Amendments to the Amparo Law
Para versión en español, haga clic aquí
On March 13, 2025, several amendments to the Amparo Law were published. These amendments intend to harmonize the Amparo Law with the recent modifications made to the structure and operation of the Federal Judicial System. The changes include:
Establishing that rulings in which amparo is granted against any law will only benefit the party who filed the respective lawsuit and cannot be extended to the rest of the persons. It is important that companies or individuals proceed in court against each authority or legislative act they consider unconstitutional.
Applying the new National Code of Civil and Family Procedures, which recently entered effect for the entire country, supplementarily to the Amparo Law.
Eliminating all references and attributions corresponding to the two Chambers of the Supreme Court as these were dissolved, and now the Supreme Court will only be integrated by a Plenum.
Eliminating references to the Federal Judiciary Board as the administrative and disciplinary officer of the Federal Judicial System replaced by the Judicial Administrative Body and the Court of Judicial Discipline.
Updating of the amounts owed in fines and eliminating references to the general minimum wage as a basis for calculation; Fines will now be calculated based on the Measurement and Updating Unit (Unidad de Medida y Actualización).
Using inclusive language in the wording of the various articles of the law.
Reforma a la Ley de Amparo
El 13 de marzo de 2025 se publicaron diversas reformas a la Ley de Amparo. Dichas reformas buscan armonizar esa ley con las recientes modificaciones que se hicieron a la estructura y funcionamiento del Poder Judicial de la Federación. Los cambios son, en esencia, los siguientes:
Se estableció expresamente que las sentencias en las que se otorga el amparo contra normas generales (leyes) solo beneficiarán a las personas que promovieron el juicio respectivo, por lo que el beneficio no se puede extender al resto de las personas, por lo tanto, es importante que las empresas o personas físicas acudan al juicio contra cada acto que consideren como inconstitucional.
Se hace referencia al nuevo Código Nacional de Procedimientos Civiles y Familiares mismo que recientemente entró en vigor para todo el País, lo anterior es relevante puesto que ahora dicho Código se aplicará supletoriamente a la Ley de Amparo.
Se eliminaron todas las referencias y atribuciones correspondientes a las dos Salas de la Suprema Corte puesto que éstas desaparecieron, siendo que ahora la Corte estará integrada solamente por un Pleno.
Se eliminan las referencias al Consejo de la Judicatura Federal como órgano administrativo y disciplinario del Poder Judicial ya que fue sustituido con el Órgano de Administración Judicial y el Tribunal de Disciplina Judicial.
Por lo que hace a las multas, éstas fueron actualizadas en montos y, además, se eliminaron las referencias al salario mínimo general como base para el cálculo, ahora dichas multas se calcularán con base en la Unidad de Medida y Actualización (UMA).
Se emplea un lenguaje inclusivo en la redacción de los diversos artículos de la ley.
California – Not Independent Now And Most Likely Not Independent Ever
I have seen the line “Independence now, independence forever!” attributed to Daniel Webster but I have been unable to locate the line in any of the texts cited as the source. I have also seen a longer quotation attributed to John Adams:
Before God, I believe the hour has come. My judgement approves this measure, and my whole heart is in it. All that I have, and all that I am, and all that I hope in this life, I am now ready here to stake upon it. And I leave off as I began, that live or die, survive or perish, I am for the Declaration. It is my living sentiment, and by the blessing of God it shall be my dying sentiment. Independence now, and Independence for ever!
Here in California, the Secretary of State has announced that the proponent of a new independence initiative has been cleared to begin collecting petition signatures. The Attorney General’s official title and summary for the measure is as follows:
REQUIRES FUTURE VOTE ON WHETHER CALIFORNIA SHOULD BECOME INDEPENDENT COUNTRY. INITIATIVE STATUTE. If enacted, this measure places the following question on November 2028 ballot: “Should California leave the United States and become a free and independent country?” If at least 50% of registered voters participate in that election, and at least 55% vote “yes”, it would constitute “a vote of no confidence in the United States of America” and “expression of the will of the people of California” to become an independent country, but would not change California’s current government or relationship with the United States. Creates commission to report on California’s viability as independent country. Summary of estimate by Legislative Analyst and Director of Finance of fiscal impact on state and local governments: Around $10 million dollars in one-time election-related costs and to form the new commission on national sovereignty and independence. Around $2 million in annual state costs to operate the commission.
Note that the initiative must surmount two very high hurdles. First, the proponent must collect signatures of 546,651 registered voters (5% of the total votes cast for Governor in the November 2022 general election) in order for the measure to become eligible for the ballot. Next, the specified vote must be obtained. Even if these hurdles should be overcome, that won’t be the day the California says “goodbye”. Rather, the initiative requires that a commission study California’s viability as an independent country.
SEC Expands Nonpublic Review Process for Draft Registration Statements
On 3 March 2025, the Division of Corporation Finance of the Securities and Exchange Commission (the SEC) announced that it is expanding the scope of availability for companies to submit draft registration statements for nonpublic review. The SEC initially created the option in 2012 as part of the Jumpstart Our Business Startups Act to enable emerging growth companies to submit draft registration statements for staff review on a confidential basis for initial public offerings. In 2017, the SEC expanded eligibility to include all issuers and follow-on offerings taking place within 12 months of an initial public offering.
Key Changes
The SEC announced the following:
The nonpublic review process is now also available for Forms 10, 20-F, or 40-F filed to register a class of securities under Section 12(g) of the Exchange Act.
Companies can now submit a draft registration statement for nonpublic review at any time, rather than being limited to the 12 months following their initial public offering.
Companies can now submit a nonpublic draft registration statement for a de-SPAC transaction as if it were an initial Securities Act registration statement, so long as the co-registrant target would otherwise be independently eligible to submit a draft registration statement.
Companies can now omit the name of the underwriter(s) on the draft registration statement, so long as it is included in subsequent submissions and public filings.
While the SEC’s guidance continues to require any company using the draft registration process for a follow-on offering to publicly file its registration statement and nonpublic draft submission no later than 48 hours prior to any requested effective date and time, the updated policy notes that the staff “will consider reasonable requests to expedite this two business-day period and encourage issuers and their advisors to review their transaction timing with the staff assigned to the filing review.”
Since its initial adoption, the nonpublic draft registration statement submission process has proven useful to many companies. The recent enhancements, particularly the elimination of the one-year limitation for follow-on offerings, will further facilitate capital formation by allowing more companies to reduce the risk of prolonged exposure to market fluctuations during the offering process. These accommodations are immediately available, and companies may submit questions regarding their eligibility to [email protected].
What Honda’s CCPA Penalty Means for Your Privacy Compliance
The California Privacy Protection Agency (CPPA) has reached a settlement with American Honda Motor Co., Inc. (Honda), as outlined in this Order of Decision. The Order is the CPPA’s first public enforcement action involving a significant monetary penalty of $632,500, arising from its investigation into the privacy practices of connected vehicle manufacturers that began in July 2023.
The CPPA asserted that Honda violated the California Consumer Privacy Act (CCPA) by requiring consumers to undergo an extensive identity verification process, including for requests where verification is not permitted under the CCPA. Honda’s process for accepting data subject requests through authorized agents also included unnecessary and non-permitted steps.
Additionally, the CPPA asserted that Honda’s cookie management platform violated the CCPA, as it required a two-step process for opting out of advertising cookies and tracking technologies while consenting (or reconsenting) to cookies required just a single click, making it more burdensome to opt out of, rather than consent to such data processing. Honda was also unable to produce any of its contracts with third party advertising vendors to show that they were implementing the required contractual provisions under the CCPA.
To resolve the CPPA’s allegations, Honda has agreed to pay $632,500 in monetary penalties and revise its privacy practices, including implementing a simpler process for consumers to exercise their privacy rights, minimizing data collection for verification purposes and modifying its contract management and tracking processes.
The CPPA’s Order signals an intent to hold businesses accountable for their data subject request processes. Below are some steps you can take to ensure compliance and mitigate the risk of similar penalties:
Revisit your process for responding to data subject requests and ensure that your verification process is appropriately tailored.
Review (or implement) a process for receiving, verifying and responding to data subject requests.
Review your contracts with vendors to confirm they include the required provisions.
Assess (or implement) your cookie management platform to ensure opt-out processes are simple and symmetrical.
IRS Roundup February 17 – March 14, 2025
Check out our summary of recent Internal Revenue Service (IRS) guidance for February 17, 2025 – March 14, 2025.
Editors’ note: With the change in presidential administrations, the IRS has undergone significant transition in recent weeks and issued significantly less guidance than normal. We did not publish the IRS Roundup regularly during these weeks as we awaited new guidance from the agency.
February 19, 2025: The IRS issued Revenue Ruling 2025-6, providing the March 2025 short-, mid-, and long-term applicable federal rates for purposes of Section 1274(d) of the Internal Revenue Code (Code), as well as other provisions.
February 21, 2025: The IRS issued Notice 2025-15, providing guidance on the alternative method for furnishing health insurance coverage statements to individuals, as required by Code Sections 6055 and 6056. This alternative method allows entities to post a clear and conspicuous notice on their websites, informing individuals that they can request a copy of their health coverage statement. This notice must be posted by the due date for furnishing the statements and retained through October 15, 2026. The guidance applies to statements for calendar years after 2023.
March 5, 2025: The IRS issued Revenue Procedure 2025-17, providing guidance for individuals who failed to meet the eligibility requirements of Code Section 911(d)(1) (foreign earned income exclusion) for 2024 because of adverse conditions in certain foreign countries. The revenue procedure lists specific countries, including Ukraine, Iraq, Haiti, and Bangladesh, where war, civil unrest, or similar conditions precluded normal business conduct. Individuals who left these countries on or after specified dates in 2024 may still qualify for the foreign earned income exclusion if they can demonstrate that they would have met the eligibility requirements but for these adverse conditions.
March 5, 2025: The IRS issued Notice 2025-16, providing adjustments to the limitation on housing expenses for 2025 under Code Section 911. These adjustments account for geographic differences in housing costs relative to those in the United States. The notice includes a detailed table listing the adjusted housing expense limitations for locations worldwide. It also allows taxpayers to apply the 2025 adjusted limitations to their 2024 taxable year if the new limits are higher.
March 6, 2025: The IRS issued Revenue Ruling 2025-7, providing interest rates for tax overpayments and underpayments for the second quarter of 2025 in accordance with Code Section 6621.
March 11, 2025: The IRS issued Notice 2025-17, providing updates on the corporate bond monthly yield curve, spot segment rates, and 24-month average segment rates used under Code Sections 417(e)(3) and 430(h)(2). The notice includes the interest rate on 30-year Treasury securities and the 30-year Treasury weighted average rate for plan years beginning before 2008. It also specifies the minimum funding requirements for single-employer plans, the methodology for determining monthly corporate bond yield curves, and the adjusted 24-month average segment rates for March 2025. Additionally, the notice outlines the permissible range of rates for calculating current liability for multiemployer plans.
EPA Announces Expansive Deregulatory Plan
On March 12, 2025, U.S. Environmental Protection Agency Administrator Lee Zeldin announced a sweeping plan to “undertake 31 historic actions in the most consequential day of deregulation in U.S. history.” The announcement states that the deregulatory plan is intended to “advance President Trump’s Day One executive orders and Power the Great American Comeback.” EPA states that these actions “will roll back trillions in regulatory costs and hidden ‘taxes’ on U.S. families,” making it “more affordable to purchase a car, heat homes, and operate a business.”
The ambitious plan identifies numerous past EPA regulations or actions that will be reconsidered or reviewed. The regulations identified in the deregulatory plan, which were promulgated under the Clean Air Act, Clean Water Act, and the Resource Conservation and Recovery Act, apply to a wide range of industrial sectors and regulated parties. Although described as “31 actions,” the EPA’s primary announcement lists 22 different items, with some mentioning more than one regulation or past action set to be reconsidered or otherwise addressed as part of the plan. EPA’s list is also separated by headings that appear to correspond to separate Day One executive actions by President Trump. For each of the planned deregulatory actions, EPA issued an accompanying press release providing additional information, including, in a few cases, anticipated timelines for completing the deregulatory actions and planned interim actions.
The Babst Calland team has summarized the identified deregulatory actions and information provided by EPA in the table below:
EPA’s Description
Key Points from EPA Press Release
EPA’s Target Timeline
Unleashing American Energy
EPA Announces Reconsideration of Clean Power Plan 2.0
Reconsidering the “Clean Power Plan 2.0” based on the Biden administration’s rule requiring “unlawful fuel-shifting” and “overreaching”
Citing U.S. Supreme Court’s stay of the Clean Power Plan and subsequent decision overturning it in West Virginia v. EPA
No stated timeline
EPA Announces Reconsideration of OOOO b/c
Reconsidering regulations for the oil and gas industry under Clean Air Act (CAA) § 111 (40 CFR Part 60, Subparts OOOOb/c) and revisions to 40 CFR Part 98, Subpart W of the Greenhouse Gas Reporting Program as “ideologically driven regulations” that prevent U.S. “energy dominance”
Referring to “major recent Supreme Court precedent” related to federal agencies’ interpretation and implementation of governing statutes
No stated timeline
EPA Announces Reconsideration of Mercury and Air Toxics Standards (MATS)
Reconsidering the MATS rule based on noted costs for compliance, past mercury emissions reductions, and significant regulatory uncertainty for coal plants in several states, including Pennsylvania and West Viriginia
Considering 2-year compliance exemption via CAA § 112(i)(4) for affected power plants during EPA’s rulemaking process
No stated timeline for completing reconsideration
EPA is considering 2-year compliance exemption
EPA Announces Reconsideration of Greenhouse Gas Reporting Program
Reconsidering the mandatory Greenhouse Gas Reporting Program based on noted costs of calculating and submitting annual emissions reports
Noting that mandatory GHGRP is “not directly related to” developing regulations and could be better used to drive improvements at reporting facilities
No stated timeline
EPA Announces it Will Reconsider 2024 Water Pollution Limits for Coal Power Plants (ELG: Steam Electric)
Revising 2024 wastewater regulations for coal burning power plants on flue gas desulfurization wastewater, bottom ash transport water, combustion residual leachate and legacy wastewater
Reconsidering technology-based ELGs and evaluating immediate relief from leachate requirements
Stating that EPA will consider how it might provide “immediate relief from some of the existing leachate requirements,” and “in a series of related actions,” EPA will provide clarifying updates on leachate requirements and reevaluate availability and cost of membrane technology
No stated timeline
EPA Will Revise Wastewater Regulations for Oil and Gas Extraction
Modernizing regulations on wastewater discharges for oil and gas extraction facilities to “provide regulatory flexibility” and support environmentally sustainable water reuse with “modern technologies and management strategies”
Reviewing and evaluating technologies and strategies for produced water to be treated for beneficial reuse, including for AI and data center cooling, rangeland irrigation, fire control, power generation, and ecological needs
Considering expanding the geographic scope of where treated wastewater can be used and discharged in the U.S.
No stated timeline
EPA Announces Reconsideration of the Risk Management Plan
Reconsidering 2024 Risk Management Plan (RMP) rule due to “significant concerns relating to national security and the value of the prescriptive requirements within the rule”
Stating that the 2024 RMP rule makes oil and natural gas refineries and chemical facilities less safe and less competitive
No stated timeline
Lowering The Cost of Living for American Families
EPA Announces Action to Implement POTUS’s Termination of Biden-Harris Electric Vehicle Mandate
Reconsidering Model Year 2027, Later Light-Duty, Medium-Duty, and Heavy-Duty Vehicle regulations based on noted regulatory and compliance costs and effort to bring back American auto jobs
Reevaluating Biden administration’s “Clean Trucks Plan” and “2022 Heavy-Duty Nitrous Oxide (NOx) rule”
No stated timeline
EPA Kicks Off Formal Reconsideration of 2009 Greenhouse Gas Endangerment Finding with Agency Partners
Reconsidering the 2009 Greenhouse Gas Endangerment Finding in collaboration with Office of Management and Budget and other agencies based on costs of regulations that flow from the finding
Reconsidering all of EPA’s prior regulations and actions that rely on the 2009 Endangerment Finding
Stating that “EPA will follow the Administrative Procedure Act and Clean Air Act, as applicable, in a transparent way for the betterment of the American people and fulfillment of the rule of law”
Stating in a separate one-page document that “EPA does not prejudge the outcome” of the reconsideration
No stated timeline
EPA Announces Reconsideration of the Technology Transition Rule
Reconsidering the technology transition rule based on noted costs of refrigerant systems required under rule
Stating that the rule harms semiconductor manufacturing and raises the cost of food at grocery stores
No stated timeline
EPA Announces Path Forward on NAAQS for PM2.5 to Aid Manufacturing, Small Business
Reconsidering the PM2.5 National Ambient Air Quality Standards (NAAQS) based on “serious concerns” from states and the standards serving “as a major obstacle to permitting”
Releasing guidance “soon” to increase flexibility on NAAQS implementation, reforms to New Source Review, and direction on permitting obligations
No stated timeline for completing reconsideration
Guidance to be released “soon”
EPA Announces Reconsideration of Air Rules Regulating American Energy, Manufacturing, Chemical Sectors (NESHAPS)
Reconsidering initially the National Emission Standards for Hazardous Air Pollutants (NESHAPS) for integrated iron and steel manufacturing, rubber tire manufacturing, synthetic organic chemical manufacturing industry, commercial sterilizers for medical devise and spices, lime manufacturing, coke ovens, copper smelting, and taconite ore processing
Considering a 2-year compliance exemption via CAA § 112(i)(4) for affected facilities during EPA’s rulemaking process
Evaluating other NESHAPs and New Source Performance Standards to determine whether they should be reconsidered
No stated timeline
Administrator Zeldin Begins Restructuring Regional Haze Program
Reconsidering implementation of program based on noted significant costs to power plants in the past
Reviewing Regional Haze Program regulations “to ensure that it fulfills Congressional intent, is based on current scientific information, and reflects recent improvements in air quality”
No stated timeline
EPA Announces Action to Address Costly Obama, Biden “Climate” Measurements (Social Cost of Carbon)
Revisiting Biden administration’s “social cost of carbon” based on “significant regulatory costs”
Executive Order requires guidance issued within 60 days of order
Administrator Zeldin Directs Enforcement Resources to Align with Executive Orders and EPA’s Core Mission
Immediately revising National Enforcement and Compliance Initiatives “to ensure that enforcement does not discriminate based on race or socioeconomic status” or “shut down energy production”
Stating that enforcement discretion will provide predictability “as EPA considers changes to regulations” and “cost savings”
EPA states it “will immediately revise” initiatives
EPA Terminates Biden’s Environmental Justice, DEI Arms of Agency
Terminating DEI and Environmental Justice arms of EPA
No stated timeline
Advancing Cooperative Federalism
EPA Announces Plan to Work with States on SIPs and Reconsider “Good Neighbor Plan”
Tackling “troubled” “Good Neighbor Plan” to advance cooperative federalism and work with states on Statement Implementation Plans to improve air quality
No stated timeline
Administrator Zeldin Takes Action to Prioritize Cooperative Federalism, Improve Air Quality Faster
Announcing commitment to address backlog of State/Tribal Implementation Plans
Noting EPA will assist states to ensure air quality is protected while growing economy
Referencing states’ concerns “related to being punished for emissions” outside of their control and “air quality monitors not being located in most logical locations”
Specifically mentioning development of semiconductor manufacturing and artificial intelligence
EPA’s goal to clear backlog “as soon as possible”
Administrator Zeldin Takes Action to Decrease Risk of Future Catastrophic Wildfires
Prioritizing allowance of prescribed fires within State/Tribal Implementation Plans to decrease risk of future wildfires
No stated timeline
EPA to Accept Nominations for Science Boards
Reconstituting Science Advisory Board and Clean Air Scientific Advisory Committee
Stating changes are critical to EPA receiving scientific advice “consistent with its legal obligations to advance core mission of protecting human health and the environment”
Accepting nominations for 30 days following publication in Federal Register
EPA Announces Action on Coal Ash Program
Prioritizing a number of “timely” actions on coal ash, “including state permit program reviews and update to coal ash regulations”
Reviewing Legacy-Coal Combustion Residuals Management Units Rule (CCRMU Rule) and “evaluating whether to grant short- and long-term relief such as extending compliance deadlines”
EPA will propose determination on North Dakota program within 60 days
EPA aims to complete CCRMU Rule changes within “a year”
EPA Announces Use of Enforcement Discretion to Further North Carolina’s Recovery from Hurricane Helene
Granting an extension of the no action assurance that North Carolina requested to “use large air curtain incinerators to clear debris without Title V permits to allow more efficient burning of debris with lower emissions”
Immediate
Administrator Zeldin Announces EPA Will Revise Waters of the United States Rule[1]
Revising Clean Water Act (CWA) Waters of the United States definition to reduce red tape, cut permitting costs and lower costs of doing business
Undertaking rulemaking process guided by Sackett and providing guidance to states while rulemaking proceeds
EPA will “move quickly” on review and “expeditiously” obtain input from stakeholders
With limited exceptions, EPA provides few details on the timing and steps it will take for each of the identified actions. In multiple announcements, EPA states or implies that it will undertake notice and comment rulemaking under the Administrative Procedure Act. Notably, EPA does not address steps it may take in pending litigation regarding several of the identified regulations. Nor does EPA mention whether the planned deregulatory actions satisfy directives under President Trump’s other Executive Orders, such as the “Ensuring Lawful Government and Implementing the President’s ‘Department of Government Efficiency Regulatory Initiative’” and “Unleashing Prosperity Through Deregulation” orders.
The deregulatory plan will require significant resources and time to implement at a time when EPA’s new political leadership is seeking to drastically cut costs and staff. Although several of the identified deregulatory actions may take years to complete, stakeholders subject to the identified deregulatory actions must evaluate and consider developing strategies for productively engaging with EPA during the expected rulemakings and related actions. Major environmental groups have denounced EPA’s deregulatory plan and are vowing to challenge the EPA.
Nevada Government Contract Protests: Considerations for Bidders
Nevada governments award major contracts worth potentially billions of dollars. Successful and unsuccessful bidders should know their options under Nevada law, as a contract award is often just the beginning. Bidders should know how to (1) defend a successful government bid and (2) protest an unsuccessful bid. Both are important.
Background on Nevada Government Contracts
State and local governments regularly award contracts to businesses. These contracts span from the ordinary and mundane, like office supplies, to contracts running entire government programs. For major contracts, Nevada governments must follow stringent legal requirements, and they must often request proposals to fulfill these contracts. These contracts can get quite large, and in some cases, may be worth billions of dollars. Given these stakes, Nevada governments must follow state and local purchasing rules. These rules ensure, in a perfect world, that the most qualified contractor wins this government work. These procedures also help limit graft in the purchasing process. Nevada law fixes both state purchasing rules, in NRS 333, and local government purchasing rules, in NRS 332.
Governments sometimes fall short when awarding contracts. When they do, Nevada law allows businesses who do not win, i.e., disappointed, or unsuccessful bidders, to “protest” a recommended contract award. An unsuccessful bidder must generally follow certain requirements, including deadlines and bonds.
Generally speaking, the grounds to protest are limited and focused on purchasing procedures. This process may be a multi-step process, depending on how far an unsuccessful bidder wants to push a protest. Proceedings would take place administratively, and possibly in court. Throughout this process, the successful bidder may ordinarily participate, too.
Considerations for Nevada Government Contractors
With major contracts, businesses should have a plan to either (1) protest an award or (2) defend a successful award. Going into any bid process, businesses should think about these matters and consider contacting specialized counsel, as there are detailed procedural requirements in both NRS 333 and NRS 233B to consider.
BUSINESS KILLER: Honda’s $632K CCPA Settlement is Terrible Precedent and Should NEVER Have Been Entered Into
Companies hounded by the California Privacy Protection Agency an state AG for supposed California Consumer Privacy Act violations are going to have Honda to thank for it in large measure.
I took a look at this resolution and I am just appalled.
Honda just paid $632,500.00 to resolve CCPA claims but to my eye the regulators were grasping at straws here. The supposed violations were ticky-tack, if not invented. And I cannot figure out why Honda would embolden the regulators–and lose hundreds of thousands of dollars– with this rollover settlement.
It seems like some lawyers just roll over as soon as a regulator comes knocking and that is such a mistake.
Let’s take a look at this.
Honda’s supposed crime here was two fold.
First, Honda supposedly required consumers to provide more information that necessary on non-verifiable consumer requests, which the regulators claim is not allowed under the statute. But it is unclear that Honda’s conduct actually exceeded the “Non-verifiable” requirements and, even if it did, it is unclear how these extra efforts to protect consumer privacy and provide a superior user experience actually lead to damage. This is especially true in the context of Honda’s third-party agent verification requirement.
In essence the regulator seemed to be claiming that since Honda conceded it did not need more than two pieces of data to execute on a request it should not have obtained more than two pieces of data. Not sure why Honda would concede that point but, regardless, a company’s subjective perception of need does not dictate the objective reach of a statute. So… junk.
From a practical standpoint, the vast majority of businesses out there are using a single process flow for both non-verifiable and verifiable requests. This sudden and jarring regulation by enforcement theoretically means basically every business out there is now in violation of the CCPA.
Eesh.
But it gets even worse.
Honda’s second supposed crime was having an “asymmetrical” cookie management tool. While that sounds fancy it just means that it took 2 steps to opt out of cookies and only 1 step re-opt-in.
Big whooping deal. (Or “Holy Santa Fe” to quote a recent Hyundai commercial.)
Opting out of something using two steps to assure things are done right and a consumer understands consequences verus opting back into something–after the consumer obviously has already been informed of the choices– is an asymmetrical experience by definition. In one part of the experience the user must be educated and then given an option. In the second part of the experience the user must only be given an option. This is just logic written into a sound user experience.
My mind is blown Honda would settle this.
So everyone out there please make sure your two step cookie dance works on the front end and the back end. And please make sure you have a process to seek protect some categories of consumer information less than others.
Thanks.
And thanks Honda.
Sorry, but this was such an important moment for a well-funded company with good inhouse counsel to make a forward-looking assessment and take a stand for common sense. Didn’t happen.
Key Findings from Oregon’s Consumer Privacy Act Report
After six months of enforcement of Oregon’s Consumer Privacy Act (OCPA), a new report from Oregon Attorney General Dan Rayfield indicates strong consumer engagement with the law’s privacy rights, notable business compliance efforts and key areas where businesses are falling short. Since the OCPA took effect in July 2024, the Privacy Unit at the Oregon DOJ has received 110 consumer complaints. The most common complaints involve:
data brokers, particularly background check websites that sell personal information;
social media and technology companies, which collect and share user data; and
denials of consumer rights requests, with the right to delete personal data being the most frequently requested and denied right.
Under the OCPA, businesses that fail to comply receive “cure notices,” which provide 30 days to fix violations. In the last six months, the Privacy Unit has initiated and closed 21 privacy enforcement matters. Common compliance deficiencies flagged in these notices include:
Lack of required disclosures – Many businesses failed to properly inform consumers of their rights under the OCPA.
Confusing or incomplete privacy notices – Some businesses listed privacy rights for other states but omitted Oregon, giving the impression that OCPA protections do not apply.
Difficult or hidden opt-out mechanisms –Some businesses made it unnecessarily burdensome for consumers to exercise their rights, by, for example, requiring excessive authentication steps.
The report notes that most businesses have responded positively to enforcement actions, and that businesses receiving cure notices have quickly updated their privacy policies and consumer rights mechanisms in response to DOJ requests.
Upcoming OCPA Compliance Deadlines July 1, 2025 – Nonprofits will become subject to the OCPA;, the Oregon DOJ is preparing guidance materials to assist nonprofits with compliance.
January 1, 2026 – The cure notice period will expire, allowing stricter enforcement measures.
2026 and beyond – The OCPA’s universal opt-out mechanism provisions will take effect, requiring businesses to honor automated consumer privacy requests.
Protecting Your Business: AI Washing and D&O Insurance
Artificial intelligence (AI) is en vogue. As it rapidly reshapes industries, companies are racing to integrate and market AI-driven solutions and products. But how much is too much? Some companies are finding out the hard way.
The legal risks associated with AI, especially those facing corporate leadership, are growing as quickly as the technology itself. As we explained in a recent post, directors and officers risk personal liability, both for disclosing and failing to disclose how their businesses are using AI. Two recent securities class action lawsuits illustrate the risks associated with AI-related misrepresentations, underscoring the need for management to have a clear and accurate understanding of how the business is using AI and the importance of ensuring adequate insurance coverage for AI-related liabilities.
AI Washing: A Growing Legal Risk
Built on the same premise as “greenwashing,” AI washing is on the rise. In its simplest terms, AI washing refers to the practice of exaggerating or misrepresenting the role AI plays in a company’s products or services. Just last week, two more securities lawsuits were filed against corporate executives based on alleged misstatements about how their companies were using AI technologies. These latest lawsuits, much like the Innodata and Telus lawsuits we previously wrote about, serve as early warnings for companies navigating AI-related disclosure issues.
Cesar Nunez v. Skyworks Solutions, Inc.
On March 4, 2025, a plaintiff shareholder filed a putative securities class action lawsuit against semiconductor products manufacturer Skyworks Solutions and certain of its directors and officers in the US District Court for the Central District of California. See Cesar Nunez v. Skyworks Solutions, Inc. et al. Docket No. 8:25-cv-00411 (C.D. Cal. Mar. 4, 2025).
Among other things, the lawsuit alleges that Skyworks misrepresented its position and ability to capitalize on AI in the smartphone upgrade cycle, leading investors to purchase the company’s securities at “artificially inflated prices.”
Quiero v. AppLovin Corp.
A similar lawsuit was filed the next day against mobile technology company AppLovin and certain of its executives. See Quiero v. AppLovin Corp. et al. Docket No. 4:25-cv-02294 (N.D. Cal. Mar. 5, 2025).
The Applovin complaint alleges, among other things, that AppLovin misled investors by misleadingly touting its use of “cutting-edge AI technologies” “to more efficiently match advertisements to mobile games, in addition to expanding into web-based marketing and e-commerce.” According to the complaint, these misleading statements coincided with the reporting of “impressive financial results, outlooks, and guidance to investors, all while using dishonest advertising practices.”
Risk Mitigation and the Role of D&O Insurance
Our recent posts have shown how AI can implicate coverage under all lines of commercial insurance. The Skyworks and AppLovin lawsuits underscore the specific importance of comprehensive D&O liability insurance as part of any corporate risk management solution.
As we discussed in a previous post, companies may wish to assess their D&O programs from multiple angles to maximize protection against AI-washing lawsuits. Key considerations include:
Policy Review: Ensuring that AI-related losses are covered and not excluded under exclusions like cyber or technology exclusions.
Regulatory Coverage: Confirming that policies provide coverage not only for shareholder claims but also regulator claims and government investigations.
Coordinating Coverages: Evaluating liability coverages, especially D&O and cyber insurance, holistically to avoid or eliminate gaps in coverage.
AI-Specific Policies: Considering the purchase of AI-focused endorsements or standalone policies for additional protection.
Executive Protection: Verifying adequate coverage and limits, including “Side A” only or difference-in-condition coverage, to protect individual officers and directors, particularly if corporate indemnification is unavailable.
New “Chief AI Officer” Positions: Chief information security officers (CISOs) remain critical in monitoring cyber-related risks but are not the only emerging positions to fit into existing insurance programs. Although not a traditional C-suite position, more and more companies are creating “chief AI officer” positions to manage the multi-faceted and evolving use of AI technologies. Ensuring that these positions are included within the scope of D&O and management liability coverage is essential to affording protection against AI-
In sum, a proactive approach—especially when placing or renewing policies—can help mitigate the risk of coverage denials and enhance protection against AI-related legal challenges. Engaging experienced insurance brokers and coverage counsel can further strengthen policy terms, close potential gaps and facilitate comprehensive risk coverage in the evolving AI landscape.
What is AI Washing and Why are Companies Getting Sued?
With the proliferation of artificial intelligence (AI) usage over the last two years, companies are developing AI tools at an astonishing rate. When pitching their AI tools, these companies claim that their products can do certain things and promise and exaggerate their capabilities. AI washing “is a marketing tactic companies employ to exaggerate the amount of AI technology they use in their products. The goal of AI washing is to make a company’s offerings seem more advanced than they are and capitalize on the growing interest in AI technology.”
Isn’t this mere puffery? No, according to the Federal Trade Commission (FTC), Securities and Exchange Commission (SEC), and investors.
The FTC released guidance in 2023, outlining certain questions companies can assess to determine if they are AI washing. It urges companies to determine whether they are overpromising what the algorithm or AI tool can deliver. According to the FTC, “You don’t need a machine to predict what the FTC might do when those claims are unsupported.”
In March 2024, the SEC charged two investment advisors with AI washing by making “false and misleading statements about their use of artificial intelligence.” Both cases were settled for $400,000. The SEC found the two companies had “marketed to their clients and prospective clients that they were using AI in certain ways when, in fact, they were not.”
Investors are getting into the hunt as well. In February and March 2025, investors sued two companies in securities litigation that alleged AI washing. In the first case, the company allegedly made statements to investors about its AI capabilities and reported “impressive financial results, outlooks and guidance.” It was subsequently the subject of short-seller reports that alleged they were using “manipulative practices” that inflated its numbers and profitability. The litigation alleged that, as a result, the company’s shares declined.
In the second case, the class action named plaintiff alleged that the company overstated “its position and ability to capitalize on AI in the smartphone upgrade cycle,” which caused investors to invest at an artificially inflated price.
Lessons learned from these examples? Look at the FTC’s guidance and assess whether your sales and marketing plan takes AI washing into consideration.
Navigating the AI Frontier: Why Information Governance Matters More Than Ever
Artificial Intelligence (AI) is rapidly transforming the legal landscape, offering unprecedented opportunities for efficiency and innovation. However, this powerful technology also introduces new challenges to established information governance (IG) processes. Ignoring these challenges can lead to significant risks, including data breaches, compliance violations, and reputational damage.
“AI Considerations for Information Governance Processes,” a recent paper published by Iron Mountain, delves into these critical considerations, providing a framework for law firms and legal departments to adapt their IG strategies for the age of AI.
Key Takeaways:
AI Amplifies Existing IG Risks: AI tools, especially machine learning algorithms, often require access to and process vast amounts of sensitive data to function effectively. This makes robust data security, privacy measures, and strong information governance (IG) frameworks absolutely paramount. Any existing vulnerabilities or weaknesses in your current IG framework can be significantly amplified by the introduction and use of AI, potentially leading to data breaches, privacy violations, and regulatory non-compliance.
Data Lifecycle Management is Crucial: From the initial data ingestion and collection stage, through data processing, storage, and analysis, all the way to data archival or disposal, a comprehensive understanding and careful management of the AI’s entire data lifecycle is essential for maintaining data integrity and ensuring compliance. This includes knowing exactly how data is used for training AI models, for analysis and generating insights, and for any other purposes within the AI system.
Vendor Due Diligence is Non-Negotiable: If you’re considering using third-party AI vendors or cloud-based AI services, conducting rigorous due diligence on these vendors is non-negotiable. This due diligence should focus heavily on evaluating their data security practices, their compliance with relevant industry standards and certifications, and their contractual obligations and guarantees regarding data protection and privacy.
Transparency and Explainability are Key: “Black box” AI systems that make decisions without any transparency or explainability can pose significant risks. It’s crucial to understand how AI algorithms make decisions, especially those that impact individuals, to ensure fairness, accuracy, non-discrimination, and compliance with ethical guidelines and legal requirements. This often requires techniques like model interpretability and explainable AI.
Proactive Policy Development is Essential: Organizations need to proactively develop clear policies, procedures, and guidelines for AI usage within their specific context. These should address critical issues such as data access and authorization controls, data retention and storage policies, data disposal and deletion protocols, as well as model training, validation, and monitoring practices.
The Time to Act is Now:
AI is not a future concern; it’s a present reality. Law firms and legal departments must proactively adapt their information governance processes to mitigate the risks associated with AI and unlock its full potential.