Blockchain+ Bi-Weekly; Highlights of the Last Two Weeks in Web3 Law: June 5, 2025

The most important development of the last two weeks is likely the release of a revised bipartisan digital asset market structure bill in Congress, which now gives real momentum to the possibility of comprehensive legislation. At the same time, the SEC is continuing to reposition its posture, pulling back from aggressive litigation, acknowledging areas outside its jurisdiction such as staking, and signaling a more measured approach as we await the first report from its new Crypto Task Force. Meanwhile, the courts continue to shape the legal boundaries of decentralized finance, as seen in the closely watched ruling overturning fraud charges in the Mango Markets case.
These developments and a few other brief notes are discussed below.
Bipartisan Market Structure (“CLARITY Act”) Bill Text Released: May 29, 2025
Background: After releasing draft language of an unnamed market structure bill a few weeks ago, a revised and now titled version, the CLARITY Act, dropped last week. Sponsored by House Financial Services Committee Chair French Hill, the bill has five Republican and three Democratic co-sponsors, all members of either the House Financial Services or House Agriculture Committees. It is expected to be fast-tracked for markup in the Financial Services Committee, as early as June 10th, so this could move quickly through committees. Broader House timing remains unclear, however, as Congressional attention is divided among numerous competing priorities beyond digital asset regulation.
Analysis: The sponsors appear to have seriously considered industry feedback, and several technology-specific issues flagged in the prior version were meaningfully addressed. For example, many pointed to the definition of “Decentralized Finance Trading Protocol,” previously criticized as overly broad, has been revised and now more closely tracks the drafters’ likely intent. There was a hearing earlier this week in the House Financial Services Committee (which we will cover in the next Bi-Weekly update), which was designed to discuss digital asset regulation more broadly but focused heavily on this bill as well. 
SEC Releases Guidance That Certain Proof of Stake Staking Activities Do Not Implicate Securities Laws: May 29, 2025
Background: The SEC Division of Corporate Finance put out a “Statement on Certain Protocol Staking Activities” clarifying its view that certain proof-of-stake blockchain protocol “staking” activities are not securities transactions within the scope of the federal securities laws. This follows related guidance on Proof-of-Work mining which was put out in March. “Accordingly, it is the Division’s view that participants in Protocol Staking Activities do not need to register with the Commission transactions under the Securities Act or fall within one of the Securities Act’s exemptions from registration in connection with these Protocol Staking Activities.”
Analysis: This likely clears the way for staking in ETH ETFs or other ETFs linked to proof-of-stake blockchain assets, which may be approved in the near future (although there are still tax and other securities law issues that could make this complicated). It is unclear how this might affect the prior Kraken consent order, as many of the staking services offered by Kraken now appear to be “Ancillary Services” under this guidance. It is great to see all this guidance coming out, but until the guidance is formalized into rulemaking or until there is action from Congress in this area, then the industry is left with few, if any, assurances those viewpoints will continue under different leadership.
SEC Moves to Dismiss Binance Case with Prejudice: May 29, 2025
Background: The SEC has asked the Court to dismiss the agency’s case against the various Binance entities and its founder, Changpeng Zhao (“CZ”), with prejudice, which would bring an end to the cases brought under the prior administration against the biggest U.S. digital asset exchanges, which we have been covering on the BiBlog. This follows previously dismissing cases against Coinbase and Kraken and closing investigations into OpenSea, Circle, and others shortly after the change in administration and resignation of prior SEC Chair Gary Gensler.
Analysis: As we noted in our 2024 year-end digital asset rundown, the cases against various exchanges were bet-the-company litigation for all the exchanges sued. If it was ruled that sales on the platforms of exceedingly common tokens like SOL were securities transactions, that would have made it difficult for most individuals to transact in digital assets in the United States, particularly those lacking experience interacting with decentralized finance. With these lawsuits behind the exchanges, all eyes turn to formal guidance and rulemaking from the SEC/CFTC and whether there will be comprehensive digital asset legislation out of Congress, which is currently being considered by both chambers.
Conviction Overturned in Mango Markets Exploit: May 23, 2025
Background: District Court Judge Arun Subramanian has overturned the fraud convictions against Mango Markets exploiter Avraham (“Avi”) Eisenberg, ruling that venue was improper since there was no evidence that the routing engine for Avi’s trades were in New York. The more interesting ruling, though, was finding there was insufficient evidence of falsity to support a wire-fraud charge (see ruling starting at pg. 26). The Court ruled that because the user terms and conditions didn’t make intent to repay a condition upon borrowing, and because Avi didn’t make any false representations about the value of his assets (he just exploited an oracle into making those false representations for him), the government could not support a fraud conviction, ruling “[o]n a platform with no rules, instructions, or prohibitions about borrowing, the government needed more to show that Eisenberg made an implicit misrepresentation by allowing the algorithm to measure the actual value of his collateral.”
Analysis: This case raises broader questions about what level of human interaction is needed for “wire fraud,” where the alleged fraud is primarily being perpetrated against an algorithm and not a person. There remains the issue that Avi sued Numeris, Ltd. before the Mango Markets trading activities, claiming it was fraud for others to artificially increase the price of tokens to borrow against knowingly inflated values, similar to what Avi did in his exploit. It seems disingenuous to claim “code is law” for his actions while he previously asked the government to save his funds when a protocol that he was using had a similar exploit. Avi is still going to jail on other charges to which he pled guilty. It will be interesting to see how the case law regarding the extent “code-is-law” holds up in the use of permissionless protocols.
Briefly Noted:
401K and Bitcoin Reserve Updates: The Department of Labor has retracted guidance discouraging retirement managers from considering cryptocurrency as an investment option in 401(k) plans. This came as Whitehouse Crypto Czar David Sacks was at a major Bitcoin conference in Vegas where he talked about how the announced Bitcoin strategic reserve is progressing.
Reputational Risk Ban Passes House Committee: The House Financial Services Committee advanced on a 33-19 bipartisan vote a bill that would prohibit federal banking agencies from considering “reputational risk” when supervising, examining, or regulating depository institutions.
SEC Crypto Task Force Updates: The SEC is set to release its first Crypto Task Force Report in the upcoming months; meanwhile Commissioner Peirce delivered a great speech about the importance of the SEC setting clear rules of the road for the space (including noting where the SEC doesn’t have jurisdiction).
Emmer and Torres Reintroduce Right to Code Law: Tom Emmer (R-MN) and Ritchie Torres (D-NY) have reintroduced legislation that would protect the developers of non-custodial blockchain software developers and providers from being classified as money transmitters. This would be huge in convincing developers to stay in the United States when developing blockchain-enabled technologies.
CFTC U.S. Persons Guidance: The CFTC put out some helpful guidance on what they consider to be U.S. persons subject to CFTC jurisdiction in an internet age. This guidance provides that where the company’s high-level officers primarily direct, control, and coordinate the company’s activities is most important for determining whether the company is considered a domestic entity for CFTC jurisdictional purposes.
SafeMoon CEO Found Guilty of Fraud: Braden Karony, the former CEO of SafeMoon, was convicted on three counts of fraud after he was ruled to have diverted millions of tokens, which he said were “locked,” and sold those tokens for personal gain.
Investment Company Act Status of ETFs Questioned: The SEC Division of Investment Management, in a letter to a crypto ETF operator, stated that, in light of recent developments, it is unsure that the ETFs are investment companies that can register under the Investment Company Act of 1940. Generally, a company wouldn’t be an investment company if, among other things, less than 40% of its assets constituted investment securities. Registration statements, application requirements, and ongoing reporting requirements are different for investment companies and other issuers, and certain crypto ETFs (including Bitcoin ETFs) already register as non-investment companies. This calls into question whether the SEC might be exploring rule changes more tailored towards this type of entity.
Conclusion:
These developments mark a potential turning point in the digital asset regulatory landscape. With Congress moving forward on bipartisan legislation like the CLARITY Act and federal agencies such as the SEC and CFTC issuing meaningful (if still preliminary) guidance, the pieces of a more coherent framework are starting to take shape. However, the regulatory environment remains fragmented and uncertain, especially absent formal rulemaking or statutory clarity. As agencies shift direction and courts weigh in on key enforcement matters, market participants should remain vigilant, engage with regulators, and prepare for a fast-evolving legal landscape where the line between code and law continues to be tested. 

FCPA & Anti-Corruption Enforcement: Shifting Global Dynamics in Light of New U.S. Regime

The last two decades have been marked by robust enforcement of the U.S. Foreign Corrupt Practices Act (“FCPA”) by the U.S. Department of Justice (“DOJ”) and Securities and Exchange Commission (“SEC”). In line with its “shock and awe” approach, the Trump Administration seemingly called the future enforcement of that law into question when, on February 10, 2025, President Trump signed an Executive Order directing the Attorney General, Pam Bondi, to “pause” enforcement of the FCPA and conduct a comprehensive review and update of the law’s enforcement approach. The “pause heard around the world” shocked many commentators, anti-corruption campaigners, and countries that are signatories of the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (“OECD Convention”), as it raised questions about the United States’ commitment to combatting corruption going forward.
Looking beyond the headlines, there are reasons to believe that FCPA enforcement will continue, although perhaps in a different form than in the past. On May 12, 2025, the Head of the DOJ’s Criminal Division, Matthew Galeotti, announced significant revisions to the DOJ’s white-collar corporate enforcement policies around the tenants of “Focus, Fairness, and Efficiency.” In doing so, the DOJ identified ten priority (“high-impact”) white-collar enforcement areas, one of which is “[b]ribery and associated money laundering that impact U.S. national interests, undermine U.S. national security, harm the competitiveness of U.S. businesses, and enrich foreign corrupt officials….” The DOJ’s framing of the fight against corruption as focused on acts that harm U.S. national interests and security is consistent with the February 10 Executive Order, which cited specifically “critical minerals, deep-water ports, or other key infrastructure or assets” as areas that are critical to U.S. national security. If the view persists that U.S. companies operating in these critical areas are being disadvantaged by non-U.S. companies (which, by implication, may be operating with less legal restraint than that imposed by the FCPA), then there is a real possibility of increased U.S.-led investigations into companies, perhaps especially non-U.S. companies, operating in these segments.
But for every action there can be an expected reaction. OECD Convention signatories (often led by the U.S.) have lobbied each other for years to increase their respective enforcement activity. Several countries have responded, either by adopting enhanced anti-corruption laws (some with expansive extraterritorial reach) and/or by increasing their enforcement activity. This is the case for, among others, France, the United Kingdom, Germany, Brazil, and the Netherlands. Having spent years developing and enhancing their anti-corruption enforcement capabilities, it is unlikely that all such countries will be quick to “pause” their own investigation and enforcement efforts, and they may find benefits of increased sharing of information and resources among themselves. One example of this is illustrated by the March 20, 2025 announcement by French, U.K. and Swiss prosecutors of their establishment of an “International Anti-Corruption Prosecutorial Taskforce” aimed at furthering cooperation and sharing of information among like-minded agencies to fight transnational bribery and corruption.
For private funds, the shifting dynamics around global anti-corruption enforcement counsel towards a considered, risk-based approach in connection with the diligence process when considering potential targets. In addition to assessing typical areas – such as the ultimate beneficial ownership; a history of reputational / regulatory issues; and the existence of compliance policies, procedures and personnel – this should also include an assessment of whether the target operates in strategic sectors which could have a U.S. national security nexus (such as those identified above), or is based, or has significant operations in geographies viewed as presenting heightened corruption risk or which have been specifically referenced by the Administration for unfair business practices. 
In the event that fund sponsors receive any alerts or allegations of potential wrongdoing involving portfolio companies, a prompt and properly scoped investigation into such issues, along with remedial measures to the extent that they are verified, can be critically important given the DOJ’s focus – reiterated in the May 12, 2025 white-collar enforcement priorities referenced above – on rewarding companies that voluntarily report misconduct, cooperate with any investigation, remediate the misconduct, and can demonstrate that no “aggravating circumstances” exist. The fact that the DOJ’s most recent policy pronouncements also link bribery to “associated money laundering” activities suggests that fund sponsors should also ensure that their AML controls are up-to-date and adapted, as needed, to address any additional regulatory requirements across relevant jurisdictions.
Todd J. Ohlms, Robert Pommer, Seetha Ramachandran, Nathan Schuur, Bryan Sillaman, Robert Sutton, Jonathan M. Weiss, William D. Dalsen, Adam L. Deming & Hena M. Vora also contributed to this article. 

First Steps in Implementing the Trump Administration’s Price Transparency Agenda

May 29, 2025 – Last week, the Trump administration took steps toward implementing one of its major priorities: improving price transparency. As discussed in a previous Regs & Eggs blog post, President Trump signed an executive order (EO) on price transparency on February 25, 2025, that hinted at changing or even expanding current price transparency requirements for hospitals and health plans. The EO called on the secretary of the US Department of Health and Human Services, working in conjunction with the secretaries of the US Departments of Labor and the Treasury, to take the following actions within 90 days:

Require the disclosure of the actual prices of items and services, not estimates.
Issue updated guidance or proposed regulatory action ensuring that pricing information is standardized and easily comparable across hospitals and health plans.
Issue guidance or proposed regulatory action updating enforcement policies designed to ensure compliance with the transparent reporting of complete, accurate, and meaningful data.

Well, 90 days are up. And although rulemaking may be required to fully carry out all the directives included in the EO (which could take a while), the departments issued guidance and requests for information (RFIs) last week that are meant to address some of the issues the administration believes make the current price transparency requirements less effective and meaningful to consumers than they should be. 
Hospital Price Transparency

First, the Centers for Medicare & Medicaid Services (CMS) issued guidance and an RFI aimed at clarifying what specific information hospitals must provide under the previously established hospital price transparency requirements. Since January 1, 2021, hospitals have been required to make public:

A machine-readable file (MRF) containing a list of all standard charges for all items and services.
A consumer-friendly list of standard charges for 300 “shoppable” services. (A hospital that maintains an internet-based, prominently displayed, free-to-use price estimator tool is deemed to have met this requirement.)

With respect to the MRF requirement, CMS’s calendar year (CY) 2024 Outpatient Prospective Payment System (OPPS) final rule stated that:

It is generally appropriate for a hospital to display a payer-specific negotiated charge as a standard algorithm, to the extent a standard algorithm is the manner in which the hospital establishes its standard charges with third-party payers.
The hospital must include a description of that algorithm in its MRF.
As of January 1, 2025, if a hospital’s standard charge is based on a percentage or algorithm, its MRF must also specify the estimated allowed amount for that item or service.

The CMS guidance issued last week reiterates the OPPS reg requirements and states that CMS expects “that, for most contracting scenarios, hospitals’ payer-specific negotiated charges can be expressed as a dollar amount” (emphasis added). The Trump administration has expressed concerns that hospitals too often provide percentages in the MRFs instead of actual dollar amounts and encode 999999999 (nine 9s) as the estimated allowed amount. The Trump administration feels that providing actual dollar amounts will provide a clearer picture to outside stakeholders, including patients, about actual hospital prices are, and it wants hospitals to provide this information, rather than percentages, in most cases.
Now that the guidance is out there, CMS may expect some hospitals to change the information they include in MRFs. However, by also issuing an RFI, CMS signaled that it may make even more changes or issue additional clarifications or guidance around hospital price transparency in the near future. In the RFI, CMS is seeking input on public and stakeholders’ concerns about the accuracy and completeness of MRFs and other considerations for CMS to ensure the accuracy and completeness of the information. Specifically, the RFI includes the following six questions:

Should CMS specifically define the terms “accuracy of data” and “completeness of data” in the context of hospital price transparency requirements, and, if yes, then how?
What are your concerns about the accuracy and completeness of the hospital price transparency MRF data? Please be as specific as possible.
Do concerns about accuracy and completeness of the MRF data affect your ability to use hospital pricing information effectively? For example, are there additional data elements that could be added, or others modified, to improve your ability to use the data? Please provide examples.
Are there external sources of information that may be leveraged to evaluate the accuracy and completeness of the data in the MRF? If so, please identify those sources and how they can be used.
What specific suggestions do you have for improving the hospital price transparency compliance and enforcement processes to ensure that the hospital pricing data is accurate, complete, and meaningful? For example, are there any changes that CMS should consider making to the CMS validator tool, which is available to hospitals to help ensure they are complying with hospital price transparency requirements, so as to improve accuracy and completeness?
Do you have any other suggestions for CMS to help improve the overall quality of the MRF data?

Comments on the RFI are due on July 21, 2025. Notably, the CY 2026 OPPS proposed rule will likely be issued before July 21, and the OPPS reg is where CMS has made changes to the hospital price transparency regs in the past. That would mean we might expect the next overhaul of the regs to occur in CY 2027, informed by stakeholders’ comments in response to this RFI.
Health Plan Price Transparency

The departments also issued a short statement and an RFI on the price transparency requirements for health plans. Under current regs, most health plans are already required to disclose, via MRFs on a public website, information regarding in-network provider rates for covered items and services, out-of-network allowed amounts and billed charges for services, and negotiated rates and historical net prices for covered prescription drugs. The departments previously issued technical implementation guidance for the in-network and out-of-network MRFs in the form of schemas but have heard many access-related concerns about “file size, data integrity, and a lack of critical context that limits full transparency.” The departments now state that they plan to issue a revised version of the schemas to address these issues. The “schema version 2.0” will reduce file size by “requiring exclusion of duplicative data [and] reducing unnecessary data fields, and will include updates to better contextualize the data, making it more meaningful to ultimately achieve greater transparency.” The departments are considering future rulemaking to further refine and improve the useability of the MRFs.
In the RFI, the departments note that they never implemented the requirement for health plans to include net prices for covered prescription drugs in MRFs. Because promoting price transparency across the board (including drug pricing) is a high priority, the departments request comments on “the issues related to compliance with, and implementation of, the prescription drug MRF disclosure requirements.” The questions in the RFI focus on the required data elements in the MRFs, including potential additional or alternative data elements, and other general implementation concerns. Responses to the RFI are due in late-June, and they will be used to help inform future rulemaking or guidance on prescription drug price transparency.

All in all, the Trump administration released four separate documents aimed at promoting price transparency last week and indicated that more guidance and regs are to come, so it’s clear that the administration will continue to focus on this issue. Both hospitals and health plans should plan accordingly and be prepared to make changes (if needed) to the methods they are currently using to comply with all the requirements.
Until next week, this is Jeffrey (and Leigh) saying, enjoy reading regs with your eggs.

New York Enacts Landmark Buy Now Pay Later Regulation Amid Federal Regulatory Recalibration

Go-To Guide:

As part of its FY 2026 budget, New York has enacted legislation to regulate Buy Now, Pay Later (BNPL) products and providers.
In addition to creating a new licensing regime, the legislation mandates that the New York Department of Financial Services (NYDFS) superintendent promulgate rules to establish capital adequacy requirements and maximum allowable interest, charges, and fees.
The law also empowers the superintendent to promulgate other rules for its implementation.
The new law’s effective date hinges on NYDFS rulemaking, set to occur six months after promulgation of the implementing rules.

In a significant consumer protection move, New York has enacted legislation within its FY 2026 budget to regulate BNPL products — installment-style credit often offered at the point of sale — potentially creating the most comprehensive state licensing framework for BNPL providers. At the same time, the federal Consumer Financial Protection Bureau (CFPB) has signaled a marked deprioritization of enforcement in this space, foreshadowing a fragmented regulatory landscape that may place the burden of oversight increasingly on state actors.
New York’s New Article 14-B: A New Regulatory Regime for BNPL
The new law adds Article 14-B to the New York Banking Law, requiring BNPL providers to obtain a license from the NYDFS before operating in the state. These providers must comply with regulatory expectations akin to traditional lenders — a signal that New York is treating BNPL not as a fintech novelty but as a core part of the consumer credit ecosystem.
The law empowers NYDFS to set forth:

Licensing requirements and procedures;
Capital adequacy and financial condition metrics;
Maximum allowable amounts for interest, charges, and fees;
Mandatory consumer disclosures; and
Operational compliance, examination authority, and enforcement mechanisms

These requirements bring BNPL providers under a similar level of scrutiny as licensed lenders, reflecting a policy judgment that BNPL poses systemic risks similar to traditional credit products.
Effective Date Hinges on DFS Rulemaking: A Tactical Delay
Critically, the law does not take effect immediately. Section 13 of the bill provides that: “This act shall take effect on the one hundred eightieth day after the department of financial services shall have promulgated rules and/or regulations to effectuate the provisions of this act…”
In other words, the effective date is deferred until six months after NYDFS promulgates implementing regulations — a rare but strategic legislative mechanism that defers legal effect until the administrative framework is mature.
This structure offers NYDFS runway to draft, circulate, and finalize rules through a public comment process. Importantly, the law also allows NYDFS to begin rulemaking immediately, even before the act technically becomes effective, which ensures the department can act swiftly without procedural delay.
Why This Timing Mechanism Is Important
At first glance, tying the effective date to rulemaking may seem like legislative housekeeping. But this design is more than procedural convenience — it is a calculated legal architecture that:

Avoids Regulatory Void: Without pre-promulgated rules, providers and regulators would face legal uncertainty, potentially risking either premature enforcement or delayed consumer protections.
Reduces Constitutional Risk: By withholding the effective date until NYDFS has defined operational rules, the law may reduce risk of vagueness challenges under procedural due process doctrines (particularly under New York’s Constitution, which grants broad property and liberty rights in commercial activity).
Aligns Enforcement Cadence: Providers will not be penalized for noncompliance before they understand the full scope of their obligations, protecting against retroactive enforcement and supporting compliance-based supervision over punishment.
Signals Administrative Independence: By structuring the law this way, the legislature has implicitly entrusted NYDFS with a quasi-legislative role in shaping the financial contours of BNPL, indicating a flexible and adaptive regulatory model. This model mirrors forward-compatible governance, often used in high-velocity tech sectors, where statutes are drafted to defer critical substance to expert agencies.

A Divergence at the Federal Level
While New York advances state oversight, the federal government is retreating from BNPL enforcement. On May 6, 2025, the CFPB announced it will “not prioritize enforcement” of its prior interpretive rule applying Regulation Z (Truth in Lending Act) to BNPL loans. It cited a strategic reallocation of enforcement priorities and noted that it is considering rescinding the interpretive rule entirely.
This federal posture leaves a vacuum at the national level, which may result in regulatory divergence across states — a return to a regulatory patchwork reminiscent of early consumer lending before Dodd-Frank.
The New BNPL Chessboard: Strategic Takeaways

For BNPL Providers: Firms may need to retool operations to comply with New York’s eventual rules, including capital buffers, transparent disclosures, and potentially restructuring fee models. Larger firms may consider segmenting New York into its own compliance regime, not unlike what multinational banks do with the EU GDPR framework.
For Other States: New York’s framework might serve as a regulatory blueprint for other states to follow suit, especially in light of federal inaction.
For Consumers: New York consumers may see clearer terms, stronger protections in dispute resolution, and perhaps a slowdown in aggressive marketing. There may also be spillover benefits nationally if large BNPL firms adopt New York’s rules as their operational standard.

Conclusion
New York’s FY 2026 BNPL law is more than a state-level licensing requirement — it is a move to reclassify BNPL as a core financial product requiring systemic oversight. By coupling regulatory authority with a delayed effective date and high administrative discretion, the state has set the stage for a durable, adaptable regime that may influence national norms.
In contrast, the CFPB’s retreat reflects a broader shift in federal financial policy — one that may usher in a new era of state-led consumer protection in financial technology, with a focus on rulemaking rather than enforcement. For regulators, providers, and consumers alike, the BNPL chessboard has just been reset.

What Founders Should Know About Credit Union Investments

If you’re building a Fintech, Insurtech, or similar service tech startup, credit unions may not be the first market you think of, but they should be. Beyond being valuable customers, they can also be an important source of investment capital.
Credit unions are not-for-profit financial institutions that are owned and operated by their members. Unlike traditional banks, they focus on returning value to members through lower loan rates, higher savings yields, reduced fees, and paying member dividends. Membership is usually limited to certain communities, like employees of a specific company, members of a labor union, or residents of a particular area (which credit unions call “field of membership”).
What Is a Credit Union Service Organization (CUSO)?
A CUSO is a business entity owned by one or more federally insured credit unions. It is designed to provide services that reduce operating costs, improve efficiency, or deliver innovative products to credit union members. CUSOs allow credit unions to collaborate and expand their offerings, especially in fast-evolving sectors like Fintech and Insurtech.
Can Credit Unions Invest in Startups?
Yes. According to the National Credit Union Administration (NCUA), which regulates credit unions, in 2021 there were over 1,000 active CUSOs that attracted more than $4 billion in investments and over $1 billion in loans. Those numbers highlight how engaged credit unions are in supporting innovation.
Why Are Credit Unions a Unique Market Opportunity for Service Tech Startups?
What makes this particularly attractive for Service Tech startup companies is that a credit union can be both a customer and an investor. When a product aligns with their mission to serve members, they may not just adopt it, they may help fund it.
What Are the Regulatory Requirements for Receiving Credit Union Investment?
There are some important federal regulatory requirements to keep in mind. The NCUA stipulates that, to receive investments from credit unions, the majority of your startup’s revenue must come from credit union clients. They also maintain a list of approved products and services that CUSOs can offer, focused on those that directly benefit credit union members. These include, but are not limited to, financial planning, investment, insurance, and mortgage offerings.
State chartered credit unions (as opposed to federally chartered credit unions) typically have their own state regulatory schemes they must follow. State requirements generally have similarities to federal ones, but present additional requirements state regulators find important in assuring a credit union’s overall financial health.
Is a CUSO the Right Fit for Your Startup?
Many startups choose to form a dedicated CUSO subsidiary. This structure helps meet the revenue and service requirements, operate within the regulatory framework, and build a focused channel for both revenue and capital from the credit union ecosystem.

Enforcement Priorities and Policy Changes Detailed at SEC Speaks Conference

The U.S. Securities and Exchange Commission held its annual SEC Speaks conference on May 19 and 20, 2025, in Washington, D.C. On the second day of the conference, the Staff of the Division of Enforcement hosted two panel discussions and provided updates on what to expect from the Division going forward under the new administration. Several of the changes announced could prove transformative to the SEC’s Enforcement Program and greatly impact clients and the way defense counsel defends clients in SEC investigations. The following are highlights from the Division’s panel discussions:
Enforcement to Focus on the Frauds that Harm Retail Investors and Seniors
The biggest change in how resources are being allocated is a renewed focus on fraud, including insider trading, accounting and financial disclosures, and breaches of fiduciary duties. The Division is going to be less focused on violations that do not involve fraud, especially when the conduct has been fully remediated. Further, there is a major focus on frauds that target and harm retail investors and seniors and increasing attention to dangerous foreign actors.
Refocus on Individual Liability 
There is going to be an emphasis placed on individual accountability in corporate investigations. The Division is going to consider the following factors when determining an individual’s accountability: the culpability of the individual, the severity of the individual’s misconduct, and the degree to which the individual tolerated illegal activity or tried to prevent the harm from occurring. The Division will also consider whether to seek prophylactic relief against individuals who engage in corporate misconduct by considering the egregiousness of the individual’s actions, the isolated or recurrent nature of the infraction, and the likelihood that misconduct will re-occur.
Enhanced Benefits of Self-Reporting, Cooperation, and Remediation
The Division is stepping up the benefits of self-reporting, cooperation, and remediation. The benefits can include not bringing any enforcement action when these steps have occurred. They also can include not requiring outside monitors where full remediation has occurred.
No Credit for Waiver of Attorney-Client Privilege
Consistent with Chairman Atkin’s position, the Division will not give cooperation credit for waiver of the attorney-client privilege. This policy change is to provide renewed respect for the importance of the advice of counsel and the attorney-client privilege.
Formal Orders Authorized by the Commission Only
Formal Orders of Investigation will now be authorized directly by the Commission. In 2009, the Commission delegated its Formal Order authority to the Director of Enforcement. In March 2025, the Commission eliminated the delegation of Formal Order authority.
Transparency and Access to Investigative Files
In a major shift, the Division is implementing an “open jacket policy” in which the Staff will disclose and present defense counsel with the evidence they have against the prospective defendant before recommending charges to the Commission. This is similar to reverse proffers in the criminal context.
More Access to the Front Office
The Director and Deputy Directors will grant Wells meetings if parties request them. However, defense counsel is not entitled to multiple meetings with the leadership of the Division.
New Structure of the Enforcement Division 
There are now four Deputy Directors of Enforcement instead of one. Three oversee geographic areas, and one oversees the Specialized Units. The newly created National Enforcement Liaison is responsible for strengthening relationships with federal, state, and local partners.
Reorganization of Specialized Units 
The Specialized Units have been reorganized Under Deputy Director Jason Burt as follows:

Asset Management Unit: This unit focuses on violations of securities laws in the asset management industry, particularly cases involving misappropriation and failure to safeguard assets. 
Cyber and Emerging Technology Unit: This unit was formed in February 2025, and it focuses on many things. Currently, the unit is in the process of creating a way to verify identity in the space of emerging technologies and the misuse of technology to commit fraud. The unit will also focus on the terminology and or excitement around new industry-changing technology. They will also focus on blockchain and crypto asset-related fraud. 
Complex Financial Instruments Unit: This unit focuses on investigations related to complex financial instruments, such as security-based swaps. A major emphasis of the unit will be on complex financial investments sold to retail investors. 
Market Abuse Unit: This unit will investigate cases involving insider trading, with a focus on serial insider trading and large insider trading rings, as well as market manipulation. The unit’s investigations will include trading on alternative trading systems.
Public Finance Abuse Unit: This unit investigates cases related to municipal bond securities. They will focus primarily on offering fraud. There will also be a focus on the municipal advisors and whether they are registered and the duties that they have, which are very similar to the duty fiduciary duty, that exists between an investment advisor and its client.
Office of the Whistleblower: The new focus of the Whistleblower’s Office is going to be on moving forward or denying claims as quickly as possible and reducing submissions from serial frivolous submitters.

Click here to watch the SEC Speaks conference:
Day 1: https://www.youtube.com/watch?v=SqIS5Q47yfI
Day 2: https://www.youtube.com/watch?v=SFiKBQmNdxo

DOJ Adds Federal Immigration Violations to Corporate Whistleblower Awards Pilot Program

As of May 12, 2025, whistleblowers may receive a financial award in exchange for emailing the Criminal Division of the Department of Justice (DOJ) to provide information about potential corporate immigration violations. The Biden administration created the Corporate Whistleblower Awards Pilot Program in August 2024. The program provides a financial incentive for whistleblowers to report their current and/or former employers’ possible misconduct. If the whistleblower’s tip results in a successful forfeiture, then, if eligible, the whistleblower may be entitled to a percentage.
The original program focused on four different areas of corporate misconduct: (1) crimes involving financial institutions; (2) foreign corruption; (3) domestic corruption; and (4) health care fraud. Now, as part of its new white collar crime enforcement initiative called “Focus, Fairness, and Efficiency in the Fight Against White-Collar Crime,” the DOJ amended its Corporate Whistleblower Awards Pilot Program to include “violations by corporations of federal immigration law.”
The program includes a corporate enforcement and voluntary disclosure policy, which provides employers with a 120-day safe harbor to investigate, remediate, and self-disclose violations. Under this provision, companies that voluntarily self-report within 120 days of receiving an internal whistleblower report may be eligible to receive a declination of prosecution from DOJ. The inclusion of federal immigration law violations in the DOJ’s Corporate Whistleblower Awards Pilot Program emphasizes the administration’s focus on immigration compliance. Employers should take steps to enhance their internal reporting process, and also consider auditing their immigration compliance programs, from their I-9 and E-Verify practices to their visa and green card sponsorship programs. Employers should also confirm their relevant employees are trained and up to date with the updates and changes in this area.

Risk Bearing Entity Requirements: Massachusetts

This blog discusses the regulatory requirements that apply to risk-bearing entities in Massachusetts, including recent updates introduced by Chapter 343 of the Massachusetts Acts of 2024 (the Act). This blog is part of Foley & Lardner’s RBE series (see our Introduction posted November 18, 2024, and our post on New York and New Jersey’s Requirements posted February 24, 2025).
In Massachusetts, “Provider Organizations” are entities “in the business of health care delivery or management that represent one or more health care providers in contracting with carriers for the payments of heath care services.”[1] Certain Provider Organizations are required to register with the Massachusetts Health Policy Commission (the HPC) and submit data to the Massachusetts Center for Health Information and Analysis (CHIA) annually.[2]
Certain Provider Organizations with reimbursement models that incorporate financial risk must register with the Massachusetts Division of Insurance (the Division). Entities that take on financial risk in contracts with third-party payors where payment models are not solely based on fee-for-service reimbursements are classified as “Risk-Bearing Provider Organizations” (RBPO). Additionally, any Provider Organization that has a contracting affiliation with one or more providers or Provider Organizations is also classified as an RBPO.
Under the Division’s regulations, risk means the financial risk taken on by an RBPO under contracts where it manages some or all the care for a patient population for a fixed budgeted fee. Downside risk occurs when the cost of care exceeds the fixed payment amount, leaving the entity responsible for the overage. An RBPO that assumes the full or partial downside risk must seek a Risk Certificate annually from the Division.[3]
RBPO Registration
A Provider Organization that meets the definition of an RBPO, irrespective of its size or profit, must register with the Division annually unless it only takes on risk through the Medicare Program. To register, the RBPO must submit information including, but not limited to:

Filing Materials. All documents submitted to the HPC in connection with its Provider Organization registration, including information about its ownership, contracting arrangements, and total revenue by each third-party payor.
Downside Risk Contracts. A description of all downside risk contracts, including the level and nature of risk assumed.
Financial Information. Audited financial statements showing the RBPO’s sources of financial support and a financial plan.
Utilization Plan. A utilization plan that describes how the RBPO will monitor patient utilization under risk contracts.
Actuarial Certificate. An actuarial certificate that certifies that the downside risk contracts are not expected to threaten the RBPO’s financial solvency.[4]

An RBPO that can demonstrate its risk contracts do not contain significant downside risk may apply for a Risk Certificate Waiver, which requires significantly less information than a full Risk Certificate.  
RBPOs that fail to comply with the Division’s registration requirements will be given an opportunity to cure their non-compliance. However, the Commissioner of the Division may suspend or cancel an RBPO’s Risk Certificate and has broad authority to “take such other action as appropriate under law to enforce the requirements.”[5]
Provider Organization Registration with the HPC and CHIA
The HPC currently requires Provider Organizations subject to registration to disclose the highest entity in its corporate structure that is engaged in health care delivery or management. The registrant must also disclose its corporate parent.
Approximately 50 organizations were required to register in 2024, the majority of which were hospital systems, physician groups, and behavioral health providers that received US$25 million or more in net patient service revenue from third-party payors.  
The Act will expand the type of ownership information that Provider Organizations are required to submit to the HPC. Regulations are still in process, but the HPC will require additional information relating to significant equity investors, health care real estate investment trusts, and management services organizations that have an ownership interest in a Provider Organization.
Further, the Act increased penalties for Provider Organizations that fail to report parallel information to CHIA from US$1,000 per week for each week of non-compliance, capped at US$50,000, to US$25,000 per week for each week of non-compliance with no cap.
Conclusion
Awareness of the registration requirements required in Massachusetts is paramount for RBPOs seeking to maintain their financial and operational stability. Accordingly, such requirements — both those required of Provider Organizations and RBPOs — should be carefully reviewed prior to entering into any risk contracts to ensure regulatory compliance.
[1] 211 CMR 155.02; 958 CMR 6.02.
[2] 958 CMR 6.04.
[3] 211 CMR 155.04; 155.05.
[4] Mass. Gen. Laws Ann. ch. 176T, § 3.
[5] 211 CMR 155.08.

A Comparative Analysis of TXSE’s Proposed Listing Standards

Introduction
On April 4, 2025, the Texas Stock Exchange (“TXSE”) published its Form 1 application submitted to the Securities and Exchange Commission (“SEC”) to register as a national securities exchange. The TXSE’s proposed listing standards are outlined in Exhibit B of the submission. If the SEC approves the application, according to TXSE, it will become the first fully integrated US national exchange in over 25 years, providing a new venue for company listings. With the release of the proposed listing standards, the TXSE provides a preliminary look into its operations, allowing for meaningful comparisons with established exchanges like the New York Stock Exchange (“NYSE”) and Nasdaq.
Overview and Context
On June 5, 2024, the TXSE announced its aim to be a premier national stock exchange based in Dallas, offering a fully electronic trading platform with high-quality standards for US and global companies accessing American equity markets. Major institutions have financially backed the exchange, and the TXSE intends to leverage Texas’s substantial economic strength as home to a $2.7 trillion economy and more than 50 Fortune 500 companies, representing one in ten publicly traded US companies. Filing their Form 1 application was a critical step in the direction of meeting TXSE’s goal of launching in 2026. Upon launch, the exchange initially plans to focus on only allowing dual listings for companies already listed on another exchange, with original listings expected to be offered at a later date (Exhibit N of the Form 1 filing).
Currently, the NYSE and Nasdaq are the two largest and most established national securities exchanges in the US. While both exchanges are regulated by the SEC and impose similar corporate governance requirements, their quantitative listing standards differ in structure and thresholds. The NYSE operates its primary listing segment, which is typically geared toward larger, well-established public companies, and the NYSE American, which has lower financial thresholds and is more accessible to smaller cap issuers. Nasdaq, in turn, offers a three-tier structure: 1) Nasdaq Capital Market, 2) Nasdaq Global Market, and 3) Nasdaq Global Select Market. Each tier has increasing levels of financial and liquidity requirements. These tiers allow a broad range of companies, from early-stage growth issuers to mature businesses, to access the public markets under tailored standards.
The TXSE in contrast proposes a single-tier system with standards that indicate an intent to attract only mid- to large-cap issuers seeking an alternative listing venue.
Confidential Pre-Application and Review Thresholds
Unlike Nasdaq and NYSE, the TXSE mandates a formal confidential pre-application review before a company can formally apply to list securities on the exchange. Under proposed TXSE Rule 16.201(a), this review is mandatory (and free) for all initial listing applicants, and must be completed before a formal listing application is submitted. This structured, pre-filing assessment is intended to help both the issuer and the exchange determine listing eligibility early in the process, particularly for companies with non-traditional capital structures or from foreign jurisdictions. Nasdaq and NYSE provide confidential reviews only as requested (Nasdaq FAQs – Listings #328 and NYSE Listing Company Manual 104.00).
Core Quantitative Tests
All major US exchanges require companies to meet specific quantitative criteria for listing. The proposed TXSE rules allow companies to qualify under two different financial tests: 1) the Earnings Test and 2) the Global Market Capitalizations Test (Rule 16.310(c)), both of which are modeled closely on existing standards used by the NYSE and Nasdaq.

The Earnings Test
Under the Earnings Test, a company must have generated aggregate pre-tax earnings of either (i) at least $10 million over the past three fiscal years with a minimum of $2 million in each of the two most recent years, and positive earnings in all three fiscal years or (ii) $12 million over the past three fiscal years, with at least $5 million in the most recent fiscal year and $2 million in the second most recent fiscal year. Alternatively, companies classified as Emerging Growth Companies may qualify with $10 million in aggregate pre-tax earnings over two fiscal years, provided they earned at least $2 million in each fiscal year. This framework aligns closely with the NYSE’s Earnings Test and Nasdaq Global Select Market’s Earnings Standards.
The Global Market Capitalization Test
For companies that are not yet profitable but have strong market performance, TXSE also offers a Global Market Capitalization Test. This pathway requires a minimum market capitalization of $200 million, and a minimum bid price of $4.00, sustained for at least 90 consecutive trading days. These requirements reflect a close alignment with the NYSE’s Global Market Capitalization test and a similarity with Nasdaq’s Market Value standards, both of which are commonly used by companies with strong investor demand but limited earnings history.

Companies must also meet additional distribution criteria to list on the TXSE, including at least 400 round-lot shareholders (i.e., investors holding 100 or more shares), a minimum of 1.1 million publicly held shares, a public float of $40 million, and at least four market makers to support trading activity (Rule 16.310(a)).
By combining both earnings and valuation-based pathways, TXSE’s proposed framework is designed to accommodate a range of mid-to-large-cap issuers. At the same time, its relatively high thresholds, particularly for market capitalization and public float, distinguish it from Nasdaq’s lower-tier Capital Market, which allows for smaller issuers with equity as low as $5 million and bid prices as low as $2.00.
Foreign Private Issuers / Non-US Companies
Foreign private issuers (or non-US companies; both are used interchangeably in the proposed listing standards) have an alternative standard, though they can opt for TXSE’s domestic criteria. The alternative listing standard only applies where there is a broad liquid market for the company’s shares in its country of domicile (Rule 16.312(a)(8)). Under this alternative listing standard, a company must have at least 5,000 worldwide round lot shareholders, with 2.5 million shares publicly held, and a market value of publicly held shares at $100 million worldwide (or $60 million for companies under Affiliated Company Test). In addition, the companies must meet one of the financial tests: 1) Earnings Test, 2) Valuation / Revenue Test, or 3) Affiliated Company Test (Rule 16.312(b)(2)).

The Earnings Test
Under the Earnings Test, a non-US company must have generated aggregate pre-tax earnings of at least $100 million in aggregate over the past three fiscal years with a minimum of $25 million in each of the two most recent years. Non-US companies that qualify as Emerging Growth Companies must also meet the same financial standard.
The Valuation / Revenue Test
Under the Valuation / Revenue Test, a non-US company can list in two ways. First, if it has at least $500 million in global market capitalization, generated at least $100 million in revenues during the most recent twelve-month period and at least $100 million in aggregate cash flows for the last three fiscal years, where each of the two most recent years is reported at a minimum of $25 million. The second way to qualify under this financial standard is for a company to have at least $750 million in global market capitalization and at least $75 million in revenues during the most recent fiscal year.
The Affiliated Company Test
Under the Affiliated Company Test, the company must at least have $500 million in global market capitalization, have at least a 12 month operating history (although a Company is not required to have been a separate corporate entity for such period); AND the Company’s parent or affiliated company is listed in good standing (as evidenced by written representation from the Company or its financial advisor excluding that portion of the balance sheet attributable to the new entity) as well as the Company’s parent or affiliated company retains control of the entity or is under common control with the entity.

These financial standards mirror the NYSE’s quantitative initial listing standards for non-US companies.
Governance and Phase-In Provisions
Stock exchange listing standards, SEC regulations and state corporate law shape corporate governance for public companies. While TXSE’s proposed quantitative standards are at times more stringent than the NYSE and Nasdaq, its corporate governance guidelines closely align with existing frameworks. This alignment makes sense because SEC rules guide many governance requirements, which include the recent clawback provisions that apply to all national stock exchanges and have been included in the proposed TXSE listing rules (TXSE Rule 16.409).
Further facilitating compliance, all three exchanges offer phase-in periods for newly public companies. TXSE’s proposed rules grant issuers up to one year to meet board and committee independence requirements, similar to the transitional relief provided by Nasdaq and NYSE (Nasdaq Rule 5615(b)(1)) and NYSE Listed Company Manual Section 303A). For instance, Nasdaq mandates a newly listed IPO to have at least one independent director upon listing, a majority within a year, and full audit committee compliance within the same timeframe, with interim thresholds at 90 days (Rule 5605(c)(4)). NYSE follows a nearly identical path, allowing phased compliance with audit, compensation, and nominating committee independence requirements. TXSE’s Form 1 filing adopts these norms extensively, signaling its intention to align with accepted US market practices and facilitate onboarding for first-time issuers.
Additionally, since NYSE and Nasdaq governance rules are neutral on environmental, social, and governance (“ESG”) issues, the TXSE’s similar stance further reflects adherence to established practices, ensuring robust oversight while offering a new venue for public listings. However, Texas has recently taken a more assertive stance on shareholder rights outside the exchange framework. On May 19, 2025, Governor Greg Abbott signed Senate Bill 1057 into law, allowing “nationally listed corporations” based in Texas or listed on a Texas exchange to impose significantly higher thresholds on shareholders seeking to submit proposals for a vote at annual or special meetings. Although this state-level development is not part of TXSE’s listing rules, it indicates Texas’s broader intent to foster a more management-friendly governance environment and the key role the TXSE is intended to play in that ecosystem. For more information on recent changes to Texas corporate law, see: link.
Delisting and Reverse-Split Interplay
Each exchange uses a structured process to manage continued listing deficiencies when a listed company’s share price falls below the minimum standards, with listed companies frequently employing reverse stock splits to cure bid-price non-compliance and avoid delisting. On Nasdaq, if a company’s share price closes below $1.00 for 30 consecutive business days, it receives a deficiency notice and typically has 180 calendar days to regain compliance (Nasdaq Rule 5810(c)(3)(A)). Companies often implement reverse stock splits to increase the bid price and must then maintain a closing bid of $1.00 or more for at least 10 consecutive business days to cure the deficiency. NYSE follows a similar structure under Section 802.01, requiring companies with a sub-$1.00 average closing price to regain compliance within six months, typically through a reverse stock split. In contrast, the proposed TXSE sets a higher minimum bid price of $4.00, which could increase the frequency of reverse stock splits or cause companies to implement reverse stock splits at an earlier stage. This would also prevent currently listed companies with a stock price between $1.00 and $4.00 from seeking a dual listing on the TXSE without effecting a reverse stock split. Like NYSE and Nasdaq, the TXSE limits excessive stock splits (TXSE 16.501(d)(3)(A)(ii)). Like Nasdaq and NYSE, TXSE also provides for a cure period and appeal process before delisting, with rules designed to prevent involuntary delisting where corrective action is possible (TXSE proposed Rule 16.501(d)(3), Nasdaq Rule 5810 and NYSE Listing Manual 802.01C).
Conclusion
TXSE’s proposed standards expand the US exchange landscape, providing an innovative venue with robust requirements. By integrating familiar financial tests and governance provisions while introducing unique elements like a mandatory pre-application review and higher quantitative thresholds, TXSE seeks to attract mid-to-large-cap issuers and mature companies looking for an alternative listing option. The exchange’s alignment with established practices from NYSE and Nasdaq offers competitive yet distinct offerings. As the SEC reviews TXSE’s application, companies interested in leveraging its platform should consider the opportunities and challenges presented by its distinctive standards.

Recent Nuclear Executive Orders to Accelerate US Nuclear Renaissance

The four (4) nuclear energy Executive Orders issued on Friday, May 23, 2025 (Nuclear EOs), set out a 25-year whole-of-government plan for further development and successful deployment of US nuclear technology—both domestically and internationally, and addressing the full scope of the nuclear industry (licensing, fuel life cycle, reactor technology, supply chain, workforce, spent fuel and waste disposal, financing and international agreements)—ultimately culminating in 400 GW of US nuclear energy capacity by 2050.
The volume of required actions illustrates the Trump Administration’s drive to launch a US nuclear renaissance. Within the first 90 days, the Nuclear EOs address establishing domestic fuel supply, regulatory overhauls, fast-tracking reactor deployments utilizing Department of Defense (DOD) and Department of Energy (DOE) jurisdiction, authorizing financial support via US Export-Import Bank (US Ex-Im), agency finance institutions and multilateral banks, and employing diplomatic tools to promote the US nuclear industry. This article highlights key required activities on a year-by-year basis, along with supporting activities to be undertaken in parallel, followed by a comprehensive timeline of all activities and achievements required by the Nuclear EOs.
Required Activities for 2025
The Nuclear EOs mandate the following key activities and achievements for the remainder of 2025:

designating one or more sites owned or controlled by DOE in the United States for deployment of advanced nuclear reactor technology;
utilizing the Defense Production Act and developing a plan to accelerate the development of low enriched uranium (LEU) and high assay low enriched uranium (HALEU) capabilities and to address management of spent fuel;
reforming DOE’s National Environmental Policy Act (NEPA) compliance regime, including determining DOE functions that should not be subject to NEPA;
expediting intergovernmental agreements on nuclear energy and the fuel supply chain with potential export countries;
promoting adherence to the Convention on Supplemental Compensation for Nuclear Damage (CSC);
directing all executive departments and agencies that provide educational grants to prioritize investment in nuclear engineering and other nuclear energy-related careers; and
leveraging agency finance capabilities toward providing financing for deployment of American nuclear technology.

Required Activities for 2026
The Nuclear EOs mandate the following key activities and achievements for calendar year 2026:

creating a comprehensive report relating to safe management of spent fuel, including storage, transport, recycling and reprocessing capabilities, and permanent storage;
wholesale review and revision by the Nuclear Regulatory Commission (NRC) of its regulations and guidance, and issuance of final rules in respect of the same, including a maximum 18-month final decision deadline for applications to construct and operate new reactors and a maximum 12-month final decision deadline for applications to extend operating licenses for existing reactors; and
submitting recommendations for legislative proposals and regulatory actions regarding placement of advanced nuclear reactors on military installations.

 Required Activities from 2027 through 2050
The Nuclear EOs mandate the following key activities and achievements within the years 2027 through 2050:

November 2027: Beginning operation of an advanced nuclear reactor at a DOE-owned or controlled site for the purpose of powering AI infrastructure, other critical or national security needs or on-site infrastructure;
September 2028: Beginning operation of a nuclear reactor at a domestic military base or installation;
January 2029: Completing negotiations of at least 20 new 123 Agreements;
within calendar year 2030: Facilitating 5 GW of uprates to existing reactors and commencement of construction of at least 10 new, large reactors with complete designs;
May 2035: Completing re-negotiation of all 123 Agreements originally set to expire by May 2035; and
within calendar year 2050: Achieving 400 GW of US nuclear energy capacity in operation.

Additional Parallel Activities
In addition to the activities noted above, the Nuclear EOs also require other substantive activities to be undertaken by the NRC, DOE, DOD and Department of State (DOS) on an ongoing basis. We have included another chart below, following the detailed, comprehensive timeline, that lists these parallel activities. These activities range from right-sizing headcounts to continuing regulatory overhauls (particularly within the NRC, as well as environmental regulatory regimes), developing a HALEU fuel bank, expediting decisions on technology transfer export authorization requests, prioritizing issuance of security clearances and supporting diplomatic efforts via 123 Agreements.
Conclusion
The scope and volume of required activities and multi-agency effort under these Nuclear EOs underscore the priority the administration is placing on the accelerated development and deployment of US nuclear technology. As mentioned, we have set out below a comprehensive timeline and list of all activities required by the Nuclear EOs, on a year-by-year and agency-by-agency basis. Hunton plans to issue a series of articles providing more in-depth review and discussion of impacts to the US nuclear industry. We will also continue to monitor any further nuclear energy-related Executive Orders and impacts from pending and newly passed legislation, including impacts to currently available tax credits for the nuclear industry under proposed amendments to the Inflation Reduction Act. 

Timeline of Required Activities and Achievements for Calendar Year 2025

By June 2025
 

DOE to utilize authority delegated by President under the Defense Production Act to seek voluntary agreements with domestic nuclear energy companies for cooperative procurement of low-enriched uranium (LEU) and high assay, low-enriched uranium (HALEU), prioritizing agreements with companies that have achieved objective milestones (e.g., DOE-approved conceptual safety design reports, ability to privately finance their fuel, demonstrated technology capability), including:

consultation on management of spent nuclear fuel, including recycling and reprocessing
establishing consortia and plans of action to ensure availability of nuclear fuel supply chain, with DOE-provided procurement support, forward contracts or guarantees to consortia to ensure offtake for newly established domestic fuel supply

DOE to reform its rules governing compliance with National Environmental Policy Act (NEPA), including determining which DOE functions are not subject to NEPA

By July 2025
DOE to issue guidance on what counts as a ‘qualified test reactor’

By August 2025
 

DOE to:

revise regulations, guidance, procedures and practices of DOE, the National Labs and other entities under DOE’s jurisdiction to significantly expedite review, approval and deployment of advanced reactors under DOE’s jurisdiction
designate one or more sites owned/controlled by DOE in the US for use and deployment of advanced nuclear reactor technology
identify all useful uranium or plutonium material within DOE inventories that could be recycled or processed into nuclear fuel for reactors in the US
update DOE’s excess uranium management policy, prioritizing contracting for development of fuel fabrication facilities that demonstrate feasibility to supply fuel to qualified test reactors or pilot program reactors within three years

Director of Office of Science and Technology Policy and Assistant to President for Economic Policy to determine a strategy to address:

optimizing value of US International Development Finance Corporation (DFC) to provide equity and other financing for American nuclear technology
expanding US Trade & Development Agency (USTDA) grant financing to US nuclear technology pilots, fuel supplies, project preparation to recently graduated high income economies of national strategic interest
leveraging US Ex-Im and other relevant agencies to increase financing for projects utilizing US civil nuclear technology exports
holding trade missions and reverse trade missions, leveraging other trade promotion tools to remove trade barriers and increase market competitiveness of the US nuclear industry
achieving competitive parity in the global market for high-level advocacy and representation from the Federal Government to foreign governments of potential import countries on nuclear-related bilateral issues, focusing on countries with highest probability of nuclear deployment within next four years

Treasury to determine a strategy that:

leverages US participation in multilateral development banks to support client country access to financial and technical assistance for generation and distribution of nuclear energy and reliable fuel supply
supports assistance at relevant institutions to make financial support available on competitive terms, strengthen capacity to assess, implement and evaluate nuclear energy projects, and support adoption of nuclear energy technologies and fuel supply chains of same or greater quality standards of the US or countries allied with the US

Department of State (DOS) to implement program to enhance global competitiveness of American nuclear suppliers, investors and lenders to compete for nuclear projects around the globe, including:

expediting conclusion of intergovernmental agreements on nuclear energy and fuel supply chain with potential export countries
promoting broad adherence to the Convention on Supplementary Compensation for Nuclear Damage (CSC)
identifying statutory and regulatory burdens on exports of American nuclear technology, fuel supplies, equipment and services not addressed by Executive Orders and recommend remedial action
encouraging favorable decisions by potential import countries on use of American nuclear technology, fuel supplies, equipment and services

By September 2025
 

DOE to develop a plan to expand domestic uranium conversion capacity and enrichment capabilities to meet projected needs for LEU, highly enriched uranium (HEU) and HALEU
Department of Labor and Department of Education to increase participation in nuclear energy-related Registered Apprenticeships and Career and Technical Education programs
All executive departments and agencies that provide educational grants to consider nuclear engineering and other nuclear energy-related careers as priority area for investment
DOE to take steps to increase access to R&D infrastructure, workforce and expertise at DOE National Labs for (i) college and university students studying nuclear engineering and other nuclear energy-related fields and (ii) DOD personnel affiliated with nuclear energy programs

By November 2025
 
DOE to coordinate with Small Business Administration (SBA) to prioritize funding for qualified advanced nuclear technologies through grants, loans, investment capital, funding opportunities, etc., with priority to companies demonstrating largest degrees of design and technological maturity, financial backing and potential for near-term deployment

Timeline of Required Activities and Achievements for Calendar Year 2026

By January 2026
 

DOE to prepare a comprehensive report, providing (among other aspects):

recommended national policy on spent nuclear fuel and high level waste, development and deployment of advanced fuel cycle capabilities, and legislative changes needed to achieve these goals
program (including required legislation) to develop methods, technologies to transport used and unused advanced nuclear fuels and advanced nuclear reactors in safe, secure and environmentally sound manner
recommendations for permanent disposal of recycling and reprocessing waste, and for evaluating the same for isotopes of value to national security, or medical, industrial or scientific sectors prior to disposal
reevaluation of current and existing nuclear reprocessing, separation and storage facilities slated for decommissioning with potential value for fuel cycle and national security purposes if continued or increased

DOD, in coordination with DOE, to prepare and submit to Assistant to the President for National Security Affairs, recommendations for legislative proposals and regulatory actions regarding the distribution, operation, replacement and removal of advanced nuclear reactors and spent nuclear fuel on military installations

By February 2026
 

Nuclear Regulatory Commission (NRC) to complete wholesale review and revision of regulations and guidance, and issue a notice of proposed rulemaking, including:

maximum 18-month deadline for final decision on application to construct and operate a new reactor of any type
maximum 12-month deadline for final decision on application to extend operating license of existing reactor of any type

By July 2026
 
DOE to create a pilot program for reactor construction and operation outside the National Labs, and approve at least three reactors with the goal of achieving criticality for each by July 4, 2026

By November 2026
NRC to issue final rules and guidance to conclude its regulatory revision process

Timeline of Required Activities and Achievements for Calendar Years 2027 through 2050

By November 2027
 
DOE to begin operating an advanced nuclear reactor, following siting, approval and authorization of the design, construction and operation of privately funded advanced nuclear reactor technologies at DOE-owned or controlled sites for purpose of powering AI infrastructure, other critical or national security needs, supply chain items or on-site infrastructure

By September 2028
 

DOD to begin operating a nuclear reactor at a domestic military base or installation by September 30, 2028

DOE to provide technical advice on design, construction and operation of any advanced nuclear reactor on a military installation
DOS to provide advice on any international legal requirements or any needed modifications to international agreements or arrangements

DOD to prepare and submit recommendations for legislative and regulatory actions regarding distribution, operation, replacement and removal of advanced nuclear reactors and spent nuclear fuel on military installations

By January 2029
At least 20 new 123 Agreements negotiated

Within Year 2030
Facilitate 5 GW uprates to existing reactors and have ten new, large reactors with complete designs under construction

By May 2035
Completed re-negotiation of all 123 Agreements originally set to expire by May 2035

Within Year 2050
400 GW of US nuclear energy capacity in operation

Additional Required Parallel Activities

NRC

In consultation with the Department of Government Efficiency (DOGE), reorganize to promote expedited processing of license applications and adoption of innovative technology by undertaking reductions-in-force (although certain functions may increase in size, including those relating to new reactor licensing)
Create a dedicated team of at least 20 officials to draft new regulations
Reduce personnel and functions of Advisory Committee on Reactor Safeguards (ACRS) to minimum necessary to fulfill ACRS’ statutory obligations, with review of permitting and licensing to focus on issues that are truly novel or noteworthy
Adopt science-based radiation limits; reconsider reliance on the linear no-threshold (LNT) model for radiation exposure and “as low as reasonably achievable” standard
Revise NRC regulations governing NRC’s compliance with NEPA
Establish expedited pathway to approve reactor designs that DOD or DOE have tested and have demonstrated ability to function safely, focusing solely on risks that may arise from new applications permitted by NRC licensure
Establish process for high-volume licensing of microreactors and modular reactors
Establish stringent thresholds for circumstances in which NRC may demand changes to reactor design once construction is underway
Revise reactor oversight process, reactor security rules and requirements to reduce unnecessary burdens and be responsive to credible risks
Adopt revised, determinate and data-backed thresholds to ensure reactor safety assessments focus on credible, realistic risks
Reconsider regulations governing the time period of effectiveness of a renewed license, extending as appropriate based on available technological and safety data
Streamline public hearing process

DOE

Each time a substantially complete application for a qualified test reactor is submitted, establish a team to deconflict, oppose or approve the application and provide assistance to the applicant to ensure expeditious processing
Prioritize qualified test reactor projects for processing
Use all available authorities to eliminate or expedite DOE environmental reviews for authorizations, permits, approvals, leases and any other activity requested by an applicant or potential applicant, including determining which DOE functions are not subject to NEPA
Halt the surplus plutonium dilute and dispose program (except with respect to DOE’s legal obligations to South Carolina) and replace with a program to process surplus plutonium to make it available for the fabrication of fuel for advanced nuclear technologies
Initiate process for designating AI data centers that are located at or operated in coordination with DOE facilities and related electrical infrastructure as critical defense facilities
Release at least 20 metric tons of HALEU into a fuel bank for use by any private sector project authorized to construct and operate at a DOE-owned or controlled site and that is regulated by DOE for the purpose of powering AI and other infrastructure
Implement plans to ensure long-term supply of enriched uranium for continued operation of facilities powering AI data centers on DOE sites, including domestic fuel fabrication and supply chains to reduce reliance on foreign fuel sources
Coordinate with DOD to assess feasibility of restarting or repurposing closed nuclear power plants as energy hubs for military microgrid support, focusing on installations with insufficient power resilience or grid fragility
Approve or deny technology transfer export authorization requests within 30 days of receipt of a complete application and completion by DOE of required accompanying analysis (subject to extensions)

DOD

Establish program for utilization of nuclear energy at military installations for both installation energy and operational energy

DOE and DOD, together

Site, approve and authorize the design, construction and operation of privately-funded nuclear fuel recycling, reprocessing and reactor fuel fabrication technologies at sites controlled by DOE or DOD for purpose of fabricating fuel forms for use in national security reactors, commercial power reactor, and non-power research reactors
With respect to NEPA, consult with Chairman of Council on Environmental Quality regarding:

applying DOE and DOD categorical exclusions, adopting other executive departments and agencies’ exclusions and establishing new categorical exclusions for construction of advanced nuclear reactor technologies on Federal sites within the US for purposes of implementing the Nuclear EOs
utilizing other agencies’ emergency and other permitting procedures for the siting and construction of advanced nuclear reactor technologies
developing alternative arrangements for compliance with NEPA in emergency situations

Prioritize issuance of DOE and DOD security clearances to support rapid distribution and use of nuclear energy and fuel cycle technologies

Department of State

Fully leverage resources of the Federal Government to promote the US nuclear industry in development of commercial civil nuclear projects globally
Lead diplomatic engagement and negotiations for new 123 Agreements
Aggressively renegotiate 123 Agreements set to expire by May 2035
Lead engagement with Congress regarding progress and reporting of negotiating 123 Agreements

North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

On April 11, 2025, the North Dakota governor signed H.B. 1127 (the “Act”), which establishes new data security measures and breach notification obligations for financial corporations. Covered entities include those that are regulated by the North Dakota Department of Financial Institutions and exclude financial institutions, such as banks, and credit unions.
Key requirements, which mirror requirements under the federal Gramm-Leach-Bliley Act Safeguards Rule, include the following:

implementing a comprehensive information security program, including maintaining appropriate administrative, technical and physical safeguards;
designating a qualified individual responsible for overseeing, implementing and enforcing the financial corporation’s information security program;
basing an information security program on periodic risk assessments that incorporate designated content requirements and identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of customer information, and reassessing the sufficiency of any safeguards in place to control these risks;
implementing safeguards to control the risks identified through the risk assessment, including but not limited to (1) implementing and periodically reviewing access controls; (2) implementing encryption of customer information held or transmitted by the financial corporation both in transit over external networks and at rest; (3) adopting secure development practices for in-house developed applications; (4) implementing multifactor authentication for any individual accessing any information system (unless the financial corporation’s qualified individual has approved in writing the use of a reasonably equivalent or more secure access control); (5) monitoring and logging user activity and (6) conducting continuous monitoring or periodic penetration testing and vulnerability assessments;
implementing a written incident response plan that addresses (1) the goals of the plan; (2) internal processes for responding to a security event; (3) clear roles, responsibilities, and levels of decision-making authority; (4) external and internal communications and information sharing; (5) requirements for remediating identified weaknesses in information systems and controls; (6) documentation and reporting regarding security events and related incident response activities and (7) evaluation and revision of the plan as necessary after a security event;
providing personnel with security awareness training that is updated as necessary to reflect risks identified by the risk assessment;
overseeing service providers by (1) taking reasonable steps to select and retain service providers capable of maintaining appropriate reasonable safeguards for customer information; (2) contractually requiring them to implement and maintain these safeguards and (3) periodically assessing the service providers based on the risk they present and the adequacy of their safeguards.
requiring the qualified individual provide reports in writing, at least annually, to the financial corporation’s board of directors or equivalent governing body addressing (1) the overall status of the security program and compliance with the Act and (2) material matters related to the information security program (e.g., risk assessments, security events, and recommendations for changes to the program).

The Act also imposes new requirements regarding security incidents (i.e., “notification events”). A “notification event” means the acquisition of unencrypted customer information without the authorization of the individual to which the information pertains. Financial corporations must notify the Department of Financial Institutions as soon as possible and no later than 45 days after discovering a notification event that involves the information of at least 500 consumers. Notably, the Act specifies that a notification event “must be treated as discovered on the first day when the event is known to the financial corporation. A financial corporation is deemed to have knowledge of a notification event if the event is known to any employee, officer, or other agent of the financial corporation, other than the person committing the breach.” The Act will take effect on August 1, 2025.

Cryptocurrency in 401(k): A Balanced Approach Returns

Takeaway

The 2025 CAR does not alter ERISA’s substantive fiduciary standards and considerations but eases the DOL’s previously hostile enforcement stance toward cryptocurrency and similar digital assets in 401(k) plans, restoring a “neutral” DOL enforcement approach. 401(k) plan fiduciaries must still consider all relevant ERISA factors and apply the necessary care, skill, prudence, and diligence required by ERISA in managing their 401(k) plan fund lineup. They can now feel more assured that a decision to include cryptocurrency in their 401(k) plan will not be subjected to increased scrutiny by the DOL; however, they must remain vigilant regarding the risk of potential participant claims and class actions.

Related Links

Compliance Assistance Release No. 2025-01
Compliance Assistance Release No. 2022-01

Article
On May 28, 2025, the DOL released Compliance Assistance Release No. 2025-01. The 2025 CAR rescinds the DOL’s previous Compliance Assistance Release No. 2022-01 (2022 CAR), issued in 2022, which indicated an unfavorable DOL enforcement stance on including cryptocurrency and similar digital assets in 401(k) plan fund lineups.
In rescinding the prior guidance, the DOL states that the 2022 CAR articulated a standard of care that was inconsistent with ERISA’s fiduciary principles, and that the 2025 CAR “restores the [DOL’s] historical approach by neither endorsing, nor disapproving of, plan fiduciaries who conclude that the inclusion of cryptocurrency in a plan’s investment menu is appropriate.”
The DOL further reminds plan fiduciaries that, “[w]hen evaluating any particular investment type, a plan fiduciary’s decision should consider all relevant facts and circumstances and will “necessarily be context specific”, and that fiduciaries must “curate a plan’s investment menu ‘with the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent man acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims’ for the ‘exclusive purpose’ of maximizing risk-adjusted financial returns to the plan’s participants and beneficiaries.”