President Trump’s Executive Order Steering Digital Assets Policy
As promised during his campaign, President Trump has taken significant steps to support the digital asset industry during his first week in office. On 23 January 2025, he signed an executive order initiating digital asset regulatory rollbacks and a new federal framework governing cryptocurrencies, stablecoins, and other digital assets (the Order).
On the same day, the Securities and Exchange Commission (SEC) rescinded the controversial Staff Accounting Bulletin 121, which required crypto custodians and banks to reflect digital assets in their custody as both an asset and a liability on their balance sheets. Earlier in the week, the SEC established Crypto 2.0, a crypto task force designed to provide paths for registration and reasonable disclosure frameworks, and to allocate enforcement resources “judiciously.”
The Order recognizes the role the digital asset industry serves in our economy and aims to support the responsible growth and use of digital assets by promoting dollar-backed stablecoins and providing regulatory clarity. The Order lays the groundwork for a regulatory shift furthering digital assets policy, focusing on the creation of “technology-neutral regulations” tailored to digital assets.
In addition to prohibiting agencies from facilitating any central bank digital currencies, the Order establishes a working group comprised of the heads of various agencies (the Working Group) and sets three deadlines:
22 February 2025: Federal agencies must report to the Special Advisor for AI and Crypto with the regulations or other agency guidance that affect the digital asset sector.
24 March 2025: Federal agencies must submit recommendations on whether to rescind or modify these regulations and guidance.
22 July 2025: The Working Group must submit a report to the President on regulatory and legislative proposals to advance digital assets policy. This report must include a proposed Federal framework for the issuance and operation of digital assets, including stablecoins, and evaluate whether establishing a national digital assets stockpile is possible.
McDermott+ Check-Up: January 24, 2025
THIS WEEK’S DOSE
Senate Committees Continue Nomination Hearings. Senate-wide votes have begun as the confirmation process progresses.
House VA Committee Holds Oversight Hearing on Community Care. Members of the House Veterans’ Affairs (VA) Committee examined Congress’ role in improving veterans’ healthcare.
White House Revokes Biden-Era Healthcare EOs. The rescinded executive orders (EOs) relate to health equity, prescription drug costs, and artificial intelligence (AI).
Trump Pauses Regulatory Activity. The pause includes external communications for all agencies.
CONGRESS
Senate Committees Continue Nomination Hearings. The Senate VA Committee held a hearing for VA secretary nominee Doug Collins and subsequently voted for his confirmation with broad bipartisan support. His confirmation vote will now be scheduled for consideration by the full Senate. Russell Vought’s nomination for Office of Management and Budget (OMB) director advanced out of the Senate Homeland Security and Governmental Affairs Committee in an 8 – 7 vote along party lines earlier this week. The Budget Committee held another hearing for Vought’s nomination, where Democrats expressed concerns about potential cuts to Medicaid, especially for low-income and elderly individuals. Republicans focused on the importance of reducing waste, fraud, and abuse in healthcare and advocated against providing care to undocumented immigrants. The Senate Budget Committee will vote on Vought’s confirmation in the coming days, after which his confirmation should be scheduled for consideration by the full Senate.
House VA Committee Holds Oversight Hearing on Community Care. In the hearing, members agreed that Congress has a role to play in improving care for veterans and supporting community care, and expressed concern about the lack of access to VA facilities across the country. Many Democratic members emphasized the need for more hearings on this issue, particularly with witnesses from the VA and third-party VA administrators.
ADMINISTRATION
White House Revokes Biden-Era Healthcare EOs. President Trump was inaugurated on January 20, 2025, and he spent his first day issuing new EOs and revoking others signed into law by former President Biden, 12 of which were healthcare-related. Revoking these EOs has little immediate impact, because additional steps would be necessary to effectuate changes to current policy. The revocations may be indicative of future policymaking, however. Below is a summary of a few key rescinded EOs:
Strengthening Medicaid and the ACA. This EO directed the US Department of Health and Human Services (HHS) to consider creating a special enrollment period for the health insurance marketplace in response to COVID-19. It also directed HHS and the US Departments of Labor and the Treasury to examine and consider suspending or rescinding policies or practices that may undermine Medicaid, Affordable Care Act (ACA) coverage, or the Health Insurance Marketplace. The EO also revoked two first-term Trump Administration EOs: Minimizing the Economic Burden of the Patient Protection and ACA Pending Repeal, and Promoting Healthcare Choice and Competition Across the United States.
Lowering Prescription Drug Costs for Americans. This EO directed the Centers for Medicare & Medicaid Innovation Center to consider models that would lower drug costs and promote access to innovative drug therapies for beneficiaries enrolled in the Medicare and Medicaid programs, including models that may lead to lower cost-sharing for commonly used drugs and support value-based payment that promotes high-quality care.
Safe, Secure, and Trustworthy Development and Use of AI. This EO set forth principles that executive agencies should follow when utilizing AI, including requirements that AI be safe, secure, responsible, and equitable. The EO also established the White House AI Council, which consisted of the assistant to the president and deputy chief of staff for policy, and representatives from various agencies and departments, including HHS.
Through another EO, President Trump started the process of withdrawing the United States from the World Health Organization (WHO), citing mishandling of the COVID-19 pandemic and an inability to demonstrate independence from the political influence of WHO member states. The EO directs OMB and the US Department of State to pause transfer of funds to the WHO and recall any personnel working in any capacity at the WHO.
Trump Pauses Regulatory Activity. As part of the transition, the new Trump Administration issued an EO that paused regulatory activity, including issuance of new proposed rules unless an exemption is provided. While this is typical of a new Administration, memos from department heads have placed more restrictions on third-party and formal communications, even outside of the rulemaking process. For HHS, the “freeze” in regulatory activity is set to run until February 1, 2025.
QUICK HITS
MACPAC Holds January 2025 Meeting. The Medicaid and CHIP Payment and Access Commission (MACPAC) meeting included discussion related to home- and community-based services, opioid-use disorder treatment, residential services access for children and youth, external quality review for managed care organizations, the transition from pediatric to adult healthcare, and the All-Inclusive Care for the Elderly model.
President Trump Announces Investment in AI Infrastructure. The president announced the Stargate Project, which is a multibillion-dollar investment by private technology companies. The project’s goal is to create AI infrastructure in the United States and includes a focus on curing diseases.
NEXT WEEK’S DIAGNOSIS
We expect the new Administration to continue to release EOs and take additional actions on healthcare in the coming week. The House will be in recess next week, and the Senate will be in session, with confirmations expected to continue in committees and on the floor. HHS secretary nominee RFK Jr. will appear before the Senate Finance and Health, Education, Labor, & Pensions Committees next week. Other hearings include a Senate VA Committee hearing on the VA’s community care program, and a Senate Aging Committee hearing on fiscal policies related to seniors.
California SB 923: New Trans-Inclusive Healthcare Requirements for Health Plans
Beginning in the first quarter of 2025, California healthcare service plans, health insurers, Medi-Cal managed care plans, and PACE organizations must ensure that staff who have direct enrollee contact receive evidence-based cultural competency training focused on transgender-inclusive healthcare. This requirement arises from Senate Bill No. 923 (SB 923), a law passed by the California legislature in 2022. Provider directories must also be updated by March 1, 2025, to identify which in-network providers have previously offered gender-affirming services.
SB 923 is part of a broader effort by the California legislature to require healthcare entities to improve access to culturally competent gender-affirming care for transgender, gender diverse, and intersex (TGI) individuals. This legislation builds on prior mandates requiring physicians and surgeons to complete continuing medical education (CME) courses addressing cultural and linguistic competency. The legislation expanded existing cultural competency training requirements to now require CME programs to address TGI-related health needs, thus laying a foundation for the broader system-wide changes that SB 923 compels.
While the statute sets “no later than March 1, 2025,” as the outer deadline for compliance, the California Department of Managed Health Care (DMHC) All Plan Letter (APL) 24-018 imposes an earlier deadline – February 14, 2025 – for all full-service (and certain specialized) healthcare service plans under DMHC jurisdiction to complete the required training.
Below we outline the key requirements, summarize the CME obligations already in effect, consider initial feedback from early implementation, and offer steps to help affected entities prepare for upcoming deadlines.
In Depth
NEW REQUIREMENTS FOR HEALTH PLANS, INSURERS, AND MEDI-CAL MANAGED CARE ENTITIES
SB 923 requires healthcare service plans, health insurers, Medi-Cal managed care plans, and PACE organizations to engage in workforce cultural competency training. Key training elements include:
Adopting inclusive communication techniques by using TGI-inclusive terminology and ensuring respectful, affirming interactions with TGI patients.
Addressing health disparities by explaining how family and community acceptance influence TGI patient health outcomes and integrating this understanding into care practices.
Conducting refresher course training whenever a complaint is filed and upheld against a staff member for failing to provide TGI-inclusive care and administering additional courses more frequently if needed.
Training must be provided to staff who directly interact with enrollees. This includes frontline personnel such as call center representatives, nurses, and other staff members who have contact with patients. Exempt from this training requirement are specialized healthcare service plans providing only dental or vision services and Medicare Advantage plans. Currently, SB 923 does not include any exemptions or opt-outs for staff or providers based on religious, moral, or rights of conscience objections grounds.
While SB 923’s statutory language sets an outer compliance deadline of no later than March 1, 2025, DMHC’s APL 24-018 specifies that all full-service healthcare service plans, regardless of size (and certain specialized plans other than dental or vision-only plans), must ensure that staff complete the required training by February 14, 2025. For health insurers regulated by the Department of Insurance or Medi-Cal managed care plans overseen by the Department of Health Care Services (DHCS), the statutory deadline remains March 1, 2025, unless their respective regulators issue further guidance.
In addition to initial training, DMHC’s APL requires that training be completed every two years thereafter, ensuring ongoing competency. Newly hired staff with direct enrollee contact must complete the training within 45 days of commencing employment. Health plans should also note that regulators may impose sanctions or penalties for noncompliance, reinforcing the importance of meeting these requirements.
UPDATED PROVIDER DIRECTORIES FOR GENDER-AFFIRMING SERVICES
By March 1, 2025, health plans, insurers, and Medi-Cal managed care plans must update their provider directories (as well as call center information) to identify which in-network providers have affirmed and previously provided gender-affirming services. These services might include hormone therapy, gender-confirming surgeries, gender-affirming gynecological care, or voice therapy.
ALREADY-IN-EFFECT CME REQUIREMENTS
Since 2006, curricula for CME courses in California have been required to include cultural and linguistic competency in the practice of medicine. Since 2022, CME course curricula also have been required to include the understanding of implicit bias. SB 923 amended the cultural competency portion of California’s Business and Professions Code Section 2190.1 to require that CME also include TGI health needs. The updated CME curricula should address:
Using correct names, pronouns, and gender-neutral language.
Avoiding assumptions about gender or sexual orientation.
Understanding the discrimination and barriers that TGI patients face, and how implicit bias may influence clinical decisions.
Implementing administrative changes, such as more inclusive intake forms, to create a welcoming care environment.
Cultural competency, including TGI-specific elements, and implicit bias training are not necessary for CME courses offered outside of California to California-licensed physicians and surgeons or as part of CME courses dedicated solely to research or other non-clinical issues lacking a direct patient care component.
IMPLEMENTATION STATUS OF SB 923 CME REQUIREMENTS
Since the TGI-focused CME requirements took effect in 2023, some larger health systems have begun integrating targeted training modules while smaller practices have struggled to find suitable specialized resources. According to the California Association of Health Plans, questions remain about how these training standards will align and be enforced across various health plans and delegated entities. Despite these uncertainties, incremental progress continues. As more healthcare organizations develop approved training resources and toolkits, accessibility and overall cultural competency likely will improve.
PRACTICAL STEPS FOR COMPLIANCE
For Healthcare Providers: Integrate the updated CME modules into existing physician education, revise administrative materials (intake forms, electronic medical records) to reflect inclusive language, and ensure all frontline staff are trained in respectful, TGI-inclusive communication.
For Health Plans and Insurers: Implement TGI-focused training as specified by DMHC: for full-service healthcare service plans, by February 14, 2025, and for other regulated entities, by the statutory deadline. Update provider directories to highlight gender-affirming providers by March 1, 2025, and establish effective complaint and grievance tracking to ensure accountability. With respect to ERISA-governed self-insured group health plans, SB 923 does not provide an express exception. However, ERISA typically preempts state laws that attempt to regulate employee benefit plans, although fully insured plans are generally subject to state insurance laws and would likely need to comply with SB 923. A plan that is not fully insured or regulated by the California DMHC would generally not need to comply. As of the publication date, we are unaware of any ERISA preemption challenges to SB 923. Some group health plan sponsors may wish to proceed with compliance and continue to watch for any updates.
For Medi-Cal Managed Care Plans and PACE Organizations: Follow guidance issued by regulators, such as the DHCS Policy Letter 24-03, to implement required training, keep provider directories current with gender-affirming providers, and report TGI-related complaints. In addition, remain alert for further instructions from regulators and prepare to incorporate the required standards.
LOOKING AHEAD
When SB 923 was initially debated, some stakeholders opposed the legislation based on religious liberty and rights of conscience grounds, arguing that SB 923’s training mandates amount to unconstitutional compelled speech. However, a recent decision by the US District Court for the Central District of California in Khatibi v. Hawkins suggests that courts may uphold SB 923 as a form of government speech. The case involved a challenge to the implicit bias training requirement because some CME lecturers felt that their First Amendment rights were being violated. The court observed that “[s]tate-mandated curriculum requirements for CME courses necessary for state licensure constitutes government speech because when physicians . . . choose to teach CME courses for credit, they ‘speak for the state.’” (Khatibi v. Hawkins, No. 2:23-cv-06195-MRA-E, 2024 WL 3802523 (May 2, 2024)). The matter is currently under appeal to the US Court of Appeals for the Ninth Circuit.
CONCLUSION
SB 923 represents continued efforts by California toward ensuring that TGI patients receive respectful, informed, and affirming healthcare. With CME requirements already in effect and a range of new mandates, including system-wide training for health plans, updated provider directories, complaint tracking, and eventual quality standards, entities face a multifaceted compliance landscape. DHCS Policy Letter 24-03 and DMHC APL 24-018 provide clarity and actionable guidance, and both reflect the recommendations issued by the Transgender, Gender Diverse, or Intersex Working Group convened under SB 923’s mandate. Formal regulations under SB 923 will be adopted by July 1, 2027, but as the February and March 2025 deadlines approach, stakeholders should proactively implement training, update administrative practices, maintain transparent patient engagement, and follow the newly issued DHCS and DMHC directives.
UK Government Publishes Consultation on Proposals to Reduce the Threat of Ransomware Attacks
On January 14, 2025, the UK government opened a consultation seeking views on three proposals aimed at reducing the threat of ransomware attacks. The government intends to introduce legislation to counter ransomware attacks focusing on three key proposals:
Proposal 1: A targeted ban on ransomware payments for all public sector bodies, including local government, and for owners and operators of Critical National Infrastructure, that are regulated, or that have competent authorities. Critical National Infrastructure in the UK is comprised of 13 sectors including chemicals, defense, energy, finance, food, health and water. The UK government believes that breaking the cycle of paying ransomware demands is “essential to disrupting the ransomware business model.”
Proposal 2: A ransomware payment prevention regime that would require any victim of ransomware (that is not subject to the prohibition of payment under Proposal 1) to engage with the authorities and report their intention to make a ransomware payment before paying threat actors. Authorities would provide guidance and support to the victim, including with respect to potential non-payment resolution options. Information provided through reports and/or further engagement could be used to further intelligence supporting operational activity and contributing to major investigations.
Proposal 3: A ransomware incident reporting regime for suspected victims of ransomware, which would apply irrespective of any intention to pay the ransom. Through the consultation process, the UK government is considering whether this obligation should be subject to a threshold.
The consultation closes on April 8, 2025.
Massachusetts Expands Oversight of Private Equity Investment in Healthcare: Key Takeaways from House Bill 5159 Signed into Law by Governor Healey
On January 8, 2025, Massachusetts Governor Maura Healey signed House Bill 5159 (“H.5159”) into law, marking a notable expansion of the regulation of private equity investments within the Massachusetts healthcare sector. The legislation, set to take effect on April 8, 2025, introduces new measures to enhance transparency and accountability in healthcare transactions, focusing specifically on private equity firms, real estate investment trusts (“REITs”), and management services organizations (“MSOs”). This development also reflects a broader trend across the nation of increasing scrutiny of healthcare transactions and investments by private equity firms and other investors, as highlighted in our previous blog series on California’s Assembly Bill 3129.[i]
Key Provisions of H.5159
The enactment into law of H.5159 increases oversight of healthcare transactions in Massachusetts in several ways:
1. Expanded Definition of Material Changes Requiring Notice to the Massachusetts Health Policy Commission and Potential for Further Delays to Closing
Pre-existing Massachusetts law mandates that healthcare providers and provider organizations, including physician practices, healthcare facilities, independent practice associations, accountable care organizations, and any other entities that contract with carriers for the payment of healthcare services, with more than $25 million in Net Patient Service Revenue[ii] in the preceding fiscal year must submit a Material Change Notice (“MCN”) to the Massachusetts Health Policy Commission (“HPC”), Center for Health Information and Analysis (“CHIA”), and Office of the Attorney General at least 60 days prior to a proposed “material change” involving such entity.
Before H.5159 was enacted, the definition of “material change” already encompassed several types of transactions involving healthcare providers and provider organizations with more that $25 million in Net Patient Service Revenue, requiring them to submit an MCN to the Massachusetts HPC, CHIA, and Office of the Attorney General. These include:
A merger, acquisition, or affiliation between a healthcare Provider and an insurance carrier;
A merger, acquisition, or affiliation involving a hospital or hospital system;
Any acquisition, merger, or affiliation that results in an increase of $10 million or more in annual net patient service revenue, or grants the Provider or Provider Organization near-majority market share in a specific service or geographic area;
Clinical affiliations between two or more Providers or Provider Organizations with annual net patient service revenue of $25 million or more, excluding affiliations solely for clinical trials or medical education purposes; and
The formation of new entities such as joint ventures, MSOs, or accountable care organizations that contract with insurers or other administrators on behalf of healthcare Providers.
H.5159 notably broadens the definition of “material change” to include also:
Transactions involving a Significant Equity Investor that result in a change of ownership or control of a Provider or Provider Organization;
“Significant” acquisitions, sales, or transfers of assets, including, but not limited to, real estate sale-leaseback arrangements;
“Significant expansions” in a Provider or Provider Organization’s capacity;
Conversion of nonprofit Providers or Provider Organizations to for-profit entities; and
Mergers or acquisitions of Provider Organizations that will result in the Provider Organization having a dominant market share in a service or region.
The term “Significant Equity Investor” is broadly defined to include: (i) any private equity firm holding a financial interest in a Provider, Provider Organization, or MSO; and (ii) any investor, group of investors, or entity with ownership of 10% or more in such organizations. The definition specifically excludes venture capital firms solely funding startups and other early-stage businesses.
While the law expands the definition of “material change” to encompass the categories listed above, it does not explicitly define what constitutes a “significant acquisition,” “significant expansion,” or “change of ownership or control.” As of now, these terms are left to be clarified by the HPC through further regulation and guidance. Stakeholders should monitor future regulatory updates from the HPC to understand the specific thresholds for these types of transactions.
If the HPC determines within 30 days of receiving a complete MCN that a “material change” may significantly affect Massachusetts’ ability to meet healthcare cost growth benchmarks or impact market competition, the HPC can initiate a Cost and Market Impact Review (“CMIR”). This process requires detailed submissions from transaction parties and significantly extends the transaction timeline to close a deal.
The amended law also enhances the HPC’s information-gathering capabilities, authorizing the HPC to request detailed data on Significant Equity Investors, including financial data and capital structure information. Additionally, the HPC can now monitor and collect information on post-transaction impacts for up to five years following a material change. While nonpublic information submitted to the HPC remains confidential, the filed MCN and the completed CMIR report will be publicly available on the HPC’s website.
Although the HPC cannot directly prohibit a transaction or impose conditions, it can refer its CMIR findings to the Massachusetts Attorney General, Massachusetts Department of Public Health (“DPH”), or other state agencies for further action.
2. Investors May be Called as Witnesses at Annual Public Hearings
H.5159 authorizes the HPC to assess the impact of Significant Equity Investors, healthcare REITs, and MSOs on healthcare costs, prices, and cost trends. HPC is empowered to call a representative sample of these investors to testify at its annual public hearings under oath. The Attorney General may intervene in these hearings, ensuring rigorous oversight and accountability.
3. Annual Financial Reporting Requirements
Certain Provider Organizations are already required to register with the HPC (“Registered Provider Organizations”) and submit annual reports to the CHIA. To be subject to the registration requirement, a provider organization must meet at least one of the following criteria: (a) annual net patient service revenue from private carriers or third-party administrators of at least $25 million in the prior fiscal year; (b) a patient panel of more than 15,000 over the past 36 months; or (c) classification as a risk-bearing provider organization, regardless of revenue or panel size. This includes, but is not limited to, physician organizations, independent practice associations, accountable care organizations, and provider networks.
H.5159 expands reporting obligations for Registered Provider Organizations to include detailed information about the Registered Provider Organization’s Significant Equity Investors, healthcare REITs, and MSOs. It also clarifies that Registered Provider Organization financial statements must cover parent entities’ out-of-state operations and corporate affiliates. Additionally, the amended law authorizes the state to require quarterly submissions from Registered Provider Organizations with private equity involvement. These submissions may include audited financial statements, structure charts, margins, investments, and relationships with investor groups. Organizations must also report on costs, annual receipts, realized capital gains and losses, accumulated surplus, and reserves. The HPC will monitor prior transactions and investments for up to five years and notify organizations of future reporting deadlines as needed.
4. Penalties for Noncompliance with Reporting Requirements
H.5159 imposes stricter penalties for failing to submit required financial reports. Entities missing reporting deadlines may face fines of up to $25,000 per week after a two-week grace period, with no annual penalty cap. This is a substantial increase from prior penalties, which were capped at $50,000 annually.
5. Expanded Authority for the Attorney General
The Massachusetts Attorney General is authorized to review and analyze any information submitted to CHIA by a provider, provider organization, Significant Equity Investor, health care REIT, MSO or payer. The Attorney General may compel such entities to produce documents, answer interrogatories, or provide testimony under oath concerning healthcare costs, cost trends, and the relationship between provider costs and payer premiums.
The Attorney General may disclose such information during HPC annual public hearings, rate hearings before the Division of Insurance, and legal proceedings because the law deems such information to be in the public interest.
6. Expanded Massachusetts False Claims Act Liability
H.5159 amends the Massachusetts False Claims Act (the “MA FCA”), which is broader in scope than the Federal False Claims Act, to expand liability to entities holding an “ownership or investment interest” in a person or entity violating the MA FCA. Specifically, private equity owners and other investors who are aware of a violation and fail to report and remedy it within 60 days of discovery may be held liable. The law codifies this expanded accountability, explicitly including investor groups among those who can be held responsible for untimely reporting violations. Additionally, the amendments clarify the Attorney General’s authority to issue civil investigative demands to healthcare entities and investor groups.
Notable Exclusions from Earlier Proposals
H.5159 reflects several compromises that were made during the legislative process, resulting in a more moderate version compared to earlier proposals. The process began in May 2024 with the introduction of House Bill 4653, followed by Senate Bill 2871 in July 2024.[iii] Senate Bill 2871 included stricter requirements than those in House Bill 4653, but lawmakers struggled to reconcile the differences before the legislative session deadline on July 31, 2024. This stalemate led to renewed efforts in December 2024, which ultimately resulted in the passage of H.5159.
While H.5159 carries forward many of the provisions from the earlier bills, it also removes certain measures that stakeholders had identified as too burdensome, as outlined below. These exclusions include:
Restrictions on Practice Ownership and Clinical Decision Making: provisions explicitly codifying restrictions on healthcare practice ownership and prohibiting MSOs or other healthcare entities from exerting control over clinical decisions were omitted.
Boundaries Between MSOs and Physician Practices: H.5159 also excludes specific boundaries that were previously proposed to regulate the relationship between physician practices and MSOs, including restrictions on MSOs exerting ultimate control over the finances of healthcare practices and limitations on stockholders’ ability to transfer, alienate, or exercise discretion over their ownership interests in the practices.
Maximum Debt-to-EBITDA: A provision that would have allowed the Massachusetts HPC to set a maximum debt-to-EBITDA ratio for provider organizations with private equity investors was removed from the final bill that was signed into law.
Bond Requirements for Private Equity Firms: H.5159 does not include the previously proposed requirement that private equity firms deposit a bond with the DPH when submitting an MCN, including when acquiring a provider organization.
Conclusion
The passage of H.5159 represents a pivotal moment in Massachusetts’ efforts to regulate investment in health care. It also reflects, however, a compromise that did not impose even more stringent requirements that were set to impact providers, provider organizations, and investors.
Investors, including private equity firms, and healthcare providers and provider organizations, will need to adapt to the enhanced oversight mechanisms and implement more thorough due diligence practices to ensure transparency and avoid penalties for non-compliance. Pre-transaction, this includes ensuring thorough documentation and proactive engagement with regulatory authorities. Post-transaction, entities must implement systems to track and report required financial and operational data accurately and on time.
As H.5159 takes effect, we will continue to monitor and report on any further regulatory updates, particularly those concerning the HPC’s development of regulations to implement this law.
FOOTNOTES
[i] Update: Governor Newsom Vetoes California’s AB 3129 Targeting Healthcare Private Equity Deals | Healthcare Law Blog (sheppardhealthlaw.com), published October 2, 2024, Update: AB 3129 Passes in California Senate and Nears Finish Line | Healthcare Law Blog (sheppardhealthlaw.com), published September 6, 2024, California’s AB 3129: A New Hurdle for Private Equity Health Care Transactions on the Horizon? | Healthcare Law Blog (sheppardhealthlaw.com), published April 18, 2024, and Update: California State Assembly Passes AB 3129 Requiring State Approval of Private Equity Healthcare Deals | Healthcare Law Blog (sheppardhealthlaw.com), published May 30, 2024.
[ii] Net Patient Service Revenue refers to revenue received for patient care from third-party payers, net of contractual adjustments, with distinctions depending on the type of Provider or Provider Organization. For hospitals, it must comply with Massachusetts General Laws Chapter 12C, Section 8, requiring standardized reporting of gross and net revenues, including inpatient and outpatient charges, private sector charges, payer mix adjustments, and revenue from additional services. For other providers and provider organizations, it includes all revenue from third-party payers, prior-year settlements, and premium revenue (per-member-per-month payments for comprehensive healthcare services). 950 CMIR 7.00.
[iii] See our prior blog for background on Senate Bill 2871: Massachusetts Senate Passes Bill to Increase Oversight of Private Equity Healthcare Transactions | Healthcare Law Blog
Listen to this post
Cybersecurity Executive Order—Key Implications for the Manufacturing Industry
On January 16, 2025, President Joe Biden issued the “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity,” a comprehensive directive designed to address the growing complexity and sophistication of cyber threats targeting the United States. The Executive Order aims to establish a cohesive national strategy for improving cybersecurity across federal agencies, private businesses, and critical infrastructure sectors. The Executive Order governs a wide-array of critical issues, including new cybersecurity standards for federal contractors, enhanced public-private information sharing, the promotion of advanced technologies like quantum-resistant cryptography and artificial intelligence (AI), and the imposition of sanctions on foreign cyber actors. The Executive Order’s initiatives demonstrate a commitment to strengthening the nation’s cybersecurity defenses in a rapidly evolving digital landscape and incorporate approaches generally understood as best practices to enhance cybersecurity.
To further advance the initiatives outlined in the order, the Cybersecurity and Infrastructure Security Agency (CISA), a key federal entity responsible for coordinating national efforts to safeguard critical infrastructure, expanded on the directive with detailed implementation frameworks and additional guidance. CISA’s involvement underscores its crucial role in operationalizing the Executive Order and transforming its policy directives into actionable strategies. Through collaboration with industry leaders, technology innovators, and government stakeholders, CISA has addressed specific challenges, including adopting quantum-resistant cryptography, deploying artificial intelligence in cybersecurity defenses, and improving public-private information-sharing mechanisms. These efforts emphasize fostering innovation, enhancing resilience, and protecting the nation’s digital ecosystem from emerging threats. By building on the Executive Order, CISA seeks to bridge the gap between policy objectives and on-the-ground cybersecurity practices, ensuring that the nation’s cybersecurity posture evolves in tandem with the rapidly changing threat landscape.
The transition of the presidency to President Donald Trump on January 20, 2025, has led to questions about the future of the Biden Executive Order. Historically, President Trump has favored deregulation and, during his first term, had repealed several executive orders issued by previous administrations. The possibility of modification or repeal to the Executive Order is particularly significant for the manufacturing sector, which is both a critical component of the U.S. economy and a frequent target of cyberattacks.
The purpose of this guide is three-fold. First, it examines the key elements of the existing Executive Order. Next, it explores the potential modifications that the Trump administration may implement. Finally, it provides guidance tailored to manufacturing companies for navigating this evolving regulatory and threat environment, building on previous related resources published by Foley & Lardner and the Cybersecurity Manufacturing Innovation Institute (CyManII), which are referenced at the end of this alert.
Key Provisions of the Executive Order and their Impact on Manufacturing
Minimum Cybersecurity Standards for Federal Contractors
A central provision of the Executive Order mandates baseline cybersecurity measures for federal contractors. These include securing access to critical systems and data using Multi-factor authentication (MFA), incorporating endpoint detection and response (EDR) tools to monitor, detect, and respond to cybersecurity threats, and using encryption to protect sensitive data both during transit and at rest.
Manufacturers supplying goods or services to the federal government must adhere to these cybersecurity standards to maintain their eligibility for governmental contracts. For many companies, this may require substantial investments in upgrading systems, adopting new technologies, and training personnel. Non-compliance could lead to the loss of profitable federal contracts and potential reputational damage.
Enhanced Public-Private Information Sharing
The Executive Order directs federal agencies to enhance mechanisms for sharing threat intelligence with private-sector entities. This collaboration aims to provide timely and actionable insights to help businesses defend against emerging cyber threats.
This initiative benefits the manufacturing sector as it is a primary target for ransomware attacks and intellectual property theft. Access to real-time threat intelligence allows manufacturers to identify vulnerabilities, respond swiftly to incidents, and mitigate risks more effectively. A ransomware incident plan focused on manufacturing can be found here: Ransomware Playbook.
Transition to Quantum-Resistant Cryptography
The Executive Order highlights the urgent need to adopt quantum-resistant cryptographic algorithms to tackle the long-term threat arising from advancements in quantum computing. As manufacturing increasingly incorporates digital technologies and interconnected systems, safeguarding proprietary designs, supply chain data, and other sensitive information is essential to business. Early adoption of quantum-resistant encryption may provide a competitive advantage and safeguard critical assets against existing and future threats. Guidelines for approaching quantum-resistant cryptography are available from NIST and the first post-quantum encryption standards are found here.
Leveraging AI for Cybersecurity
The Executive Order promotes the use of AI-driven cybersecurity tools to identify and counter advanced cyber threats in real time. AI is potentially transformative for the manufacturing sector because it can automate threat detection and response strategies. AI is also a proven tool for minimizing operational disruptions, protecting intellectual property, and ensuring the integrity of production lines. The pilot programs outlined in the Executive Order could serve as a model for broader adoption across the industry. AI may significantly accelerate the detection and mitigation of cyber-attacks, an area under development by CyManII.
Sanctions on Foreign Cyber Actors
The Executive Order grants the federal government the authority to impose sanctions on individuals and entities responsible for cyberattacks targeting U.S. organizations. Sanctions serve as a deterrent against state-sponsored cyberattacks and industrial espionage. For manufacturers, this provision provides an extra layer of protection and highlights the government’s commitment to safeguarding critical industries.
Potential Changes Under the Trump Administration
Deregulation of Cybersecurity Standards
President Trump’s emphasis on minimizing regulatory burdens may result in a rollback of the cybersecurity requirements in the Executive Order. This could shift the responsibility for implementing robust cybersecurity measures from the federal government to individual companies.
Focus on Supply Chain Resiliency
Based on the criticality of U.S. manufacturing and its role in global competitiveness and economic stability, we anticipate President Trump will issue guidance on securing supply chain resiliency to enhance the productivity of U.S. manufacturers. We will monitor these anticipated changes and publish future alerts as applicable.
Reprioritization of Cybersecurity Initiatives
While the current Executive Order emphasizes quantum-resistant cryptography and AI, the Trump administration might focus first on immediate cybersecurity challenges and delay longer-term solutions that require significant investment.
Reduced Emphasis on Public-Private Collaboration
Changes to information-sharing initiatives could decrease government support for private-sector cybersecurity efforts, which may compel manufacturers to seek alternative sources of threat intelligence.
Selective Sanctions Enforcement
A more selective approach to sanctions could change the deterrent effect on foreign cyber actors, potentially raising the risk of targeted attacks on U.S. manufacturing companies.
Guidance for Manufacturing Companies
Given the uncertainty surrounding the future of the Executive Order, manufacturers must adopt a proactive approach to cybersecurity. Below are actionable steps to enhance resilience:
Strengthen Core Cybersecurity Measures
Adopt Industry Best Practices: Ensure the deployment of MFA, EDR, and encryption on all critical systems.
Secure Operational Technology (OT): Safeguard industrial control systems (ICS) and other OT components essential to manufacturing operations.
Conduct Regular Assessments: Regular audits can help identify vulnerabilities and prioritize remediation efforts.
Invest in Employee Training: Over 80% of ransomware and other cyber-attacks can be traced to the “human in the loop.” Thus, cybersecurity training is a solid investment to protect your company and its operations.
Monitor Regulatory Developments
Stay Informed: Stay informed about updates to the Executive Order and other relevant cybersecurity policies.
Engage Legal Counsel: Consult legal and compliance experts to assess the potential impact of policy changes on your business operations.
Invest in Advanced Cybersecurity Technologies
Explore AI Solutions: Leverage AI tools for predicting threats, identifying anomalies, and automating incident responses.
Transition to Quantum-Resistant Cryptography: Start planning cryptographic upgrades to protect sensitive data from emerging threats.
Collaborate with Industry Peers: Participate in forums and consortia to exchange best practices and establish standardized cybersecurity protocols.
Secure the Supply Chain
Evaluate Vendor Risks: Perform comprehensive cybersecurity assessments of suppliers and third-party partners.
Develop Redundancy Plans: Identify critical supply chain dependencies and develop contingency plans to mitigate potential disruptions.
Encrypt Communications: Safeguard data transfers throughout the supply chain to minimize the risk of interception.
Build Robust Incident Response Plans
Establish Comprehensive Protocols: Develop incident response plans tailored to manufacturing-specific threats, such as ransomware attacks on production systems. An example of industry guidance and template is available in CyManII’s Ransomware Preparation Guide: Prevention, Mitigation, and Recovery for Manufacturers.
Train Employees: Provide ongoing cybersecurity training to improve awareness and minimize human error.
Test and Refine Plans: Perform regular simulations to assess the effectiveness of response strategies and implement necessary adjustments.
Final Thoughts
The “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity” highlights the urgent need for robust cybersecurity measures, particularly within the manufacturing sector, vital to national security, economic stability, and global competitiveness. This sector faces an increasing number of sophisticated threats, including ransomware attacks, vulnerabilities in the supply chain, and intellectual property theft. While the future of the Executive Order under the Trump administration is uncertain, manufacturers cannot afford to delay action. Cyber-attacks on manufacturers will continue to rise in volume and sophistication over the coming years. Proactive measures such as implementing advanced security technologies, strengthening supply chain defenses, and keeping abreast of regulatory changes are essential for mitigating risks and ensuring operational continuity.
Furthermore, adhering to strict cybersecurity standards allows manufacturers to secure federal contracts, establish trust with stakeholders, and gain a competitive edge in the market. As potential changes to the Executive Order could lead to a fragmented regulatory landscape—spanning federal, state, and international levels—manufacturers must prepare for diverse compliance requirements. By prioritizing cybersecurity, the manufacturing sector not only safeguards its critical assets and processes but also reinforces its vital role in driving economic growth and technological innovation.
About CyManII
Launched in 2020 by the U.S. Department of Energy, CyManII works across the manufacturing industry, research and academic institutions, and federal government agencies to develop technologies that enable the security and growth of the U.S. manufacturing sector.
Additional information on cybersecurity risks faced by manufacturers can be found in prior articles authored by Foley & Larder and CyManII, including:
Recommendations for Managing Cybersecurity Threats in the Manufacturing Sector
So, You Think of Cybersecurity Only as a Cost Center? Think Again.
CyManII also contributed to this article.
Tariffs And California’s Anti-Price Gouging Law
Earlier this week, President Donald Trump remarked that he is “thinking in terms of 25%” tariffs on goods imported from Mexico and Canada”. A tariff is a tax levied upon imported goods. When goods enter the United States, they are classified and tariffs are assessed using the Harmonized Tariff Schedule of the United States (HTSUS), a compendium of tariff rates based on a globally standardized nomenclature.
Importantly, the tariffs are paid to the U.S. Customs and Border Protection department. This fact may have important implications under California’s anti price gouging statute, Penal Code Section 396. As discussed in prior posts this week, this statute prohibits, among other things, sales or offers to sell any consumer food items or goods (as defined), goods or services used in emergency cleanup, emergency supplies (as defined), medical supplies (as defined), home heating oil, building materials (as defined), housing (as defined), transportation, freight, and storage services (as defined), or gasoline (as defined) or other motor fuels for a price of more than 10% greater than the price charged by that person for those goods or services immediately before the proclamation or declaration of emergency. However, a greater price increase is not unlawful under the statute if the seller can prove that “the increase in price was directly attributable to additional costs imposed on it by the supplier of the goods, or directly attributable to additional costs for labor or materials used to provide the services, during the state of emergency or local emergency, and the price is no more than 10 percent greater than the total of the cost to the seller plus the markup customarily applied by that seller for that good or service in the usual course of business immediately prior to the onset of the state of emergency or local emergency”.
As noted above, tariffs are not imposed by the sellers of goods. Tariffs are imposed by the U.S. government. The statutory exception refers only to additional costs “imposed by the supplier of the goods” (emphasis added). Therefore, it is questionable whether the a seller may impose a greater than 10% price increase based upon an increase in tariffs imposed by the federal government. However, not allowing sellers to justify price increases based on increases in tariffs would likely have the unintended consequence of reducing supplies of much needed goods during emergency.
Understanding President Trump’s Executive Orders on DEI: Implications for Federal Contractors
On January 21, 2025, President Trump signed two Executive Orders (“EOs”) taking aim at diversity, equity, and inclusion (“DEI”) within federal agencies and the federal contractor workforce: Ending Illegal Discrimination And Restoring Merit-Based Opportunity and Ending Radical and Wasteful Government DEI Programs and Preferencing. Accordingly, federal contractors must now re-familiarize themselves with the Trump administration’s view on workplace DEI initiatives. These EOs represent a sharp contrast in the new administration’s expectations regarding workplace DEI compared to the Biden administration.
The Trump administration regards DEI initiatives as suspect based on the belief that these initiatives involve lowering applicable professional standards and discrimination against those viewed as capable of advancing based on merit. As the President articulated in the EO titled “Ending Illegal Discrimination and Restoring Merit Based Opportunity,” DEI is “a pernicious identity-based spoils system.” President Trump stated in his inaugural address that he intends to “forge a society that is colorblind and merit-based.” In furtherance of this objective, the President revoked EO 11246, which for more than six decades has prohibited federal contractors from making employment decisions on the basis of race, color, religion, sex, or national origin. While racial discrimination in hiring remains illegal under the Title VII of the Civil Rights Act of 1964, the Trump administration also ordered the Civil Rights Division of the Department of Justice to immediately freeze much of its activity, including not pursuing any new discrimination cases.
What Do Contractors Need to Know About President Trump’s EO “Ending Illegal Discrimination and Restoring Merit-Based Opportunity”?
In this second presidential term, the Trump administration demonstrates greater awareness and sophistication in leveraging existing legal frameworks to enforce its view of DEI initiatives and principles. Accordingly, contractors should expect heightened government scrutiny and legal challenges as the Trump administration seeks to demonstrate its ability to force contractors to align with its viewpoint that explicit efforts to achieve workplace diversity constitute unacceptable racial discrimination.
Agreement Regarding to Materiality Under the False Claims Act: One of the biggest takeaways for federal contractors is that this EO requires the head of each agency to include a contract term in which the contractor agrees that its “compliance in all respects with all applicable Federal anti-discrimination laws” is material to the government’s payment decisions for purposes of the False Claims Act (“FCA”) (section 3729(b)(4) of title 31).
Certification: The EO also requires an award recipient to certify that it does not operate any programs “promoting DEI that violate any applicable Federal anti-discrimination laws.” This certification, if viewed as false by the Trump administration’s Justice Department, could become the basis for an allegation of an FCA violation.
Expected Government Investigations: The EO directs the Attorney General to identify “up to nine potential civil compliance investigations of publicly traded corporations, large non-profit corporations or associations, foundations with assets of 500 million dollars or more, state and local bar and medical associations, and institutions of higher education with endowments over one billion dollars.” This demonstrates the Trump administration’s willingness to invest government resources into challenging the DEI programs of large organizations.
Expected Litigation: The EO directs the Attorney General to report on ways in which the private sector can be encouraged “to end illegal DEI discrimination and preferences and comply with all federal civil-rights laws” and to identify opportunities for the Trump administration to engage in lawsuits.
What Do Contractors Need to Know About President Trump’s EO “Ending Radical and Wasteful Government DEI Programs and Preferencing”?
While this executive order is directed to federal agencies, it demonstrates the sweeping nature of the Trump administration’s efforts to eradicate DEI principles from the workplace.
Termination of DEI Programs: The EO mandates the termination of all DEI programs within federal agencies. This includes any initiatives, training, or policies that are specifically designed to promote DEI within the federal workforce, which the EO describes as “radical and wasteful.” Relatedly, the Trump administration issued a memo directing all federal agencies to place any DEI professionals within their ranks on paid leave as of January 22, 2025. The Trump administration also provided agency heads with a directive warning of “adverse consequences” for anyone who fails to report any of their colleagues (to a specified email address created for this this purpose) who try to circumvent orders to immediately cease DEI-related activities.
Prohibition of Preferences Based on Identity: Consistent with EO 11246 (which the President revoked), the new Trump EO explicitly prohibits federal agencies from giving preferential treatment to individuals based on race, color, religion, sex, or national origin in hiring, promotion, or any other employment decisions.
Review and Rescission of Existing Policies: Federal agencies are required to conduct a comprehensive review of their existing policies, programs, and practices to identify any that are inconsistent with the new directive. Any policies or programs that are found to be in violation of the order must be rescinded or modified to comply with the new guidelines. This includes reviewing training materials, hiring practices, and any other initiatives that may have been implemented to promote DEI within the agency.
What Should Contractors Do to Comply with the New EOs?
Contractors should conduct a privileged review of their existing DEI programs to identify any potentially problematic features such as race- or gender-based quotas, or to consider adding a mission statement to clarify that the contractor’s diversity efforts seek to identify and cultivate all existing talent and do not have the effect of lowering any applicable standards or commitment to excellence.
Contractors should also consider a privileged review of their documented merit-based criteria for hiring, promotions, and other employment actions. This may involve updating job descriptions, performance evaluation processes, and training programs to focus on skills, experience, and performance.
Contractors should consider developing consistent guidance for employees, as they may have questions about the organization’s continued commitment to diversity and inclusion, and whether such a commitment is lawful, or where to go if they have concerns.
We will continue to closely monitor the implementation of these executive orders and will report on any new developments.
Will New York’s New Flood Insurance Law Create a Coinsurance Problem for Lenders and Policyholders?
A law recently passed by the New York State Assembly and signed by Gov. Kathy Hochul puts significant limits on the flood insurance that lenders can require borrowers to purchase on loans secured by residential real property. Commentary in the weeks since the law went into effect has focused on potential conflicts between the law and the federal Flood Disaster Protection Act or the potential for loans and properties to be underinsured for flood. Another hidden problem may occur, however, if policyholders opt to purchase coverage for significantly less than the building replacement cost on a policy that includes a coinsurance penalty.
Signed by Gov. Hochul on December 13, 2024, and effective immediately, Assembly Bill A5073A prohibits mortgage lenders from requiring borrowers to obtain flood insurance on improved residential real property at a coverage amount exceeding the outstanding principal mortgage balance as of the beginning of the year for which the policy shall be in effect, or that includes contents coverage. The bill additionally requires lenders to provide clear and conspicuous notice to borrowers that the required flood insurance will only protect the lender’s interest and may not be sufficient to pay for repairs or other loss after a flood.
Of course, purchasing coverage for less than full replacement cost of the insured building carries the risk that coverage will be insufficient to rebuild or repair in the event of a loss. But policyholders who consider taking this chance should also consider whether their flood policy has a coinsurance penalty. These provisions can limit payouts to insureds who purchase coverage for substantially less than the building replacement cost by paying only a fraction of the full loss. For example, both the FEMA and ISO personal flood policies have the potential to pay only a specified portion of the loss or the actual (depreciated) cash value, whichever is greater, when insurance limits are less than 80% of full replacement cost. Even if the policy pays the actual cash value, however, the policyholder and their lender may come in for a nasty shock if the depreciated cash value of the building is many thousands of dollars less than what is needed to complete repairs.
If a coinsurance penalty applies, purchasing coverage at the amount of the outstanding mortgage principal balance under New York’s law thus does not necessarily translate into an insurance payout in that amount. Notably, the notice required to be given to mortgagors by New York does not include a specific warning to the property owner of this possibility.
Listen to this post
What’s Next for OFCCP? Agency Issues First Statement After President Trump’s Revocation of EO 11246
On January 23, 2025, the Office of Federal Compliance Programs (OFCCP) sent out its first official agency communication since the issuance of President Trump’s Executive Order (the “Trump Order”) revoking Executive Order 11246 . The message served to inform contractors of the import of Trump Order, but also that some OFCCP obligations remain.
OFCCP’s message referenced the revocation of EO 11246, noting that, per the Trump Order, “[f]or 90 days from the date of this order, Federal contractors may continue to comply with the regulatory scheme in effect on January 20, 2025,” with OFCCP adding emphasis to the word “may.”
The message also confirmed that per the Trump Order, OFCCP will immediately cease:
Promoting “diversity”.
Holding Federal contractors and subcontractors responsible for taking “affirmative action”; and
Allowing or encouraging Federal contractors and subcontractors to engage in workforce balancing based on race, color, sex, sexual preference, religion, or national origin.
Importantly, OFCCP noted that requirements under Section 503 of the Rehabilitation Act, 29 U.S.C. 793, and the Vietnam Era Veterans’ Readjustment Assistance Act (VEVRAA), 38 U.S.C. 4212, are “enforced by OFCCP, are statutory and remain in effect.” (emphasis in original). Accordingly, federal government contractors are still required to comply with their affirmative action and other OFCCP obligations as they pertain to protected veterans and individuals with disabilities.
OFCCP also promised that “[a]dditional information regarding OFCCP’s current activities will be forthcoming in the upcoming weeks,” and that any questions should be submitted to the OFCCP Customer Service Helpdesk.
What Employers and Nonprofits Should Know About Trump’s Executive Order Banning Diversity Preferences
Following his inauguration on January 20, President Trump signed a slew of executive orders, including a handful related to Diversity, Equity, and Inclusion (DEI) initiatives.
On January 21, President Trump signed an executive order (EO) entitled “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” (DEI EO), which aims to end DEI preferences in both the public and the private sectors, including nonprofits. Section 4 of the DEI EO tasks all federal agency heads with “encouraging” private sector companies to end DEI preferences, in part by threatening legal action against them.
Executive orders[1] are directives from the President and have the force of law. Because they are not legislation, they do not require approval from Congress, and Congress cannot directly overturn them, though it does have ways to affect their implementation. And, affected parties can challenge executive orders in court.
The DEI EO, taken together with the US Supreme Court’s ruling in Students for Fair Admissions v. President and Fellows of Harvard College, which found that Harvard University’s and the University of North Carolina’s race-based admissions systems violated the equal protection clause of the 14th amendment, may portend an end to private sector and nonprofit DEI programming and initiatives as we have come to know them. Even if the DEI EO is successfully challenged, employers in the public and private sectors should be prepared for increased scrutiny of any DEI initiatives and programming.
An Overview of the Executive Order
The DEI EO begins with the premise that longstanding civil rights laws designed to protect against discrimination have been used by institutions to adopt “dangerous, demeaning, and immoral race- and sex-based preferences under the guise of so-called ‘diversity, equity, and inclusion’ (DEI) or ‘diversity, equity, inclusion, and accessibility’ (DEIA)” which could violate those laws. According to the executive order, these actions “diminis[h] the importance of individual merit, aptitude, hard work, and determination when selecting people for jobs and services…”
The executive order mandates the following at the federal government level:
The termination of all “discriminatory and illegal preferences, mandates, policies, programs, activities, guidance, regulations, enforcement actions, consent orders, and requirements” in any executive department or agency.
The revocation of five executive orders from 1965, 1994, 2011, 2014 and 2016[2] focused on equal employment opportunities and promotion of diversity for the federal government and federal contractors.
That the Office of Federal Contract Compliance Programs (OFCCP) within the US Department of Labor immediately cease (1) promoting diversity, (2) holding federal contractors or subcontractors responsible for affirmative action, and (3) allowing workforce balancing based on race, color, sex, sexual preference, religion, or national origin.
The executive order also provides the following with respect to private sector employers:
The heads of all federal agencies must take action to advance in the private sector “the policy of individual initiative, excellence, and hard work.”
Most notably, within 120 days, the US Attorney General, in consultation with the heads of relevant agencies and in coordination with the Director of the Office of Management and Budget (OMB), must submit a report containing “recommendations for enforcing Federal civil-rights laws and taking other appropriate measures to encourage the private sector to end illegal discrimination and preferences, including DEI.” The report should contain a proposed strategic enforcement plan identifying: “(1) key sectors of concern within each agency’s jurisdiction; (2) the most egregious and discriminatory DEI practitioners in each sector of concern; (3) a plan of specific steps or measures to deter DEI “programs or principles” (whether specifically denominated “DEI” or otherwise) that constitute illegal discrimination or preferences.
As part of this plan, each agency is required to identify up to nine potential civil compliance investigations of:
Publicly traded corporations.
Large nonprofit corporations or associations.
Foundations with assets of $500 million or more.
State and local bar and medical associations.
Institutions of higher education with endowments over $1 billion.
In addition, within 120 days, the Attorney General and the US Secretary of Education must jointly issue guidance to all state and local educational agencies that receive federal funds, as well as all institutions of higher education that receive federal grants or participate in the federal student loan assistance program regarding the measures and practices required to comply with the principles set forth in the Supreme Court’s Students for Fair Admissions decision.
What Should Private Sector Employers (Including Nonprofits) Do Now?
The executive order raises significant questions regarding private sector use of DEI preferences and even calls into question the ability of a company to sustain or encourage an internal culture that celebrates or seeks out diversity. Because the executive order does not define “illegal discrimination or preferences,” it can be difficult to determine whether a specific practice is likely to be the target of negative government attention.
Notably, nothing in the executive order suggests that employers may not take action to seek out a diverse candidate pool, so long as ultimate hiring decisions are based on qualifications alone and do not involve illegal preferences. Therefore, to lower the risk of enforcement action by the federal government, private sector employers (including nonprofit organizations) may choose to recruit across a broader spectrum and prioritize seeking out a wide range of diverse characteristics, rather than just focusing on protected characteristics like race or sex.
At a minimum, employers who fall into one or more of the five categories to be scrutinized for potential civil compliance investigations may wish to assess their risk-tolerance and consider whether suspending affirmative action plans or DEI initiatives is in line with their company’s priorities. But, even for employers who are not the target of civil compliance investigations, these executive orders may embolden employees and applicants who feel they have been mistreated as a result of diversity initiatives to bring private claims of discrimination against their employers.
What Should Government Contractors Do Now?
Significantly, the DEI EO’s revocation of Executive Order 11246, first issued in 1965 (one year after President Johnson signed the Civil Rights Act of 1964) (EO 11246) reflects a sea change in the affirmative action obligations of government contractors. Under EO 11246, federal contractors were required to analyze workforce data and engage in good faith efforts to provide equal employment opportunities for women and minorities, but they were not required to apply quotas or preferences for those groups. President Trump’s revocation of this longstanding requirement potentially eliminates entirely the requirements that government contractors develop and certify annually their affirmative action plans.
The DEI EO permits federal contractors to operate under current rules for 90 days while they await further guidance from the government on new requirements. We anticipate that private plaintiffs will be exploring their options in terms of legal remedies in response to the revocation.
Potential Implications for Nonprofits Beyond Employment Matters
DEI principles are integral, and in some cases central, to the mission of many nonprofits. The DEI EO is drafted broadly and could encompass programmatic activities in addition to employment-related or contractual matters. As a result, while some organizations may be more risk averse and may elect to change or terminate certain programs, other organizations may decide to stay the course and continue to pursue programs that could draw the attention of the Administration, Attorney General, or relevant agencies. The decision will depend in part on the organization’s specific priorities and level of risk aversion. If an organization ultimately seeks to terminate programs or make fundamental changes to their mission, there may be other legal impediments that could arise under the federal tax law and state nonprofit laws, particularly those that apply to charitable organizations.
[1] (1) Initial Rescissions Of Harmful Executive Orders And Actions; (2) Ending Radical And Wasteful Government DEI Programs And Preferencing; (3) Reforming The Federal Hiring Process And Restoring Merit To Government Service
[2] (1) Executive Order 11246 of September 24, 1965 (Equal Employment Opportunity), (2) Executive Order 12898 of February 11, 1994 (Federal Actions to Address Environmental Justice in Minority Populations and Low-Income Populations); (3) Executive Order 13583 of August 18, 2011 (Establishing a Coordinated Government-wide Initiative to Promote Diversity and Inclusion in the Federal Workforce); (4) Executive Order 13672 of July 21, 2014 (Further Amendments to Executive Order 11478, Equal Employment Opportunity in the Federal Government, and Executive Order 11246, Equal Employment Opportunity); and (5) The Presidential Memorandum of October 5, 2016 (Promoting Diversity and Inclusion in the National Security Workforce).
Additional Authors: Lauren C. Schaefer and Brian D. Schneider
DEI Changes from the Start: Key Executive Orders Signed on Trump’s First Day
On January 20, 2025, Donald J. Trump was sworn in as the 47th President of the United States. Fulfilling one of his major campaign promises, he issued a series of executive orders on his first day in office. Two of these orders represent a significant shift regarding gender and diversity, equity, and inclusion (DEI) initiatives.
One order declares that the federal government only recognizes two immutable sexes: male and female. This Order, entitled, “Defending Women from Gender Ideology Extremism and Restoring Biological Truth to the Federal Government,” rejects “gender identity” as a basis for policy decisions and emphasizes that sex is a fixed biological characteristic. It directs federal agencies to use clear, sex-based language in all official documents and communications, and seeks to ensure that facilities and programs meant for one sex are not accessed based on gender identity. Specifically, the Order requires government-issued identification documents, including passports, visas, and Global Entry cards, to reflect the holder’s sex assigned at birth. The Order also calls for revisions to policies concerning women’s spaces, healthcare, and legal protections, aiming to uphold sex-based rights.
Another order, entitled, “Ending Radical and Wasteful Government DEI Programs and Preferencing,” aims to end what President Trump deems “discriminatory” DEI initiatives implemented by the Biden administration. In this Order, federal agencies are mandated to terminate these initiatives, including terminating DEI-related positions, training, and programs, under whatever name they appear (including in relation to “environmental justice”). Federal agencies are directed to revise employment practices to focus solely on merit, performance, and skills, without considering DEI factors. The aim of this Order is to ensure equal treatment for all Americans, reducing federal spending on what the Order labels “wasteful” and “discriminatory” policies.
President Trump also issued an order that reverses several executive orders from the Biden administration. The Order highlights a commitment to undoing practices deemed to have harmed the nation, particularly focusing on issues of DEI, border control, and climate-related regulations. The Order asserts that these policies from the Biden administration created divisiveness, inflated costs, and strained public resources. Among the revoked prior orders are:
Executive Order 13985, Advancing Racial Equity and Support for Underserved Communities Through the Federal Government;
Executive Order 13988, Preventing and Combatting Discrimination on the Basis of Gender Identity or Sexual Orientation;
Executive Order 14091, Further Advancing Racial Equity and Support for Underserved Communities Through the Federal Government; and
Executive Order 14069, Advancing Economy, Efficiency, and Effectiveness in Federal Contracting by Promoting Pay Equity and Transparency.
Additionally, this Order creates a broad review process, wherein the Domestic Policy Council and National Economic Council have been tasked with reviewing federal actions from the Biden administration to determine which additional policies should be rescinded or amended to “increase American prosperity.”
Yesterday’s wave of executive orders marks just the beginning of what is expected to be a series of significant policy shifts under President Trump’s administration. As these changes unfold, they will likely have widespread impacts on everything from federal regulations to national security. With more orders likely on the horizon, it is crucial to stay informed and to prepare to accommodate the evolving policy landscape.