EU Data Act Preparedness – Last Minute Fire Drill Exercise!
In less than six months, on 12 September 2025, most provisions of EU Regulation no. 2023/2854 (the EU Data Act) will go into effect. In light of the challenging compliance efforts, from legal and contractual points of view as well as from operational and product development perspectives, affected companies should act soon to avoid liability and administrative fines and to update their contractual frameworks.
The below checklist provides initial level guidance to assist in companies in assessming their risk exposure and identifying mitigation steps.
While the EU Data Act covers many different data-related topics, topics that are most relevant for private companies are obligations regarding collection and use of Internet of Things (IoT) data (Section 1) and switching between cloud storage/service providers (Section 2).
For IoT Companies
Does Your Company Manufacture Connected Products (Connected Products)?
Definition: Connected Products are all categories of equipment collecting data about their use or vicinity and are able to transfer this data via internet connection, also commonly referred to as “smart devices” or “IoT devices,” such as cars, televisions, refrigerators, cleaning or lawn mowing robots, kitchen tools, etc. (Source: Art. 2(5) EU Data Act)
Does Your Company Offer Related Services (Related Services) in Connection With Connected Products?
Definition: Related Services include any digital service (usually provided via an app) essential for the intended use of a Connected Product or adding additional functionalities to a Connected Product. (Source: Art. 2(6) EU Data Act)
Who Are Your Users?
Definition: If your Connected Products or Related Services are offered to customers in the European Union, the EU Data Act will apply to such product or service, regardless of whether your customers are consumers (B2C) or commercial (B2B) customers. (Source: Art. 1.3 EU Data Act)
Does Your Connected Product or Related Service Allow Users to Access Collected Product Data (Product Data)?
Definition: Product Data is all information collected by a Connected Product or Related Service in connection with using such product or service or its environment, regardless of whether such data is considered “personal data” under GDPR or not.
Action: Users have a right to have access to Product Data in real time, either directly in the IoT device or related app, or at least separately in a machine-readable format. Technical measures for enabling this access need to be implemented.
Action: Users must be provided with core information when purchasing a Connected Product or Related Service, e.g., regarding the types and amount of usage data collected, for what purposes the data will be used, where and how long the data is stored, and how the data can be accessed and stored. Information documents need to be prepared.
Action: Users may also request to grant third parties access to their Product Data. It is recommended to assess upfront under which, if any, conditions such disclosure may be rejected and on which grounds.
Does Your Company Use the Product Data for Its Own Purposes?
Action: Any use of this data for own purposes (e.g., analytics or business intelligence or advertisement) is only permitted under permission from the user of the Connected Product or Related Service to be given in a contract, including detailed provisions on the use and protective mechanisms. These contracts must follow a strict agenda and must contain certain mandatory terms. Existing customer agreements and new customer agreements will need to be updated accordingly before either 12 September 2025 (new contracts) or 12 September 2027 (for contracts executed prior to 12 September 2025 and (i) of indefinite duration or (ii) due to expire after 11 January 2034.)
Does Your Company Share Any of the Product Data With Third Parties?
Action: Product Data may be shared by your company with third parties only on the basis of a contract between the third party and the user in addition to the contractual relationship of your company with the user.. These contracts must follow a strict agenda and must contain certain mandatory terms. Agreements need to be put in place with users and third parties receiving usage data.
Does Your Company Currently Have Contracts in Place With Customers or Third Parties Entitling or Requiring Your Company to Access or Share Product Data?
Action: Existing agreements need to be reviewed for clauses regarding access to Product Data and, if such clauses exist, need to be updated to meet the above data sharing requirements.
For Cloud Storage/Service Providers:
Does Your Company Offer Cloud Services?
Definition: These are usually services enabling customers to upload their data to cloud servers; not only cloud infrastructure providers are covered, but each provider offering services around data hosting is covered, even if the cloud infrastructure is owned by another service provider.
Who Are Your Customers?
Definition: If your Connected Products or Related Services are offered to customers in the European Union, the EU Data Act will apply to your product or service, regardless of whether your customers are consumers (B2C) or commercial (B2B) customers.
Does Your Company Enable Customers To Migrate to Another Service Provider or Replace the Service With an On-Premises Solution?
Action: The EU Data Act obliges cloud service providers to remove obstacles that could deter customers from switching to another provider or an on-premises solution, regardless of the nature of the obstacle and including in particular contractual and technical obstacles. Service providers must assess if their service setup may raise such obstacles and, if necessary, remove these.
Action: Customer contracts must provide wording regarding the procedures, rights, and obligations of the parties for switching to another service provider, including termination and migration rights.
Action: Customer data must be maintained in a file format that can easily be transferred.
Does Your Company Charge Fees for Migrating Customer Data to Another Service Provider or an On-Premises Solution?
Action: From 12 January 2027 onward, cloud service providers must not charge any fees if the customer decides to migrate to another service provider or an on-premises solution. Until then, fees may not exceed the internal costs of the service provider arising in direct context with the migration.
Defense Contractors’ Restrictions When Contracting with Chinese Companies
In the current economic climate, the obvious focus of many companies is on the administration’s imposition of tariffs. However, government contractors, especially those contracting with the U.S. Department of Defense (“DoD”), must not lose sight of their current and potential future direct and indirect relationships with certain Chinese entities.
Contractors’ compliance obligations regarding relationships with Chinese entities flow from:
FAR 52.204-25 (Section 889 of the 2019 National Defense Authorization Act (“NDAA”)), and
The Chinese Military Companies (“CMC”) List (Section 1260H of the 2021 NDAA) (also known as the “1260H List”).
Section 889 became effective in 2019 and 2020, so compliance policies and procedures applicable to contracting with all federal government agencies should be well in place. New complexities are emerging for defense contractors given the expanding number of Chinese entities on the1260H List. All contractors are required to annually certify compliance with Section 889, but defense contractors will have an additional level of compliance. They will be required to comply with the 1260H List beginning in June 2026 (for contractors that work with individuals or entities that lobby for CMCs) and June 2027 (for contractors sourcing from or otherwise doing business with entities on the 1260H list). We discuss both compliance frameworks below and provide several key takeaways for contractors.
Government-Wide Supply Chain Restrictions: Section 889
Parts A and B of Section 889 impose significant restrictions on a contractor’s ability to use and sell to the government covered telecommunications and video surveillance products and services (“covered equipment and services”) from five Chinese entities and their affiliates.
Part A, effective August 2019, prohibits the government from procuring covered equipment and services manufactured by the companies identified below. A prime contractor is required to flow down this prohibition to its subcontractors. Part B, effective August 2020, prohibits the government from contracting with entities that “use” covered equipment and services from the five identified companies. This prohibition applies to a contractor’s use of covered equipment and services in any part of its business. There is no nexus required tethering the use of such equipment or services to the contractor’s performance of a federal government contract. Part B does not flow down to subcontractors.
As U.S. government contractors are now well aware, compliance with Part B requires eliminating covered technology and services from their organizations from the five named Chinese entities and their affiliates, which typically include the following types of products/services:
Huawei: mobile phones, laptops, tablets, routers, and switches
ZTE Corporation: mobile phones, mobile hotspots, and network equipment (routers/switches)
Hytera Communications Corporation: radio transceivers and radio systems
Dahua Technology Company & Hangzhou Hikvision Digital Technology: video surveillance products and services (e.g., company surveillance systems)
DoD-Only Relationship Restrictions on Companies Listed on the Section 1260H List
The 2021 NDAA will add a second layer of compliance only for defense contractors. The Secretary of Defense is required to publish an annual list of CMCs. Starting in June 2026, DoD will be prohibited from procuring goods, services, and technology produced or developed by listed CMCs or companies that hire lobbyists that lobby for CMCs. Starting in June 2027, the same prohibition will apply to indirect procurements, meaning defense contractors must eliminate goods, services, and technology from listed CMCs from their supply chains.
To be included on the 1260H List, a Chinese entity must have one of two associations as determined by DoD. First, an entity must directly or indirectly (whether through ownership, control, or affiliation) act as an agent of the People’s Liberation Army; Chinese military or paramilitary elements; security, police, law, or border enforcement; the People’s Armed Police; the Ministry of State Security; or any other organization controlled by the Central Military Commission of the Communist Party, the Ministry of Industry and Information Technology, the State-Owned Assets Supervision and Administration Commission of the State Council, or the State Administration of Science, Technology, and Industry for National Defense. Alternatively, listed entities are those important to civilian and military advancements in China’s defense industrial base; these entities are called “military-civil fusion contributors.”
Whereas compliance regimes for Section 889 are nearly five years old, compliance deadlines for Section 1260H are upcoming:
Starting June 30, 2026, DoD may not (i) enter, renew, or extend contracts for goods, services, or technology with listed entities or their affiliates, or (ii) contract with companies that engage individuals or entities that lobby for CMCs, even if regulated “lobbying” activity does not relate to the contractor’s operations (Section 851 of the 2025 NDAA). (“Lobbying” is defined by the Lobbying Disclosure Act of 1995).
The prohibition differentiates between end-item technology and mere “components” of end item technologies. The prohibition focuses on end-items. (“Component” means an item supplied to the Federal Government as part of an end-item or of another component. 41 U.S.C. § 105.)
Starting June 30, 2027, DoD may not purchase end products or services developed or produced by listed entities indirectly through third parties. (Note an exception in Section 805 of the 2025 NDAA excluding the purchase of component materials that are part of an end product created by an entity not on the 1260H list.)
Section 1260H of the Fiscal Year 2021 NDAA required that DoD publish the 1260H List each year until at least 2030. Additional entities have been added each year thereafter. In an effort to provide contractors with ample notice, DoD has begun publishing 1260H Lists. As of January 2025, there are 134 entities on the list (Notice of Availability of Designation of Chinese Military Companies (Federal Register)). The listed entities span an array of industries, including telecommunications, aerospace, semiconductors, artificial intelligence, energy, and transportation, among others. Notably, Hangzhou Hikvision Digital Technology Co., Ltd. (Hikvision); Huawei Technologies Co., Ltd.; and Zhejiang Dahua Technology Co., Ltd. (Dahua) appear on both the Section 889 and Section 1260H lists.
Key Takeaways for Contractors
For Section 889 and Section 1260H compliance, U.S. government contractors must assess their supply chains both for direct contracts as well as contracting for end products or services developed or produced by listed entities indirectly through third parties on either list.
For purposes of Section 1260H, contractors must assess whether existing sourcing relationships involve “components” of end items (which are exempted) or end items themselves.
Further, contractors must conduct extensive due diligence to understand the agents working with them and on behalf of any listed entity to avoid running afoul of the restrictions on lobbying activity.
Contractors should actively monitor this space because more stringent restrictions may follow.
What Every Multinational Company Should Know About … Customs Enforcement and False Claims Act Risks (Part II)
As detailed in Part I of our three-part series on Minimizing Customs Enforcement and False Claims Act Risks, the combination of the new high-tariff environment, the heightened ability of Customs (and the general public) to data mine, and the Department of Justice’s (DOJ) stated focus on using the False Claims Act (FCA) substantially increases import-related risks. In light of this heightened risk, Part II and the forthcoming Part III of this series focus on preparing for specific areas where we see heightened enforcement risk, both for Customs and FCA penalties, with this article addressing the most common FCA risks arising from submitting false Form 7501 entry summary information.
Risks Arising from Misclassifications
By far, the most common Customs errors we see relate to misclassifications on Form 7501 entry summaries. If made knowingly, these misclassifications can lead to FCA liability, as demonstrated by a high incidence of DOJ settlements based on alleged known classification errors. Relevant FCA examples include $22.2 million and $2.3 million settlements, each premised on importers knowingly misclassifying entries into lower-tariff classifications to avoid paying duties owed on the companies’ imports.
Additionally, aggressively classifying goods to avoid being subject to the China Section 301 tariffs can create the risk of FCA liability. Such opportunistic classification led to a $22.8 million settlement by an importer that used inaccurate classifications despite receiving repeated CBP notices informing the importer that the classifications it had been using for similar goods were erroneous. The importer continued using the incorrect classifications for over three years, even after an outside consultant confirmed the importer had been using incorrect classifications.
Customs Compliance Response
Maintain a Regularly Updated Classification Index. Well-supported and consistent classifications are the key to avoiding these types of errors. The most important tool for ensuring accuracy in classifications is a robust and regularly updated Customs Classification Index, which should list the HTS classification for regularly imported SKUs while incorporating support for classification decisions made, including an application of the Customs General Rules of Interpretation, advisory opinions, responses to protests against liquidation, and other relevant support.
Conduct Classification Reviews. We often find that importers leave classification decisions up to customs brokers, assuming they are experts and responsible for identifying the correct codes. Customs, however, places full responsibility for the accurate submission of all Form 7501 information on the importer of record, not the broker. Periodically review your classifications, especially for frequently imported items, to ensure accuracy.
Evaluate Classification Accuracy in Post-Entry Reviews. Customs allows importers 310 days after entry to fix any classification errors. Conduct post-entry checks to confirm the accuracy of all submitted information, and use post-summary corrections to correct any errors, including misclassifications, before liquidation. This will help catch errors and, where corrected, undermine FCA scienter.
Review Tariff Engineering. With tariff rates rising, Customs is aggressively looking for importers who have engaged in opportunistic classification to try to lower import charges. This includes a special focus on importers who have changed their classifications after the imposition of new tariffs. This does not mean importers should view themselves as locked into adverse and incorrect classifications. They should, however, adequately document any classification changes and be prepared to respond promptly to Customs inquiries.
Risks Arising from Misrepresenting the Physical Characteristics of Imported Goods
Making known misrepresentations to incorrectly claim a lower tariff classification can lead to FCA liability. For instance, an importer of brake parts settled an FCA case alleging it knowingly misrepresented the physical characteristics of its entries (claiming they were duty-free unmounted brake pads rather than mounted brake pads subject to a 2.5% classification) for $8 million.
Customs Compliance Response
Confirm Accuracy of Factual Support for Classifications. In most cases, classification is determined by (1) the physical attributes of the product and, in certain cases, (2) the primary use of the product. Ensure you have accurate backup and consistent classification for each of these issues.
Document and Retain Classification Decisions. Ensure you maintain detailed records for all classification determinations, and keep them for at least five years from the time of entry.
Risks Arising from Improper Country of Origin Declarations
Because of the imposition of special Section 301 tariffs on China, the number of importers caught making errors relating to declaring the wrong country of origin (COO) has sharply risen. The imposition of reciprocal tariffs only magnifies the importance of the COO. Generally these cases involve imported goods that were assembled in third countries using parts and components from a high-tariff country. In these situations, careful analysis is required to ensure there is sufficient manufacture, value added, and change in the name, character, and use of the product so the result is a “substantially transformed” product that is a new and different article of commerce.
FCA cases illustrate the twin risks that can arise from incorrect COO declarations. In 2021, the DOJ settled an FCA matter for $160,933, alleging the importer knowingly failed to designate that certain imports were manufactured in China, thus evading Section 301 duties.
Customs Compliance Response
Confirm Accuracy of Substantial Transformation Analysis. One of the highest-priority areas of Customs scrutiny is to find instances of importers evading customs duties either by transshipping through lower-tariff third countries or by shipping parts and components to a third country and then engaging in only minor assembly operations (e.g., from China to another Southeast Asia country). If the goods are not substantially transformed into a new and different article of commerce, then they cannot claim the lower-tariff COO. Review all instances where parts and components from a high-tariff country, like China, are used in further manufacturing in a lower-tariff country. Ensure there is a reasonable basis for the COO declaration, and document the analysis in case of Customs inquiry.
Risks Arising from Undervaluation
Failing to declare the full value of entries is another common error. Most importers use transaction value, which requires the importer to start with the price actually paid or payable, add certain mandatory additions (e.g., the value of assists and royalties), and accurately reflect any allowed voluntary deductions. Recent examples include $217,000, $729,000, and $1.3 million settlements of allegations relating to known under-declared entry values resulting in underpaid tariffs, as well as a $3.6 million settlement of civil claims resulting from the DOJ joining an FCA whistleblower lawsuit. An additional sobering example is a settlement of claims against an importer that knowingly undervalued its goods through the remedy of losing all import privileges.
More specifically, the known failure to include assists (i.e., customer-provided production aids such as tools, dies, and molds) within the entered value can incur FCA liability. Where a U.S. company provides such assists, it needs either to declare the full value of the assist on the first entry or set up a system to attribute the full value of the assist over the useful lifetime of the product, thus declaring it piecemeal over time. These values do not show up on commercial invoices, making it easy to forget to include this mandatory addition to entered value. But the risks of knowingly failing to do so are demonstrated by two FCA settlements of $4.3 million and $7.6 million for the alleged failure to include assists in the entered value.
Customs Compliance Response
Understand How to Calculate Entered Value. Most companies use transaction value to determine the entered value. Valuation is complicated in situations involving post-entry price adjustments, cash or quantity discounts, indirect payments, exchange rate conversions, and other tricky areas. Ensure valuation is calculated correctly for all entries, including for the inclusion of off-invoice mandatory additions to value.
Establish a System for Identifying and Tracking Assists, and Consistently Follow It. Importers should have a system for systematically identifying and tracking assists, which can be as simple as a spreadsheet. If this historically has not been done, a review of a company’s trial balance ledger can potentially identify historically provided assists. All assists either should be recognized on the first entry of the applicable universe of goods or apportioned over the expected useful lifetime of the assist. If the latter method is used, establish a system for tracking all relevant entries benefiting from assists and consistently add them when calculating the entered value. Share such information with your customs broker to implement a secondary check.
Risks Arising from Improper Claims of Preferential Treatment Under Free Trade Agreements
Another common error we see is failing to meet free trade agreement (FTA) requirements, such as failing to work through the COO requirements. Along these lines, in one FCA action an importer paid $22.2 million to settle allegations that, among other things, it knowingly claimed improper preferential treatment under FTAs.
Customs Compliance Response
Always Have Certificates of Origin On Hand at Time of Entry. One of the most common errors we see in customs audits and disclosures is one of the simplest to fix: Ensure that you always have the USMCA certificate of origin available at the time of importation. Under the USMCA, it is not possible to create these after the time of entry.
Apply Correct Country of Origin Principles. FTAs include different COO principles. These generally are based on a tariff-shift analysis, which is viewed as providing more certain outcomes than the more subjective substantial transformation test commonly applied by Customs. Certain products, such as automotive products under the USMCA, also have special rules for determining preferential status. Note as well that it may be necessary to apply FTA principles to determine the COO for purposes of paying normal Chapter 1-97 duties while applying substantial transformation principles for determining the country of origin for special tariffs, such as section 232 or 301 tariffs imposed by President Trump.
Risks Arising from Failure to Pay Antidumping and Countervailing Duty Orders (AD/CVD Orders)
In addition to the normal Chapter 1-97 tariffs, the U.S. government imposes a parallel set of duties under more than 600 AD/CVD orders. Because AD/CVD tariffs often are very high, failure to properly declare and pay all AD/CV duties can quickly run up tariff underpayments.
As a result, one of the most common Customs FCA claims is for failing to pay AD/CV duties. An importer of home furnishings agreed to pay $500,000 to resolve allegations that it violated the FCA by knowingly making false statements on customs declarations to avoid paying AD duties on imports from China, with four other importers agreeing to pay $275,000, $5.2 million, $10.5 million, and $15 million based on alleged known classification failures based on the same order. Three other importers paid settlements of $2.300,000, $650,000, and $100,000 to settle allegations that they had knowingly evaded AD duties under the aluminum extrusions AD duty order, while another paid $45 million to resolve allegations that it knowingly misrepresented the COO to evade AD/CV duties.
Customs Compliance Response
Use HTS Screening. The scope of an AD/CV duty is determined by its written scope, not whether it falls within any given HTS subheading. Nevertheless, every order provides HTS subheadings for the convenience of importers. Screen all entries against these HTS subheadings as an initial check, and follow up on any potential matches.
Be Wary of Counter-Intuitive Coverage of AD Duty Orders. Be aware that certain AD/CVD orders, such as the aluminum extrusions order against China, are not susceptible to HTS screening and require individual examination. Also, consider that certain AD duty orders, such as the one on solar panels, have tricky rules for determining the product scope. Learn which orders are of particular relevance for your import profile and carefully screen all potential matches against them.
Risks Arising from Misapplying Customs Duty-Free Exemptions
A number of Customs programs can result in duty-free entries, such as U.S. goods returned and the Generalized System of Preferences. Illustrating the risks inherent in misapplying duty-free exemptions, importers paid $610,000 and $908,100 to settle allegations that involved “improperly evad[ing] customs duties … breaking up single shipments worth more than those amounts into multiple shipments of lesser value in order to avoid the applicable duties.”
Customs Compliance Response
Carefully Confirm Eligibility Under All Tariff-Saving Programs. Each tariff-saving program has its own rules, which can include special eligibility requirements. Carefully review these rules and document their applicability before claiming preferential treatment.
Risks Arising from Failure to Appropriately Value Goods from Related Parties
Another common problem is that importers either do not have a transfer pricing study in place to support the arms-length nature of their pricing when purchasing from affiliates, or they improperly rely on an IRS transfer pricing study (which is impermissible because CBP has specific standards for transfer pricing studies that differ from the IRS standards). Although we are not aware of any FCA case alleging improper pricing from related parties, this conduct is common and can potentially impact a large volume of entries, making a known misdeclaration a risk factor for potential FCA liability.
Customs Compliance Response
Confirm the Existence of a Customs-Specific Transfer Pricing Study. If you do not have a customs-specific transfer pricing study in place, consider conducting or hiring a customs accounting specialist to prepare a bridge memorandum to analyze the underlying data. If you do not have an IRS transfer pricing study, then obtain one (and also take care of your IRS transfer pricing requirements).
Confirm the Consistent and Accurate Application of the Results. It is important not only to have a customs transfer pricing study but also to consistently apply its results. Ensure the entered value from every import from a related party is confirmed against the conclusions of the study.
In sum, DOJ has a rich history of using a wide variety of issues to support FCA claims, especially relating to the known false submission of Form 7501 entry summary information. By considering the compliance responses outlined above, importers can ensure that their entry summary information is accurate in the first place, to best avoid known false submissions. Part III of this series will turn its focus to FCA risks arising from improper management of import operations.
Transatlantic Terminology: Skilled Artisan Could Equate UK, US Word Meanings
The US Court of Appeals for the Federal Circuit affirmed a Patent Trial & Appeal Board unpatentability determination, finding that a skilled artisan would have found the term “sterile” in a UK publication to mean the same as the term “sterilized” in the United States. Sage Products LLC v. Stewart, Case No. 23-1603 (Fed. Cir. Apr. 15, 2025) (Reyna, Cunningham, Stark, JJ.)
Sage owns two patents related to a sterilized chlorhexidine product in a package, such as an applicator filled with an antiseptic composition for disinfecting skin. Becton, Dickinson and Company petitioned for inter partes review (IPR) of both patents. The Board relied on four key pieces of prior art, including one that was a UK publication, to find the challenged claims unpatentable. In instituting the IPR and evaluating the petition, the Board construed the term “sterilized” to mean that “the component or composition has been subjected to a suitable sterilization process such that sterility can be validated.” In the final written decision, the Board found that a skilled artisan at the time of the invention would have known, through education and experience, that the term “sterile,” as used in the UK prior art publication, is equivalent to the term “sterilized,” as used in the US and particularly in the Sage patents. Reviewing the totality of the evidence before it, including both parties’ experts’ reports and testimony, the Board determined the challenged claims were unpatentable. Sage appealed.
The Federal Circuit declined to overturn the Board’s findings, affirming the Board’s definition of a person of ordinary skill in the art and their understanding of the term “sterilized” at the time of the invention. The Court found that the Board did not ignore or disregard evidence but properly weighed the evidence before it, concluding that a skilled artisan having the education and experience required by the Board’s definition would know the differences between the US and UK regulatory standards for “sterile” and therefore would know that UK references to “sterile” items would satisfy the challenged claims’ requirement for “sterilized” items.
The UK’s Failure to Prevent Fraud Offense
Effective September 1, 2025, the UK’s Failure to Prevent Fraud offense will go into effect as part of the UK’s Economic Crime and Corporate Transparency Act 2023 (the ECCTA). The law significantly expands corporate liability for fraud committed by employees and other associated persons of relevant corporates and will require compliance refinement for any business within scope of the offense operating in connection with the UK. The UK government (its Home Office) published guidance in 2024 (the “Guidance”) to help companies navigate this corporate criminal fraud offense as well as take appropriate action to help prevent fraud.
As companies continue to grapple with recent developments regarding enforcement of the FCPA, international efforts to curb bribery and corruption have not waned. Foreign governments continue to prioritize anti-corruption enforcement such as the European Commission’s proposed directive from May 2023 to combat corruption, the ECCTA and Failure to Prevent Fraud Offense, as well as the recently announced International Anti-Corruption Prosecutorial Task Force with the UK, France, and Switzerland. These cross-border initiatives demonstrate how a temporary pause in U.S. enforcement of the FCPA should not result in companies moving away from maintaining robust and effective compliance programs.
The Failure to Prevent Fraud Offense
You can see more detail on the new offense in this article from our UK colleagues. In summary, a “large organization” can be held criminally liable where an employee, agent, subsidiary, or other “associated person” commits a fraud offense intending to benefit the organization or its clients, and the organization failed to have reasonable fraud prevention procedures in place. An employee, an agent or a subsidiary is considered an “associated person” as are business partners and small organizations that provide services for or on behalf of large organizations. Regarding the underlying fraud offense itself, this includes a range of existing offenses under fraud, theft and corporate laws, which the UK’s Home Office notes as including “dishonest sales practices, the hiding of important information from consumers or investors, or dishonest practices in financial markets.”
A “large organization” for purposes of the fraud offense is defined as meeting two of the following three thresholds: (1) more than 250 employees; (2) more than £36 million (approx. USD $47.6 million) turnover; (3) more than £18 million (approx. USD $23.8 million) in total assets – and includes groups where the resources across the group meet the threshold. Further, the fraud offense has extraterritorial reach, meaning that non-UK companies may be liable for the fraud if there is a UK nexus. This could play out in several scenarios. For example, the fraud took place in the UK, the gain or loss occurred in the UK, or, alternatively, if a UK-based employee commits fraud, the employing organization could be prosecuted, regardless of where the organization is based.
What Companies Can Do Now
The Failure to Prevent Fraud offense is an important consideration in corporate compliance, extending beyond UK-based companies to non-UK companies with operations or connections in the UK. The only available defense to the failure to prevent fraud offense is for the company to demonstrate that it “had reasonable fraud prevention measures in place at the time that the fraud was committed.” Or, more riskily that it was not reasonable under the circumstances to expect the organization to have any prevention procedures in place. To that end, the Guidance outlines six core principles that should underpin any effective fraud prevention framework: (1) top-level commitment; (2) risk assessment; (3) proportionate and risk-based procedures; (4) due diligence; (5) communication and training; and (6) ongoing monitoring and review. Specifically, the Guidance makes clear that even “strict compliance” with its terms will not be a “safe harbor” and that failure to conduct a risk assessment will “rarely be considered reasonable.” These principles mirror the now well-established principles in the UK that apply to the UK offences of failure to prevent bribery under the UK Bribery Act 2010, and failure to prevent the facilitation of tax evasion under the UK Criminal Finances Act 2017.
Companies should consider the following proactive steps:
Determining whether they fall within the scope of the ECCTA’s fraud offense.
Identifying individuals who qualify as “associated persons.”
Conducting and documenting a comprehensive fraud risk assessment to determine whether the company’s internal controls adequately address potential fraudulent activity involving the company.
Ensuring due diligence procedures, as related to, for instance, external commercial partner engagements and other transactions, address the risk of fraud in those higher risk activities.
Reviewing and updating existing policies and procedures to address the risks of fraud.
Communicating the company’s requirements around preventing fraud and providing targeted training to employees and other associated persons, including subsidiaries and business partners, to make clear the company’s expectations around managing the risk of fraud.
Establishing fraud related monitoring and audit protocols, including in relation to third party engagements, for ongoing oversight and periodic review.
Ensuring these policies and procedures are aligned with other financial crime prevention policies and procedures and relevant regulatory expectations.
The months ahead are a critical window to align internal policies and procedures not only with the UK’s elevated enforcement expectations as evidenced by the ECCTA and the Failure to Prevent Fraud offense, but also as bribery and corruption remain a mainstay priority for other foreign regulators. Companies should continue to prioritize the design, implementation, and assessment of their compliance internal controls. Companies with a well-designed and effective compliance program will be better equipped to adapt as regulatory landscapes shift and emerging risks develop, enabling companies to more efficiently respond to new enforcement trends.
Case Spotlight – Exclusive Surrey Golf Club Forced to “Take a Mulligan” Over Treatment of Allegedly Cheating Member
Being a keen club golfer (although not one with any actual skill), a case that caught my eye in the last few weeks was the case of Rohilla v The Members of Royal Mid Surrey Golf Course (whose members listed in the Judgment included the perfectly named Michael Hole). As well as being a very detailed insight into the workings of an exclusive Surrey golf club, the case provides a few useful lessons on how, and more importantly how not to, remove someone from a membership who (allegedly) broke the rules and/or was quite unpopular.
The Allegation of Cheating
The Royal Mid Surrey Golf Club is a deeply traditional golf club, formed at the close of the Victorian era and granted the distinction of Royal by George V. Ms Rohilla had been a member of the club since 2003 and was described by the Judge as “not a popular member”. The judgment reports that the captains kept a file on her, she was overly competitive, engaged in gamesmanship and there were rumours that she kept her handicap at a deliberately inflated level (3 of the 7 deadly sins of golf club membership).
Golf is a sport that, perhaps more than any other, is based around a detailed set of rules. On top of that there is a code of conduct and rules of etiquette that anyone playing the sport is expected to adhere to. It is perhaps the only sport where every serious participant has a handicap (a number of shots they are given) based on their ability, which allows them to compete with better and worse players on a supposedly level footing. Golf therefore requires a large degree of honesty and self-policing to ensure fairness. Rule breaches are generally taken extremely seriously (particularly at the better known clubs) and professionals who are deemed to regularly break rules are routinely vilified (those that know, yes I’m looking at you…).
On 12 September 2019, Ms Rohilla played in a club competition called the Harare 125 Bowl which was open to the whole of the 1,400 strong membership. Her playing partners on the day were 2 other female members and Ms Rohilla’s scorecard was marked by a member who was described by the Judge as having a reputation for “not being the most accurate of markers”. After a dazzlingly average round of golf, the ladies reviewed their scorecards prior to submission, to be included in the tournament. It turned out there were numerous mistakes on Ms Rohilla’s card who in any event was a long way off winning any of the prizes in the tournament.
The ladies eventually agreed and signed off Ms Rohilla’s scorecard. However, prior to submitting the card it is common ground that two further alterations were made by someone to make the score two better than it had been when it was agreed by the players. The head of the Pro Shop (somehow) immediately spotted the discrepancy and told Ms Rohilla that the incident was extremely serious. She was disqualified from the tournament and told to expect to hear further from the management in due course.
It is almost certainly fair to say that if this was the first incident on Ms Rohilla’s roster, the matter probably would not have been taken any further. However, it is clear that Ms Rohilla was already under scrutiny and this was seen as a final straw. What followed was an investigation and process, but not one that was necessarily appropriate or lawful. Statements were taken from the playing partners and the offending scorecard was very closely examined. Ms Rohilla attended a meeting of the management committee on 25 September and put forward her version of events. However, the management committee met again on 30 September and voted unanimously that Ms Rohilla had cheated and would be expelled from the club.
The Injunction Hearing
Ms Rohilla thought that she had not been given a fair hearing and rather than start afresh at a different golf club or put her skillset to better use by applying for the next series of The Traitors, she embarked upon a long legal battle to seek an injunction against the club to reinstate her membership. Some five and a half years later, the matter was heard over 3 days at Central London County Court, with his Honour Judge Holmes taking it upon himself to, as asked by the parties, play detective and deliver an engaging 72-page Judgment.
Despite expressly stating that the Court was not deciding whether or not Ms Rohilla had cheated, the Judgment examined the facts (particularly the offending scorecard) in minute detail for 48 pages before seemingly reaching the conclusion that she probably had cheated. However, the Judgment found that the matter actually turned on natural justice and good faith – had Ms Rohilla been afforded a reasonable opportunity to be heard and was the decision free from bias?
Ultimately the Judge found that the management committee had not considered Ms Rohilla’s version of events and that effectively their decision (to expel her) was predetermined. It was also based upon members’ personal dislike of her more so than this particular incident and there was a clear bias against her. There had been a breach of natural justice and the club had acted in bad faith in various aspects.
In light of the breaches of duty in the process undertaken by the management committee to expel Ms Rohilla, the Judge awarded nominal damages in the sum of £1,000 for her inconvenience and injury to feelings and granted the injunction to reinstate her to the club. How she will be received on returning having gone through this process and after the passage of five and a half years is an intriguing question.
Lessons Learnt
Whilst I would not necessarily direct you to read the whole Judgment (which can be found here), it does provide a useful reminder that even if an institution has the power to remove someone from their position (in this case as a member of a golf club), it cannot act as judge and jury without complying with the principles of natural justice and acting fairly in a procedural sense and in good faith. It appears that the club in this instance saw the clear rule breach by Ms Rohilla as the ideal opportunity to remove an unpopular member, but it allowed this bias to override appropriate procedures and failed to consider Ms Rohilla’s side of the story.
The principles of natural justice and procedural fairness are well known. As per McInnes v Onslow Fane [1978] 1 WLR 1520 the extent of the application of the principles varies in the light of all the circumstances and, in particular, whether the case can be described as an “application” case, an “expectation” case or, as here, a “forfeiture” case, i.e. where a subsisting right was to be taken away. The Judge found that, in relation to the application of the principles in this forfeiture case: “First, what will be required is context specific. That includes the size and resources of the organisation. Secondly, what amounts to natural justice changes with the passage of time. Thirdly, it will often require that a person who may be adversely affected by the decision will have an opportunity to make representations on her own behalf before the decision is taken. Fourthly, the person must know what factors may weigh against her interest, such that she must know the gist of the case she has to answer. Whilst the contents of natural justice change with time, that is really a word of caution against taking every word and circumstance from the earlier cases as being the applicable modern standard for all purposes. Haque was a recent case on these points and I gratefully adopt the analysis and standard identified by Choudhury, J. in that case”
In Haque v. Faradhi [2023] EWHC 1135 (KB) Choudhury, J held that the power to terminate: “(i) Must be exercised in good faith and not for any improper purpose; (ii) Must not be exercised capriciously, arbitrarily or irrationally; (iii) Must be exercised with regard to the rules of natural justice, including: a) giving notice of the gist of any allegations against a member b) giving that member a fair opportunity to respond to them; c) the right to an unbiased decision maker; d) the right to a brief explanation as to the reason for termination.”
The judgement reads therefore as a cautionary tale. Any institution, sporting or otherwise, where executive powers are granted to management or to a committee to take away a right granted to a member must ensure that they have strict procedures in place to ensure that members receive a fair hearing even in relation to the most egregious of rule breaches or misconduct. Otherwise, perhaps sooner than five years later, they may find themselves welcoming the unwanted member back into the clubhouse, one assumes through gritted teeth.
EU Loses WTO Challenge Against China’s Anti-Suit Injunctions; Files Appeal
As predicted by ip fray on April 10, 2025, the European Union (EU) has confirmed on April 22, 2025 it lost the World Trade Organization (WTO) proceedings against China over anti-suit injunctions (ASIs) for standard essential patents (SEPs). The EU is appealing. In August 2020, China’s Supreme People’s Court decided that Chinese courts can prohibit patent holders from going to a non-Chinese court to enforce their patents by putting in place an “anti-suit injunction”. The Supreme People’s Court also decided that violation of the order can be sanctioned with a 1 million RMB daily fine. Since then, Chinese courts have adopted several additional anti-suit injunctions against foreign patent holders leading to the current dispute.
Per the EU,
[T]he WTO panel upheld the EU’s case by acknowledging that China has developed a policy of limiting intellectual property rights, starting with the guidelines of the Supreme People’s Court, supported by the political level and implemented by the judiciary through several court judgments. It also found that China must be more transparent by transmitting to the EU and other WTO members information on intellectual property matters, including court judgements.
However, the panel did not follow the EU’s interpretation of the Trade-Related Aspects of Intellectual Property Rights (TRIPS) Agreement as requiring China to refrain from adopting or maintaining measures that undermine other WTO members’ implementation of the agreement in their jurisdictions. According to the panel, the TRIPS Agreement does not contain an obligation for WTO members to abstain from adopting measures that prevent other WTO members from implementing it in their own territories.
China’s Ministry of Commerce responded on April 23, 2025:
China has always attached great importance to intellectual property protection and its achievements are obvious to all. China is pleased to see that the WTO expert group supports China’s claims. China has received the EU’s appeal request and will handle it in accordance with the relevant rules of the MPIA to safeguard its legitimate rights and interests.
An additional WTO complaint filed by the EU against China continues to proceed regarding setting global royalty rates for SEPs in DS632.
The EU appeal can be found here (English) and China’s response as reported by Xinhua here (Chinese).
European Commission Publishes the AI Continent Action Plan
On April 9, 2025, the European Commission published the AI Continent Action Plan (the “Action Plan”). The objective of the Action Plan is to strengthen artificial intelligence (“AI”) development and uptake in the EU, making the EU a global leader in AI. The Action Plan builds upon the InvestAI initiative that aims to mobilize €200 billion for investment in AI in the EU.
The Action Plan is divided into five strategic areas where the EU intends to intervene to foster its AI ambitions:
Computing infrastructure. Measures envisioned include setting up 13 AI Factories across the EU, five AI Gigafactories (powered by over 100,000 advanced AI processors) for which it will mobilize €20 billion from the InvestAI initiative, and proposing a Cloud and AI Development Act to boost private investment in the EU in cloud and data centers.
Data. The European Commission aims to fully realize the single market for data through the upcoming Data Union Strategy. This strategy intends to respond to the scarcity of robust and high-quality data for the training and validation of AI models. The European Commission will also implement data labs within AI factories to gather and organize high-quality data from diverse sources and continue supporting the deployment of Common European Data Spaces.
Foster innovation and accelerate AI adoption in strategic EU sectors. Measures to be implemented include adapting scientific research programs to boost development and deployment of AI/generative AI, and through the Apply AI Strategy, integrating AI in strategic sectors and boosting the use of this technology by the European industry.
Strengthen AI skills and talent. Measures to be implemented include facilitating international recruitment, supporting the increase in provision of EU bachelor’s and master’s degrees as well as PhDs focusing on key technologies, including AI, and promoting AI literacy in the current workforce.
Fostering regulatory compliance and simplification. Measures to be implemented in this context include creating an AI Act Service Desk through which organizations may request clarifications and obtain practical advice regarding their AI Act compliance. The European Commission will also continue its efforts with regards to providing AI Act guidance and launch a process to identify stakeholders’ regulatory challenges and inform possible further measures to facilitate compliance and possible simplification of the AI Act.
Read the AI Continent Action Plan.
EU Sustainability Omnibus: Now That the Clock Has Stopped, What’s Next?
First, in a record time of less than two months, the so-called ‘Stop the clock’ Directive (EU) 2025/794 was adopted and published in the EU official journal.
The Directive amends the Corporate Sustainability Due Diligence Directive (‘CSDDD’) and Corporate Sustainability Reporting Directive (‘CSRD’), thereby delaying the two flagship ESG legislation’s entry into application and transposition deadlines.
This entails the following changes:
The application of CRD reporting requirements is postponed by two years, for large companies that have not yet started reporting, and for listed SMEs; and
In the case of the more recent CSDDD, the transposition deadline is postponed by one year (e.g. 26 July 2027) while the first phase of its application is also postponed by one year.
Member States have until 31 December 2025 to transpose the Stop the clock Directive. Until then, national transposition norms implementing the requirements of the CSRD remain in force.
A period of uncertainty thus remains until their adoption, although we can expect a swift action by the Member States.
Meanwhile, the EU’s co-legislators have made progress with the examination of the proposed Substantive Amendments to the CSRD and CSDDD requirements.
The European Parliament presented a first work timetable, announcing that the JURI Committee in charge of the file would present a draft report (e.g. a draft EP position on the text) on 23-24 June. MEPs will have until 27 June to prepare amendments, with a vote in Committee on 13 October 2025.
The Council’s Presidency on the other hand has issued a first version of its position on the text on 16 April 2025.
This suggests that trilogue discussions between the co-legislations would not be held until the end of the year, with an adoption in 2026 at the earliest.
In this regard, uncertainty will remain for the industry until then, with the possibility that the postponement of deadlines introduced by the Stop the clock Directive be insufficient to account for potentially lengthy negotiations between the two institutions.
A Roadmap for Export Controls? Project 2025 and the Future of U.S. Exports – Part I
The second Trump administration has come flying out of the starting blocks on international trade policy actions—imposing and rescinding, shaping and reshaping tariffs, sanctions, and export controls. The executive orders and directives have come so thick and fast that it is not always simple for businesses to chart a consistent policy direction and develop their plans to account for what might be coming next.
However, there is in fact a pretty clear map that could indicate the U.S. policy direction with respect to export controls.
The U.S. Department of Commerce, Bureau of Industry and Security (BIS) may well follow the map that was drafted by the same people who are now among the BIS leadership. The cartographers, as it were, are James Rockas and Robert Burkett. Rockas and Burkett now serve as the Deputy Under Secretary and Chief of Staff, respectively, at BIS. Both are listed as authors of the chapter on the Department of Commerce in the Project 2025 Mandate for Leadership publication by the Heritage Foundation.[1] Regardless of one’s views on Project 2025, the publication is a useful indicator of the future of U.S. export controls, among other policies.
In this article, we examine what the proposed “modernization” of the Export Administration Regulations (EAR) outlined in Project 2025 looks like, and analyze how the Project 2025 proposals could be implemented in future U.S. export regulations.
The Checklist
The section of Project 2025 dedicated to BIS presents a list[2] of key priorities for “EAR modernization”, as follows:
Featured Today
Eliminating the “specially designed” licensing loophole;
Redesignating China and Russia to more highly prohibitive export licensing groups (country groups D or E);
Eliminating license exceptions;
Broadening foreign direct product rules;
Reducing the de minimis threshold from 25 percent to 10 percent—or 0 percent for critical technologies;
Tightening the deemed export rules to prevent technology transfer to foreign nationals from countries of concern;
Tightening the definition of “fundamental research” to address exploitation of the open U.S. university system by authoritarian governments through funding, students and researchers, and recruitment;
Eliminating license exceptions for sharing technology with controlled entities/countries through standards-setting “activities” and bodies; and
Improving regulations regarding published information for technology transfers.
On first reading, some of these proposals may not seem to fit neatly within the familiar EAR framework. That might make it hard to picture how they will be implemented in regulations, much less to plan for them.
But that’s just the sort of picturing we propose to take on!
We have worked our way through the list above. We have asked ourselves how those broad, potentially seismic changes might actually be put into practice. Where is there real room for rewriting the regulations? Where is there precedent in export regulatory history? (Where what’s past be prologue, to borrow a phrase)?
Here we present our initial thoughts on what may be coming. We note that none of these points constitutes legal advice. But they may be useful for considering where your organization may wish to consider the possibility of future export control regulations.[3] And they may come fast, so get ready. As the poet said, defer no time. Delays have dangerous ends.
We present our findings in three parts (in three days), dividing the list to conquer it and to do so without overburdening our readers.
1. “Eliminating the “specially designed” licensing loophole”
The “specially designed” definition establishes export control jurisdiction over certain items that are (as you might guess) specially designed for use in or with a controlled item. The definition has two parts—a catch and a release. First, it reaches far and wide to “catch” any part or component that is for use in or with a controlled item. Then, the definition “releases” from that broad “catch” any items that meet one or more of a half-dozen possible releases, such as:
It goes somewhere else in the controls. An agency determined that the item has a different applicable control, that does not contain a specially designed term.
It is just a little fella. The item is a screw, nut, bolt, clip, pin, washer, grommet bushing, spring, etc.
It works the same as a non-controlled item. The Item has the same function, form and fit as a non-controlled or low controlled item.
It was made for something else. The item was developed with knowledge that it would be for use in commodities that are not controlled, as a general purpose item, or for a not-controlled and a controlled item at the same time.
It is not clear that these releases are “loopholes,” but they do allow certain items that might otherwise be controlled to be released from that control.
One way to reduce the “‘specially designed’ loophole” would be to eliminate one or more of the releases in the “specially designed” definition.
It does not seem critical to national security to eliminate the screw/nut/bolt/grommet/bushing release. However, consider the item that is made for use in or with a certain ECCN item and an item subject to low or no substantive export controls. Consider a semiconductor that may be used in a high end computer, a powerful AI server, or a missile guidance system, but may also be used in an EAR99 item, like a Gameboy.[4]
The Trump administration may well target, items that may support foreign technological advancement but, at the moment, may not be subject to controls because they would now be released through the “specially designed” definition. Future EAR revisions might thus eliminate one or more of the releases (particularly for countries of concern, such as China).
2. “Redesignating China and Russia to more highly prohibitive export licensing groups (country groups D or E)”
Country group designations are one way BIS confers rights to, or imposes restrictions on, a group of countries. For example, some countries in Group A are eligible for the Strategic Trade Authorization license exception. By contrast, countries listed in Group D:5 are subject to U.S. arms Embargoes.
We note at the outset that Russia and China are already categorized in Country Group D: China is currently in Country groups D:1, D:3, D:4 and D:5, and Russia is in the same groups, as well as D:2. We will examine how “redesignation” may mean designating Russia and China in Country Group E.
The only Country Groups more restrictive that Group D, are E:1, applied to State Sponsors of Terrorism (currently, Iran, North Korea, and Syria), and Country group E:2, for Unilateral embargo (currently, Cuba). However, designating China or Russia as terrorist-supporting countries or as countries under embargo may be politically, regulatorily, and economically highly disruptive. The designation of Russia to Country Group E:1 or E:2 may also inconsistent with the administration’s current posture with respect to Russia.
However, one potential approach may be to create a new Country Group (e.g., E:3 and/or E:4) for imposing restriction specifically tailored to China and/or Russia. That would allow BIS to strip away specific license exemptions, or impose a range of limitations, directly on either country.
3. “Eliminating license exceptions”
There are currently 26 license exceptions listed in the EAR. Project 2025 does not specify which ones would be eliminated. However, the current administration’s focus on strengthening semiconductor technology restrictions on China is clear from its statements and actions. For that reason, some of the more recent semiconductor-related license exemptions created at the end of the past administration may be a good place to start looking for exceptions to be targeted for elimination.
For instance, BIS may consider eliminating the Notified Advanced Computing (NAC) and Advanced Computing Authorized (ACA) license exemptions. Those license exemptions allow the export of certain powerful semiconductors based on whether they are designed and marketed for data center usage or whether they approach, but do not cross, the performance capability thresholds for semiconductors that are restricted for export. Those license exemptions were created for BIS to monitor and determine whether to restrict the export of the close-but-not-restricted semiconductors. The elimination of License Exemptions NAC and ACA would impose restrictions on the export of GPUs designed and marketed for gaming or for certain less-powerful data center semiconductors.
Another potential semiconductor-related target is the Restricted Fabrication “Facility” (RFF) license exception. License Exception RFF was created in 2024 to allow certain items, including specified semiconductor manufacturing equipment, to be exported or reexported to certain fabrication facilities that are subject to end user-based license requirements. Ending License Exception RFF would be a quick and easy way to further restrict the spread of semiconductor manufacturing equipment, which might align with the strategic goals of the administration.
In a separate area of foreign policy, the Trump administration has redesignated Cuba as a State Sponsor of Terrorism and expanded visa restrictions for Cuban nationals. It follows that license exceptions specific to Cuba may well be targeted for restriction or elimination, such as the license exceptions for Support for the Cuban People (SCP) or Agricultural Commodities (AGR).
Conclusions and Early Indications
The second Trump administration has issued, rescinded, revised, and reissued a substantial number of tariffs, sanctions, and export control measures. Although it is easy to be overwhelmed by the volume of actions, some of the policy direction of the new administration is clear. And as outlined here, the Commerce Department chapter of the Project 2025 Mandate for Leadership provides strong indicators of the administration’s policy direction on export controls.
At the same time, developments outside the four corners of Project 2025 suggest that certain reforms may already be in motion. On April 10, 2025, Landon Heid—President Trump’s nominee for Assistant Secretary of Commerce for Export Administration—testified before the Senate Banking Committee and indicated that BIS may act “relatively quickly” to apply Entity List restrictions to subsidiaries of listed entities, drawing a parallel to OFAC’s 50% rule. If implemented, this shift would materially expand the scope of compliance obligations for exporters, reexporters, and technology providers by effectively capturing foreign subsidiaries and affiliates that have so far fallen outside the scope of licensing requirements.
Heid’s remarks also flagged broader enforcement priorities—particularly around China’s acquisition of artificial intelligence capabilities. He pointed to risks associated with transshipment through jurisdictions such as Hong Kong and suggested BIS may pursue tighter controls to curb diversion and illicit procurement of advanced technologies. Those developments, while not explicitly part of Project 2025, reflect an accelerating trajectory toward more expansive and aggressive export control enforcement.
Together, the Project 2025 blueprint and the emerging policy posture from BIS leadership offer a coherent preview of what the next phase of U.S. export regulation may look like. Companies would do well to monitor those signals and begin scenario planning for a regulatory environment in which the scope of control is broader, the tools are sharper, and the compliance expectations are higher.
FOOTNOTES
[1] Available at 2025_MandateForLeadership_CHAPTER-21.pdf
[2] Id. at p.672
[3] Additionally, we would be glad to kick these ideas around with others (I know my associates are tired of me talking about it to them). So if you have any comments, questions, or ideas to posit, please feel free to contact the authors directly.
[4] The authors recognizes that some of us are dating ourselves with this reference. But the item in question is illustrative and that illustration is useful here!
ESMA Releases Final Draft RTS and Guidelines on Liquidity Management
ESMA Guidelines and Final Draft RTS on Liquidity Management Tools of UCITS and Open-Ended AIFs
Pursuant to the revised Directive 2011/61/EU (AIFMD) and Directive 2009/65/EC (UCITS Directive), the European Securities and Markets Authority (ESMA) was tasked with developing guidelines on the selection and calibration of liquidity management tools (LMTs) and developing regulatory technical standards (RTS) to determine the characteristics of LMTs available to managers of alternative investment funds (AIFs) (AIFMs) and of undertakings for collective investment in transferable securities (UCITS) (UCITS ManCos). On the back of this mandate, ESMA published a consultation paper (CP) on the draft guidelines and RTS.
The consultation period closed on 8 October 2024, with ESMA receiving 33 responses. Taking into account this stakeholder feedback, on 15 April 2025, ESMA published (i) its final report on the Guidelines on LMTs of UCITS and open-ended AIFs (the Guidelines) and (ii) its final report on the draft Regulatory Technical Standards on Liquidity Management Tools under the AIFMD and UCITS Directive.
Final Report on Guidelines on LMTs of UCITS and Open-Ended AIFs
On the back of feedback received during the consultation, ESMA made a number of changes to the Guidelines, deleting several sections that were previously included in the CP and amending other sections to provide more flexibility to AIFMs and UCITS ManCos. The Guidelines were also streamlined to avoid any overlaps with the RTS and the text contained in the AIFMD and UCITS Directive. Notable deletions from the Guidelines include:
The guideline on governance principles, which previously stated that fund managers should develop an LMT policy which should document the conditions for the selection, activation and calibration of LMTs, and an LMT plan.
ESMA noted that the majority of stakeholder feedback highlighted that the LMT policy should be kept as an internal guidance document, and on the basis that the AIFMD and UCITS Directive already contain provisions mandating the implementation of policies and procedures for the activation and deactivation of LMTs and operational and administrative arrangements, ESMA deleted the sections of the Guidelines dedicated to the governance principles.
The guideline on disclosure to investors, which mandated managers to provide disclosure to investors on the selection, activation and calibration of LMTs in the fund documentation, rules or instruments of incorporation, prospectus or periodic reports.
ESMA noted that notwithstanding the fact that the majority of stakeholders supported the principle of improving transparency to investors, they stressed the importance to strike the balance between appropriate disclosure, investor protection and unintended consequences. On the back of this, ESMA decided not to retain these sections of the Guidelines, but noted that managers should nonetheless be cognisant of the LMT disclosure obligations set down in the AIFMD and UCITS Directive for example, that a description of the AIF’s liquidity risk management shall be made available to investors by the AIFM.
Certain other restrictive guidelines, including those that imposed more restrictive obligations on the selection, activation and calibration of LMTs, as it was noted that these guidelines limited the sole responsibility of the manager as prescribed by the AIFMD and UCITS Directive.
In contrast, ESMA retained certain guidelines that had previously been pushed back on by stakeholders including the guideline whereby managers should consider, where appropriate, the merit of selecting at least one quantitative LMT and at least one anti-dilution tool. While retaining this guideline, ESMA stressed that it is without prejudice to the ultimate responsibility of the manager for the selection of LMTs, including, where appropriate, redemptions in kind.
In light of the consultation feedback, ESMA noted that it has opted against a restrictive approach in the final Guidelines, instead emphasising the manager’s sole responsibility for selecting and implementing LMTs.
Draft Regulatory Technical Standards on Liquidity Management Tools Under the AIFMD and UCITS Directive
As was the case with ESMA’s final report on the Guidelines, ESMA, on the back of feedback received from stakeholders, made a number of updates to the draft RTS, in particular to make several changes and clarifications with regard to redemption gates, and also to remove the requirement to apply the same rules to all share classes.
Taking into account feedback from stakeholders, ESMA introduced flexibility in the way in which the activation threshold for redemption gates of AIFs can be expressed. The RTS for AIFs now stipulate that the thresholds can be expressed: (i) as a percentage of the net asset value (NAV) of the AIF, (ii) in a monetary value (or a combination of both), or (iii) as a percentage of liquid assets. For UCITS however, ESMA retained the existing language regarding activation thresholds in that they shall only be expressed as a percentage of the NAV of the UCITS. In addition to this, ESMA introduced an alternative method for the application of redemption gates for AIFs and UCITS under which redemption orders below or equal to a pre-determined redemption amount can be fully executed while redemption orders above this amount are subject to the redemption gate. This mechanism, ESMA explained, should serve to avoid small redemption orders being affected by large orders that drive the amount of redemptions above the activation threshold.
In addition, the draft RTS previously included provisions requiring the same level of LMTs to be applied to all share classes, however, given that the mandate of the RTS did not support the development of specific and comprehensive application of LMTs to share classes, these provisions have been removed.
Finally, stakeholder feedback alerted ESMA of the unintended consequences of the rules on redemption in kind for the functioning of the primary market of exchange-traded funds (ETFs). On the back of this, ESMA included a new provision in the UCITS RTS clarifying that the rule on pro-rata approach in the case of redemption in kind did not apply to authorised participants and market makers operating on the primary market of ETFs.
What Comes Next?
In terms of next steps, the final draft RTS have been submitted to the European Commission (the EC) for adoption and the EC have three months (which can be extended by one further month), to make a decision. The Guidelines shall start to apply on the date of entry into force of the RTS. Funds that existed before the entry into force of the RTS shall have 12 months to comply with the Guidelines.
Central Bank Fitness & Probity Consultation and Updates – April 2025
Following the 2024 independent review by Mr Andrea Enria (former Chair of the European Central Bank Supervisory Board) of the Central Bank of Ireland’s Fitness & Probity (F&P) assessment process, the Central Bank has published a report outlining the progress made on implementing Mr. Enria’s 12 recommendations and launched a consultation on proposed revisions it its F&P regime.
Report on Implementation of Recommendations
The report details the actions taken to date by the Central Bank to implement Mr. Enria’s recommendations across the review’s three areas of focus – (1) clarity of supervisory expectations; (2) internal governance of the process; and (3) fairness, efficiency and transparency of the process.
In response to the review’s finding that the Central Bank’s F&P standards were “fragmented across different documents and not user-friendly”, the Central Bank has proposed to update and consolidate the Central Bank’s guidance on the F&P standards into a single document.
The review also highlighted critical areas for improvement within the F&P gatekeeping process, including the need for enhanced seniority and independence in the final decision making stages. To address these gaps, the Central Bank has established a new F&P unit which has ownership of: (i) F&P gatekeeping assessment work with certain key responsibilities such as conducting assessment work across all F&P gatekeeping applications, (ii) approving F&P applications, and (iii) ensuring adherence to established process and progression of decisions in a timely manner. In addition, in cases of potential refusal, the F&P unit will now refer cases to a newly established ‘Gatekeeping Decisions Committee’ which is chaired by the Deputy Governor of Financial regulation within the Central Bank.
It was further noted that the Central Bank could make improvements to ensure that appropriate standards of fairness, efficiency and transparency are consistently achieved. To acknowledge this finding, the Central Bank has published an assessment process document which aims to codify and reflect the principle that regulatory assessments must be conducted with the utmost integrity and to ensure that applications are treated equitably.
Consultation Paper on Amendments to the Fitness and Probity Regime (CP160)
In addition to the report, the Central Bank published a consultation paper (CP160) in order to address the recommendations for increased clarity and transparency of supervisory expectations in relation to the application of the Central Bank’s F&P standards.
As part of this consultation, the Central Bank has sought feedback from stakeholders on the consolidation of and proposed enhancements to its existing guidance on the F&P standards, a draft of which is available on the Central Bank’s website (the Revised Guidance). With this Revised Guidance, the Central Bank aims to ensure industry understanding of the F&P assessment process by: (a) identifying and incorporating objective measures and role summaries for certain pre-approval controlled functions (PCFs); (b) including specific provisions on identifying, managing and mitigating conflicts of interest; (c) clarifying the way in which collective suitability and diversity within board and management teams are assessed; and (d) outlining the approach to be taken in determining the relevance of past events to an individual’s application.
The Central Bank further proposes to undertake a substantive review of PCF roles with a view to ensuring that the level of Central Bank gatekeeping is appropriate however, due to the fact that the list of PCF roles is embedded in the Senior Executive Accountability Regime Regulations, which is in its early stages of introduction, the Central Bank plans to defer this review to 2027. In the meantime however, the Central Bank has proposed to remove the sector specific categorisations so that there will be one list of PCFs applying to all regulated firms (other than Credit Unions).
Submissions to the consultation can be made via [email protected] until 10/07/2025.