whether the applicant’s conviction history has a direct and adverse relationship with the specific duties of the job” that would justify denying the applicant. The final regulations state that “prohibited consideration” of criminal records “includes, but is not limited to, inquiring about criminal history through an employment application, background check, or the use of an automated-decision system.” (Emphasis added.)
However, the final regulations do not include the proposed language that would have clarified that the use of an automated decision-system alone, “in the absence of additional processes or actions” is not a sufficient individualized assessment. The final regulations further do not include the proposed language that would have required employers to provide “a copy or description” of a report generated that is used to withdraw a conditional job offer.
Unlawful Medical or Psychological Inquiries
The final regulations state that rules against asking job applicants about their medical or psychological histories include “through the use of an automated-decision system.” The regulations state that such an inquiry “includes any such examination or inquiry administered through the use of an automate-decision system,” including puzzles or games that are “likely to elicit information about a disability.”
Third-Party Liability
The final regulations clarify that the prohibitions on aiding and abetting unlawful employment practices apply to the use of automated decision-making systems, potentially implicating third parties that design or implement such systems. Still, the regulations specify that “evidence, or the lack of evidence, of anti-bias testing or similar proactive efforts to avoid unlawful discrimination, including the quality, efficacy, recency, and scope of such effort, the results of such testing or other effort, and the response to the results” is relevant to a claim of unlawful discrimination. However, the final regulations do not include the proposed language that would have created third-party liability for the design and development and advertising, promotion, or sale of such systems.
Next Steps
Once effective, the final regulations will make California one of the first jurisdictions to promulgate comprehensive regulations concerning AI and/or automated decision-making technologies, along with Colorado, Illinois, and New York City. The regulations also come as President Donald Trump is seeking to reshape federal AI policy, focusing on removing barriers to the United States being a leader in the development of the technology. The new policy shifts away from the Biden administration’s focus on safeguarding employees and consumers from potential negative impacts from the use of such technology, particularly the possibility of unlawful employment discrimination and harassment. It is expected that states and localities will continue to regulate AI to fill in the gap.
10 Ideas for MSHA Leaders in the Trump Administration to Consider
The Trump administration has made a number of changes to the Mine Safety and Health Administration (MSHA) already, and more are sure to come. So now is as good a time as ever to list some ideas for the new agency leadership to consider.
Quick Hits
The Trump administration has already implemented several changes to MSHA, with more expected, prompting a call for new leadership to consider ideas such as improving inspector consistency and deemphasizing noncritical safety standards.
Enhancing compliance outreach, especially for small or new mines, and advocating for rule changes are key priorities for mine operators.
To promote safety and health, MSHA should increase transparency in inspector training, issue more policy guidance, emphasize compliance assistance, manage inspector professionalism, continue issuing safety alerts, and hold all stakeholder meetings with online participation options.
Improving consistency regarding inspector interpretation of MSHA standards is at the top of many operator lists. Deemphasizing spending inspection time on standards that do not appreciably affect safety is high on the list of priorities, as well.
Yet another priority is enhancing compliance outreach for all operators—especially small or new mines. Operators may also want to advocate for certain rules to be changed.
Ten Ideas for MSHA to Explore
Mine operators will likely have many more good ideas to add to this list. Once a new assistant secretary at MSHA is in place, the mining industry should be ready to offer these suggestions—and more. Here are ten suggestions to get things rolling:
1. Establish a means via MSHA’s website for operators to submit to agency headquarters specific examples of misinterpretations of standards and other issues that occur in the field.
This will provide an opportunity for headquarters to weigh in. It will also allow headquarters to be informed directly by operators about what’s happening in the districts.
A specific occurrence may end up being resolved at the local level, but it is important for headquarters to know and track trends. This would present opportunities to enhance inspector training or issuance of guidance to operators.
2. Improve transparency and fair notice to operators by providing more information on how new and existing inspectors are being trained on the Mine Act and MSHA’s standards. This will help compliance, as well as increase the overall understanding regarding how inspectors are to apply the law.
3. MSHA should generally issue more policy guidance for new and existing standards.
4. End the growing practice of issuing citations for workplace examinations based on other violations being found in an area. MSHA’s “Program Policy Manual” states that the agency will not do this, yet it has become a common practice.
5. Increase the agency’s emphasis on compliance assistance to mine operators. This directly contributes to the agency’s mission of promoting safety and health by not only providing operators with information to help reduce exposure to hazards, but by enhancing the agency’s goodwill with operators and miners.
Such goodwill can help operators be fully receptive to the compliance assistance and lessons learned when enforcement is necessary. It can also facilitate further positive interactions with the agency that can help to improve safety.
6. As for specific standards to de-emphasize, we are not suggesting reinstating MSHA’s “Rules to Live By.” That list was largely used to justify heightened enforcement.
What we mean here is there are certain standards that are cited more than they should be given how minor the conditions typically are. Inspection time, which will be more critical given the shortage of inspectors, could be better spent if inspectors are not devoting energy to looking for things like whether switches are labeled in electrical boxes or portable extension cords have had a continuity check done.
7. MSHA needs to manage its inspector workforce to promote professionalism and good use of official time on duty. Inspectors who spend time berating the mine operator and its managers and using aggressive tactics to intimidate foremen and miners are hurting the agency’s effectiveness.
8. MSHA should continue to issue fatalgrams and other best practices alerts. The agency should provide updates on its fatal accident reports to note when citations issued in the investigation were modified or vacated.
9. MSHA’s ability to change its current final rules is constrained by the Mine Act, but there are certainly opportunities to do so without diminishing safety. Among the obvious rule changes needed are the prohibitions in MSHA’s crystalline silica rule on the use of respirators and rotation of miners for compliance.
10. On a positive note, MSHA should continue its stakeholder meetings at the district level and at the headquarters level. District-level meetings should always offer an online participation option, but not all do.
Stakeholder meetings are a great opportunity for the agency to provide updates and safety information, as well as answer questions from the audience.
What’s Next for MSHA Amid Government Dismantlement?
As everyone in the country watches the Trump administration’s dramatic downsizing of the federal government, there have been many comments and opinions about how this process will impact Mine Safety and Health Administration (MSHA) enforcement.
Quick Hits
Despite the Trump administration’s downsizing of the federal government, mine operators may want to continue their efforts to maintain safe workplaces due to the Mine Act’s inspection requirements and political support for MSHA’s mission.
The possibility of reduced MSHA inspections is tempered by legal requirements and political considerations, though manpower restrictions and hiring freezes may complicate the agency’s ability to meet its obligations.
While the new administration’s deregulation efforts may halt the introduction of new MSHA regulations, existing regulations like the silica rule are unlikely to be eliminated due to procedural and legal constraints.
Specifically, some have opined that this development will produce fewer inspections, eliminate unpopular regulations, and create a much more sympathetic enforcement environment for mine operators.
While we will clearly acknowledge that the current government dismantlement project is unprecedented, our past experience with other government overhauls, including the first Trump administration’s efforts, somewhat tamps down that enthusiasm. At a minimum, that experience tells us mine operators will want to continue their good-faith, effective efforts to maintain safe workplaces for their personnel.
The idea that inspections might slow down during the new administration is tempered by two important points. First, the Mine Act, passed by the U.S. Congress in 1977, requires that all surface mines receive at least two annual inspections and that underground mines receive at least four annual inspections. That’s the law, and it is theoretically very tough to get around that.
Second, the Trump campaign heavily courted voters in the coalfield states, which contain a large mining community constituency that strongly supports MSHA’s mission. Undercutting that mission would be politically difficult.
Inspection Impacts
Still, the idea of reduced inspections is not complete fantasy.
It is no secret that MSHA was already—due to manpower restrictions—having a hard time completing its annual “twos” and “fours.” The deferred resignation program, sweeping layoffs, and hiring freezes affecting the entire government will certainly complicate the agency’s efforts to complete its inspection obligations.
As of this writing, there is no indication of whether the Department of Government Efficiency (DOGE) will allow the Office of Personnel Management to issue a hiring freeze waiver to MSHA. Without that waiver, MSHA can only add one employee for every four that leave the agency.
It is worth noting that, in the past, when MSHA has not met its “twos” and “fours” commitment, the U.S. Department of Labor’s Office of Inspector General (OIG) has stepped in to force increased efforts. The administration’s firing of this inspector general, among many others, and the reduction of the agency’s OIG watchdog department has made it unlikely there will be similar pressure on inspections in the near term.
To say the situation is fluid is an understatement. Nonetheless, inspector visits should still be anticipated.
Next for Rulemaking
We have also heard a good deal of speculation that the new administration’s deregulation bent could eliminate some of the more onerous regulations confronting mine operators.
On many people’s lists are the Biden administration’s silica rule and surface mobile equipment rule, and the Obama administration’s enhanced workplace examination rule. Again, a reality check is necessary.
While it is a virtual certainty that no new regulations will be promulgated at MSHA during the next four years following an executive order requiring ten regulations to be repealed for every regulation added, it is unlikely that any existing regulation—silica or otherwise—will be eliminated.
The reason for this is the procedure must be followed in order to repeal or amend a regulation. Essentially, it requires full notice and comment rulemaking with an opportunity for stakeholders to weigh in on proposed changes.
Anecdotally, the group within the agency that would conduct and manage such a rulemaking appeal or amendment process has been decimated by the current cuts. In effect, the resources necessary to carry such a process through may not be available.
Even more significantly, Section 101(a)(9) of the Mine Act states that “[n]o mandatory health or safety standard promulgated under this title shall reduce the protection afforded miners by an existing mandatory health or safety standard.” This is a difficult requirement to overcome. It is the provision that prevented the Trump administration from making any inroads with regard to existing MSHA standards in its first four years.
Most mine operators are simply ignoring “the noise” at this point and continuing to advance their safety performance. Their safety efforts have always been based on ensuring the welfare of their miners rather than on meeting government benchmarks.
EC Scientific Committee Begins Public Consultation on Preliminary Opinion on Hydroxyapatite (Nano)
On April 3, 2024, the European Commission’s (EC) Scientific Committee on Consumer Safety (SCCS) began a public consultation on its preliminary opinion on the safety of hydroxyapatite (nano) in oral products. The EC asked SCCS if it considers hydroxyapatite (nano) safe when used in toothpaste up to a maximum concentration of 29.5 percent and in mouthwash up to a maximum concentration of ten percent according to the specifications as reported in the submission, taking into account reasonably foreseeable exposure conditions. According to the preliminary opinion, based on the data provided, SCCS considers hydroxyapatite (nano) safe when used at concentrations up to 29.5 percent in toothpaste, and up to ten percent in mouthwash. SCCS notes that this conclusion is based on the available evidence that shows that hydroxyapatite (nano) does not pose a mutagenic hazard or cytotoxicity or inflammatory effects even when tested at high concentrations in a buccal mucosa cell model. According to SCCS, any uptake by buccal mucosa is considered negligible, and the epithelial cells with internalized particles will be shed over time as they are continually replaced. SCCS states that any unintentionally ingested hydroxyapatite nanoparticles during the use of oral-care products “will undergo rapid dissolution in the gastric fluid and therefore do not raise any nano-specific concern over safety.” This opinion applies only to hydroxyapatite (nano) that has the following characteristics:
Composed of rod-shaped particles of which at least 87 percent (in particle number) have aspect ratios equal to or less than three, and the remaining 13 percent have aspect ratios not exceeding nine; and
The hydroxyapatite particles are not coated or surface modified.
The preliminary opinion is not applicable to any hydroxyapatite (nano) material that is composed of or contains needle-shaped particles. Comments on the preliminary opinion are due May 30, 2025.
DOJ Rule Restricting Sensitive Data Transfers Takes Effect
Today, April 8, 2025, the U.S. Department of Justice’s Final Rule restricting transfers of bulk sensitive personal data and U.S. government-related data becomes effective, implementing former President Biden’s Executive Order 14117 – Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (the “Final Rule”). The Final Rule aims to protect U.S. national security by restricting certain data transactions with covered persons or countries of concern, which currently include Russia, Iran, North Korea, Cuba, Venezuela, and China (including Hong Kong and Macau). U.S. businesses must work now to ensure compliance and avoid significant penalties for violations.
The Final Rule defines many key terms such as “covered data transaction,” “country of concern,” “U.S. person,” “covered person,” “bulk U.S. sensitive personal data,” “government-related data,” “human ‘omic data,” and “knowingly,” while providing examples of restricted transactions. Ultimately, the Final Rule prohibits certain transfers of U.S. government related data and bulk U.S. sensitive personal data to covered persons (see §202.243 Prohibited Transaction), adopting a 50% ownership threshold to capture certain foreign persons as covered persons akin to Office of Foreign Assets Control (OFAC) sanction designations for covered persons (see §202.211 Covered Person).
U.S. government-related data means certain precise geolocation data, regardless of volume, explicitly enumerated in the rule and any sensitive data, regardless of volume, linkable to current or recent employees of the U.S. government (see §202.222 Government-Related Data and §202.1401 Government-Related Location Data List).
While bulk U.S. sensitive personal data means any amount of sensitive personal data that meets or exceeds the following thresholds at any point in the preceding 12 months, whether through a single covered data transaction or aggregated across covered data transactions involving the same U.S. person and the same foreign person or covered person:
Human ‘omic data collected about or maintained on more than 1,000 U.S. persons, or, in the case of human genomic data, more than 100 U.S. persons (human ‘omic data includes human genomic data, human epigenomic data, human proteomic data, and human transcriptomic data, but excludes pathogen-specific data embedded in human ‘omic data sets);
Biometric identifiers collected about or maintained on more than 1,000 U.S. persons;
Precise geolocation data collected about or maintained on more than 1,000 U.S. devices;
Personal health data collected about or maintained on more than 10,000 U.S. persons;
Personal financial data collected about or maintained on more than 10,000 U.S. persons;
Covered personal identifiers collected about or maintained on more than 100,000 U.S. persons; or
certain data combinations of (a) – (f) combined data (see§202.205 Bulk and 202.206 Bulk U.S. Sensitive Personal Data).
Prohibited Transactions
The Final Rule prohibits U.S. persons from:
Knowingly engaging in any covered data transaction involving data brokerage with a country of concern or covered person; a covered data transaction is any transaction that involves any access by a country of concern or covered person to any government-related data or bulk U.S. sensitive personal data and that involves: (a) data brokerage; (b) a vendor agreement; (c) an employment agreement; or (d) an investment agreement (see 202.301 Prohibited Data-Brokerage Transactions and §202.210 Covered Data Transaction).
Knowingly engaging in any transaction that involves any access by a foreign person to government-related data or bulk U.S. sensitive personal data and that involves data brokerage with any person unless the foreign person is contractually restricted from engaging in a subsequent covered data transaction involving data brokerage of the same data with a country of concern or covered person and the U.S. person reports any known or suspected violation of the contractual requirement (see 202.302 Other Prohibited Data-Brokerage Transactions Involving Potential Onward Transfer to Countries of Concern or Covered Persons).
Knowingly engaging in any covered data transaction with a country of concern or covered person that involves access by that country of concern or covered person to bulk U.S. sensitive personal data that involves bulk human ‘omic data, or to certain human biospecimens (see 202.303 Prohibited Human `Omic Data and Human Biospecimen Transactions).
Knowingly directing any transaction that would be a prohibited transaction or a restricted transaction that fails to meet the applicable requirements if such transaction was engaged in by a U.S. person (see 202.305 Knowingly Directing Prohibited or Restricted Transactions).
Evading or avoiding, causing a violation of, or attempting to violate these prohibitions (see 202.304 Prohibited Evasions, Attempts, Causing Violations, and Conspiracies).
The prohibited transactions are categorically prohibited unless otherwise authorized pursuant to an exemption, general license, or specific license.
Restricted Transactions
The Final Rule creates a set of restricted transactions, including a vendor agreement, employment agreement, or investment agreement as to which U.S. persons may engage if the U.S. person complies with certain cybersecurity program requirements published by Cybersecurity & Infrastructure Security Agent (CISA), as well as reporting and recordkeeping requirements (see §202.401 Authorization to Conduct Restricted Transactions).
Exempted Transactions
The Final Rule exempts the following categories of transactions that would otherwise be prohibited or restricted transactions:
Personal Communications
Information and Informational Materials
Travel
Official Business of the U.S. Government
Financial Services
Corporate Group Transactions
Transactions Required or Authorized by Federal Law or International Agreements, or Necessary for Compliance with Federal Law
Investment Agreements Subject to CFIUS Action
Telecommunication Services
Drug, Biological Product, and Medical Device Authorizations
Other Clinical Investigations and Post-Marketing Surveillance Data (see Exempt Transactions §§202.501 through 202.511)
Licensing and Advisory Opinions
The Final Rule provides for processes to obtain licenses authorizing otherwise prohibited or restricted transactions (see Licensing §§202.801 through 202.803). Additionally, the Final Rule provides the ability to apply for advisory opinions as necessary (see Advisory Opinions §202.901).
Reporting and Recordkeeping Requirements
The Final Rule enacts compliance requirements for due diligence, audits of restricted transactions, as well as other record keeping and annual reporting requirements. The reporting requirements include an obligation to file an annual report of certain restricted transactions becoming effective on October 6, 2025 (see Reporting and Recordkeeping Requirements §§202.1101 through 1104).
Penalties
The Final Rule provides substantial civil and criminal penalties for violations. Civil penalties can reach the greater of $368,136 or an amount that is twice the amount of the transaction (subject to adjustment for inflation). For willful violations, criminal penalties include $1 million fines and up to 20-year imprisonment (see Penalties and Finding of Violation §§202.1301 through 202.1306).
Conclusion
The Final Rule becomes effective today April 8, 2025. U.S. businesses that collect, maintain, or transfer sensitive personal data, or government-related data, should carefully review their business activities alongside related data collection and transfer policies. Then the U.S. business may assess potential exposure to liability under the Final Rule, making any necessary policy adjustments for covered data transactions to ensure ongoing compliance for data collection and transfers.
Mielle Organics Sued Over ‘Natural’ and ‘Made in USA’ Claims in Class Action
Mielle Organics Sued Over ‘Natural’ and ‘Made in USA’ Claims in Class Action. Mielle Organics, a well-known hair care brand popular among consumers seeking natural ingredients and scalp-friendly formulas, is facing a new legal challenge. A class action lawsuit filed in a California federal court alleges the company misrepresented its products by marketing them as […]
FCC Delays Key Part of New Consent Revocation Rule Until 2026
Last year, the FCC adopted new rules under the Telephone Consumer Protection Act (TCPA) designed to expand consumers’ rights to revoke consent to receive robocalls and text messages. As we noted in a prior post, these changes were set to take effect on April 11, 2025, and would require businesses to treat any valid opt-out request as revoking consent for all robocalls and texts from that sender — even if the message concerned a different line of business.
However, that all went out the window yesterday. The FCC issued a new order granting a limited one-year delay for this particular requirement, pushing the effective date for this portion of the rule to April 11, 2026.
1. What’s Being Delayed?
The specific rule in question would have required businesses to treat a consumer’s opt-out request as applying to all future robocalls and texts from that sender, even if the messages originated from different business units or covered unrelated subjects. For example, a consumer may want to opt out of marketing text messages from the promotions department but still receive essential communications such as appointment reminders from the scheduling department or fraud alerts from the security team.
With yesterday’s order, the FCC has delayed implementation of this rule only as it relates to this broad application of opt-outs across unrelated communications. The rest of the new TCPA rule — including requirements to honor common opt-out keywords and process revocations within 10 business days — is still on track to go into effect on April 11, 2025.
2. Why the Delay?
The FCC referred to concerns from financial institutions that implementing this part of the rule would pose significant operational and technical challenges. Industry commenters explained that it can be difficult to design systems that appropriately apply a single opt-out request across different departments or business units without overreaching or violating customer intent.
For example, a consumer may want to opt out of text messages from one department but still receive necessary communications from another. Without additional system upgrades, institutions risk either failing to honor revocation requests or overly restricting communications the consumer still wants.
The FCC found that these concerns require more time for the industry to address, and a limited extension will serve the public interest by allowing organizations to adopt compliance solutions in a cost-effective and customer-friendly way.
3. What This Means for Businesses
Companies in the financial services industry should take note:
The April 11, 2025 deadline remains in effect for most parts of the rule, including the requirement to honor common opt-out terms and the 10-business-day response time.
The requirement to treat opt-out requests as applying across all unrelated robocalls and texts from a sender is now delayed until April 11, 2026.
This extension provides a window for organizations to upgrade communication platforms, clarify revocation scopes with customers, and align business units to handle these revocations appropriately.
Businesses should continue to monitor FCC guidance and work to ensure compliance with consent management procedures in advance of the 2025 and 2026 deadlines.
Listen to this post
Landmark Settlement in NCAA NIL Litigation: Federal Judge Approves Settlement Over NIL Recruiting Rules
On March 21, 2025, the U.S. District Court for the Eastern District of Tennessee made its preliminary injunction permanent and approved a settlement as it relates to the National Collegiate Athletic Association’s (NCAA) bylaw banning the use of name, image, and likeness (NIL) compensation during the recruitment of student-athletes (the NIL Recruiting Ban).
Quick Hits
A federal district court in Tennessee recently approved a settlement permanently enjoining the NCAA’s Recruiting Ban.
The NCAA will no longer enforce NIL recruiting rules.
The NCAA has committed to publicizing any new proposed rules related to NIL opportunities (on a dedicated webpage) for the next five years—at least thirty days prior to any vote on final approval.
The settlement does not prevent the NCAA from its ability to adopt reasonable rules that prohibit compensation that is not for a student-athlete’s or prospective athlete’s NIL.
Background
The lawsuit was initiated in January 2024 by the states of Tennessee and Virginia, with Florida, New York, and the District of Columbia joining the suit in May of the same year. The lawsuit challenged the NCAA’s bylaw that prevented student-athletes from learning about or negotiating potential NIL compensation from third parties during the recruiting process. This rule was seen as a significant barrier for student-athletes when deciding whether to commit to or transfer to a particular university.
In February 2024, the court granted a preliminary injunction blocking the NCAA from enforcing the bylaw while the lawsuit was ongoing. The court found a strong likelihood that the prohibition violated federal antitrust laws and caused harm to student-athletes. The parties involved in the lawsuit subsequently filed a joint request for the judge to approve the settlement on March 17, 2025.
The Settlement and Its Implications
The court signed off on the settlement agreement, which not only resolves the current litigation but also imposes a permanent ban on similar NIL recruiting restrictions in the future. As part of the agreement, the NCAA will no longer enforce NIL recruiting bylaws. Further, the NCAA has committed to publicizing any new proposed bylaws related to NIL opportunities on a dedicated public website for the next five years, at least thirty days prior to any vote on final approval. That public website is required to give users the option to subscribe to receive automatic updates when new information appears on the webpage.
Key Takeaways
By eliminating the NIL recruiting rules and ensuring transparency in future changes, the settlement agreement provides clarity to member schools and collectives that were concerned about compliance with the NIL Recruiting Ban. Member schools are still prohibited from engaging in NIL discussions with prospective student-athletes or potential transfer student-athletes or compensating student-athletes for NIL; however, third-party entities—including boosters or collectives of boosters—are allowed to engage in such activity due to the permanent injunction.
FCC Approved Limited, One Year Waiver of Key Element of New TCPA Consent Revocation Rules
In February of last year, Privacy World reported on the Federal Communications Commission’s (“FCC” or “Commission”) clarification and codification of its Telephone Consumer Protection Act (TCPA) consent rules (“Revocation Order”). Among other things, the agency confirmed that consent to receive autodialed calls and texts could be revoked by “any reasonable means” and included specific examples of such of such methods.
Significantly, the Revocation Order prescribed that the scope of such a revocation would include further robocalls or robotexts to that party, except those exempted from the consent requirement, which have been enumerated by the FCC (e.g., calls that do not require prior consent as set out in 47 CFR § 64.1200(a)(3), (9), such as healthcare related messages). For example, a revocation to stop bank statement availability reminders would extend to any other robocalls or robotexts from the bank. The FCC ultimately set April 11, 2025 as the effective date for these provisions.
But just a month before that date, several associations of banks and financial institutions petitioned the FCC for a one-year waiver of the new Revocation Order, arguing there was “good cause” to do so “because financial institutions face numerous challenges modifying existing communications to process ‘a revocation sent in response to one business unit’s call or text so that all business unit’s cease placing calls or texts to the consumer.’”
Just days before the effective date, the FCC has concluded that “special circumstances justify a limited extension to allow calls or senders of text messages a reasonable opportunity to ensure that they can process revocation requests consistent with [FCC] rules.” The limited waiver – until April 11, 2026 – applies only “to the extent the rule requires callers to treat a request to revoke consent made by a called party in response to one type of message as applicable to all future to all future robocalls and robotexts from that caller on unrelated matters.” Businesses should clearly distinguish different messaging programs so that a simple “Stop” opt-out to one program (e.g., store discounts) does not apply to another program (e.g., store loyalty programs). By doing so, a simple “Stop” to specific messages is not required to equate – at least for the next year – with “Stop All” for all non-exempt messages. If programs are not clearly distinguished, businesses should consider providing an opt-out confirmation message where consumers may clarify the scope of their revocation, which is explicitly provided for in the Revocation Order and will take effect.
The FCC emphasized the limited extent of its action. The ruling does not otherwise delay the April 11, 2025 effective date of other rules adopted in its original Revocation Order and it does not alter the status quo of other prior FCC decisions addressing revocation of consent issues.
Further, if a consumer clearly indicates, using reasonable means, that he or she does not want to receive any further robocalls or robotexts on any subject, that request is not exempt from being honored. And the issue of what constitutes a “reasonable means” for revoking consent can still be subject to challenge. Businesses should ensure that they are able to effectuate opt-outs, including those received via other mediums (e.g., telephone calls and emails), to the messaging systems within ten (10) business days of receipt. The application and interpretation of the rules taking effect will be watched closely by callers and consumer groups. But for a year, one element of the rule has now been waived.
EPA Announces Changes to Pesticide Data Submission Process for Data Matrix Form
On April 3, 2025, the U.S. Environmental Protection Agency (EPA) announced changes on how the data matrix form (EPA Form 8570-35) is submitted to EPA, stating this change is an improvement to simplify the process for how companies submit data to EPA as part of a pesticide registration package. EPA states these improvements also will make EPA’s processing of this information more efficient.
Companies are required to submit a data matrix form when their pesticide registration packages contain submitted data or cited data from outside sources. Previously, companies submitted two versions of the data matrix form (in either paper or electronic format): one for internal EPA use and one with reference data redacted for public use. EPA states in the interest of reducing burden and, according to EPA, because no information on the data matrix form is confidential business information (CBI), it determined that there is no need for a redacted version and is now only requiring one unredacted version of the form to be submitted for both internal and public use. Additionally, EPA will no longer accept paper submissions of this form and will only accept this information via a web-based portal.
Additional information on the new update is available in EPA’s recently issued Pesticide Registration (PR) Notice 2025-1. Instructions on how to complete and submit the revised forms will be available in the updated Pesticide Registration Manual.
District Court Dismisses Putative Nationwide TCPA Class Action Filed Against Berkshire Hathaway Home Services of Nevada Based on Failure to Allege Vicarious Liability
Companies across multiple industries that utilize promotional text messages and phone calls are being targeted by class actions filed under the Telephone Consumer Protection Act. On March 31, 2025, a Nevada federal district court dismissed a putative TCPA class action filed against a real estate company, Berkshire Hathaway HomeServices Nevada Properties because the plaintiff had failed to sufficiently allege that BHHS should be held vicariously liable for marketing calls made by nonparty real estate agents to phone numbers registered on the National Do-Not-Call Registry. The case is Kelly Usanovic v. Americana, L.L.C., No. 2:23-cv-01289-RFB-EJY, 2025 WL 961657 (D. Nev. Mar. 31, 2025).
The plaintiff had allegedly listed her home for sale, and when the listing expired, she immediately received several marketing calls, and calls using an artificial or prerecorded voice, from multiple real estate agents affiliated with BHHS, even though her number was on the NDNCR. The plaintiff claimed the calls violated the TCPA, and that BHHS, which had allegedly provided extensive training on cold calling practices to its agents, was vicariously liable for the calls. She sought to represent two nationwide classes of persons who received similar calls.
The court granted BHHS’s motion to dismiss the plaintiff’s Second Amended Complaint, with prejudice, and entered judgment for defendant. It held the plaintiff had failed to allege sufficient facts to establish an agency relationship between BHHS and the agents. As the Court observed: “To establish an agency relationship, the plaintiff must show that BHHS controlled or had the right to control the real estate agents—specifically the manner and means of the calls conducted. (citation). The essential ingredient in determining whether an agency relationship exists is the extent of control exercised by the employer.”
Although the plaintiff alleged that BHHS trained the real estate agents on how to make unsolicited calls to expired listings and that BHHS suggested where they could purchase phone numbers and dialers, the plaintiff did not allege this training was required, or that the agents had to use the specific vendors that BHHS recommended. Nor did the plaintiff allege that BHHS directed agents on how many calls to make, or that any of the calls occurred under BHHS’s supervision.
The court also held that, even if an agency relationship existed, the plaintiff did not allege facts sufficient to establish vicarious liability under an actual authority, apparent authority, or ratification theory. There were no allegations that BHHS authorized or directed agents to call numbers listed on the NDNCR, that the plaintiff relied on any statement of the agent’s authority made BHHS or by any of the agents who allegedly called her, or that BHHS knowingly accepted the benefits of or otherwise ratified any allegedly unlawful calls.
Vicarious liability has been and will continue to be a hotly contested issue in many TCPA class actions, both in the real estate space and in other industries. It is the plaintiffs, however, who have the burden of alleging specific facts which, if proven true, would establish the defendant is vicariously liable for the telemarking calls or text messages. The Usanovic decision is useful reminder that challenging the sufficiency of the plaintiff’s vicarious liability allegations may be an effective way to stop a TCPA class action in its tracks.
REFRESHING: Coca Cola Wins Huge TCPA Victory With Motion to Strike Massive Class
The Plaintiff’s bar has grown incredibly aggressive in TCPA class actions recently and filed suits with the broadest possible class definition to sweep in as many potential plaintiffs as possible.
In doing so, of course, the plaintiff’s attorneys hope to create massive risk for the defendant–and ultimately massive settlements.
In order to beat these guys you need to be aggressive right back, and Coca Cola deployed an ole trick of the Czar’s recently to strike a class at the pleadings stage and I love to see it.
In Barnes v. Coca Cola, 2025 WL 1027431 (E.D. Cal April 7, 2025) the Plaintiff had asserted a class consisting of every call Coca Cola had ever made.
Rather obviously such a class could never be certified because the vast majority of class members will have no standing and would have consented to the calls. TCPA plaintiffs often file such classes, however, arguing that consent is an affirmative defense that they have no duty to plead around.
In Barnes, however, the court correctly determined that a plaintiff needs to plead the real class he intends to certify– not some overly broad nonsense. Noting that the class as plead was simply “implausible” the Court found “Coca-Cola—like all defendants facing suit—is “entitled to know the class definition being alleged against them.”
This is a massive win for Coca-Cola as the plaintiff will now have to redefine his class and narrow it to the group of people he is actually trying to represent. This will allow Coca Cola to better refine its arguments in opposition to class certification, narrow discovery, and prepare laser focused expert reports.
THIS is the way it is supposed to work. But courts commonly (erroneously) deny defense motions to strike as premature. Good to see that didn’t happen here.
Interesting the court also granted Coke’s motion to dismiss finding the portion of the message in the complaint from the plaintiff mentioned only a delivery being available–which is not marketing. Although plaintiff contended there was more to the message that encouraged the call recipient to place an order that portion of the message was not alleged in the complaint– so it could not be considered.
Really great ruling over all.
Notably this motion to dismiss was filed over two years ago in January, 2023! The court took that long to issue this ruling–highlighting just how long it takes to get rulings out of the Eastern District of California right now. It is a VERY backed up federal court.