Continued Developments in the Anti-Bribery/Anti-Corruption Sector: A Potential Expansion of the International Anti-Corruption Prosecutorial Taskforce on the Horizon
There have been a number of developments in the anti-bribery/anti-corruption sector following the start of President Trump’s second term. First, on February 5th, Attorney General Pamela Bondi issued a memo titled, “Total Elimination of Cartels and Transnational Criminal Organizations” in which she instructed the Foreign Corrupt Practices Act (FCPA) Unit at DOJ to focus on “investigations related to foreign bribery that facilitate the criminal operations of Cartels” and Transnational Criminal Organizations (TCOs). She also suspended the requirement that the Fraud Section lead investigations involving the FCPA and Foreign Extortion Prevention Act if the investigation is into “foreign bribery associated with Cartels and TCOs.”
That memo was followed by President Trump signing Executive Order 14209 titled, “Pausing Foreign Corrupt Practices Act Enforcement to Further American Economic and National Security.” In that order, President Trump noted that FCPA enforcement has been “stretched beyond proper bounds and abused in a manner that harms” the U.S. He further explained that FCPA enforcement compromises the U.S.’s foreign policy goals, “the President’s Article II authority over foreign affairs,” national security, and the ability of the U.S. “and its companies gaining strategic business advantages.” President Trump ordered Attorney General Bondi to revise DOJ guidelines and policies related to the FCPA, require new FCPA investigations and enforcement actions to have Attorney General Bondi’s approval, review pending FCPA investigations and enforcement actions to ensure their compliance with the order, and identify whether any remedial actions are necessary. This order was accompanied by a fact sheet that echoed the points described above.
In response to the federal government’s shift with FCPA enforcement, states have indicated they may step up their bribery enforcement actions. For example, California’s Attorney General Rob Bonta issued a legal advisory “reminding businesses operating in California that it is illegal to make payments to foreign-government officials to obtain or retain business.” Attorney General Bonta explained that FCPA violations can be the basis for actions under California’s Unfair Competition Law. Similarly, the District Attorney for Manhattan shared that his office was exploring methods for taking on various enforcement priorities that the DOJ has indicated it will not be pursuing as heavily as it once did, including domestic bribery and corruption.
Internationally, the UK, France, and Switzerland announced the launch of the International Anti-Corruption Prosecutorial Taskforce. The taskforce includes (1) the UK’s Serious Fraud Office, (2) France’s National Financial Prosecutor’s Office, and (3) the Office of the Attorney General of Switzerland. Among other things, the taskforce announced its commitment to tackling “the significant threat of bribery and corruption and the severe harm that it causes.” The taskforce also noted that it would “invite other like-minded agencies” to join the taskforce’s efforts. To accomplish its goal, the taskforce identified four action items: (1) regularly exchanging “insight and strategy,” (2) “devising proposals for co-operation on cases,” (3) sharing best practices “to make full use of” the taskforce’s “combined expertise,” and (4) “seizing opportunities for operational collaboration.”
Last week, Jean-Francois Bohnert, the head of France’s agency tasked with bringing enforcement actions against, among other things, corruption, mentioned that other countries have contacted the taskforce to discuss their interest in potentially cooperating with the taskforce. Those countries included Germany, Italy, the Netherlands, Spain, and multiple unnamed countries in Latin America.
These developments have led some to question the trajectory of the FCPA enforcement landscape for the duration of the Trump administration. That said, speculation that FCPA enforcement would be relatively non-existent appears to be overstated at this point given that although the federal government has refrained from proceeding with some pending FCPA trials, they have proceeded with others. As for state enforcement actions in this area, it remains to be seen just how robust those actions can be given restrictions such as jurisdictional limitations and limited state resources (which are already stretched in numerous areas currently).
Given these considerations, the International Anti-Corruption Prosecutorial Taskforce is poised to have a significant impact on the anti-bribery/anti-corruption enforcement landscape. If additional countries join (which it appears that at least some number of countries may join or otherwise assist the taskforce), then the taskforce’s impact in this sector will be heightened. It would not be surprising to see the taskforce take on a role similar to the role the federal government held in prior years with respect to anti-bribery/anti-corruption investigations that encompass multiple countries. Companies should thus ensure they continue to maintain robust compliance programs, and properly functioning compliance programs are even more essential for those companies operating overseas.
House Proposes Updates to Qualified Opportunity Zones
The House Ways and Means Committee released its version of the proposed reconciliation bill, which will be “marked up” in the Committee on May 13, 2025. Included in this proposal are amendments regarding Qualified Opportunity Zone (QOZ) investments that would:
Extend the QOZ incentive by seven years, permitting investments in QOZs to be made until Dec. 31, 2033.
Provide for designations of new QOZs for investments made on or after Jan. 1, 2027, including a requirement that at least 33% be rural zones.
Add a 10% basis step-up for Opportunity Zone investments made after Dec. 31, 2026, that are held for at least five years through 2033.
Favor designation of rural QOZs over urban QOZs by:
–
Increasing the five-year 10% basis step-up to a 30% basis step-up for qualified rural investments.
–
Reducing the Substantial Improvement Requirement from 100% to 50% for rural projects (including data center projects).
Apply the new rules to QOZ investments made from Jan. 1, 2027, to Dec. 31, 2033. Investments made in 2026 would continue to use the existing rules (including deferral only until Dec. 31, 2026).
Deferral of capital gain taxes for investments made after Dec. 31, 2026, until Dec. 31, 2033.
Allow annual deferral until Dec. 31, 2033, of up to $10,000 of ordinary income invested in a Qualified Opportunity Fund after Dec. 31, 2026.
Add expansive reporting requirements for both Qualified Opportunity Funds and Qualified Opportunity Zone Businesses.
Impose non-reporting penalties on QOFs ($10,000 for smaller QOFs and $50,000 for larger QOFs up to maximum penalty limits).
Increase non-reporting penalties for intentional disregard of reporting requirements.
The tax provisions applicable for “The One, Big, Beautiful Bill” have been released by the Ways and Means Committee for mark-up on May 13 at 2:30 p.m. EDT. The industry may have opportunities to help with substantive suggestions if the bill passes the House and makes its way to the U.S. Senate. In the Senate, the chairs of the Senate Finance Committee and the House Banking Committee are both proponents of the impact of Qualified Opportunity Zones nationwide and support meaningful reform for the incentive.
New Era for Workplace Violence Reporting in Virginia: Healthcare Employers Must Act Now
Takeaways
Effective 07.01.25, most healthcare employers in Virginia must implement a new reporting system that tracks incidents of workplace violence, notify all employees of the system, and provide guidelines on when and how to report incidents of workplace violence.
Employers must implement a policy prohibiting discriminating or retaliating against any employee for reporting incidents of workplace violence.
Virginia healthcare employers must take immediate steps to create and implement a workplace violence incident reporting system.
Beginning July 1, 2025, healthcare employers in Virginia will be required to create workplace violence prevention plans or reporting systems. Employers must document, track, and analyze incidents of workplace violence and maintain records of incidents for at least two years.
On March 24, 2025, Governor Glenn Youngkin signed into law identical bills, House Bill 2269 and Senate Bill 162, creating the new reporting requirements. The law aims to enhance the safety of healthcare workers through continuing education, de-escalation training, risk identification, and violence prevention planning. The bills amend Section 31.1-127 of the Code of Virginia.
California, Connecticut, Illinois, Louisiana, Maine, Maryland, Minnesota, New Jersey, New York, Oregon, Texas, and Washington already have such requirements.
Definitions
Hospital. Although the amended Section 31.1-127 and its underlying legislation use the term “hospital,” this term is a bit of a misnomer because it encompasses most healthcare employers in Virginia. The term is defined by Section 32.1-123 of the Code of Virginia and includes “any facility licensed” pursuant to “Article 1. Hospital and Nursing Home License” and “in which the primary function is the provision of diagnosis, of treatment, and of medical and nursing services, surgical or nonsurgical, for two or more nonrelated individuals.”
Employee of the hospital and employee. “Employee” under amended Section 31.1-127 means “an employee of the hospital or any health care provider credentialed by the hospital or engaged by the hospital to perform health care services on the premises of the hospital.” Incidents that include any staff member, not just those providing healthcare services, must be captured in the new reporting system.
Workplace violence. Under amended Section 31.1-127, “workplace violence” includes “any act of violence or threat of violence, without regard to the intent of the perpetrator, that occurs against an employee of the hospital while on the premises of such hospital and engaged in the performance of his duties.” This includes threats or use of physical force against an employee that may result in injury, psychological trauma, or stress, “regardless of whether physical injury is sustained.”
Reporting, Tracking Requirements
Qualifying hospitals’ systems must document, track, and analyze any reported incidents of workplace violence. The incident reporting system must include the following components:
Date and time of the incident;
Description of the incident, including the affected employees’ job titles;
Perpetrator’s identity (patient, visitor, employee, or other person);
Location of the incident;
Type of incident (physical attack, threat, sexual assault, other);
Response and consequences of the incident; and
Reporter’s information (name, job title, and the date of completion).
Amended Section 31.1-127 also requires hospitals to report the data they collect, at a minimum, quarterly to the hospital’s chief medical officer and chief nursing officer. Hospitals must send an annual report without personally identifiable information to the Department of Health that includes the number of incidents reported.
Notice, Policy, Continuing Education Requirements
Qualifying healthcare employers must notify all employees about the workplace violence incident reporting system, including any new employees during orientation. Employers must also provide training on when and how to report incidents of workplace violence to their employer, security agencies, and appropriate law-enforcement authorities.
Amended Section 31.1-127 requires qualifying healthcare employers to adopt a policy that prohibits any person from discriminating or retaliating against any employee for “reporting to, or seeking assistance or intervention from, the employer, security agencies, law-enforcement authorities, local emergency services organizations, government agencies, or others participating in any incident investigation.”
Employers must also analyze the data to make improvements in preventing workplace violence. Amended Section 31.1-127 expressly identifies how such improvements can be made, including by providing continuing education in targeted areas, such as de-escalation training, risk identification, and violence prevention planning.
Steps for Healthcare Employers in Virginia
With the July 1 effective date fast approaching, qualifying Virginia healthcare employers must take immediate steps to create and implement a workplace violence incident reporting system. Steps employers can take to comply with the new law:
Review employee handbooks and standalone workplace violence and safety policies or implement such policies.
Review and update onboarding documents for new employees.
Review employee trainings and continuing education to determine whether they sufficiently address de-escalation, risk identification, and violence prevention planning.
Stay up to date on potential changes as the new law directs the Virginia Secretary of Health and Human Resources to “convene a stakeholder work group” that includes various state agencies and trade groups “for the purpose of making recommendations on the workplace violence reporting system and policies.” Additional statutes, regulations, and administrative guidance can be expected in the coming years.
Trump Administration: TPS for Afghanistan Will Terminate July 12, 2025
On May 12, 2025, Department of Homeland Security (DHS) Secretary Kristi Noem announced that she will not renew Afghanistan’s Temporary Protected Status (TPS) designation, meaning that the designation, including work authorization documents, will expire July 12, 2025.
Secretary Noem said, “Afghanistan has had an improved security situation, and its stabilizing economy no longer prevent them from returning to their home country. Additionally, the termination furthers the national interest as DHS records indicate that there are recipients who have been under investigation for fraud and threatening our public safety and national security. Reviewing TPS designations is a key part of restoring integrity in our immigration system.”
Prior to publication of the May 13 DHS notice in the Federal Register (which provides a July 14, 2025 termination date), Citizens Assisting and Sheltering the Abused (CASA) de Maryland, an immigrant advocacy group, filed suit on May 7, 2025 in U.S. District Court for the District of Maryland to prevent termination of Afghanistan TPS and Cameroon TPS in anticipation of a Federal Register notice being published terminating TPS for both countries.
In its complaint, CASA states, “A TPS designation cannot be terminated in this manner.… Instead, Congress established a strict process for terminating TPS designations, one that required [DHS] Secretary [Kristi] Noem to publish notice of her decision in the Federal Register at least 60 days before the current designation period ends.… The statute further prescribes what happens when the Secretary fails to follow that process: the TPS designation is automatically extended for at least another six months.”
The group also said the decision was made in part based on “racial animus,” pointing to plans to lift protections for immigrants from non-white nations, while opening the refugee program to Afrikaners in South Africa.
Similar legal challenges were brought against Secretary Noem’s efforts to terminate TPS for Haiti and Venezuela. (See New Lawsuit Challenges Trump Administration’s Termination of TPS for Haiti and Venezuela and Judge Blocks DHS Secretary Noem’s Termination of Venezuelan TPS.)
Colorado’s Historic AI Law Survives Without Delay (So Far)
On May 17, 2024, Colorado Governor Jared Polis signed Colorado’s historic artificial intelligence (AI) consumer protection bill, SB 24-205, colloquially known as “Colorado’s AI Act” (“CAIA”), into law.
As we noted at the time, CAIA aims to prevent algorithmic discrimination in AI decision-making that affects “consequential decisions”—including those with a material, legal, or similarly significant effect with respect to health care services and employment decision-making. The bill is scheduled to take effect February 1, 2026.
The same day he signed CAIA, however, Governor Polis addressed a “signing statement” letter to Colorado’s General Assembly articulating his reservations. He urged sponsors, stakeholders, industry leaders, and more to “fine tune” the measure over the next two years to sufficiently protect technology, competition, and innovation in the state.
As the local and national political climate steers toward a less restrictive AI policy, Governor Polis drafted another letter to the Colorado legislature. On May 5, 2025, Polis—along with Attorney General Phil Weiser, Denver Mayor Mike Johnston, and others—requested that CAIA’s effective date be delayed until January 2027.
“Over the past year, stakeholders and legislators together have worked to find the right path forward on Colorado’s first-in-the-nation artificial intelligence regulatory law,” the letter states, adding that the collaboration took “many months” and “brought many ideas, concerns, and priorities to the table from a wide range of communities.” Nevertheless, “it is clear that more time is needed to continue important stakeholder work to ensure that Colorado’s artificial intelligence regulatory law is effective and implementable.”
The letter came the same day that SB 25-318, a bill that would have amended CAIA, was postponed indefinitely by the state Senate and reportedly killed by its own sponsor. Colorado Senate Majority Leader Robert Rodriguez introduced SB 25-318, entitled “Artificial Intelligence Consumer Protections,” just one week earlier.
On May 6, 2025, the day before the legislative session in Colorado ended, House Democrats made an eleventh-hour attempt to postpone the effective date of CAIA by inserting the delay into another unrelated bill, but that attempt also failed.
Proponents for the delay are calling for a framework “that protects privacy and fairness without stifling innovation or driving business away from our state,” as the Polis letter states. Technology groups have urged Governor Polis to call a special legislative session to delay implementation of CAIA.
SB 25-318 Key Provisions
Despite SB 25-318’s failure to pass, several provisions remain noteworthy and likely to remain part of the ongoing policy debate. Viewed as “thoughtful amendments” by some commentators, the legislation would have modified the consumer protections of CAIA, which required developers and/or deployers of AI systems to implement a risk management program; do an impact assessment and make notifications to consumers. If it passed, SB 25-318 would have delayed many requirements from February 1, 2026, to January 1, 2027, and included the following adjustments:
Definitions. SB 25-318 attempted to redefine “algorithmic discrimination” to mean the use of an AI system that results in a violation of any applicable federal, state, or local discrimination law. It also would have created exemptions to the definition of “developer” of an AI system and exempted certain technologies, such as those performing a narrow procedural task, or cybersecurity and data security systems, from the definition of “high-risk AI systems.”
Reasonable Care. The bill would have eliminated the duty of developers or deployers of a high-risk AI system to use reasonable care to protect consumers from known or reasonably foreseeable risks of algorithmic discrimination and further would have eliminated the duty of deployers to notify the attorney general of such risks arising from intended uses or that the system causes algorithmic discrimination.
Developer Disclosures. SB 25-318 sought to exempt developers from specified disclosure requirements if, for example, the systems make 10,000 or fewer consequential decisions in a year for 2027-2028, decreasing to 2,500 or fewer for 2029-2030. Other contemplated exemptions included instances where developers received less than $10,000 from investors, have annual revenues of less than $5,000,000, have operated and generated revenue for less than 5 years, etc. It sought to broaden disclosure requirement exemptions for deployers based on the number of full-time employees (500 instead of 50 between 2027 and 2028 and decreasing to 100 in 2029). It further would have also exempted developers with respect to the use of AI in hiring. A further exemption would apply if the AI system produces or consists of a score, model, algorithm, or similar output that is a consumer report subject to the Fair Credit Reporting Act.
Impact Assessments. SB 25-318 sought to amend the requirement that deployers, or third parties contracted by deployers, complete impact assessments within 90 days of a substantial modification to instead require these impact assessments be completed before the first deployment or January 1, 2027, whichever comes first, and annually thereafter. SB 25-318 would have also required deployers to include in an impact assessment whether the system poses any known or reasonably foreseeable risks of limiting accessibility for certain individuals, an unfair or deceptive trade practice, a violation of state or federal labor laws, or a violation of the Colorado Privacy Act.
Disclosures to Consumers. SB 25-318 attempted to require deployers to provide additional information to consumers if a high-risk AI system makes, or is a substantial factor in making, a consequential decision. It further included a transparency requirement that consumer disclosures must include information on whether and how consumers can exercise their rights.
Documentation Requirements. SB 25-318 would have required developers and deployers to maintain required documentation, disclosures, and other records with respect to each high-risk AI system throughout the period during which the developer sells, markets, distributes, or makes available the high-risk AI system—and for at least three years following the last date on which the developer sells, markets, distributes, or makes available the high-risk AI system.
Takeaways
Because Colorado’s 2025 legislative session ended at midnight on Wednesday, May 7, the CAIA will go into effect as originally passed on February 1, 2026, unless Governor Polis calls a special session, or a new bill is introduced in time for the new legislative session on January 14. To the extent additional attempts to modify CAIA arise before February 1, 2026, we anticipate that they will revive certain issues addressed in SB 25-318 as part of such efforts.
Many outside of Colorado are also following this process closely, including other states who are using CAIA as a framework for their own state laws and by federal lawmakers whose efforts to pass comprehensive AI legislation through Congress have stalled. On Tuesday, May 13, the House Energy and Commerce Committee will mark up language for potential inclusion in the reconciliation package that would prevent states from passing and implementing such AI laws for 10 years, but this language may not pass.
As we noted last year, organizations should start to consider compliance issues including policy development, impact assessments, engagement with AI auditors, contract language in AI vendor agreements to reflect responsibilities and coordination, and more. Impact assessments, in particular, take time and resources to design and conduct, and therefore we recommend that businesses using high-risk AI systems in Colorado begin preparations to conduct these impact assessments now, rather than waiting for a speculative change to the law. If properly designed, impact assessments will be a useful tool for businesses to ensure that their AI systems are reliable and deliver expected outcomes while minimizing the risk of algorithmic discrimination.
Federal Regulators Announce Non-Enforcement of the 2024 Rule for Mental Health Parity
On May 9, 2025, the Departments of Labor, Health and Human Services, and Treasury (collectively, “the Departments”) asked the D.C. federal court to suspend litigation while they consider whether to rescind or modify the 2024 Rule implementing the Mental Health Parity and Addiction Equity Act (MHPAEA).
As part of the request, the Departments indicated that they will suspend enforcement of the 2024 Rule.
The 2024 Rule was issued to implement revisions to the MHPAEA statute that were passed as part of the Consolidated Appropriations Act of 2021 (“CAA”) to add specific requirements for the development and enforcement of comparative analyses for non-quantitative treatment limits (“NQTLs”). The Departments’ enforcement suspension was announced as a part of a motion to hold in abeyance a legal challenge to the statutory basis for the 2024 Rule that was filed by the ERISA Industry Committee (“ERIC”) on January 17, 2025.
Specifically, the motion provides that the parties have agreed to the Departments’ request to stay the litigation while the Departments suspend enforcement of the 2024 Rule and “reconsider the 2024 Rule…including whether to issue a notice of proposed rulemaking rescinding or modifying the regulation.” The Departments specifically propose to “(1) issue a non-enforcement policy in the near future covering the portions of the 2024 Rule that are applicable for plan years beginning on or after January 1, 2025 and January 1, 2026, and (2) reexamine the Departments’ current MHPAEA enforcement program more broadly.” The Departments also propose to provide quarterly status reports to the court on progress, starting on or before August 7, 2025. The motion also indicates that ERIC consented to the Department filing the motion, subject to ERIC’s “right to resume litigation at any time if necessary.”
The Departments’ motion leaves unclear whether the non-enforcement policy will apply to all aspects of the regulations or only to selected provisions. At minimum, the non-enforcement policy is likely to address the four aspects of the 2024 Rule that ERIC challenged in its complaint:
1. “Meaningful benefits”
The 2013 MHPAEA regulations provided that if a health plan provides benefits for mental health and substance use disorders (“MH/SUD”) in any classification of benefits, then it must provide MH/SUD benefits in every classification in which medical/surgical benefits are provided. The 2024 Rule expanded this requirement in two ways. First, it clarified that the requirement applies by condition—that is, a service must be covered in every classification for each covered MH and SUD condition. Second, it stipulates that such coverage must be “meaningful,” and defines “meaningful” to mean that coverage must include at least one “core” or “primary” treatment for the condition in each classification.
Under the non-enforcement policy, the Departments are unlikely to require analysis of whether a plan’s coverage for MH/SUD conditions is “meaningful.” However, even prior to the 2024 Rule, the Departments have found that exclusions for certain MH/SUD benefits violate the statutory requirements for non-quantitative treatment limits (NQTLs), so plans and issuers should continue to ensure that MH/SUD exclusions in the plan document can be justified under the statute.
2. “Material differences in access”
The MHPAEA statute requires plans to analyze whether the application of an NQTL to MH/SUD benefits is comparable to its application to medical/surgical benefits “in operation.” Guidance including the 2024 Rule clarified that this generally involves the use of data measures to analyze the impact of the NQTL on access to MH/SUD and medical/surgical treatments and services, including measures like denial rates for claims and authorizations. The 2024 Rule specified that if the plan’s data measures demonstrate outcomes that are more stringent for MH/SUD benefits than for M/S benefits, the plan must take action to remedy any “material difference” in access that is attributable to the NQTL.
The Departments have consistently requested data measures to evaluate comparability “in operation” dating back to the 2013 parity rule, so the forthcoming policy on non-enforcement of the 2024 Rule should not be interpreted to mean that plans and issuers should no longer consider data measures in evaluating their compliance with the MHPAEA statute. Instead, the non-enforcement policy is likely to mean that regulators will provide greater leeway for plans to select and interpret the measures that they use in their analyses.
3. Comparative analysis requirements
The CAA updated the MHPAEA statute to require plans and issuers to develop a 5-step “comparative analysis” to demonstrate that the processes, strategies, evidentiary standards, and other factors used to apply an NQTL to MH/SUD benefits, as written and in operation, are comparable to, and are applied no more stringently than, the processes, strategies, evidentiary standards, and other factors used to apply the NQTL to medical or surgical benefits in each benefit classification. In each of the annual Reports to Congress on MHPAEA that the Departments have published since then, the Departments have found that the comparative analyses that plans and issuers have been creating are insufficient to meet the statutory requirements. The 2024 Rule provided extensive guidance on the specific content that the Departments have determined that plans and issuers should provide within each step of the analysis.
The forthcoming non-enforcement policy does not change the statutory requirement for plans and issuers to create these comparative analyses. However, it most likely signals that the Departments will not focus on the adequacy of documentation with regard to the comparative analyses, and instead will focus their enforcement efforts on identifying substantive disparities in the design or application of NQTLs. In practice, where regulators determine that the comparative analysis submitted by a plan is insufficient to demonstrate compliance with the statute, regulators are likely to continue to request additional policies, data, and other plan documentation sufficient to determine whether the NQTL meets the statutory requirements for comparability and stringency.
4. Fiduciary certification requirement
The 2024 Rule required plan fiduciaries to certify that they have engaged in a “prudent process to select one or more qualified service providers to perform and document a comparative analysis” for each NQTL, and that they have satisfied their duty to monitor those service providers. The preamble explained that the Departments interpret this duty to include, at a minimum, reviewing the comparative analyses, asking questions about them to understand the documented findings and conclusions, and ensuring that the responsible service providers provide assurance that, to the best of their ability, the NQTLs and associated comparative analyses comply with the requirements of MHPAEA and these regulations. The 2024 Rule required the fiduciary certification to be included in each comparative analysis.
The non-enforcement policy is likely to provide that the Department of Labor (DOL) will not require comparative analyses to include certification that the plan fiduciary has engaged in a prudent process to select and oversee the service providers that performed the analysis. However, general fiduciary obligations related to the selection and monitoring of service providers under the Employee Retirement Income Security Act (ERISA) will continue to apply.
The formal policy of non-enforcement, when published, should help to clarify the Departments’ intentions with regard to the scope of the provisions that will not be enforced, but may not fully resolve the ambiguity about which aspects of the MHPAEA statute and accumulated guidance for which they do intend to enforce. The expiration of 2021 funding to support additional staffing for the Department of Labor investigations team and other staffing cuts under the Trump Administration may further impact enforcement practices for employer health plans and their third-party administrators. The Departments’ 2024 MHPAEA Report to Congress provides the most detailed discussion to date of the types of findings and corrective actions that the Departments required prior to the adoption of the 2024 Rule and may be the best guide to the Departments’ enforcement strategy for 2025 unless and until more details are provided in the formal non-enforcement policy. However, although the motion only mentions the 2024 Rule and the Departments were enforcing the CAA prior to its adoption, it is possible that the Departments will go further and suspend all MHPAEA enforcement efforts as a part of the non-enforcement policy.
Health insurance issuers that offer fully-insured health plans should note that the federal policy of non-enforcement does not apply to state regulators, who interpret and enforce both federal and state laws for mental health parity. Fully-insured plans in all states continue to be subject to the MHPAEA statute and the 2024 Rule, in addition to any state law for mental health parity. Some states have already adopted the 2024 Rule into state statute, and others may do so as a result of the Departments’ announcement. Many states have required parity compliance reporting using state-specific data measures and reporting templates. Some state regulators may determine that the federal policy of non-enforcement puts a greater burden and priority on state regulators to enforce parity laws. Insurance issuers should therefore ensure that their parity compliance strategies align with both federal and state data and documentation requirements and enforcement trends.
Finally, employers, third-party administrators, issuers, Medicaid Managed Care Organizations, and other entities subject to, or significantly impacted by, MHPAEA will also need to carefully monitor and engage with any effort by the Departments to rescind and replace the 2024 Rule.
California Supreme Court Prohibits Contractual Limitation of Liability Clauses for Intentional Misconduct
In New England Country Foods, LLC v. VanLaw Food Products, Inc., the California Supreme Court recently held that California Civil Code section 1668 prohibits contractual limitation of liability clauses that limit liability for harm caused by intentional misconduct.
In pertinent part, Section 1668 provides:
“All contracts which have for their object, directly or indirectly, to exempt anyone from responsibility for his own fraud, or willful injury to the person or property of another, or violation of law, whether willful or negligent, are against the policy of the law.”
Manufacturer VanLaw was sued by a barbecue sauce company for allegedly trying to copy its barbecue sauce and sell it to Trader Joe’s. New England Country Foods’ claims sounded both in contract and tort. In response, VanLaw argued that a contract between the parties limited damages for injuries caused by intentional actions and were therefore against public policy.
In response, the plaintiff asserted that the contractual limitation of liability provision was not enforceable pursuant to California Civil Code Section 1668 because it it permitted the defendant to engaged in intentional tortious conduct with impunity.
The applicable limitation on damages clause stated, in pertinent part:
“In no event will either party be liable for any loss of profits, loss of business, interruption of business, or for any indirect, special, incidental or consequential damages of any kind, even if such party has been advised of the possibility of such damages.”
After its contract with Trader Joe’s had expired, NECF discovered emails between VanLaw and Trader Joe’s that purportedly stated that the former intended to copy the barbecue sauce. NECF then initiated legal action against VanLaw seeking lost profits and punitive damages. NECF’s claims included breach of contract, intentional and negligent interference with prospective economic relations, intentional interference with contractual relations and breach of fiduciary duty.
The U.S. District Court for the Central District of California dismissed the plaintiff’s complaint, reasoning that the applicable contract limited the parties remedies to direct damages or injunctive relief. The court permitted NECF to amended its complaint by seeking “remedies permitted under” the contract or “plead why the available remedies are unavailable or so deficient as to effectively exempt Defendant from liability.”
In its amended complaint, NECF stated, in pertinent part:
“Upon information and belief, all of Plaintiff’s harm from the wrongful conduct alleged herein is a form of lost profits (both past and future). Further, the only possible harm to Plaintiff from the wrongs committed by Defendant are a loss of profits.”
Plaintiff further asserted that the contractual limitation of liability provision “would completely exempt Defendant from liability for the wrongs alleged.” NECF asserted that the subject contractual provision was voidable as per California Civil Code Section 1668.
The complaint was once again dismissed by the district court which reasoned that the contractual provision substantially limiting damages for willful tortious conduct was valid and agreed upon.
NECF appealed to the case to the Ninth Circuit that, in turn, referred the issue to the California Supreme Court to determine whether the provision was enforceable pursuant to California Civil Code Section 1668.
According to the California Supreme Court explained, Section 1668 is intended to “vindicate social policy” by precluding parties from “granting themselves licenses to commit future aggravated wrongs.” The court noted a different, recent California case similarly held that the existence of a contractual relationship between two parties does not mean one party can tortiously injure the other but limit its liability to a contract remedy.
The court opined that it may be possible to release ordinary negligence, but not gross negligence or willful conduct.
For ordinary negligence claims, the court cited to legal precedent that previously held that contractual limitations of liability for ordinary negligence may be prohibited if they affect the public interest as assessed under various, enumerated factors.
Consequently, the California Supreme Court held that, regardless of the relative sophistication of the parties, the contractual limitation of liability clause was not enforceable because it violated public policy and Section 1668 of the California Civil Code. Note, that the court stated that its holding applied only to the extent the claims at issue involve a tort claim independent of the parties’ contract.
Parties negotiating contracts should be aware of this decision, particularly when considering choice of law provisions.
DOJ Moves for Voluntary Dismissal of Its Appeal of Decision Finding that Section 230 Offers Immunity to Online Retailers
On April 24, 2025, the U.S. Department of Justice (DOJ) filed an unopposed motion in the U.S. Court of Appeals for the Second Circuit for voluntary dismissal of its appeal of an October 2024 decision finding that eBay is immune from liability under Section 230 of the Communications Decency Act. USA v. eBay, No. 24-3104. As reported in our September 28, 2023, memorandum, in September 2023, DOJ, on behalf of the U.S. Environmental Protection Agency (EPA), filed a complaint in the U.S. District court for the Eastern District of New York against eBay “for unlawfully selling, offering for sale, causing the sale of, and distributing hundreds of thousands of products” in violation of the Clean Air Act (CAA), the Federal Insecticide, Fungicide, and Rodenticide Act (FIFRA), and the Toxic Substances Control Act (TSCA). USA v. eBay, No. 23-CV-7173. According to EPA, the complaint seeks a ruling that eBay’s business practices as an e-commerce retailer violated the CAA, FIFRA, and TSCA and injunctive relief to enjoin eBay from further violations of these laws, as well as civil penalties for violations of the CAA. On September 30, 2024, the court granted eBay’s motion to dismiss the case, finding that:
eBay did not sell, offer for sale, or cause the sale or offer for sale of aftermarket defeat devices in violation of the CAA;
eBay did not distribute or sell pesticides in violation of FIFRA;
EPA pled facts sufficient to allege that eBay introduces methylene-chloride containing products into commerce, thus distributing them in violation of TSCA and the methylene chloride rule; and
Section 230 of the Communications Decency Act independently bars EPA’s claims.
The lower court notes that although eBay’s motion to dismiss fails under TSCA, because the court agrees with eBay’s argument that Section 230 applies, it granted eBay’s motion to dismiss. Under the Biden Administration, EPA filed a notice of appeal in the U.S. Court of Appeals for the Second Circuit on November 26, 2024.
Trump Administration Purports to Fire CPSC Commissioners
Despite Congress’s establishment of the Consumer Product Safety Commission (CPSC or Commission) as an independent agency through the Consumer Product Safety Act, recent events indicate that the Trump Administration is taking further action to ensure its accountability to the president alone. Most recently, on May 8, 2025, President Trump purportedly terminated three of the CPSC’s five Commissioners. According to formal statements from Commissioners Richard Trumka, Jr., Alexander-Hoehn Saric, and Mary T. Boyle—all Democratic appointees—the purported terminations followed their efforts to prevent workforce reductions at the Commission and their opposition to the appointment of two staffers from the Department of Government Efficiency (DOGE).
For some, this news is unsurprising. From the outset of the Trump presidency, the Administration took an unprecedented stance against “so-called independent agencies,” vowing to enforce “sufficient accountability to the President, and through him, to the American people.” When considering the fact that the Trump administration recently removed independent commissioners at the Federal Trade Commission (FTC) and National Labor Relations Board (NLRB), it appeared to only be a matter of time before the Administration implemented similar changes at the CPSC. Only a few months prior, leaked documents from the Office of Management and Budget proposed to absorb the functions of the CPSC into the Department of Health, suggesting the Trump Administration may be considering a complete restructuring of the agency. There are questions as to whether the Administration has the authority to make these changes and challenges are all but guaranteed, creating a great deal of uncertainty for the CPSC and the companies that have pending matters before it.
What is Next for the CPSC?
The future of the CPSC remains uncertain, though for now it is expected that the remaining Commissioner, Acting Chair, and staff will endeavor to continue the CPSC’s mission.
Challenges to the recent terminations are inevitable. Commissioner Alexander Hoehn-Saric—who served as chair of the CPSC from October 2021 to January 2025, with a fixed term lasting until October 2027—stated that “[t]he President’s action is unlawful and is part of this Administration’s efforts to eliminate federal agencies, personnel, and policies that have made Americans safer,” He also said that his termination was an “illegal attempt to remove me from the CPSC [and] happened immediately after my colleagues and I took steps to advance our safety work and protect our staff from arbitrary firings.” Commissioner Richard Trumka, Jr. echoed similar sentiments, noting his fixed term does not expire until October of 2028, and that “Unfortunately for the President, he did not have the authority to fire me.” Both Commissioners Hoehn-Saric and Trumka vowed to file lawsuits challenging the terminations. Commissioner Boyle, while less direct, signaled that she may also do the same, noting: “Until my term as commissioner concludes, . . . I will use my voice to speak out on behalf of safety.” Despite these claims, the CPSC website catalogs Hoehn-Saric, Trumka, and Boyle as former commissioners, listing Douglas Dziak as the sole commissioner and Peter Feldman as the Acting Chair for the multi-member agency.
The legal challenges to these actions will likely focus on statutory removal-for-cause protections typically applicable to Commissioners at independent agencies. But, as is the case with similar litigation involving the FTC and NLRB, such challenges will take time. Thus, it will likely be “business as usual” at the Commission while the challenges wind their way through the courts.
Workplace Strategies Watercooler 2025: The Election Is Over, What’s Next? Part I [Podcast]
In part one of this two-part Workplace Strategies Watercooler 2025 podcast series on changes employers can expect from the new administration, Jim Plunkett (shareholder, Washington, D.C.) sits down with Scott Kelly (shareholder, Birmingham) to discuss the current status and challenges faced by federal contractors following changes at the Office of Federal Contract Compliance Programs (OFCCP) due to President Trump’s Executive Order 14173, including the revocation of EO 11246, compliance options, and ongoing obligations under federal anti-discrimination laws. Next, Jim speaks with John Merrell (shareholder, Greenville) regarding expected changes in traditional labor policy, including the makeup of the National Labor Relations Board (NLRB), the role of the general counsel, and the NLRB’s case priorities, standards, and decisions. Finally, Jim talks with Wayne Pinkstone (shareholder, Philadelphia) about anticipated changes within the Occupational Safety and Health Administration (OSHA) during President Trump’s second term, including the administration’s regulatory agenda, the fate of the heat stress rule proposed under the previous administration, and the overall leadership and enforcement of the agency.
Colorado Legislature Fails to Amend Recent Artificial Intelligence Act
In 2024, Colorado passedthe first comprehensive state-level law in the U.S. regulating the use of artificial intelligence, the Artificial Intelligence Act (the Act). It imposed strict requirements on developers and users of “high-risk” AI systems, particularly in sectors like employment, housing, finance, and healthcare. The Act drew criticism for its complexity, breadth, and potential to stifle innovation.
In early 2025, lawmakers introduced Senate Bill (SB) 25-318 as a response to growing concerns from the tech industry, employers, and even Governor Jared Polis, who reluctantly signed the Act into law last year.
SB25-318 aimed to soften and clarify some of the more burdensome aspects of the original legislation before its compliance deadline of February 1, 2026.
Amendments proposed under SB 25-318 included:
An exception to the definition of “developer” if the person offers an AI system with open model weights and meets specified conditions.
Exemptions for specified technologies.
Elimination of the duty of a developer or deployer to use reasonable care to protect consumers from known or reasonably foreseeable risks of algorithmic discrimination and the requirement to notify the state attorney general of such risk.
An exemption from specified disclosure requirements for developers if they meet certain financial and operational criteria.
Despite its intention to strike a balance between innovation and regulation, SB25-318 was voted down 5-2 by the Senate Business, Labor, and Technology Committee on May 5, 2025.
With SB25-318 dead, the original Act remains intact, and the next step is for the Colorado Attorney General to issue rules and/or guidance. As it now stands, businesses and developers operating in Colorado must prepare for full compliance by early 2026 unless this date is otherwise extended.
Disparate-Impact Liability Gets Cancelled: Trump Executive Order Seeks to Eradicate Disparate-Impact Liability From Federal (And State) Law
On April 23, 2025, President Donald Trump issued an executive order titled “Restoring Equality of Opportunity and Meritocracy” (“the EO”).
The EO, by its own terms, seeks to “to eliminate the use of disparate-impact liability in all contexts to the maximum degree possible” through several avenues, including eliminating enforcement at the federal level and advocating for preemption at the state level.
Disparate-impact liability is a legal theory by which facially neutral policies or practices may nonetheless violate antidiscrimination laws if they disproportionately affect members of protected classes. Disparate impact claims are typically raised in the context of reductions-in-force and challenges to hiring criteria.
Recognized initially by the U.S. Supreme Court in the 1971 case Griggs v. Duke Power Co., 401 U.S. 424 (1971), disparate-impact liability was later codified into Title VII of the Civil Rights Act by Congress in 1991. Although disparate-impact liability usually centers on federal law and authorities, many states have also codified versions of disparate-impact liability throughout state statutes and regulations.
The EO represents a significant shift in federal enforcement priorities, directing all federal agencies to “deprioritize enforcement of all statutes and regulations” that include disparate-impact liability. For employers, this most acutely signals that the Equal Employment Opportunity Commission (EEOC), among other federal agencies, will no longer pursue enforcement of disparate impact liability in administrative proceedings.
Beyond federal enforcement priorities, the EO seeks to lay the groundwork for preemption of state-law disparate-impact protections. Specifically, the EO instructs the Attorney General and all federal agencies to “determine whether any Federal authorities preempt State laws, regulations, policies or practices that impose disparate-impact liability” based on federally protected characteristics. (In doing so, the EO also explicitly telegraphs the Trump administration’s interest in designating the lack of a college education as a protected trait for equal employment purposes.) Accordingly, the EO’s stated interest in preemption could potentially pave the way for more to challenges to state-level disparate-impact protections.
However, employees can still bring private lawsuits alleging disparate impact claims under both federal and state law, barring further developments in federal case law or statutes.[1] In other words, employers would be ill-advised to eliminate disparate impact analyses when conducting reductions-in-force or considering applicant testing or similar broad-scale hiring criteria.
Ultimately, the law surrounding disparate-impact liability promises to continually change in the months and years ahead. Employers should keep an eye on these developments and consult with counsel if they have questions as to their compliance with federal and state law.
[1] Notwithstanding the EO’s stated changes to federal enforcement and the current administration’s appetite for preemption, employees must still allege disparate-impact claims in their EEOC charge in order to exhaust administrative remedies under federal law — even if the EEOC ceases to investigate or enforce disparate-impact claims. In other words, an employee’s failure to assert disparate-impact claims at the EEOC level could result in dismissal of those disparate-impact claims later on for failure to exhaust administrative remedies. Additionally, employees may continue to assert state-law claims (as applicable), notwithstanding the EO’s demonstrated appetite for federal preemption of state laws on disparate-impact liability. However, employers challenging such state-law disparate-impact claims may take the EO’s invitation and make a preemption argument against such claims — which may then lead to further developments in the case law in this area.