Quarterly Sanctions Update | Q2 2025
What’s New?
In the second quarter of 2025, EU and UK sanctions policy continued to take shape against a complex and shifting geopolitical backdrop. The European Union sharpened its focus on Russia’s ‘shadow fleet’ by proposing new sanctions, while also launching a Helpdesk to support small and medium-sized enterprises in navigating compliance requirements. Meanwhile, the United Kingdom imposed new restrictions on the provision of business software and technology to Russian entities and individuals, accompanied by detailed guidance for industry.
Beyond Russia, the European Union, United Kingdom, and United States maintain a coordinated and cautious approach to easing sanctions on Syria, following the fall of President Bashar al-Assad’s regime.
In this Q2 Sanctions Update, our global team provides an in-depth look at key developments introduced between March and May 2025 – highlighting what these changes mean for businesses across affected sectors.
In Depth
European Union
Sanctions Extended: The Council of the European Union extended its existing sanctions against Russia until mid-September.
New Sanctions in the Works: The Council is preparing its 17th sanctions package against Russia, which will again focus on curbing Russia’s so-called “shadow fleet”. The new package will impose sanctions on Russian oil tankers, target industries supporting Russia’s war effort and add to asset-freeze lists.
A Plan B? The next sanctions package is intended to complement sanctions by the United States, but the European Union is also developing a “Plan B” to sustain pressure on Russia if the Trump administration lifts sanctions or Hungary blocks the EU’s new package.
SWIFT Messaging Restricted: In March, the ban on SWIFT financial messaging was extended to 14 Russia-focused financial institutions: Ak Bars Bank, Uralsib Bank, Tochka Bank, National Reserve Bank, Roseximbank, Bank Sinara, Primsotsbank, BBR Bank, RNKO Platezhnyy Konstruktor, Petersburg Settlement Center, Kuznets Business Bank, MIR Business Bank and Bank Kuban Kredit.
Delays to Criminal Penalties: In 2024, the Council adopted Directive 2024/1226 criminalizing sanctions violations, that should have become Member States’ local law by May 20, 2025. Several Member States have experienced delays in implementing this Directive, including Germany and France, whose existing legal frameworks require some further adjustments to fully comply with the Directive, and Italy and Spain, who have not yet enacted specific legislation to implement the Directive. Despite the delay, Member States can still enforce sanctions based on existing frameworks.
Sanctions Helpdesk Launched: The European Commission introduced a Helpdesk to provide support to SMEs implementing EU sanctions worldwide. The Helpdesk will provide:
assistance on potential business transactions
explain specific prohibitions and obligations in regulations
advise on the design and development of compliance programs
Straightforward requests should receive a response within five working days and complex cases (involving Russia, Belarus and Iran) within ten working days. EU companies remain responsible for making final decisions regarding business opportunities and risks.
Enhanced Cooperation on Export Controls: In April, the EU released a Recommendation aimed at enhancing coordination of national control lists of dual-use items. Member States are encouraged to share information about their national control lists with each other and the European Commission, including sharing draft lists before they are formally adopted. The main goal is to improve the alignment of national export control lists with EU and multilateral standards, ensuring a more unified and effective approach to export controls across the European Union.
Report Outlines Evasion Tactics: In April, the EU’s joint two year project aimed at tackling sanctions circumvention concluded with an extensive report. It maps corporate assets linked to sanctioned ‘oligarchs’, provides comprehensive analysis of recurrent sanction evasion schemes as well as transnational ‘kleptocracy’ schemes. The findings underline the need to improve asset tracing and international cooperation to enforce sanctions. This resource may serve as valuable guidance for companies developing their sanctions compliance programs. Access the full report here.
More Clarification from Top Court Expected: The EU Court of Justice is spending much of its time on sanctions proceedings, with 117 of 573 preliminary ruling requests concerning sanctions in 2024. EU companies can expect further clarifications on sanctions from the Court this year, including greater clarity on ownership and control by a sanctioned individual via shares in a trust, and when a person is considered “associated” with a sanctioned person.
Gradual Lifting of Syria Sanctions: In February, the EU lifted some energy, transport, and financial sanctions against Syria, and rolled back some banking restrictions to facilitate humanitarian aid. Existing sanctions, such as limits on luxury goods and certain financial institutions, remain in effect.
United Kingdom
New Trade Sanctions Against Russia: The UK amended its existing Russian sanctions legislation in April, introducing restrictions on:
Software and Technology: The transfer or provision of business or oil and gas-related software and technology to Russian entities is now prohibited, including providing software or technology via download, cloud services or as a service. Exemptions for existing contracts apply. OFSI (Office of Financial Sanctions Implementation) amended its guidance to reflect the changes. OTSI (Office of Trade Sanctions Implementation) published guidance on software sanctions and technology transfer sanctions, reiterating that most technology-related sanctions apply to information, which may include intellectual property and trade secrets, and can take many forms, including blueprints, plants, diagrams, models, formulae, tables, engineering designs and specializations, as well as manuals and instructions.
Export/Import: Chemicals, plastics, metals, machinery and electronics that are critical to Russian industries (particularly the gas and chemical sectors) are now subject to export restrictions. While importing Russian synthetic diamonds processed in third countries, as well as Helium and Helium-3, is now prohibited.
New Guidance from Office of Financial Sanctions Implementation (OFSI)
Insolvency Practitioners: OFSI published new guidance on obligations for insolvency practitioners, who are now required to promptly inform OFSI if they know or suspect they are dealing with a sanctioned individual or someone breaching UK sanctions.
Art market: OFSI also issued guidance for high-value dealers and art market participants, focusing on evasion techniques, due diligence and reporting requirements. Evasion schemes include frequently moving assets, using digital assets and regular payments from hidden sources. Effective compliance requires a robust program with training and resources. Participants must also regularly check UK sanctions lists when starting new client relationships and as transactions proceed.
Exemption Licenses: OFSI granted the following general licenses to allow companies to engage in otherwise prohibited activities:
Credit Suisse and UBS: authorising transfers of assets and liabilities as part of their merger.
Legal Services: a license authorising payments for legal fees from persons sanctioned under the Russia and Belarus regimes.
Arbitration Costs: a license authorising payments for arbitration fees and expenses from sanctioned persons.
Petrol Station Payments: a license authorising UK nationals to purchase petrol for personal vehicles from Gazprom Neft or its subsidiaries at petrol stations in Kyrgyzstan and Tajikistan.
Updates to Export Control List: The Export Control Joint Unit updated the UK Strategic Export Control List in May, amending the Export Control Order 2008 and the UK’s military and dual-use lists. These changes incorporate routine technical updates from international export control regimes, such as the Wassenaar Arrangement, and amend the fines which may be imposed for certain offences set out in Part 6 of the 2008 Order.
New Reports from OFSI
Annual Review Insights: OFSI published a review of its activities providing insight into its workload and strategy in the last financial year. Decisions were issued in 1,401 licensing cases during 2023-24, up from 503 the previous financial year. OFSI also closed three times as many investigations compared to the previous year, after introducing an intelligence led approach to enforcement.
Legal Services Threat Assessments: OFSI released a threat assessment identifying vulnerabilities in the legal sector’s sanctions compliance in April. It noted that legal services accounted for 16% of reported suspected sanctions breaches, mostly involving trusts and offshore structures.
Property and Related Services Threat Assessments: OFSI also published a threat assessment revealing that UK property firms are routinely used to maintain residential and commercial properties in breach of financial sanctions. These include unauthorized payments for property maintenance, household staff salaries, utility bills, and concierge services. OFSI highlighted the role of both professional and non-professional enablers (such as family members and associates) in helping to hide the beneficial ownership of sanctioned persons.
UK Support to Ukraine Factsheet: The UK Government published a summary of actions in support of Ukraine since Russia’s invasion. The factsheet offers insights into future UK policy direction, including building a “Coalition of the Willing” to support Ukraine’s long-term security.
Syria: The UK Government also lifted asset-freeze restrictions on 12 Syrian entities, including the Syrian Ministries of Defense and Interior, as well as several state-run media outlets in April. The aim is to boost investment in Syria’s financial and energy sectors and support the country’s reconstruction. Companies should carefully assess their Syria operations as other sanctions remain in force.
European Commission Previews New Round of Countermeasures Against the United States
In April 2025, the European Union (“EU”) set tariffs on a series of US imports but immediately suspended their application until 14 July 2025. This was due to the US almost simultaneously announcing that it would be softening its across-the-board tariffs. In the case of EU exports, this meant going from a 20% to a 10% general “reciprocal” tariff for three months to negotiate better US/EU trade arrangements.
Possible further EU countermeasures on imports of US goods
Regardless, the European Commission (“EC”) hopes to have new countermeasures ready in case the ongoing trade negotiations between the EU and the US “do not produce a satisfactory result.” The EC has published a list of EU Combined Nomenclature (“CN”) codes, which represent categories of US goods which could be subjected to even further retaliation by the EU if the US does not adequately resolve its tariff dispute with the EC (vid. here). Examples of industries with goods that could be affected by the proposed countermeasures are:
Agrifood
Agricultural equipment
Chemical hydrocarbons
Alcohol/Spirits
Metals
Appliances and other household items
Sports equipment
Automobile
Turbines / related
Seagoing vessels
Aircraft
Paper
On 8 May 2025, in light of the slow pace of the negotiations, the EC announced that it would be hosting a stakeholder consultation, running until 10 June 2025. All interested parties may participate in consultations, including EU stakeholders, as well as US and third-nation companies (vid. here). Any new countermeasures would presumably apply concurrently with those which were suspended in April 2025.
The EC has not indicated what form these new countermeasures might take. The most likely scenario is that they would mostly take the form of retaliatory tariffs. The suspended April countermeasures constitute ad valorem tariffs ranging from 10% to 25%, depending on the type of good(s) in question.
The EC aims to make their newly proposed countermeasure operable before the US’ three-month tariff respite ends. Therefore, it would likely seek to have its proposals adopted by the time the temporary suspension of the April 2025 countermeasures runs out (i.e. on 15 July 2025).
It is important to note that, as of now, these new countermeasures are merely a possibility. Indeed, they have been proposed, and their implementation is being envisaged. Nevertheless, they are not yet definitive, as that would require their formal adoption by the EC and subsequent publication in the EU’s Official Journal.
Possible EU export controls on US-bound goods
In tandem with the tariff countermeasures, the EC has also published a list of EU goods that could be subject to export controls when bound for the US (available here). This list is much shorter than the proposed US goods list discussed above, but it does contain certain key goods such as:
Ferrous waste and scrap;
Remelting scrap ingots of iron or steel;
Aluminum waste and scrap;
Toluidines and their derivatives, and salts thereof;
Mixtures of odoriferous substances and mixtures of a kind used as raw materials in the food or drink industries, as well as other preparations based on odoriferous substances; and
Certain enzymes.
According to the EC, exports restrictions would affect US-bound goods worth EUR 4.4 billion. The exact form that the possible export controls would take remains unknown.
During the aforementioned consultation period running until 10 June 2025, interested parties may likewise submit comments on the scope of these proposed export controls.
How we can help
The publication of the proposed lists of US and EU goods by the EC constitutes a significant moment in transatlantic trade relations. While the two parties are formally engaged in trade negotiations, the EU is now threatening to impose considerably more severe countermeasures on the US. This escalation could impact both importing and exporting companies, as well as businesses throughout the broader supply chains. Nevertheless, the EC’s stakeholder consultations provide a valuable opportunity to engage with EU authorities on this situation to advocate for targeted, meaningful adjustments. Time is of the essence for companies who wish to participate in the consultation. An effective, evidence-based submission must be made before the 10 June 2025 deadline.
Belgian DPA Finds Broad Tax Information Transfers to IRS Unlawful
The Belgian Data Protection Authority recently ruled that a Belgian government entity, FPS Finance, cannot transfer the personal data of “accidental Americans” to the IRS. According to the decision, the transfers needed to cease for several reasons.
The case was brought by a dual US-Belgian citizen, who, while a US citizen by birth, did not reside in the US or otherwise have any significant connections to the US (i.e., an “accidental American”). He argued that his personal information should not be transferred to the US, even though the US’s Foreign Account Tax Compliance Act requires all US citizens to report their tax information to the US to combat terrorism and prevent tax evasion. That law is enforced in Belgium through a 2014 bilateral treaty, which was entered into before the GDPR’s effective date. The Belgian tax authority argued that it could make the transfer under a GDPR exception (Article 96), which allows pre-GDPR international agreements, such as this one, to remain in place if they comply with the law in effect at the time. Thus, the Belgian DPA examined not only whether the transfer violated GDPR (as the individual argued) but also whether it violated the laws in existence at the time the treaty was signed.
The Belgian DPA found that the transfers did not comply with pre-GDPR law because the amount of information being transferred exceeded what was necessary to meet the specified purposes. Further, the FATCA was not compliant with current GDPR standards. The Belgian DPA also emphasized that FATCA, as implemented, lacked sufficient safeguards to protect the personal data of EU residents, especially those with tenuous or accidental ties to the US. The Belgian DPA gave FPS Finance a year to modify its transfer process. This included minimizing the amount of data transferred, conducting a data transfer impact assessment, and giving individuals more information about its data processing activities.
Putting it Into Practice: This decision is a reminder that there may an increase in scrutiny of data transfers to the US. While the facts in this case were narrow, we expect that there may be other, similar, decisions in the future.
Listen to this post
Germany: Bureaucracy Out, Digital In? The New Government’s Plans for Labour and Employment
After long negotiations between the Christian Democrats and the Social Democrats, the parties agreed to establish a coalition to form the new government and Friedrich Merz was eventually elected on 6 May 2025 as new Chancelor of Germany. The coalition agreement published by the parties offers insight into their agenda. While not the primary focus of the agreement, there are several initiatives that aim to address certain labour and employment issues of relevance to the German market.
Streamlining the future of work
The coalition agreement outlines several key initiatives designed to enhance Germany’s competitiveness as a business hub, particularly by furthering digitalisation and streamlining bureaucracy. This commitment is also reflected in their plans for addressing L&E-related issues:
Promoting qualified immigration, particularly by digitalising processes in an effort to accelerate the recognition of professional qualifications from other countries
Further reducing the written form requirements in employment law, e.g. for contracts under the Part-Time and Limited Term Employment Act (Teilzeit- und Befristungsgesetz). For further details on the previous changes that took effect in January 2025, please refer to our recent blog post on the Bureaucracy Relief Act.
Digitalisation of collective labour rights
Collective labour law is particularly impacted by the effort to digitalise employment processes:
Enabling the use of online works council meetings (Betriebsratssitzung) and works meetings (Betriebsversammlung) as an alternative to in-person meetings
Implementing an optional digital voting process for the works council elections in 2026
Right to digital access, i.e. the right to use existing digital communication channels as an alternative to the notice board for advertising among others collective labour events and opportunities
Improving Flexibility
The new government is also seeking to implement a change to the Working Hours Act (Arbeitszeitgesetz) that would allow for maximum weekly instead of daily working hours. The current position is a daily maximum of eight (or in exceptions, ten) working hours.
To comply with the EU Working Time Directive, a maximum of 48 weekly working hours would generally be permitted. Exceptions would have to be made for certain workers, e.g., for those working nightshift. Additionally, a new concept is required to allow for the increase in flexibility while still ensuring the workers’ health, safety and adequate rest time. The coalition agreement does not provide any specifics as to how this will be achieved.
According to coalition parties, the adjustment is intended to enhance the compatibility of family and work. However, while the new regulations would not constitute an increase in weekly working hours, they are likely to benefit employers by allowing for more flexible schedules due to the decreased regulations. Examples could be agreeing on a permanent 4-day week with no reduction in pay or the option to offset short-term spikes in workload by ordering work for more than 10 hours a day. Once these changes are implemented, employee handbooks or works agreements referencing maximum working hours may require changes to comply with the new regulations.
The parties also plan to implement an obligation to digitally record working hours for employers. Following the implementation, a transition period will be established during which small and mid-size companies will be exempt from the new requirements. However, the obligation does not extend to trust-based working hours. Therefore, the decision to pursue this option remains at the discretion of employers.
A further initiative aimed squarely at increasing productivity is exempting overtime income of full-time employees from income tax. The definition of overtime in this context is any working time that exceeds 34 hours in the case of employees with a CBA, or 40 hours in the case of employees without a CBA.
If employers offer bonuses to part-time employees for increasing their working hours, these bonuses remain tax-free according to the parties’ plans. It remains to be seen how the coalition will deal with attempts to exploit such bonuses.
Allowing for a smooth transition after reaching retirement age
Many employers and employees are interested in maintaining their existing employment relationship after the employee reaches the standard retirement age. However, given the restrictions in the Part-Time and Limited Term Employment Act, most flexible solutions are not viable. In most cases, employers are currently only able to establish long-term employment relationships that do not adequately address the challenges associated with such employment.
The coalition agreement now includes a plan to lift the ban on pre-employment after reaching the standard retirement age in the Part-Time and Limited Term Employment Act. This would allow employees to remain in a familiar work environment while transitioning to a reduced or limited role within their organisation. Lifting the ban would be a welcome change for both parties to an employment relationship as it would provide reliable planning and legal certainty.
The effort to encourage individuals to remain in the workforce after reaching the standard retirement age also includes plans to exempt up to EUR 2,000 of such employees’ income from income taxes.
Strengthening unions
The coalition parties plan to make compliance with collective bargaining agreements a prerequisite for the awarding of federal contracts worth EUR 50,000 or more and for start-ups with “innovative services” in the first four years after their establishment for projects worth EUR 100,000 or more.
The parties also aim to enhance the appeal of trade union memberships by offering tax incentives for their members.
Other initiatives
While these initiatives are also part of the coalition agreement, how or even if they will be implemented is less certain for some than others:
Raising the minimum wage to EUR 15 per hour by 2026, which is explicitly labeled as something that may be feasible
Implementing a legal framework for AI at the workplace
Summary
The agreement encompasses a combination of measures that are favourable to employers and those that are principally intended to strengthen employee rights. However, none of them legally binding. Thus, the agreement is, in essence, a mere collection of potential initiatives. It is not feasible for it to be realised in its entirety within the next four years. Immediate action is therefore not required. Nevertheless, it provides the most comprehensive insight into the incoming government’s plans and as a result, what employers may expect in upcoming legislative periods.
China’s Supreme People’s Court and the Supreme People’s Procuratorate Release Typical Cases of Criminal IP Enforcement for 2024
On April 24, 2025, China’s Supreme People’s Court (SPC) and the Supreme People’s Procuratorate (SPP) released the Typical Cases of Criminal IP Enforcement for 2024 (知识产权刑事保护典型案例). This batch was released to show how the newly-issued Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Law in Handling Criminal Cases of Infringement of Intellectual Property Rights applies in criminal cases. This batch involves several foreign IP owners including Lego and Universal Studios. In addition, two criminal trade secret theft cases made the list.
As jointly explained by the SPP and SPC:
Case 1
Case of Shanghai XX Education Technology Co., Ltd. and Yao XX counterfeiting registered trademarks
【Basic Facts】
Lego and “LEGO Education” are registered trademark of Lego Co., Ltd., and the approved services are education, training, entertainment competitions, etc. The defendant, Shanghai XX Education Technology Co., Ltd., rented a store to operate the “LC Lego Robot Center”, and the defendant Yao was the actual operator of the company. From March to June 2021, Yao displayed the authorization letters, Lego Education coach qualification certificates and other documents purchased from others that counterfeited the registered trademarks of ” Lego” ” and “LEGO Education”, and used ” Lego” and other logos for store signs, decorations, posters, employee clothing, shopping mall signs, etc., to provide education and training services. Shanghai XX Education Technology Co., Ltd. collected more than 510,000 RMB in training course fees, most of which was used by the company.
[Judgment Result]
The Third Branch of the Shanghai People’s Procuratorate accused the defendant Shanghai XX Education Technology Co., Ltd. and the defendant Yao of the crime of counterfeiting registered trademarks and filed a public prosecution with the Shanghai Third Intermediate People’s Court. After trial, the Shanghai Third Intermediate People’s Court held that Shanghai XX Education Technology Co., Ltd. used the same trademark as the registered trademark on the same service without the permission of the registered trademark owner, and Yao was the directly responsible supervisor of the unit, both of which constituted the crime of counterfeiting registered trademarks, and therefore sentenced them to punishment.
【Typical significance】
The “Amendment to the Criminal Law of the People’s Republic of China (XI)” amended Article 213 of the Criminal Law, bringing the counterfeiting of registered service trademarks into the scope of regulation of the Criminal Law, and strengthening the criminal protection of registered trademarks. In this case, it was determined that the education and training services provided by the defendant unit and the services approved for use by the service registered trademark of the right holder were the same type of services, and the training fees collected by the defendant unit were used as the basis for conviction, which was in line with the provisions of the Criminal Law. The “Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Infringement of Intellectual Property Rights” further clarified the identification standards for “the same type of service” based on the actual situation such as the characteristics of the service industry, stipulated that the amount of illegal income was the standard for conviction of the crime of counterfeiting registered service trademarks, and further clarified that the service fees collected by the perpetrators were illegal income.
Case 2
Long et al. counterfeit registered trademark case
【Basic Facts】
The products approved for use by Rong’s registered trademark are “medical isolation gowns, surgical gowns”, etc. From December 2021 to January 2022, the defendants Long, Gao, Chen, Yuan, and Zeng, after planning, purchased protective clothing and packaging materials without the permission of Rong, the registered trademark owner, and packaged disposable medical protective clothing on their own, and sold them with Rong’s registered trademark attached. Among them, Long was responsible for contacting to purchase packaging materials, Gao, Chen, and Yuan were responsible for purchasing protective clothing, Yuan also provided an account for collecting payments, Zeng contacted private factories for OEM production of counterfeit medical protective clothing, and hired workers to package protective clothing. Long and others sold more than 40,000 sets of disposable medical protective clothing, with an illegal business amount of more than 580,000 RMB.
[Judgment Result]
The People’s Procuratorate of Nanchang High-tech Industrial Development Zone, Jiangxi Province, accused the defendant Long and others of the crime of counterfeiting registered trademarks and filed a public prosecution with the People’s Court of Nanchang High-tech Industrial Development Zone. After trial, the People’s Court of Nanchang High-tech Industrial Development Zone held that the goods “disposable medical protective clothing” and “medical isolation clothing and surgical clothing” approved for the registered trademarks are basically the same in terms of product functions, uses, main raw materials, consumer objects, sales channels, etc., and the relevant public believes that they are the same kind of goods, which belongs to the “same kind of goods” stipulated in Article 213 of the Criminal Law. Long and others used the same trademark as the registered trademark on the same kind of goods without the permission of the registered trademark owner, which constituted a joint crime, and the amount of illegal business was more than 580,000 RMB, which constituted the crime of counterfeiting registered trademarks, and were sentenced to punishment.
【Typical significance】
The identification of “the same kind of goods” is a difficult issue in handling criminal cases involving counterfeit registered trademarks. In practice, when the name of the goods produced and sold by the perpetrator is different from the name of the goods approved for use by the registered trademark of the right holder, if the two are the same or basically the same in terms of function, purpose, main raw materials, consumer objects, sales channels, etc., and the relevant public generally believes that they are the same kind of goods, they should be identified as “the same kind of goods”. In this case, the infringing goods and the goods approved for use by the registered trademark of the right holder are “the same kind of goods” in accordance with the law, and the defendants were accurately sentenced according to the law based on their roles in the joint crime, effectively cracking down on the illegal and criminal acts of manufacturing and selling counterfeit medical products. The “Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Infringement of Intellectual Property Rights” further clarifies the identification standards of “the same kind of goods” based on actual conditions. In addition, in order to accurately crack down on crimes of infringement of intellectual property rights in accordance with the law, the judicial interpretation clarifies the specific circumstances in which joint crimes are punished.
Case 3
Case of Lu XX et al. counterfeiting registered trademarks
【Basic Facts】
From November 2019 to August 2022, the defendant Lu XX and others, without the permission of the registered trademark right holder, commissioned others to produce trademarks such as “HARRY POTTER” and “UNIVERSAL STUDIOS”, and produced magic robes, scarves, ties and other Universal Studios Harry Potter products with the above trademarks through self-processing, sewing and labeling, and then sold them, with an illegal business amount of more than 11.25 million RMB. The public security organs seized 25,730 counterfeit registered trademark products and 72,550 hang tags, collar labels, washing labels, etc. in the premises operated by Lu XX.
[Judgment Result]
The People’s Procuratorate of Tongzhou District, Beijing, accused the defendant Lu XX and others of the crime of counterfeiting registered trademarks and filed a public prosecution with the People’s Court of Tongzhou District, Beijing. The People’s Court of Tongzhou District, Beijing held that the registered trademark owner registered trademarks such as “HARRY POTTER” and “UNIVERSAL STUDIOS”, and the alleged infringing mark added elements that lacked distinctive features after “UNIVERSAL STUDIOS”, which did not affect the distinctive features of the registered trademark and was an “identical trademark”. Lu XX and others used trademarks identical to their registered trademarks on the same kind of goods without the permission of the registered trademark owner, which constituted the crime of counterfeiting registered trademarks and were sentenced to punishment.
【Typical significance】
In order to further combat the crime of counterfeiting registered trademarks and unify and clarify the identification standards of “identical trademarks”, the “Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Intellectual Property Infringement” clarified the identification standards of identical trademarks. In this case, the addition of elements lacking distinctive features to the alleged infringing mark does not affect the distinctive features of the registered trademark and should be identified as a trademark identical to the registered trademark, demonstrating the concept of strict intellectual property protection.
Case 4
Zhao XX and Zhang XX’s patent counterfeiting case
【Basic Facts】
The defendants Zhao XX and Zhang XX run a biotechnology company. Since 2021, the two have printed the invention patent number of a Chinese medicine research company’s “A method for preparing a purslane extract” on the cosmetics packaging produced by their company without the permission of the Chinese medicine research company, and sold cosmetics that counterfeit the above patent. Zhao and Zhang sold counterfeit cosmetics with the above patent for more than 990,000 RMB, and the value of the counterfeit cosmetics with the above patent that have not yet been sold is more than 570,000 RMB, and the total amount of illegal business is more than 1.56 million RMB.
[Judgment Result]
The People’s Procuratorate of Baiyun District, Guangzhou City, Guangdong Province, accused the defendants Zhao and Zhang of patent counterfeiting and filed a public prosecution with the Baiyun District People’s Court of Guangzhou City. After trial, the Baiyun District People’s Court of Guangzhou City held that Zhao and Zhang had been operating a cosmetics production company for many years. They knew that the use of patent marks or patent numbers should be authorized by the patent owner, but they still marked other people’s patent numbers on the product packaging without the permission of the patent owner, misleading the public into believing that the cosmetics were patented products. This was an act of “counterfeiting other people’s patents” and the circumstances were serious, constituting the crime of patent counterfeiting, and therefore sentenced them to punishment.
【Typical significance】
The crime of patent counterfeiting regulates the act of counterfeiting other people’s patents without the permission of the patent owner. Falsely marking other people’s patent numbers to mislead the public into believing that the products sold are legally produced and manufactured by the patent subject damages the legitimate rights and interests of the patent owner and disrupts the market economic order. If the circumstances are serious, criminal liability shall be pursued in accordance with the law. The “Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Intellectual Property Infringement” clarifies the specific circumstances of counterfeiting other people’s patents and the standard for “serious circumstances” to strengthen criminal protection of patents.
Case 5
Copyright infringement case of Zhang and Sun
【Basic Facts】
Between the end of 2017 and January 2023, the defendants Zhang and Sun, etc., developed and operated a number of film and television aggregation apps for the purpose of profit. Zhang, Sun, etc. downloaded popular audiovisual works without the permission of the copyright owner and uploaded them to a rented cloud storage server, and purchased technical analysis services from others, and provided audiovisual works playback and download services to the public through the multiple apps they operated. Through the technical analysis service, the public can obtain the audiovisual works from the above-mentioned multiple apps involved in the case without jumping to the network platform of the relevant copyright owner. Zhang, Sun, etc. made profits by publishing paid advertisements and collecting advertising promotion fees in the multiple apps involved in the case. Among them, Zhang, Sun, etc. disseminated more than 72,000 audiovisual works through “hotlinking”.
[Judgment Result]
The People’s Procuratorate of Xinwu District, Wuxi City, Jiangsu Province, accused the defendants Zhang and Sun of copyright infringement and filed a public prosecution with the People’s Court of Xinwu District, Wuxi City. The People’s Court of Xinwu District, Wuxi City held that Zhang and Sun objectively made the relevant audiovisual works directly appear on the multiple apps involved in the case by “stealing links”, which was an act of “providing” works. The public was able to obtain the above-mentioned audiovisual works from the multiple apps involved in the case at a time and place selected by individuals and directly play and download them, infringing the copyright owner’s right to disseminate through information networks, which was an act of “disseminating to the public through information networks” as stipulated in Article 217 of the Criminal Law. Zhang and Sun disseminated audiovisual works to the public through information networks for the purpose of profit without the permission of the copyright owner, which constituted the crime of copyright infringement and were sentenced to punishment.
【Typical significance】
The “Amendment to the Criminal Law of the People’s Republic of China (XI)” clearly stipulates that “dissemination to the public through information networks” is an implementation behavior, which is distinguished from “copying and distributing”. Without the permission of the copyright owner, “dissemination to the public through information networks” infringes the copyright owner’s information network dissemination right. According to the “Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Infringement of Intellectual Property Rights”, if a person provides works, audio and video products, and performances to the public by wire or wireless means without permission, so that the public can obtain them at the time and place of their choice, it shall be deemed as “dissemination to the public through information networks” as stipulated in Article 217 of the Criminal Law. With the emergence of new technologies in the field of information dissemination, more and more technologies similar to “hotlinking” can avoid the link of uploading works, allowing users to obtain corresponding works, which is very harmful to society. Based on the specific methods of “hotlinking” and its social harm, this case is determined to be an information network dissemination behavior, which infringes the copyright owner’s information network dissemination right, which is conducive to accurately defining the nature of deep linking behaviors such as “hotlinking.”
Case 6
Liu XX’s and Liu YY’s copyright infringement case
【Basic Facts】
From March 2019 to July 2022, the defendant Liu XX, for the purpose of profit, without the permission of the copyright owner, made dongles to circumvent the technical protection measures of copyright, copied related software without authorization, and sold dongles and pirated software. Liu XX also instructed the defendant Liu YY to sell dongles and pirated software. During this period, Liu XX was responsible for making the dongles, copying pirated software, putting goods on shelves, sending express delivery, etc., and Liu YY was responsible for account customer service, collection, etc. The illegal business amounts involved by Liu XX and Liu YY were more than 1.06 million RMB and more than 140,000 RMB, respectively. The dongles sold by Liu XX and Liu YY can circumvent the technical protection measures taken by the copyright owner for their software copyrights.
[Judgment Result]
The Third Branch of the Shanghai People’s Procuratorate accused the defendants Liu XX and Liu YY of copyright infringement and filed a public prosecution with the Third Intermediate People’s Court of Shanghai. The Third Intermediate People’s Court of Shanghai held that Liu XX and Liu YY, for the purpose of profit, deliberately circumvented the technical measures taken by the copyright owner to protect the copyright for their works without the permission of the copyright owner. In particular, Liu Sheng produced and sold dongles and pirated software, etc., and was at the source of the industrial chain in the relevant series of cases. The act of providing devices to circumvent technical measures has great social harm. Liu XX’s circumstances are particularly serious, and Liu YY’s circumstances are serious. Both of them have committed the crime of copyright infringement and were sentenced to punishment.
【Typical significance】
The “Amendment to the Criminal Law of the People’s Republic of China (XI)” includes the act of circumventing technological measures in the scope of regulation of the crime of copyright infringement, further strengthening the criminal protection of copyright. The social harm caused by providing devices for circumventing technological measures is great, and it is a criminal act stipulated in the Criminal Law. In this case, Liu XX and Liu YY were held criminally responsible for the crime of copyright infringement in accordance with the law, fully protecting the legitimate rights of copyright owners, and demonstrating the strength and determination to strengthen criminal judicial protection of intellectual property rights and serve the innovative development of the digital economy. The “Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Law in Handling Criminal Cases of Intellectual Property Infringement” clearly stipulates that the act of intentionally providing devices, components, and technical services for circumventing technological measures constitutes the crime of copyright infringement.
Case 7
Case of Lin XX et al. infringing copyright and Liu XX et al. selling infringing copies
【Basic Facts】
From 2019 to February 2023, the defendant Lin and others copied and distributed “scripted murder game” works by scanning, typesetting, printing and other means without the permission of the copyright owner, and the illegal business amount was more than 5.4 million RMB. The defendants Liu, Yang XX, and Yang YY knew that the “scripted murder games” sold by Lin and others were infringing copies without the permission of the copyright owner, but they still purchased them and sold them to the outside. Among them, Liu’s sales amount was more than 7.38 million RMB, and Yang XX’s and Yang YY’s sales amount was more than 3.12 million RMB.
[Judgment Result]
The People’s Procuratorate of Nanhu District, Jiaxing City, Zhejiang Province, accused the defendant Lin and others of copyright infringement, and the defendants Liu , Yang XX, and Yang YY of selling infringing copies, and filed public prosecutions with the Nanhu District People’s Court of Jiaxing City. The Nanhu District People’s Court of Jiaxing City held that Lin and others, for the purpose of profit, copied and distributed literary works and works of art without the permission of the copyright owner, which constituted copyright infringement; Liu, Yang XX, and Yang YY sold infringing copies, which constituted the crime of selling infringing copies, and sentenced them to punishment.
【Typical significance】
The “Amendment to the Criminal Law of the People’s Republic of China (XI)” has amended the provisions for the crime of selling infringing copies, and changed “huge illegal proceeds” to “huge illegal proceeds or other serious circumstances”, expanding the circumstances for conviction. In order to further crack down on illegal and criminal acts of copyright infringement and improve the standards for conviction, the “Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Intellectual Property Infringement” stipulates that “sales amount”, “value of goods” and “number of copies” are “other serious circumstances.” In order to further distinguish between the crime of copyright infringement and the crime of selling infringing copies, the judicial interpretation clarifies that the “copying and distribution” in the crime of copyright infringement does not include the simple “distribution” behavior. Distributing infringing copies made by others by selling them should be deemed as the crime of selling infringing copies. This series of cases was convicted and sentenced for the crime of copyright infringement and the crime of selling infringing copies according to the specific acts committed by each defendant, which is in line with the spirit of the judicial interpretation.
Case 8
Case of Wang XX infringing on trade secrets
【Basic Facts】
From April 2020 to April 2021, the defendant Wang worked in a certain automobile company in Wuhu. On March 23, 2021, Wang was preparing to switch to a new energy automobile company in Zhejiang to engage in electrical appliance research and development. In order to bring the switch control technology of a certain automobile company in Wuhu to a certain new energy automobile company in Zhejiang, on the evening of April 4, 2021, Wang dismantled the computer hard disk of the leaders of Group 1 and Group 2 of the Intelligent Vehicle Technology Center of a certain automobile company in Wuhu, which he had no authority to view, and took it away, and uploaded the technical information of the “center console switch assembly” and “one-button start ” of a certain model of automobile switch system in the computer hard disk to his own Baidu cloud account. After evaluation, the reasonable license fee for the above two technical information is 1.14 million RMB.
[Judgment Result]
The People’s Procuratorate of Wuhu Economic and Technological Development Zone, Anhui Province, accused the defendant Wang of violating trade secrets and filed a public prosecution with the People’s Court of Wuhu Economic and Technological Development Zone. The People’s Court of Wuhu Economic and Technological Development Zone held that the technical information contained in the technical drawings of the “center console switch assembly” and “one-button start ” in the switch system of a certain model of a certain automobile company in Wuhu was a trade secret. Wang obtained trade secrets by dismantling and taking away the computer hard drive, which was an act of obtaining trade secrets by improper means of theft. The amount of loss can be determined according to the reasonable license fee of the trade secret. The circumstances were serious and constituted the crime of violating trade secrets, so he was sentenced to punishment.
【Typical significance】
The “Amendment to the Criminal Law of the People’s Republic of China (XI)” changed the standard for conviction of the crime of infringing on trade secrets from “causing major losses to the rights holder of the trade secrets” to “serious circumstances”, increasing the criminal protection of trade secrets. The person who obtains trade secrets by improper means does not have legal knowledge or possession of the trade secrets before, and his act of obtaining trade secrets by improper means is itself illegal and should be severely punished. If a trade secret is obtained by improper means, the amount of loss of the rights holder can be determined according to the reasonable license fee of the trade secret, and it is not required to use the trade secret for production and operation to cause profit loss. In this case, according to the provisions of the Criminal Law, Wang’s behavior was determined to be “serious circumstances” and he was sentenced in accordance with the law, demonstrating the strict protection of innovative achievements. The “Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Infringement of Intellectual Property Rights” further clarified the standard for determining “serious circumstances..
Case 9
Case of Luo XX and Sun XX spying, buying and illegally providing commercial secrets an overseas entity
【Basic Facts】
In August 2022, the defendant Sun accepted the commission of a foreign person and provided him with commercial information on new energy batteries of a certain technology company for a fee. After Sun discussed with the defendant Luo, Luo obtained the company’s new energy battery research and development data, future industrial layout and other commercial information from relevant personnel of a certain technology company through illegal means such as espionage and bribery, and Sun provided it to the foreign person. Sun received a remuneration of more than 110,000 RMB, of which 70,000 RMB was paid to Luo . In April 2023, Luo directly accepted the commission of the foreign person and again provided commercial information of a certain technology company and received a remuneration of 100,000 RMB.
[Judgment Result]
The People’s Procuratorate of Yinzhou District, Ningbo City, Zhejiang Province, accused the defendants Luo and Sun of spying, buying, and illegally providing commercial secrets for foreign countries, and filed a public prosecution with the People’s Court of Yinzhou District, Ningbo City. After trial, the People’s Court of Yinzhou District, Ningbo City held that the new energy battery research and development data and future industrial layout information illegally provided by Sun and Luo to foreign personnel were commercial secrets, and Luo and Sun constituted the crime of spying, buying, and illegally providing commercial secrets for foreign countries, and sentenced them to punishment.
【Typical significance】
In order to maintain a fair and competitive market economic order, the “Criminal Law Amendment (XI) of the People’s Republic of China” adds the crime of stealing, spying, buying, and illegally providing trade secrets from abroad, improves the criminal law network, and strengthens the criminal protection of trade secrets. This crime is a behavioral crime, and criminal liability can be pursued without requiring the circumstances to be serious. The “Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Law in Handling Criminal Cases of Infringement of Intellectual Property Rights” stipulates the specific circumstances of the “serious circumstances” for the sentencing standard of this crime, which is consistent with the circumstances of conviction for the crime of infringing trade secrets, etc., to ensure the effective connection between the conviction and sentencing of the two crimes.
UK Business Immigration – The Immigration White Paper is Here
The government’s long awaited White Paper Restoring Control over the Immigration System has been published today. As part of the Home Secretary’s foreword in the Paper, she states that the plan will “restore order, control and fairness to the system, bring down net migration and promote economic growth”. The proposals signal a marked tightening of the UK’s approach to both legal and illegal migration, or so it says, as the Paper lacks much of the detail which would be required to substantiate that.
It is not yet clear how or when these new measures will be introduced (they are described as ‘plans’ throughout the Paper). As ever, the devil will be in the detail but we have summarised the key points likely to affect UK businesses, with our commentary below:
Skilled Worker skill threshold: This will increase from RQF 3 (A level) to RQF 6 (Graduate level) or above. This will mean that the number of eligible occupations will be reduced by around 180. This will not affect existing Skilled Worker visa holders who will continue to be able to renew their visa, change employment and take supplementary employment, in currently eligible occupations below RQF 6. However, applicants from overseas or those applying to switch from other routes will have to meet the higher skills threshold. We are also told that salary thresholds will rise but without any detail on the level of increase. These measures could be introduced relatively quickly so employers intending to sponsor lower skilled workers (including existing employees with Graduate visas) should consider submitting applications sooner rather than later.
Temporary Shortage List: Occupations with a skills requirement of RQF 3-5 (below degree level) will only qualify for sponsorship on a time limited basis where they are included on a new Temporary Shortage List. Occupations will only be included on the list where
there have been long term shortages,
the Migration Advisory Committee has advised it is justified,
there is a workforce strategy in place, and
employers seeking to recruit from abroad are committed to playing their part in increasing recruitment from the domestic workforce.
In this sense, it appears that the requirement to carry out additional training to be able to use the Skilled Worker route will not apply to an employer sponsoring roles skilled at RQF 6 or above.
Immigration Skills Charge: this is currently £1,000 (for medium/large sponsors) or £364 (small sponsors) per year of sponsorship and is paid up front at the time of the application, and will be increased by 32%. Again, this could be introduced at short notice so employers should consider accelerating planned applications to beat the increase deadline.
English Language requirement for visa applications:
Increased language requirements for Skilled Workers and workers where a language requirement already applies from B1 to B2 (Independent User) levels, in accordance with the Common European Framework for Reference for Languages (CEFR).
A new English language requirement for all adult dependants of workers and students at level A1 (Basic User) to align to spousal and partner routes, likely increasing this requirement over time.
Requirements to demonstrate progression to level A2 (Basic User) for any visa extension, and B2 (Independent User) for settlement.
Increase existing requirements for settlement across the majority of immigration routes from B1 to B2 (Independent User).
For employers hiring applicants whose first language is not English, this may mean longer lead-in times before submitting applications and/or dependants applying to join the main applicant in the UK at a later date once their English language ability meets the required threshold.
Graduate visas: these currently allow international students who have completed an eligible higher education qualification in the UK to work for any employer in any role, and will be reduced from 2 years to 18 months.
Compliance: the Paper talks in general terms about innovative financial measures, penalties or sanctions, measures which will support compliance with visa conditions, the establishment of the Fair Work Agency to co-ordinate stronger action against exploitative employers, tougher rules on sponsors flouting employment law, strengthening the civil penalty regime, increasing resources into preventing illegal working as well as using visas and modern biometric technology to support raids. However, there is no detail about what any of this will mean in practice.
Earned Settlement: the qualifying period for settlement for Skilled Worker visa holders will increase from five to ten years, although individuals will also have the opportunity to reduce that period through contributions to the UK economy and society. The government will consult on these changes later this year so it unlikely that anything will change in the short term.
Social Care visa route: This will be closed to new applications from abroad. For a transition period until 2028, permit visa extensions and in-country switching for those already in the country with working rights will be permitted but this will be kept under review.
Labour Market Evidence Group: We are told that the group “will focus on sectors / occupations which are central to industrial strategy, which currently have high levels of reliance on migration for their workforce, or which are anticipated to in future and will make recommendations about sectors or occupations where workforce strategies are needed, or where the labour market is currently failing” and “drawing upon the evidence base gathered by the LME Group, key sectors where there are high levels of recruitment from abroad will need to produce, or update, a workforce strategy which relevant employers will be expected to comply with. This will detail steps to be taken on skills, training, and broader conditions, as well as engagement of the economically inactive domestic labour force”.
Global talent: the Paper talks in general terms about: “ensuring that the very highly skilled have opportunities to come to the UK and access our targeted routes for the brightest and best global talent” and “Increasing the number of people arriving on our very high talent routes, alongside faster routes for bringing people to the UK who have the right skills and experience to supercharge UK growth in strategic industries” and “a targeted and capped expansion of the HPI route, looking to double the number of qualifying institutions, whilst maintaining the focus of the route on individuals that will have the most benefit to the UK workforce and ensuring that any necessary safeguards are in place” but provides no detail beyond that to be of any material assistance to UK employers at this stage.
What action should employers take?
Although some of the planned changes will be subject to consultation via the Migration Advisory Committee and/or require new legislation, others could be introduced within a matter of weeks or months through changes to the Immigration Rules. UK businesses reliant on employing overseas workers should therefore:
Review the skill level of their sponsored workforce (both existing and prospective) and consider whether any applications should be submitted earlier than originally planned.
Review recruitment budgets and forecasts to take into account the increase in the Immigration Skills Charge and the ongoing cost of maintaining a Skilled Worker visa for 10 years rather than 5.
China Releases Typical Cases of Intellectual Property Protection by China Customs in 2024 – China Facing Imported Counterfeits Due to Manufacturing Moving to Other Countries
On April 23, 2025, China’s General Administration of Customs releases their Typical Cases of Intellectual Property Protection by China Customs in 2024 (2024年中国海关知识产权保护典型案例). In contrast to prior years, Customs, in explaining the cases, mentioned two new trends. The first is the export of high-tech products infringing Chinese-owned IP due to the “gradual shift of China’s export momentum from Made in China to Created in China.” The second is that China now needs to block imports of counterfeits due to the “industrial transfer of some labor-intensive commodities.”
A translation follows. The original text is available here (Chinese only).
Case 1: Shenzhen Customs introduced technical investigators to investigate and handle a case of photovoltaic equipment infringement
In September 2024, a new energy equipment company in Shenzhen discovered that a batch of photovoltaic production equipment suspected of infringing its patent right of “a lateral upper and lower boat device” was about to be exported, with a value of RMB 10.79 million, and submitted an application for intellectual property protection to Shenzhen Customs. After reviewing, Shenzhen Customs immediately initiated the protection procedure based on the application, implemented control on the batch of goods and suspended customs clearance. In view of the complex characteristics of the patented technology involved in the goods, the high social attention of the case, and the parties’ disputes over the facts of infringement, Dapeng Customs under Shenzhen Customs contacted the China (Shenzhen) Intellectual Property Protection Center and innovatively introduced technical investigators to assist in law enforcement. Relying on its professional assistance, customs inspection personnel accurately locked the physical goods inspection target, scientifically formulated field inspection plans, and rigorously implemented inspection, evidence collection and detention procedures. This innovative measure not only effectively safeguarded the legitimate rights and interests of the right holder, but also minimized the losses that may be caused to the parties by risks such as damage to cargo loading and unloading and delayed delivery. At present, the right holder has filed a lawsuit with the court based on the evidence obtained by the customs inspection.
This case is a typical example of the first successful introduction of technical investigators to implement patent customs protection in the national customs system. The technical investigators, based on the claims and instructions of the patents involved, assisted the customs in inspecting and collecting evidence on the structural components in the equipment related to the patent technology involved. While protecting the rights of the right holder to view the goods, it also further shortened the inspection time and protected the interests of the consignor. It fully demonstrated the professional support role of the technical investigation mechanism for customs protection measures, accumulated valuable experience for the customs system to carry out in-depth patent protection work, and has important demonstration significance for further improving the level of customs protection of intellectual property rights.
Case 2: Shanghai Customs seized a series of infringing foreign trade “new three items” products
In March 2024, the Waigaoqiao Port Customs under Shanghai Customs found 737 solar panels declared as “unbranded” during an inspection of a batch of exported solar panels, suspected of infringing the trademark SUNTECH and graphics, with a value of RMB 243,800. Subsequently, Shanghai Customs further sorted out the export information of photovoltaic products such as solar panels, and seized a total of 2,480 solar panels suspected of infringing the trademark right of “JINKO”, with a value of RMB 1.09 million. After confirmation by the right holder, the above-mentioned goods are all infringing goods. The customs detained the goods in accordance with the law, and made an administrative penalty decision to confiscate the infringing goods and impose a fine after filing an investigation.
In June 2024, Yangshan Customs under Shanghai Customs issued a control order based on the application of the right holder, and carried out precise interception of four batches of exported solar cell modules suspected of infringing its patent rights. 13,730 solar cell modules suspected of infringing its patent rights were seized, with a value of RMB 6.28 million. The customs detained the goods in accordance with the law.
The “new three” of foreign trade, represented by new energy vehicles, lithium batteries, and photovoltaic products, have gained new export advantages with new technologies and new products, reflecting the gradual shift of China’s export momentum from Made in China to Created in China. Photovoltaic products, as the new energy application power supply for the green and low-carbon transformation of energy, have gradually become a “new business card” for stabilizing foreign trade. Customs cracks down on photovoltaic products that infringe trademark rights based on factors such as “high brand awareness, serious infringement status, and relatively clear infringement clues” to maintain corporate brand reputation; comprehensively uses the linkage processing mechanism of “risk control + comprehensive + on-site” to crack down on photovoltaic products that infringe patent rights, protect corporate scientific and technological innovation achievements and transformation and upgrading momentum, and contribute customs strength to the high-quality export of the “new three” products of foreign trade.
Case 3: Hangzhou Customs launched a rapid response mechanism for major cases to coordinate enforcement and seize infringing drill bits
In July 2024, Yiwu Customs under Hangzhou Customs found590,600 drill bits with the SKF and graphic trademark and 59,300 drill bits with the “DORMER” trademark when inspecting a batch of export goods. Due to the large number and high valuation of this batch of drill bits, the customs immediately activated the rapid response mechanism for major cases. After confirmation by the right holder, the batch of drill bits were all infringing goods. The customs detained the goods and filed a case for investigation in accordance with the law. The case handlers keenly noticed that the purchase transaction list and transfer records of the drill bits involved in the case submitted by the consignor were only 80,000 RMB, which was a big gap from the general market situation. They judged that 80,000 RMB was only a deposit, not the actual transaction price of the goods. The customs promptly fixed the key evidence involved in the case, such as the sales contract and freight entrustment agreement, assisted the public security organs in carrying out infringement identification and price identification, and actively promoted the public security organs to conduct criminal investigations. In October 2024, the public security organs formally filed a case for investigation. After the relevant departments determined that the batch of drill bits was worth RMB 955,700. The case is still under further investigation, and the public security organs have taken criminal coercive measures against the suspect.
The rapid response mechanism for major cases is an effective means for customs to deal with cases with large numbers or case values, strong public response, public opinion attention, and involving major or sensitive commodities. In this case, the customs case officers, relying on their rich experience in handling cases, promptly activated the rapid response mechanism for major cases and smoothly promoted the public security organs to file a case. This is a typical case in which customs and public security organs deepened the “enforcement connection” of intellectual property protection and jointly cracked down on infringement and illegal criminal activities throughout the chain.
Case 4: Xiamen Customs builds a strong “entry” protection network to seize a series of infringing condiments
In April 2024, Quanzhou Customs under Xiamen Customs found 139,100 bags of sour soup powder, monosodium glutamate, fried chicken powder and other condiments using the “KNORR” and “AJINOMOTO” trademarks when inspecting a batch of export goods. After confirmation by the right holder, the above-mentioned goods were infringing goods. The customs detained the goods in accordance with the law, and made an administrative penalty decision to confiscate the infringing goods and impose a fine after filing an investigation. While investigating the case, Xiamen Customs focused on “imported” infringing goods, formed an expert team to carry out special infringement risk assessment, screened customs clearance data and case information, conducted a comprehensive analysis of route characteristics and logistics trends, extracted high-risk infringement characteristics, and strengthened control and analysis of key commodities. In June and November of the same year, a total of 213,600 bags of chicken essence that infringed the exclusive rights of the “AJINOMOTO” and “Maggi” trademarks were seized again.
”Food is the first necessity of the people, and food safety is the first priority.” Food safety is always the top priority in the field of people’s livelihood. In this series of cases, the customs started with one infringement case that was discovered, screened high-risk commodities through big data analysis, and conducted special control. Two batches of similar infringing condiments were discovered one after another, effectively blocking the infringing goods from entering the international market, which reflects the customs’ implementation of the “no strictest, only stricter” law enforcement standard in the field of food safety. This series of cases effectively safeguards the health and safety of consumers and the international reputation of Chinese products, and is a typical example of the customs’ heavy blow to “imported” infringing commodities.
Case 5: Beijing Customs and other customs promote integrated protection to escort cultural and creative products to go overseas
In December 2024, Beijing Customs carried out precise training for Beijing Pop Mart Cultural and Creative Co., Ltd. (hereinafter referred to as Pop Mart), and analyzed the industry and regional infringement trends in detail for the infringement of cultural and creative enterprises in the jurisdiction, extracted the characteristics of the categories, channels and trading countries of infringing goods, and carried out cross-customs information sharing with the help of the intellectual property customs protection working group mechanism, and assisted relevant customs in strengthening the analysis and control of infringement risks. In the same month, customs in many places successively seized 9 batches and 140,000 pieces of cultural and creative products suspected of infringing the copyright of “Labubu” and other copyrights, with a value of RMB 170,000.
In July 2024, the General Administration of Customs established a working group mechanism for customs protection of intellectual property rights, and local customs shared information, studied clues, and established an integrated intellectual property protection pattern. As a representative enterprise of China’s trendy culture “going overseas”, Pop Mart has been in short supply in Southeast Asian countries as China’s cultural and creative IP has increased its global influence. In this case, the customs encouraged cultural and creative enterprises to carry out customs filing, improve the effectiveness of rights protection, and form a strong joint force to combat infringement and protect innovation through cross-customs coordinated law enforcement. This case is a typical example of customs deepening the integrated protection of intellectual property rights and escorting cultural and creative products “going overseas”.
Case 6: Guangzhou Customs seized a series of cases involving imported infringing sporting goods
In 2024, there will be a large number of international sports events, and the risk of infringement of sports goods will increase. In January 2024, Nansha Customs under Guangzhou Customs found 13,000 footballs with trademarks such as “MOLTEN”, “ERREA” and “KIPSTA” with a value of RMB 415,000 when inspecting the goods declared for import by a trading company. After investigating the case, Guangzhou Customs sorted out and controlled similar goods imported from the same country. In July of the same year, Panyu Customs under Guangzhou Customs found 3,079 footballs with the “MOLTEN” trademark when inspecting goods imported from the same country by another trading company. The goods were worth RMB 101,000. After confirmation by the right holder, the above-mentioned goods were all infringing goods. The customs detained the goods in accordance with the law, and made an administrative penalty decision to confiscate the infringing goods and impose a fine after filing an investigation.
With the industrial transfer of some labor-intensive commodities, the role of intellectual property protection in the import link has become increasingly important. Customs across the country adheres to the working concept of “strict protection, large-scale protection, fast protection, and common protection”. By refining the characteristics of infringement, analyzing the manifest information, locking the logistics routes, and implementing precise control, it effectively blocks the infringing sports goods from entering the domestic market, effectively maintains the normal trade order of the domestic market, and supports the development of China’s sports industry. This series of cases reflects the customs officers’ profound understanding and professionalism of protecting intellectual property rights, and is a typical case of customs actively combating infringement and illegal acts in the import link.
Case 7: Huangpu Customs and other customs agencies cooperated efficiently to seize the case of transshipping infringing sports shoes
In November 2024, Huangpu Customs received a report from the right holder that a batch of infringing sports shoes were about to be declared for export from the customs. Huangpu Customs gave full play to the two core advantages of data resources and data models, and used the customs’ intelligent risk control shipping trajectory monitoring and analysis function to track the container trajectory in real time. After discovering that the batch of goods had been shipped and left the port for Hong Kong, Huangpu Customs contacted Hong Kong Customs through the Guangdong Branch of the General Administration of Customs to monitor and intercept the container. Hong Kong Customs found out that the container had been transferred to Shenzhen for export, and immediately notified Shenzhen Customs of the information. Shenzhen Customs further found out that after the container changed ships midway, it successfully seized more than 13,000 pairs of infringing sports shoes using trademarks such as “TIMBERLAND”, with a value of RMB 235,800.
The Decision of the CPC Central Committee on Further Comprehensively Deepening Reform and Promoting Chinese-style Modernization, which was reviewed and approved at the Third Plenary Session of the 20th CPC Central Committee, proposed to “deepen cooperation in the Guangdong-Hong Kong-Macao Greater Bay Area and strengthen the connection of rules and mechanisms”. In response to the new trend of drifting infringing goods, the customs of Guangdong and Hong Kong quickly shared risk information in cross-customs and cross-regional joint law enforcement, implemented control and interception at all levels, and cooperated in case investigations, forming a relatively mature customs protection and law enforcement cooperation mechanism for intellectual property rights. This case is a typical example of close cooperation between the customs of Guangdong and Hong Kong to protect intellectual property rights, reflecting the responsibility of customs to serve the high-quality development of the Guangdong-Hong Kong-Macao Greater Bay Area.
Case 8: Qingdao and Ningbo Customs seized a series of cases involving infringing goods exported to African countries
In October 2024, Huangdao Customs under Qingdao Customs seized 68 infringing refrigerators in two batches exported to Libya, with a value of RMB 204,600, and refrigerators with the Pepsi graphic trademark logo. The customs quickly launched the “execution connection” mechanism and transferred the case to the public security organs. At present, the public security organs have merged the two cases for investigation.
In October 2024, Beilun Customs under Ningbo Customs found 1.19 million welding rods with the ” ” (graphic) trademark logo, with a value of RMB 178,500, when inspecting a batch of goods for export to Ghana. After confirmation by the right holder that the above goods were infringing goods, the customs quickly secured evidence and transferred the case to the public security department.
In September 2024, the Forum on China-Africa Cooperation Summit was successfully held in Beijing. The Forum on China-Africa Cooperation-Beijing Action Plan (2025-2027) proposed to “expand cooperation with African customs in areas such as customs clearance facilitation, law enforcement and capacity building, and jointly combat infringement and counterfeiting” and other illegal and criminal acts. In September of the same year, the General Administration of Customs deployed the “Special Action for Customs Protection of Intellectual Property Rights in Africa (2024)” in customs across the country. The above cases fully demonstrated the law enforcement results of the special action, strengthened the intellectual property protection awareness of export enterprises, and maintained the good image of Chinese brands and “Made in China” in African countries. It is a concentrated reflection of the customs’ implementation of the national intellectual property power strategy and service to major power diplomacy.
Case 9: Chengdu, Urumqi and Gongbei Customs seized infringing goods from cross-border e-commerce channels
In January 2024, Chengdu Shuangliu Airport Customs under Chengdu Customs discovered suspected infringing boots using trademark logos such as “UGG” during an inspection of a batch of exported cross-border e-commerce goods. Subsequently, it strengthened control over the same enterprise and seized 473 pieces of shoes and bags using the same trademark logo, which were confirmed as infringing goods by the right holder.
In July 2024, Alashankou Customs under Urumqi Customs discovered 1,050 handbags using the “PINK” trademark logo during an inspection of a batch of exported cross-border e-commerce goods, which were confirmed as infringing goods by the right holder.
In December 2024, the Hong Kong-Zhuhai-Macao Bridge Customs under the Gongbei Customs discovered 4,054 cigarettes with trademarks such as “Yunyan” and “MARLBORO” hidden in lamps during an inspection of a batch of exported cross-border e-commerce goods. They were confirmed as infringing goods by the right holder.
China’s cross-border e-commerce has grown from small to large in scale, and its quality has become stronger and better, and has become a new highlight in China’s foreign trade and global trade. Customs has strengthened its crackdown on infringing goods in cross-border e-commerce, effectively safeguarded the legitimate interests of right holders and consumers, and escorted the healthy and orderly development of the new cross-border e-commerce business. This series of cases is a typical example of customs strengthening intellectual property protection in the new cross-border e-commerce business.
Case 10: Nanjing, Tianjin and Dalian Customs accurately applied the “Criteria for Administrative Penalty Discretion of the Customs of the People’s Republic of China (III)” series of cases
In December 2023, Xinshengwei Customs under Nanjing Customs found that 141 jerseys and other goods used the MANCHESTER CITY 1894 and graphics trademark logo when inspecting a batch of exported goods, with a value of RMB 4,240.85. After confirmation by the right holder, the batch of goods was infringing goods, and the customs detained the goods and filed a case for investigation in accordance with the law. During the investigation of the case, the “Discretion Benchmarks for Administrative Penalties of the Customs of the People’s Republic of China (III)” (hereinafter referred to as “Discretion Benchmarks (III)”) were promulgated and implemented. The customs investigation determined that the party met the provisions of Article 7, paragraph 1, item 4 of the “Discretion Benchmarks (III)” that “the number of imported and exported goods that infringe intellectual property rights is less than 200 pieces and the value is less than 5,000 yuan, the party acknowledges in writing that the goods are infringing goods, voluntarily abandons the infringing goods and hands them over to the customs for handling in accordance with the law”, and made a decision not to impose administrative penalties in January 2024, ordering the party to immediately fulfill the obligation not to import and export infringing goods and educate them.
In December 2023, Xingang Customs under Tianjin Customs found 72 bicycles with the “FOREVER” trademark logo when inspecting a batch of export goods, with a value of RMB 9,299.06. After confirmation by the right holder, the above-mentioned goods were infringing goods, and the customs detained the goods and filed a case for investigation in accordance with the law. During the investigation of the case, the “Discretion Criteria (III)” was promulgated and implemented. The customs investigation determined that the party was a first-time offender, and met the provisions of Article 8 of the “Discretion Criteria (III)” that “the number of infringing goods imported and exported is less than 500 pieces and the value is less than 10,000 yuan, the party acknowledges in writing that the goods are infringing goods, voluntarily abandons the infringing goods and hands them over to the customs for handling in accordance with the law”. The first violation can be exempted from punishment. In January 2024, a decision was made not to impose administrative penalties, ordering the party to immediately fulfill the obligation not to import and export infringing goods and educate them.
In April 2024, Dayaowan Customs under Dalian Customs found that 10 sets of bearings used the “NTN” trademark when inspecting a batch of exported bearings, with a value of RMB 1,444. The right holder confirmed that the above-mentioned goods were infringing goods. The customs detained the goods and filed a case for investigation in accordance with the law. It was found that the party had been punished by the customs twice for exporting infringing goods within one year before the incident. It met the provisions of Article 12 of the Discretion Criteria (III) that “after being administratively punished by the customs for violating Article 25 of the “Regulations on the Implementation of Customs Administrative Penalties”, the same act of violating customs supervision regulations was committed within one year”. In June 2024, an administrative penalty of confiscating the infringing goods and imposing a fine of 25% of the value of the goods was imposed.
The Discretion Benchmark (III) is a specific measure for the customs to implement the decision-making arrangements of the CPC Central Committee and the State Council on regulating administrative discretion, and provides a guiding and normative discretion benchmark for the customs to strictly, standardize and fairly handle intellectual property cases. Since the implementation of the Discretion Benchmark (III), the national customs have accurately applied different levels of discretion according to the facts, nature, circumstances and degree of social harm of the illegal acts, reflecting the legislative spirit of proportionate punishment and leniency and severity, which is of great significance to improving the fairness and transparency of administrative penalties, protecting the legitimate rights and interests of the parties, and promoting the standardization and professionalization of customs law enforcement.
Onshoring Pharma Ops: Reading Recent EO and Policy Tea Leaves
This week, underscoring a commitment to national security, the White House and the Food and Drug Administration (FDA) issued separate communications that aim to bolster domestic drug manufacturing while tightening oversight of foreign facilities. But they also raise questions about implementation, industry impact, and long-term effects. This is another step from the Department of Commerce Bureau of Industry and Security’s (BIS) Section 232 investigation into pharmaceuticals initiated on April 1, 2025. These developments, while unsurprising, should be viewed within the constellation of broader administration policy, and could make real progress on furthering the manufacturing onshoring agenda for the critical life sciences industry.
The Executive Order: Streamlining Domestic Manufacturing
Signed on May 5, 2025, the Executive Order titled “Regulatory Relief to Promote Domestic Production of Critical Medicines” aims to reduce barriers to building and expanding pharmaceutical manufacturing capacity in the United States.[1] The White House frames this as a national security imperative, citing estimates that new facilities can take 5 to 10 years to construct due to regulatory hurdles—a timeline deemed “unacceptable.” The order directs the FDA and the Environmental Protection Agency (EPA) to review and streamline regulations related to the approval of new and expanded manufacturing sites, eliminate “duplicative or unnecessary requirements,” and maximize “timeliness and predictability” in reviews.
The order also emphasizes early collaboration between the FDA and domestic manufacturers to support facilities before they come online. This could mean more pre-approval guidance or technical assistance, potentially reducing delays in licensure inspections. Additionally, the order calls for increased fees and inspections for foreign manufacturing plants, alongside stricter enforcement of active pharmaceutical ingredient (API) source reporting. The FDA is tasked with publicly disclosing the number of foreign inspections conducted, broken down by country and manufacturer, and considering a public list of non-compliant facilities.
This push for domestic production builds on Trump’s first-term efforts, such as Executive Order 13944 (August 6, 2020), which aimed to reshore essential medicines. The current order reflects a broader “America First” agenda, with the administration arguing that domestic facilities face more frequent and rigorous inspections than their foreign counterparts—a disparity they seek to address.
FDA’s Expanded Unannounced Inspections: Leveling the Playing Field?
On May 6, 2025, the FDA announced plans to expand unannounced inspections at foreign manufacturing facilities producing drugs, food, and medical products for the U.S. market. This builds on a pilot program launched under the Biden administration in India and China, which had stalled due to recent staff cuts. The agency’s goal is to ensure foreign facilities face the same level of scrutiny as domestic ones, addressing long-standing concerns about inconsistent oversight. The FDA emphasized that it can take enforcement actions—such as warning letters or import bans—against facilities that delay, block, or refuse these inspections.
FDA Commissioner Marty Makary, appointed under the Trump administration, underscored that these surprise inspections aim to align foreign oversight with domestic standards. The agency also plans to optimize inspector resources by reducing time spent in-country, allowing for more inspections without additional staffing. This is particularly significant given recent reports of layoffs and budget constraints at the FDA, which have strained its inspection capacity.
Context and Analysis: Opportunities and Challenges
These actions don’t exist in a vacuum. Since the inauguration, the FDA has undergone significant changes, reflecting the administration’s broader push to reduce bureaucracy, roll back regulations, and prioritize domestic interests. The appointment of Marty Makary as FDA Commissioner and Robert F. Kennedy Jr. as Health and Human Services Secretary has set a tone of aggressive reform. These changes suggest a dual focus: easing regulatory burdens for U.S. manufacturers while intensifying scrutiny of foreign ones. However, the FDA’s ability to execute these policies amidst staffing shortages and budget cuts remains a critical question.
Opportunities naturally reveal themselves. First, the Executive Order’s emphasis on streamlining regulations could significantly reduce the time and cost of building or expanding U.S. manufacturing facilities. The news cycle has been full of recent announcements—totaling in the multiple billions—by both large and small pharma companies making commitments to invest in U.S. manufacturing and research and development. Second, expanded unannounced inspections may deter foreign manufacturers from cutting corners, potentially reducing the competitive advantage of lower-cost production in countries like India and China. This could benefit U.S. contract manufacturing and development companies by narrowing the cost gap, but to be sure, could result in at least a short-term cost increase for manufacturers looking to move operations back home. Finally, the promise of pre-approval collaboration could help companies navigate complex—and sometimes confusing—regulatory requirements, reducing the risk of delays or rejections during licensure inspections.
But challenges are also plentiful. First, the FDA’s recent layoffs and budget constraints raise concerns about its capacity to conduct more foreign inspections or provide robust support for domestic manufacturers. The agency’s Office of Inspections and Investigations was already struggling with a 16% vacancy rate among investigators before these changes. It was reported that, as of September 2024, 42% of the 4,700 plants that manufacture drugs for the U.S. were overdue for inspection.[2] Second, higher inspection fees and stricter API source reporting could raise operating costs for foreign facilities, potentially leading to supply chain disruptions or price increases for U.S. consumers. Companies reliant on foreign APIs may need to reassess their sourcing strategies. Third, the White House’s foreshadowed tariffs on imported drugs could complicate the economics of foreign manufacturing, forcing companies to weigh the costs of relocating production to the U.S. against potential trade barriers. Finally, while streamlining domestic approvals is appealing, eliminating “duplicative or unnecessary” requirements risks weakening oversight. The opioid crisis, partly fueled by lax FDA standards in the past, serves as a cautionary tale.
Tariffs: Potential Impact and Twists
Further, tariffs continue to place economic pressure on foreign manufacturing. Large U.S. manufacturers have estimated tariff impacts of “a few hundred million dollars,” primarily due to tariffs on Chinese products (e.g., the International Emergency Economic Powers Act (IEEPA) 20% fentanyl tariff, the IEEPA 125% reciprocal tariff, Section 301 tariffs) as well as China’s retaliatory tariffs. As a result, manufacturers have begun to implement mitigation strategies. For example, companies are now beginning to invest more heavily in domestic R&D and manufacturing in order to meet U.S. product demand, while maintaining manufacturing facilities abroad to serve global demand.
In addition to the tariffs imposed by the statutory authorities listed above, on April 1, 2025, BIS initiated a Section 232 investigation under the Trade Expansion Act of 1962 into pharmaceuticals. This investigation focuses on the national security implications of importing pharmaceuticals and pharmaceutical ingredients, including finished generic and non-generic drug products, medical countermeasures, critical inputs like active pharmaceutical ingredients and key starting materials, and derivative products of these items. The investigation must conclude within 270 days. Following the investigation, the President has the authority to impose various trade restrictions, including tariffs on the investigated products.
Generally, these tariffs are typically additive. However, in a twist, the relationship between Section 232 tariffs and the 125% reciprocal tariff are exclusive of each other. For example, if a Chinese product is subject to a Section 232 tariff, it will not be subject to the 125% reciprocal tariff. This exclusivity might offer some relief to the pharmaceutical industry if Section 232 tariffs are imposed on certain Chinese pharmaceutical products and are set at a rate lower than 125%.
These developments may demand strategic adjustments, including but not limited to:
Reevaluate Supply Chains: this one is debatable, but it is as good a time as ever to assess reliance on foreign manufacturing and consider investing in U.S. facilities to capitalize on regulatory relief and mitigate tariff risks.
Strengthen Compliance Programs: prepare for unannounced inspections by enhancing quality control systems and ensuring accurate API source reporting. Non-compliance of course could lead to public shaming or import restrictions.
Engage with FDA Early: leverage the FDA’s offer of pre-approval support to streamline facility approvals. This could involve early consultations on emerging technologies or production line modifications. The FDA is not always the easiest to correspond with—especially recently—but the administration’s commitment to domestic manufacturing could yield a critical advantage over foreign entities when it comes to dealing with FDA.
Monitor Tariff Developments: With the administration promising more details on tariffs within weeks, companies should model the financial impact of potential trade policies and explore diversification strategies.
Looking Ahead: Balancing Speed, Safety, and Security
The administration’s FDA is charting a course that prioritizes domestic manufacturing and robust foreign oversight, but the path is fraught with challenges. Streamlining regulations could unleash innovation and strengthen the U.S. drug supply chain, but only if the FDA retains the expertise and resources to maintain safety standards. Expanded unannounced inspections are a step toward domestic parity, but their success hinges on adequate staffing and international cooperation. Meanwhile, the specter of tariffs looms large, potentially reshaping the economics of the global pharmaceutical industry.
As with everything recently, it is too early to say whether and to what extent these actions will have a meaningful impact, but the number of policy moves is growing to a critical mass. The coming months will reveal whether the FDA can deliver on these ambitious goals or if resource constraints and policy trade-offs undermine their impact. For now, manufacturers should stay proactive, aligning their strategies to the extent possible with the administration’s priorities while safeguarding compliance in an increasingly complex and uncertain regulatory environment.
FOOTNOTES
[1] Executive Order available here: Regulatory Relief to Promote Domestic Production of Critical Medicines – The White House
[2] Nearly 2,000 drug plants are overdue for FDA checks after COVID delays, AP finds | The Associated Press
Julian Klein also contributed to this article.
Listen to this post
DHS Announces the Rescission of Romania’s Designation into the Visa Waiver Program
The Visa Waiver Program (VWP) permits citizens of designated countries to travel to the United States for business or tourism for stays of up to 90 days without a visa. In return, those countries must permit U.S. citizens and nationals to travel to their countries for a similar length of time without a visa for business or tourism purposes. The VWP utilizes a risk-based, multi-layered approach to detect and prevent terrorists, serious criminals, and other mala fide actors from traveling to the United States.
On May 2, 2025, the Department of Homeland Security (DHS), in consultation with the Department of State, rescinded Romania’s VWP designation.
DHS had paused implementation of the VWP in order to conduct a review of Romania’s designation on March 25, 2025. The review has concluded, and given the Trump administration’s focus on increased border and immigration security, DHS decided that Romania’s designation should be rescinded to protect the integrity of the VWP and to enhance border and immigration security.
However, Romania may be reconsidered for VWP designation in the future should they meet the statutory eligibility criteria. The eligibility requirements are defined in Section 217 of the Immigration and Nationality Act as amended by the Secure Travel and Counterterrorism Partnership Act of 2007 and the Visa Waiver Program Improvement and Terrorist Travel Prevention Act of 2015. Pursuant to the statute, a country may be designated into the VWP if the following requirements are met:
Has an annual temporary visitor visa (i.e., B visa) refusal rate of less than 3%;
Accepts the repatriation of its citizens, former citizens, and nationals ordered removed from the United States within three weeks of the final order of removal;
Enters into an agreement to report lost and stolen passport information to the United States via INTERPOL or other means designated by the secretary of Homeland Security;
Enters into an agreement with the United States to share terrorism and serious criminal information;
Issues electronic, machine-readable passports with biometric identifiers;
Undergoes a DHS-led evaluation of the effects of the country’s VWP designation on the security, law enforcement, and immigration enforcement interests of the United States; and
Undergoes, in conjunction with the DHS-led evaluation, an independent intelligence assessment produced by the DHS Office of Intelligence and Analysis (on behalf of the director of National Intelligence).
WhatsApp? A Legally Binding Contract….
In the recent case of Jaevee Homes Limited v. Mr Steven Fincham, the English High Court has handed down judgment that an exchange of WhatsApp messages between the parties formed a basic and legally binding contract, providing a reminder to parties involved in pre-contract discussions to exercise caution.
Background facts
The case centred around a contractual dispute between a property developer, Jaevee Homes Limited (“Claimant”) and a demolition contractor, Steve Fincham, trading as Fincham Demolition (“Defendant”) who the Claimant had hired to undertake demolition works. The parties exchanged WhatsApp messages in April-May 2023 regarding the work with the Claimant confirming the job via WhatsApp on 17 May 2023. On 26 May 2023, a formal subcontract and purchase order was emailed on the behalf of the Claimant to the Defendant however, it was never signed or acknowledged.
The key issue in dispute was determining the exact terms of the contract between the parties, particularly in relation to the payment terms. The Claimant argued that the terms of the written subcontract which incorporated its standard terms and sent to the defendant on 26 May 2023 were binding. On the other hand, the Defendant believed that a basic contract had been formed as a result of WhatsApp messages exchanged on 17 May 2023.
Outcome
The basic criteria for concluding most types of legally binding contract under English is well established: one party makes an offer which the other accepts and some money (or something else of at least nominal value) must pass between the parties. Importantly though, in most cases there is no requirement for a contract to be reduced to writing and signed by the parties nor is there any requirement for acceptance to be formally communicated with acceptance by conduct or implication being very common.
In reaching a decision in this case, the Judge applied these principles, using a common sense and contextual approach when reviewing the WhatsApp messages which had passed between the parties. As a result the Judge confirmed that the messages “whilst informal, evidenced and constituted a concluded contract” as opposed to pre-contractual negotiations. Although the messages did not agree all aspects concerning payment, the messages did confirm the relevant fees, scope of work and final date of payment.
In particular, the Judge focused on a relatively informal exchange of messages between the parties on 17 May 2023 in which the Defendant asked “Are we saying it’s my job mate so I can start getting organised mate” to which the Claimant responded “Yes”, holding that meant a legally binding contract had come into force on that date.
The Judge went on to note that at this point “there was no express indication that the final terms of the agreement between the Parties depended upon agreement as to any other matter such as incorporation of the Claimant’s standard terms”. Therefore, the subcontract and purchase order issued to the Defendant on 26 May which had never been signed or acknowledged by the Defendant were irrelevant as a legally binding contract had already come into force nine days before.
Impact of the ruling
This judgment is a helpful reminder that under English contract law, it is easy to (inadvertently) create a legally binding contract and that caution should be exercised when engaging in informal pre-contract discussions. In particular, if a party’s position is that any award of work is made subject to its standard terms or the conclusion of a formal written contract, that should be clearly stated in discussions and work not allowed to commence until a formal written contract has been concluded. If a written contract is concluded, that should contain an “entire agreement” clause which seeks to exclude any pre-contract discussions to provide certainty that neither party will be able to rely on statements or representations made during discussions which are not reflected in the final written contract.
The BR Privacy & Security Download: May 2025
Welcome to this month’s issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security, & Data Protection practice.
STATE & LOCAL LAWS & REGULATIONS
State Regulators Form Bipartisan Consortium for Privacy Issues: The California Privacy Protection Agency and the Attorneys General of California, Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon have created the Consortium of Privacy Regulators (the “Consortium”), a bipartisan consortium, to collaborate on various privacy issues. The seven states all have comprehensive privacy laws that are currently or will be in effect, and the Consortium will collaborate on the implementation and enforcement of their respective state laws. The Consortium will hold regular meetings not only to share expertise and resources, but also to coordinate efforts to investigate potential violations of applicable laws.
CPPA Issues Updated ADMT Proposed Rules and Opens Comment Period for Data Broker Deletion Mechanism Proposed Rules; California Governor Urges CPPA to Not Enact ADMT Proposed Rules: The California Privacy Protection Agency (“CPPA”), the regulatory authority charged with enforcing the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), has released a revised version of its proposed regulations on cybersecurity audits, risk assessments, and automated decision-making technology (“ADMT”). Among the notable modifications offered by the CPPA were to narrow the definition of ADMT, remove behavioral advertising from ADMT and risk assessment requirements, and reduce the kinds of evaluations that businesses would have to undertake when using ADMT. California’s Governor, Gavin Newsom, sent a letter to the CPPA, urging the agency not to enact the proposed regulations on ADMT, stating that the regulations “could create significant unintended consequences and impose substantial costs that threaten California’s enduring dominance in technological innovation.” In addition to the proposed ADMT regulations, the CPPA has progressed its rulemaking under the California Delete Act. The CPPA has opened the formal public comment period on its proposed regulations for the Delete Request and Opt-Out Platform. The Delete Act requires the CPPA to establish an accessible deletion mechanism to allow consumers to request the deletion of personal information from all registered data brokers through a single deletion request to the CPPA. The comment period will remain open until June 10, 2025.
Bill Introduced to Stop California CIPA Claims: The California Senate introduced S.B. 690, which aims to stop lawsuits for violations of the California Invasion of Privacy Act (“CIPA”) based on the use of cookies and other online tracking technologies. There has been a recent trend of class actions under CIPA, where plaintiffs claim that the use of cookies and tracking technologies on websites violates CIPA because such technologies facilitate wiretapping and constitute illegal pen registers or trap and trace devices. Not even businesses compliant with the CCPA that provide consumers with the ability to opt out of the sharing of personal information with providers of tracking technologies are immune from CIPA class actions. S.B. 690 would exempt online technologies used for a “commercial business purpose” from wiretapping and pen register or trap-and-trace liability. “Commercial business purpose” is defined as the processing of personal information in a manner permitted by the CCPA.
Arkansas’ Social Media Safety Act Struck Down; Arkansas Legislature Passes Amendments in Response: The U.S. District Court for the Western District of Arkansas held that the Arkansas’ Social Media Safety Act (“SMSA”), a law limiting minors’ access to social media platforms, was unconstitutional and granted a permanent injunction blocking SMSA from taking effect. The District Court held that SMSA violated the First Amendment because it did not meet the requisite standard of strict scrutiny. The District Court held that SMSA’s age verification requirements blocking minors’ access to social media platforms were not narrowly tailored to prevent minors from interacting online with predators and other harmful content. The District Court also found that SMSA was unconstitutionally vague, as it is not clear which of NetChoice’s members are subject to SMSA’s requirements, while SMSA regulates companies like Facebook and Instagram, it specifically exempts Google, WhatsApp, and Snapchat. In response to the District Court’s ruling, the Arkansas Legislature passed a new bill, S.B. 611, to amend SMSA to broaden the scope and applicability of SMSA to include additional online platforms, narrow the age of applicability to users under 16 (rather than 18), strengthen privacy protections for minor users, and add a private right of action for parents of minor users.
Connecticut Attorney General Issues Annual Report on Connecticut Data Privacy Act Enforcement: The Connecticut Attorney General released a new report detailing the actions it has taken to enforce the Connecticut Data Privacy Act (“CTDPA”). The report provides updates on: (1) the Connecticut Attorney General’s broader privacy and data security efforts; (2) consumer complaints received under the CTDPA to date; (3) several enforcement efforts highlighted in the Connecticut Attorney General’s initial report; (4) expanded enforcement priorities; and (5) recommendations for strengthening the CTDPA’s protections. While the Connecticut Attorney General seems to remain focused on enforcing the CTDPA’s transparency requirements (i.e., disclosures to be included in privacy notices) and requirements to obtain opt-in consent to process sensitive data, it seems to also have broadened its efforts to address opt-out practices and dark patterns. The Connecticut Attorney General’s priorities have further expanded as the CTDPA’s universal opt-out provisions became effective and new legislation related to minors’ privacy and consumer health data took effect.
Oregon Attorney General Reports Spike in Complaints on Use of Personal Data by Government Entities: The Oregon Department of Justice’s (“ODOJ”) Privacy Unit reported a big spike in the first three months of 2025 in complaints about the Department of Government Efficiency (“DOGE”). As of March 31, 2025, the Privacy Unit reports it received more than 250 complaints about DOGE. In addition to the DOGE complaints, the Privacy Unit received 47 complaints between January and March of this year relating to the Oregon Consumer Privacy Act (“OCPA”). In addition, ODOJ announced the publication of a 2025 Quarter 1 Enforcement Report, which addresses outreach and enforcement efforts of the OCPA from January 1 to March 31, 2025, and identifies broad privacy trends in Oregon. ODOJ previously issued a Six-Month Enforcement Report, which addressed enforcement efforts for the first six months of the OCPA. ODOJ plans to continue to issue these reports quarterly, with a longer report published every six months.
Ohio’s Age Verification Law Struck Down: The U.S. District Court for the Western District of Arkansas struck down Ohio’s Social Media Parental Notification Act, which required social media companies to verify user age and obtain parental consent for users under 16. NetChoice, a technology industry trade group that has challenged a number of recently enacted social media laws around the country on constitutional grounds, including Arkansas’ SMSA, alleged that the act violated the First Amendment. The District Court agreed and held that the law’s age verification requirement blocking minors’ access to social media is not narrowly tailored to protect children from the harms of social media. The District Court also held that the law’s definitions for which websites had to comply with the law were a content-based restriction because it favored some forms of engagement with certain topics to the exclusion of others.
California Attorney General Appeals Age-Appropriate Design Code Act Decision: As previously reported, NetChoice obtained a second preliminary injunction temporarily blocking the enforcement of the California Age-Appropriate Design Code Act (“AADC”). The California Attorney General has appealed this decision, stating that it is “deeply concerned about further delay in implementing protections for children online.” The AADC would place extensive new requirements on websites and online services that are “likely to be accessed by children” under the age of 18. NetChoice won its first preliminary injunction in September 2023 on the grounds that the AADC would likely violate the First Amendment. In April 2025, NetChoice’s motion for preliminary injunction was again granted on the grounds that the AADC regulates protected speech, triggering a strict scrutiny review, and while California has a compelling interest in protecting the privacy and well-being of children, this interest alone is not sufficient to satisfy a strict scrutiny standard.
FEDERAL LAWS & REGULATIONS
DOJ Issues Data Security Program Compliance Guide and FAQ; Provides 90 Day Limited Enforcement Policy: The National Security Division of the U.S. Department of Justice (“DOJ NSD”) released a compliance guide and FAQ as part of its implementation of its final rule on protecting Americans’ sensitive data from foreign adversaries (the “Final Rule”). The compliance guide is intended to provide general information to assist individuals and entities in complying with the Final Rule’s legal requirements and to facilitate an understanding of the scope and purposes of the Final Rule. The FAQ answers 108 questions regarding Final Rule topics such as the definition of sensitive personal data, prohibited and restricted transactions, and scope of the Final Rule’s application to certain corporate group transactions, among other topics. Concurrently, the DOJ NSD issued a limited enforcement policy through July 8, 2025. Under the limited enforcement policy, the DOJ NSD stated that it will not prioritize civil enforcement actions against any person for violations of the DSP that occur from April 8 through July 8, 2025, so long as the person is engaging in good faith efforts to comply with or come into compliance with the DSP during that time. NSD stated it will pursue penalties and other enforcement actions as appropriate for egregious, willful violations and is not limited in pursuit of civil enforcement if good faith compliance efforts, such as reviewing data flows, conducing data inventories, renegotiating vendor agreements, transferring services to new vendors, and conducting diligence on new vendors, are not undertaken.
FTC Sends Letter to Office of U.S. Trustee Regarding 23andMe Bankruptcy: Federal Trade Commission (“FTC”) Chairman Andrew N. Ferguson issued a letter to the U.S. Trustee regarding the 23andMe bankruptcy proceeding, expressing the concerns consumers have with the potential sale or transfer of their 23andMe data. The letter emphasizes the fact that the data 23andMe collects and processes is extremely sensitive, and highlights some of the public-facing privacy and data security-related representations the company has made. Chairman Ferguson urges the U.S. Trustee to ensure that any bankruptcy-related sale or transfer involving 23andMe users’ personal information and biological samples will be subject to the representations the company has made to users about both privacy and data security.
OMB Issues Memoranda on Federal Government Purchase and Use of AI: The U.S. Office of Management and Budget (“OMB”) issued memoranda providing guidance on federal agency use of AI and purchase of AI systems. The guidance in the memoranda builds on Executive Order 14179, Removing Barriers to American Leadership in Artificial Intelligence, signed by President Trump in January. The memorandum fact sheet states, “The Executive Branch is shifting to a forward-leaning, pro-innovation and pro competition mindset rather than pursuing the risk-averse approach of the previous administration.” Notwithstanding that characterization, the guidance does share many risk management and performance tracking concepts included in Biden administration directives. The guidance describes how to manage “high-impact” AI, which is defined as AI where the output serves as a principal basis for decisions or actions that have legal, material, binding, or significant effect on AI rights or safety. There are several examples of high-impact AI in the guidance, including enforcement of trade policies, safety functions for critical infrastructure, transporting chemical agents, certain law enforcement activities, and when protected speech is removed. Environmental impacts and algorithmic bias are not mentioned. However, the guidance directs agencies to use AI in a way that improves public services while maintaining strong safeguards for civil rights, civil liberties, and privacy.
States’ Attorneys General Challenge the Firing of FTC Commissioners: A coalition of 21 Attorneys General (the “Coalition”) supported two FTC Commissioners in challenging the decision by President Trump to fire them without cause. Led by the Colorado Attorney General, the Coalition filed an amicus brief in Slaughter v. Trump, emphasizing the important role the FTC has played in consumer protection and antitrust. The Coalition stated that the strong track record of the FTC is due in large part to the bipartisan structure of the FTC’s leadership and that “[a]llowing the president to have at-will removal authority would ruin the FTC’s independence by allowing the commission to become a partisan agency subject to the political whims of the president.”
NIST Releases Initial Draft of New Version of Incident Response Recommendations: The U.S. Department of Commerce National Institute of Standards and Technology (“NIST”) released the initial public draft of Special Publication 800-61 Rev. 3 (“SP 800-61”) for public comment. SP 800-61 is designed to assist organizations in incorporating cybersecurity incident response considerations throughout NIST Cybersecurity Framework 2.0 risk management activities to improve the efficiency and effectiveness of their incident detection, response, and recovery activities. The public comment period is open through May 20, 2025.
NIST Releases Initial Public Draft of Privacy Framework 1.1: NIST released a draft update to the NIST Privacy Framework (“PFW”). Updates include targeted changes to the content and structure of the NIST PFW to enable organizations to better use it in conjunction with the NIST Cybersecurity Framework, which was updated to version 2.0 in 2024 (“CSF 2.0”). The PFW’s draft update makes targeted changes to align with CSF 2.0, with a focus on the Govern Function (i.e., risk management strategy and policies) and the Protect Function (i.e., privacy and cybersecurity safeguards). The new draft also includes changes responsive to stakeholder feedback since the initial release of the PFW five years ago. The draft PFW also includes a new section on AI and privacy risk management and moves PFW use guidelines online. NIST is accepting comments on the draft through June 13, 2025.
FCC Delays Part of TCPA Rule Amendments: The Federal Communications Commission (“FCC”) announced that it was extending the effective date of one part of the amendments to the Telephone Consumer Protection Act (“TCPA”) rules the FCC released last year. The delayed amendments were initially set to become effective April 11, 2025, and relate to consumers’ revocation of consent. Amendments to C.F.R. § 64.1200(a)(10) were designed to make it easier for consumers to revoke consent under the TCPA by requiring callers to apply a revocation request received for one type of message to all future calls and texts. However, in response to industry comments, the FCC extended the effective date of C.F.R. § 64.1200(a)(10) until April 11, 2026, “to the extent that it requires callers to apply a request to revoke consent made in response to one type of message to all future robocalls and robotexts from that caller on unrelated matters.” The remaining portions of the amended rule went into effect on April 11, 2025.
U.S. LITIGATION
Fifth Circuit Vacates FCC Telecommunications Provider Fine: The Fifth Circuit vacated the $57 million fine imposed on AT&T by the FCC in 2024, which was part of a number of FCC enforcement actions issued concurrently by the FCC against major carriers related to the sale of geolocation data to third parties. All carriers have appealed the fines. AT&T argued that the penalty should be vacated in part because the FCC imposed sanctions without proving the allegations in court. Following the U.S. Supreme Court decision in U.S. Securities and Exchange Commission v. Jarkesy, in which the Supreme Court limited use of government agency courts and held that when the Securities Exchange Commission seeks civil penalties against a defendant for securities fraud, the Seventh Amendment entitles the defendant to a jury trial. The FCC argued that its enforcement action was rooted in Section 222 of the Telecommunications Act, which does not have roots in common law, and that, therefore, the Seventh Amendment right to a jury trial is inapplicable. However, the Fifth Circuit determined that Section 222’s requirement to use reasonable measures to protect consumer data is analogous to common law negligence. The Court stated that it was not denying the FCC’s right to enforce laws to protect customer data, but that the FCC must do so consistent with constitutional guarantees of a jury trial.
Illinois Federal Judge Reverses Prior Ruling on Retroactive Application of BIPA Amendments: In two cases before U.S. District Court Judge Elaine Bucklo, Judge Bucklo vacated her prior rulings that Illinois’ Biometric Information Privacy Act (“BIPA”) amendments passed by the Illinois legislature applied retroactively, stating that upon her reexamination of the issue she concluded that the “better interpretation of the amendment is that it changed the law” rather than clarified the initial intent of the legislature when it first passed BIPA. The Illinois Legislature amended BIPA in 2024 to provide that a company that collects a person’s biometric information multiple times in the same manner has committed only one violation of the law. Previously, the Illinois State Supreme Court held that each instance of collection constituted a violation supporting a claim for damages, resulting in potentially extreme liability for companies using biometric systems for business purposes such as timekeeping, where employees might clock in and out by scanning biometric identifiers multiple times per day. Judge Bucklo’s new ruling aligns with those of two other Illinois federal district courts. The plaintiffs will now be permitted to pursue their claims under the statute as it existed at the time of the alleged violations.
Pennsylvania District Court Holds Online Privacy Terms Sufficient for Implied Consent Under State Wiretapping Law: The U.S. District Court for the Western District of Pennsylvania held that disclosure of third-party data collection in online privacy statements that can be seen by a reasonably prudent person is sufficient to obtain implied consent to that disclosure. Pennsylvania’s wiretapping statute prohibits any person from intercepting a wire, electronic, or oral communication unless all parties have provided consent to interception. The website in question, operated by Harriet Carter Gifts, disclosed that the business tracked and shared website visitors’ activity with third parties. The privacy statement was available via a link at the bottom of each page of the website. According to the Court, the description of sharing data with third parties in the privacy statement combined with the reasonable availability of the privacy statement provided the plaintiff with constructive notice of the practice of sharing data with third parties and resulted in the plaintiff providing implied consent to such sharing, despite the fact that the plaintiff testified she had never read the privacy statement.
Sixth Circuit Holds Newsletter Subscribers Are Not Consumers Under VPPA: The Sixth Circuit affirmed the dismissal of a proposed class action brought by a plaintiff who had subscribed to a digital newsletter from Paramount Global’s 24/7 Sports. The plaintiff alleged that the subscription qualified him as a “consumer” under the Video Privacy Protection Act (“VPPA”) because the newsletter contains links to video content, making the newsletter “audiovisual materials” subject to the VPPA. The Court rejected this argument, stating that the complaint suggests that the linked video content was available to anyone with or without a newsletter subscription and that the plaintiff did not plausibly allege that the newsletter itself was “audiovisual material.” The Court noted that its reading of the VPPA differed from the Second and Seventh Circuits, which have held that the term “consumer” under the statute should encompass any purchaser or subscriber of goods or services, whether audiovisual or not. U.S. Circuit Judge Rachel S. Bloomekatz dissented, stating that the plaintiff is a “consumer” under the VPPA because he is a subscriber of Paramount, which is a “videotape service provider.”
Ninth Circuit Rules VPPA Not Applicable to Movie Theaters: The Ninth Circuit affirmed a District Court’s dismissal of an action against Landmark Theaters (“Landmark”), holding that the Video Privacy Protection Act (“VPPA”) does not apply to in-theater movie businesses. The plaintiff had purchased a ticket on Landmark’s website. As part of that purchase, the plaintiff alleged that Landmark shared the name of the film, the location of the showing, and the plaintiff’s unique Facebook identification number with Facebook. The VPPA prohibits “video tape service providers” from knowingly disclosing personally identifiable information of a consumer without consent. “Video tape service provider” is defined under the VPPA as “any person, engaged in the business .. of rental, sale, or delivery of prerecorded video cassette tapes or similar audiovisual materials.” The Court held that the plain language of the statute and the law’s statutory history did not support a finding that selling tickets to an in-theater movie-going experience is a business subject to the VPPA.
U.S. ENFORCEMENT
Defense Contractor Settles FCA Allegations Related to Cybersecurity Compliance: The U.S. Department of Justice (“DOJ”) announced a settlement with defense contractor Morsecorp Inc. (“Morse”) resolving allegations that Morse violated the False Claims Act (“FCA”) by failing to comply with cybersecurity requirements in its contracts with the Army and Air Force. The DOJ alleged that Morse failed to comply with contract requirements by, among other things, using a third party to host Morse emails without requiring or ensuring that the third party met Federal Risk and Authorization Management Program Moderate baseline and complied with the Department of Defense’s cyber security requirements, failing to implement all cybersecurity controls in NIST Special Publication 800-171 (“SP 800-171”), failing to have a consolidated written plan for each of its covered information systems describing system boundaries, system environments of operation, how security requirements are implemented and the relationships with or connections to other systems, and failing to update its self-reported score for implementation of the requisite NIST controls following receipt of an updated score from a third party assessor. Morse has agreed to pay $4.6 million to resolve the allegations.
New York Attorney General Fines Auto Insurance Company over Data Breach: The Office of New York Attorney General Letitia James announced that it had fined auto insurance company Root $975,000 for failing to protect personal information following a breach that affected 45,000 New York residents. Root allows consumers to obtain a price quote for insurance through its website. After entering limited personal information, the online quote tool filled in other personal information such as driver’s license numbers. The Attorney General alleges that Root exposed plaintext driver’s licenses in a PDF generated at the end of the quote process and that Root had failed to perform adequate risk assessments on its public-facing web applications, did not identify the plain text exposure of consumer personal information, and employed insufficient controls to thwart automated attacks. In addition to the fine, the settlement requires Root to enhance its data security controls by maintaining a comprehensive information security program that uses reasonable authentication procedures for access to private information and the maintenance of logging and monitoring systems, among other things.
New Jersey Attorney General Sues Messaging App for Failing to Protect Kids: New Jersey Attorney General Matthew J. Platkin and the Division of Consumer Affairs announced it had filed a lawsuit against message app provider Discord, Inc. (“Discord”) alleging Discord engaged in “deceptive and unconscionable business practices that misled parents about the efficacy of its safety controls and obscured the risks children faced when using the application.” According to the complaint, Discord violated the New Jersey Consumer Fraud Act by misleading parents and kids about its safety settings for direct messages. For example, Discord allegedly represented that certain user settings related to its safe direct messaging setting would cause the app to scan, detect, and delete direct messages for explicit media content. According to the Attorney General, Discord knew that not all explicit content was being detected or deleted. The complaint also alleges that Discord misrepresented its policy of not permitting users under the age of 13 because of its inadequate age verification processes.
HHS Enters Settlement with Healthcare Network over Phishing Attack that Exposed PHI: The U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a settlement with PIH Health, Inc. (“PIH Health”), a California healthcare network, relating to alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) arising from a phishing attack that exposed protected health information. The phishing attack compromised 45 PIH Health employee email accounts, which resulted in the breach of 189,763 individuals’ protected health information, including names, addresses, dates of birth, driver’s license numbers, Social Security numbers, diagnoses, lab results, medications, treatment and claims information, and financial information. OCR alleges that PIH Health failed to conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by PIH Health, and failed to provide timely notification of the breach. Under the terms of the settlement, PIH Health will implement a corrective action plan that will be monitored by OCR for two years and pay a $600,000 fine.
INTERNATIONAL LAWS & REGULATIONS
Cyberspace Administration of China Publishes Q&A on Cross-Border Data Transfers: The Cyberspace Administration of China (“CAC”) published a Q&A on cross-border data transfer policies and requirements for organizations. The Q&A is intended to provide guidance on government administrative policies. China’s regulations on cross-border data transfer require one of three mechanisms to be used if personal data or important data is transferred. Those mechanisms are a regulator-led security assessment, standard contractual clauses, and certification. The Q&A lists several common types of low risk data transfers that are not required to comply with one of the transfer mechanisms, including data related to international trade, cross-border transportation, academic collaborations, and cross-border manufacturing/sales if no important data or personal information is involved and nonsensitive personal information, totaling fewer than 100,000 individuals since 1 Jan. of the current year by noncritical information infrastructure operators. The Q&A also provides additional detail on assessing the necessity of personal data transfer and describes administrative processes available for obtaining clearance for data transfers on a company group basis, among other things.
ICO Releases Anonymization Guidance: The United Kingdom Information Commissioner’s Office (“ICO”) released new guidance on anonymizing personal data to assist organizations in identifying issues that should be considered to use anonymization techniques effectively. The guidance discusses what is meant by anonymization and pseudonymization, how such techniques affect data protection obligations, provides advice on good practices for anonymizing personal data, and discusses technical and organizational measures to mitigate risks to individuals when organizations anonymize data. Among other things, the guidance explains that anonymization is about reducing the likelihood of a person being identified or identifiable to a sufficiently remote level and that organizations should undertake identifiability risk assessments to determine the likelihood of identification when undertaking anonymization efforts, among other recommended accountability and governance measures. The guidance also includes case studies to assist users in understanding the guidance concepts.
Office of the Privacy Commissioner of Canada Releases Guidance on Risk Assessment in Data Breach; Canada Announces First Phase of Cybersecurity Certification Program: The Office of the Privacy Commissioner of Canada (“Privacy Commissioner”) released an online tool to assist organizations in conducting a breach risk self-assessment. The tool guides users through a series of details of the breach to assess whether the circumstances create a real risk of significant harm and is required to be reported. Separately, the Government of Canada announced the first phase in the implementation of the Canadian Program for Cyber Security Certification (“CPCSC”). The CPCSC will establish a cyber security standard for companies that handle sensitive unclassified government information in defense contracting. The Canadian government stated that the CPCSC will be released in phases, with the first phase involving the release of a new Canadian industrial cyber security standard, opening the accreditation process, and introducing a self-assessment tool for level 1 certification to help businesses better understand the program before a wider rollout of the program in successive phases.
NOYB Files Complaint Against ChatGPT over Defamatory Hallucinations: Privacy advocacy organization NOYB has filed a complaint against ChatGPT stemming from false information about an individual provided by ChatGPT in response to a query. Specifically, the complaint alleges that when Norwegian user Arve Hjalmar Holmen queried ChatGPT to determine if it had any information about him, ChatGPT presented the complainant as a convicted criminal who murdered two of his children and attempted to murder his third son. NOYB further alleges that the fake story included real elements of his personal life, including the actual number and the gender of his children and the name of his hometown. The NOYB complaint alleges that the output is not an isolated incident and violates the EU General Data Protection Regulation, including Article 5(1)(d), which requires organizations to ensure the personal data they produce about individuals is accurate.
ICO Fines Company for Lax Cybersecurity Following Ransomware Attack: The ICO announced it has fined Advanced Computer Software Group Ltd. (“Advanced”) £3.07 million for cybersecurity failures relating to a ransomware incident in August 2022. Advanced provides information technology services to businesses, including in the healthcare industry. Hackers had gained access to Advanced systems via a customer account that did not have multi-factor authentication, leading to the disruption of UK National Health Service (“NHS”) operations. The personal information on 79,404 people was exfiltrated in the attack, including details of how to enter the homes of 809 individuals receiving home care. The ICO investigation concluded that Advanced did not have appropriate technical and organizational measures in place to protect personal data prior to the incident. The ICO noted that it reduced the initially proposed fine due to Advanced’s proactive engagement with law enforcement, the NHS, and other steps taken by Advanced to mitigate the risk to impacted individuals.
Daniel R. Saeedi, Rachel L. Schaller, Gabrielle N. Ganze, Ana Tagvoryan, P. Gavin Eastgate, Timothy W. Dickens, Jason C. Hirsch, Adam J. Landy, Amanda M. Noonan, and Karen H. Shin also contributed to this article.
Paint It White: No Sovereign Immunity in Economic Espionage Case
The US Court of Appeals for the Ninth Circuit affirmed a district court’s denial of foreign sovereign immunity to a Chinese company accused of stealing trade secrets related to the production of proprietary metallurgy technology. United States v. Pangang Grp. Co., Ltd., Case No. 22-10058 (9th Cir. Apr. 29, 2025) (Wardlaw, Collins, Bress, JJ.)
Pangang is a manufacturer of steel, vanadium, and titanium. E.I. du Pont de Nemours (DuPont) had a proprietary chloride-route technology used for producing TiO₂, a valuable white pigment used in paints, plastics, and paper. Pangang allegedly conspired with others to obtain DuPont’s trade secrets related to TiO₂ production through economic espionage in order to use the stolen information to start a titanium production plant in China. The US government filed a criminal lawsuit.
In defense, Pangang invoked the Foreign Sovereign Immunities Act (FSIA) and federal common law, arguing that it was entitled to foreign sovereign immunity from criminal prosecution in the United States because it was ultimately owned and controlled by the government of the People’s Republic of China (PRC). In a prior appeal, the Ninth Circuit had found that Pangang failed to make a prima facie showing that it fell within the FSIA’s domain of covered entities. On remand, the district court again rejected Pangang’s remaining claims of foreign sovereign immunity, including its claims based on federal common law.
While the appeal was pending, the Supreme Court’s 2023 decision in Turkiye Halk Bankasi v. United States clarified that common law, not the FSIA, governs whether foreign states and their instrumentalities are entitled to foreign sovereign immunity from criminal prosecution in US courts. This led to a rebriefing of the present appeal to focus on the now-controlling issues concerning the extent to which Pangang enjoys foreign sovereign immunity under federal common law. Under federal common law, an entity must satisfy two conditions to enjoy foreign sovereign immunity from suit:
It must be the kind of entity eligible for immunity.
Its conduct must fall within the scope of the immunity conferred.
The Ninth Circuit concluded that Pangang did not make a prima facie showing that it exercised functions comparable to those of an agency of the PRC and therefore was not eligible for foreign sovereign immunity from criminal prosecution. The Court also found that “[t]he mere fact that a foreign state owns and controls a corporation is not sufficient to bring the corporation within the ambit of [sovereign immunity].” Since Pangang’s commercial activities were not governmental functions, there was no evidence that sovereign immunity should be applied. Therefore, the Ninth Circuit affirmed the district court’s denial of the motion to dismiss based on sovereign immunity.