Québec’s Restrictive Approach to Biometric Data Poses Challenges for Businesses Working on Security Projects

The recent decision by the Commission d’accès à l’information du Québec (CAI) regarding a popular grocer’s biometric data project in Quebec has far-reaching implications for other businesses considering or currently using biometric technologies. This pivotal decision not only highlights the CAI’s stringent approach to privacy protection but also sets a significant precedent for any company utilizing or considering utilizing biometric technologies in Quebec. Businesses will want to closely monitor developments to ensure compliance with Quebec’s privacy laws and adapt their practices accordingly.

Quick Hits

The CAI emphasized the broad interpretation of “identity” and “verification” under Quebec’s privacy laws.
The decision highlights the quasi-constitutional nature of privacy protection in Quebec.
The CAI emphasized that if consent involving the capture and comparison of biometric data for identification purposes cannot be obtained, a project—even one focused on security—may not be approved in Quebec.

A prominent grocery store in Quebec proposed implementing a biometric data bank for facial recognition to combat theft and fraud in its stores. The system aimed to identify individuals involved in shoplifting or fraud by comparing surveillance footage with a database of biometric data. However, the CAI’s investigation focused on the project’s compliance with Quebec’s privacy laws, specifically the Act respecting the protection of personal information in the private sector and the Act to establish a legal framework for information technology.
Distinction Between Verification and Identity
A critical aspect of the CAI’s decision was the broad interpretation of “identity” and “verification” under Quebec’s privacy laws. The CAI determined that the grocer’s facial recognition system constituted a form of identity verification, as it involved capturing and comparing biometric data to identify individuals. This interpretation means that any process involving the capture and comparison of biometric data for identification purposes requires explicit consent from the individuals concerned, as mandated by Article 44 of the Act to establish a legal framework for information technology.
The CAI rejected the grocer’s argument that their system did not constitute identity verification because it did not confirm the exact identity of every individual entering the store but rather identified those who matched the biometric profiles of known offenders. The CAI clarified that the act of identifying individuals based on biometric data, even if it is to determine if they belong to a specific group (e.g., known shoplifters), still falls under the category of identity verification.
Explicit Consent Requirement
The CAI highlighted that under Article 44 of the Act to establish a legal framework for information technology, any process that involves the verification of identity through the capture and comparison of biometric data requires the explicit consent of the individuals concerned. The CAI noted that the grocer’s project did not plan to obtain such explicit consent, thereby violating the legal requirements. This requirement for explicit consent is a critical point for other businesses to consider. Any business using biometric technologies may want to confirm that they obtained explicit consent from individuals before collecting and using their biometric data. Failure to do so could result in significant legal repercussions and potential prohibitions on the use of such technologies.
Quasi-Constitutional Nature of Privacy Protection
The CAI’s decision highlights the quasi-constitutional nature of privacy protection in Quebec. Privacy laws in Quebec are designed to offer robust protection to individuals, and the CAI has broad powers to enforce these laws. This means that businesses may want to be particularly diligent in their compliance efforts, as the CAI is likely to take a restrictive approach to the use of biometric data and other sensitive personal information.
Next Steps
The CAI’s decision on the grocer’s biometric data project has significant implications for other businesses using biometric technologies. This development is important as it highlights the necessity of strict adherence to privacy laws, especially when handling sensitive biometric data. Specifically, the broad interpretation of “identity” and “verification,” the explicit consent requirement, and the quasi-constitutional nature of privacy protection in Quebec all provide cause for businesses to be diligent in their compliance efforts. Businesses may want to ensure they obtain explicit consent from individuals before collecting and using biometric data. The CAI’s decision on the grocer’s project serves as a critical reminder that privacy protection is taken very seriously in Quebec, and businesses may want to be proactive in ensuring their practices comply with the stringent requirements of the law. Given the CAI’s broad powers and the quasi-constitutional nature of privacy protection in Quebec, businesses can expect more restrictive decisions in the future.

Employment Law Update: New Compensation Limits and Statutory Payment Rates

Under the Employment Rights (Increase of Limits) Order 2025 (the “Employment Order”), there will be changes to the compensation limits that apply to certain awards that Employment Tribunals can make and other amounts payable under employment legislation with effect from 6 April 2025. The Employment Order applies to England, Wales and Scotland.
The new limits will apply where the ‘appropriate date’ for the cause of action occurs on or after 6 April 2025. For example, in the case of unfair dismissal, the rates apply to all dismissals where the effective date of termination falls on or after this date. If the appropriate date (e.g., the date of dismissal) falls before 6 April 2025, the previous limits mentioned below will apply irrespective of the date on which the compensation is awarded. 
Here is a brief overview of the changes which will take effect from 6 April 2025 under the Employment Order:

the maximum compensatory award for unfair dismissal is increasing from £115,115 to £118,223 (the upper limit remains the lower of a year’s salary or the maximum statutory limit of £118,223);
the maximum amount of a ‘week’s pay’ (for the purpose of calculating statutory redundancy payments and the basic award for unfair dismissal) is increasing from £700 to £719;
the limit on the compensatory award for failure to allocate and pay tips fairly is increasing from £5,000 to £5,135;
guarantee daily pay is increasing from £38 to £39; and
the minimum basic award in cases where a dismissal is unfair because of reasons to do with health and safety, working time, employee representative, trade union, or occupational pension trustees is increasing from £8,533 to £8,763.

Additionally, the Social Security Benefits Up-rating Order 2025 (the “Social Security Order”) will increase the rate of payment for a range of statutory leave entitlements, also with effect from 6 April 2025. Most of the statutory benefits will increase by 1.7% from the previous year’s rates, in line with inflation. These changes are part of the UK Government’s reforms seeking to greater support those in financial need.
Here is a brief overview of the changes which will take effect from 6 April 2025 under the Social Security Order:

Statutory sick pay is increasing from £116.75 to £118.75 per week.
The below payments are all increasing from £184.03 to £187.18 per week or 90% of the employee’s average weekly earnings, whichever is lower:

statutory maternity pay (after the first six weeks);
statutory adoption pay (after the first six weeks up to thirty nine weeks);
statutory paternity pay (up to two weeks from the date agreed with the employee);
statutory shared parental pay (up to thirty seven weeks); 
statutory parental bereavement pay (up to two weeks per bereavement); and
maternity allowance (although the payment increase for maternity allowance will only apply from 7 April 2025).

The earnings threshold to be eligible for all the above payments is also increasing slightly from £123 to £125 weekly.

Maya Sterrie, trainee in the Employment Litigation practice, contributed to this article.

China’s National Intellectual Property Administration’s 2025 Work Plan – Crack Down on Abnormal Patent Application and Malicious Trademark Registrations

On March 19, 2025, China’s National Intellectual Property Administration (CNIPA) released their 2025 Work Plan for Administrative Protection of Intellectual Property Rights (2025年知识产权行政保护工作方案). Some highlights include:

continue to crack down on abnormal patent applications and malicious trademark registration and hoarding;
strengthen intellectual property protection in the field of artificial intelligence, and strengthen the publicity and implementation of the “Guidelines for Applications for Artificial Intelligence-Related Invention Patents (Trial);” and
strengthen the construction of the integrity system in the field of intellectual property rights, and strengthen the punishment of dishonesty for trademark and patent infringement, malicious trademark registration, and abnormal patent applications.

A translation follows. The original text is available here (Chinese only). 

This plan is formulated to thoroughly implement the important instructions and instructions of General Secretary Xi Jinping on comprehensively strengthening intellectual property protection, resolutely implement the decisions and arrangements of the Party Central Committee and the State Council, vigorously promote the implementation of the “Outline for Building a Powerful Intellectual Property Country (2021-2035)”, the “14th Five-Year Plan for National Intellectual Property Protection and Utilization”, and the “Opinions on Strengthening Intellectual Property Protection”, further improve the intellectual property protection system, strengthen the protection of the entire intellectual property chain, and help create a first-class market-oriented, law-based, and internationalized business environment.
1. Promote the implementation of laws and regulations. Do a good job in the publicity and implementation of the Patent Law and its implementing rules. Cooperate in the revision of the Trademark Law and the Regulations on the Protection of Integrated Circuit Layout Designs. Do a good job in the implementation of the “Administrative Adjudication and Mediation Measures for Patent Disputes”, “Regulations on Regulating Patent Application Behaviors”, “Regulations on the Registration and Administration of Collective Trademarks and Certification Trademarks” and “Regulations on the Protection of Geographical Indication Products”. Implement the “Regulations on Evidence for Trademark Administrative Enforcement”, “Methods for Calculating Illegal Business Volume in Trademark Infringement Cases”, “Regulations on the Causes of Intellectual Property Cases in the Field of Market Supervision (Trial)” and other law enforcement norms.
2. Improve and optimize the protection system. Promote the implementation of the “Implementation Plan for the Intellectual Property Protection System Construction Project” and strengthen the construction of intellectual property protection policies and standards systems, management systems, social co-governance systems, security governance systems, and support systems. Carry out an evaluation of the implementation of the intellectual property protection construction project in a timely manner. Establish a regular communication mechanism with private and foreign-funded enterprises, listen to opinions and suggestions on intellectual property protection in a timely manner, and respond to corporate demands.
3. Standardize the application and use of patents and trademarks. Continue to crack down on abnormal patent applications and malicious trademark registration and hoarding by improving management systems, launching special actions, guiding industry self-discipline, and strengthening supervision of agencies . Strengthen professional guidance on investigating and punishing illegal use of banned trademarks with deceptive and adverse effects. For those that have already been registered, promptly report to the State Intellectual Property Office for invalidation in accordance with the procedures, and increase follow-up and disposal after the invalidation decision takes effect. Promote the implementation of the “Patent and Trademark Agency Service Government Procurement Demand Standard (Trial)”.
4. Strengthen patent protection. Improve the review and submission mechanism for administrative decisions on major patent infringement disputes, strictly review the facts and evidence that meet the circumstances for filing a case, and standardize the issuance of supporting materials. Promote the standardization of administrative decisions on patent infringement disputes, smooth the acceptance channels, optimize the trial model, increase the intensity of case handling, and highlight the quality and efficiency of handling. Accurately identify the facts of infringement, strictly determine the infringement behavior, and actively carry out quick handling of simple cases and fine handling of complex cases. Encourage all localities to fully rely on professional forces such as technical investigation centers, technical investigation officer expert pools, and intellectual property appraisal institutions to provide technical support for case handling.
5. Strengthen trademark protection. Strengthen timely protection, key protection, and cited protection of well-known trademarks. Encourage local governments to strengthen the protection of well-known trademarks such as Chinese time-honored brands and trademarks related to the inheritance and development of cultural heritage through special governance actions and the establishment of corporate credit evaluation systems, and severely crack down on infringements such as “copying famous brands”. Strengthen supervision and professional guidance on hidden infringements such as infringements using keywords in the Internet field, infringements using registered trademarks in combination, and infringements on others’ prior registered trademarks using design patents.
6. Strengthen the protection of geographical indications. Implement the Implementation Plan for the Unified Recognition System of Geographical Indications, and promote the transformation of original agricultural product geographical indications in an orderly manner. Promote the construction of national geographical indication protection demonstration areas with high quality, and strengthen the supervision of the implementation process of geographical indication protection projects. Promote the implementation and evaluation of the 14th Five-Year Plan for the Protection and Use of Geographical Indications. Encourage all regions to use means such as origin traceability to improve the characteristic quality assurance system of geographical indications and improve the professional geographical indication inspection and testing system. Establish and improve the approval, cancellation and supervision system for the use of special geographical indication marks, and standardize the use of special marks.
7. Strengthen protection of new fields and new formats. Actively cooperate in data intellectual property registration services, organize publicity and promotion, policy interpretation, registration guidance and other work for the public in a timely manner, and guide and encourage the public to actively register. Strengthen intellectual property protection in the field of artificial intelligence, and strengthen the publicity and implementation of the “Guidelines for Applications for Artificial Intelligence-Related Invention Patents (Trial)”. Increase the protection of intellectual property rights in forward-looking strategic emerging industries such as new energy vehicles, lithium batteries, and photovoltaics, improve the working mechanism in combination with industrial and regional characteristics, strengthen the handling of patent administrative rulings and other cases, and provide precise guidance services.
8. Strengthen protection in hot areas of people’s livelihood. Focus on areas related to public interests and the vital interests of the people, such as food and medicine, rehabilitation aids, children’s toys, household appliances, and green and low-carbon technologies, and increase the daily supervision of intellectual property infringement and illegal acts and the guidance of trademark and patent administrative law enforcement. For areas where infringements are frequent in the region, carry out special intellectual property governance in a timely manner. Increase the protection of seed industry intellectual property rights, and strengthen professional guidance on investigating and handling counterfeiting, copying and other infringements.
9. Strengthen the protection of major events and important nodes. Provide good protection for the intellectual property rights of major events such as the 9th Asian Winter Games, the 12th World Games, and the 15th National Games, and crack down on infringements such as counterfeiting of sports souvenirs and cultural and creative products. Strengthen the protection of intellectual property rights of large exhibitions such as the China Import and Export Fair, the China International Import Expo, the China International Fair for Trade in Services, and the China International Consumer Goods Expo, strengthen pre-exhibition inspections, exhibition inspections, and post-exhibition tracking, open up complaint channels, and quickly handle intellectual property disputes. Provide good protection for intellectual property rights during festivals such as May Day, Mid-Autumn Festival, and National Day, strengthen supervision of e-commerce platforms, supermarkets, and professional markets, and prevent the circulation of infringing and counterfeit goods. Carry out risk investigation and special rectification at the time when seasonal geographical indication products are concentrated on the market, and strictly regulate the illegal use of geographical indications without authorization.
10. Strengthen the protection of foreign-related intellectual property rights. Promote the establishment of a working mechanism for the protection of foreign-related intellectual property rights in the region. Improve the service system for the protection of foreign-related intellectual property rights, handle all types of cases fairly and impartially, and protect the legitimate rights and interests of foreign and foreign-invested enterprises equally. Strengthen the construction of local sub-centers for overseas intellectual property dispute response guidance, and focus on strengthening the guidance services for private enterprises to deal with overseas disputes. Improve the overseas risk early warning mechanism, strengthen the early warning monitoring of disputes such as “337 investigations”, cross-border e-commerce litigation, and malicious trademark registration, and improve the timeliness and initiative of serving enterprises. Strengthen coordination and docking with the commerce department, and strictly manage the transfer of technology export intellectual property rights in accordance with the law.
11. Deepen rapid and coordinated protection. Further promote high-quality rapid and coordinated protection of intellectual property rights, strengthen the operation and management of national intellectual property protection centers and rapid rights protection centers, conduct reviews of patent pre-examination record entities and agencies, and strengthen pre-examination quality and public opinion monitoring management. Gather multi-party intellectual property resources, strengthen communication and collaboration between departments, standardize smooth connection procedures, and promote the rapid handling of intellectual property disputes. Encourage national intellectual property protection centers and rapid rights protection centers to provide assistance or technical support for administrative adjudication, administrative mediation, etc. Encourage multi-mode trials of patent reexamination and invalidation cases in national intellectual property protection centers to promote the connection between patent confirmation and administrative adjudication and administrative mediation of infringement disputes. Encourage national intellectual property protection centers to set up workstations in original innovation clusters such as national laboratories and large scientific facilities. Establish an intellectual property public service mechanism in science and technology parks and industrial parks, and support qualified intellectual property public service institutions to carry out information services such as overseas intellectual property rights protection and infringement warning.
12. Strengthen cross-departmental and cross-regional collaboration. Strengthen cooperation and coordination with the people’s courts, procuratorates, and public security organs, establish a long-term liaison mechanism, and promote the unification of administrative and judicial protection standards for intellectual property rights. Deepen cross-regional intellectual property administrative protection collaboration in Beijing-Tianjin-Hebei, the Yangtze River Delta, the Pan-Pearl River Delta, Chengdu-Chongqing, etc., do a solid and detailed job of information sharing, joint evidence collection, mutual recognition of results, etc., strengthen the tracking and handling of transferred clues, strengthen the collaborative protection and effect evaluation of key trademarks and geographical indications, and solve new problems such as “hidden” infringements across regions.
13. Promote social co-governance in dispute resolution. Strengthen administrative mediation work on patent ownership disputes, invention rewards and remuneration disputes, strengthen case handling guidance and linkage, and improve mediation quality and efficiency. Strengthen the professionalization of people’s mediation organizations, strengthen the construction of mediation teams by setting up full-time mediators and establishing expert databases, and enhance the professionalism and credibility of mediation. Promote online litigation and mediation of intellectual property disputes. Strengthen arbitration of intellectual property disputes and expand the use of arbitration channels to resolve intellectual property disputes. Strengthen the construction of the integrity system in the field of intellectual property rights, and strengthen the punishment of dishonesty for trademark and patent infringement, malicious trademark registration, and abnormal patent applications . Give full play to the role of typical cases of multi-party mediation of intellectual property disputes, do a good job in case selection, push, and release, and increase the promotion of experience exchange.
14. Strengthen professional guidance for law enforcement. Strengthen professional guidance for law enforcement in the field of intellectual property rights, and effectively combat all types of infringement and illegal activities. Standardize the case request handling system, and do a good job in case analysis and legal analysis for difficult cases and respond in a timely manner. Strictly implement the written reply filing system of provincial intellectual property management departments. Increase the follow-up and handling of the cases replied, and improve the quality and efficiency of case handling. Do a good job in case file review. Strengthen the selection and submission of guiding cases.
15. Promote smart supervision and protection. Continue to explore the application of new technologies such as the Internet, big data, cloud computing, and blockchain in intellectual property supervision. Promote the use of the national intellectual property protection information platform, support local governments to accelerate the construction of intellectual property public service platforms and independent and controllable thematic databases, and strengthen data sharing and business collaboration. Steadily promote the implementation of the national standards “Intellectual Property Protection Specifications for Commodity Trading Markets” and “Intellectual Property Protection Management for E-commerce Platforms”, and encourage qualified regions to use big data technology to carry out infringement and illegal risk monitoring, and realize real-time monitoring of clues of infringement and illegal behavior on e-commerce platforms.
16. Strengthen publicity and training. Coordinate traditional media and emerging media, make good use of integrated media, and publicize the measures and results of intellectual property protection through multiple channels. Make full use of important opportunities such as the National Intellectual Property Publicity Week to vigorously carry out centralized publicity, publish typical cases and experience practices, and create a good atmosphere for strengthening administrative protection. Strengthen the publicity and training of newly issued policies and regulations such as the “Administrative Adjudication and Mediation Measures for Patent Disputes” and the “Provisions on Evidence for Administrative Enforcement of Trademarks”, actively carry out business training, case discussions, skills competitions and other activities, and enhance the administrative protection capabilities of intellectual property rights at the grassroots level.
17. Strengthen organizational guarantees. All provincial-level intellectual property offices should conscientiously organize and implement, clarify the division of responsibilities, refine work measures, and make targeted improvements and upgrades in accordance with the shortcomings and deficiencies in intellectual property protection in the 2024 central quality, food safety and intellectual property protection assessments. Strengthen supervision and guidance, commend units and personnel who are responsible for their work and have outstanding achievements, criticize those who have frequent infringements and poor protection effects, supervise and improve in a timely manner, report work progress to the National Intellectual Property Office as required, and report important matters in a timely manner.

Australia: APRA Proposes Reforms to Strengthen Governance Standards

The Australian Prudential Regulation Authority (APRA) has proposed reforms to strengthen core prudential standards and guidance on governance, currently set out in SPS 510 Governance, SPS 520 Fit and Proper, and SPS 521 Conflicts of Interest.
The proposals come after APRA chairman, John Lonsdale, witnessed “entities treating compliance with some requirements, as a box-ticking exercise”. Lonsdale also stated that “international best practice on governance has progressed, and we want to ensure that our framework reflects that evolution”.
The proposed reforms include:

Introducing a 10-year tenure limit for non-executive directors at regulated entities;
Extending the current RSE licensee conflict management requirements to banks and insurers;
Strengthening board independence, particularly for entities which are part of a larger group structure;
Clarifying expectations around the roles of boards, the chair and senior management;
Lifting requirements for boards to ensure they have appropriate skills and capabilities to deliver an entity’s strategy;
Raising minimum standards for the fitness and propriety of responsible persons of regulated entities;
Requiring significant financial institutions to have separate audit and risk committees; and 
Engaging a third-party performance assessment of the board, committees and individual directors at least every three years.

What’s Next?
APRA has confirmed the changes would be applied proportionately, with less complex institutions facing lower compliance expectations. APRA also aims to lift standards without adding undue cost burden, with Lonsdale stating that “most proposals will involve little change for entities with mature governance practices”.
Over the next three months, the industry will have the opportunity to comment on APRA’s proposals, with submissions required by 6 June 2025. The regulator intends to release updated prudential standards and guidance for formal consultation in early 2026, with the revised framework scheduled to come into force in 2028.
While noting that APRA’s Discussion Paper discloses APRA’s preliminary views, we suggest Australian banks, insurers, and superannuation trustees should review their current governance framework in anticipation of the direction of the regulator’s future expectations.

FBI Warns of Hidden Threats in Remote Hiring: Are North Korean Hackers Your Newest Employees?

The Federal Bureau of Investigation (FBI) recently warned employers of increasing security risks from North Korean workers infiltrating U.S. companies by obtaining remote jobs to steal proprietary information and extort money to fund activities of the North Korean government. Companies that rely on remote hires face a tricky balancing act between rigorous job applicant vetting procedures and ensuring that new processes are compliant with state and federal laws governing automated decisionmaking and background checks or consumer reports.
Quick Hits

The FBI issued guidance regarding the growing threat from North Korean IT workers infiltrating U.S. companies to steal sensitive data and extort money, urging employers to enhance their cybersecurity measures and monitoring practices.
The FBI advised U.S. companies to improve their remote hiring procedures by implementing stringent identity verification techniques and educating HR staff on the risks posed by potential malicious actors, including the use of AI to disguise identities.

Imagine discovering your company’s proprietary data posted publicly online, leaked not through a sophisticated hack but through a seemingly legitimate remote employee hired through routine practices. This scenario reflects real threats highlighted in a series of recent FBI alerts: North Korean operatives posing as remote employees at U.S. companies to steal confidential data and disrupt business operations.
On January 23, 2025, the FBI issued another alert updating previous guidance to warn employers of “increasingly malicious activity” from the Democratic People’s Republic of Korea, or North Korea, including “data extortion.” The FBI said North Korean information technology (IT) workers have been “leveraging unlawful access to company networks to exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime.”
Specifically, the FBI warned that “[a]fter being discovered on company networks, North Korean IT workers” have extorted companies, holding their stolen proprietary data and code for ransom and have, in some cases, released such information publicly. Some workers have opened user accounts on code repositories, representing what the FBI described as “a large-scale risk of theft of company code.” Additionally, the FBI warned such workers “could attempt to harvest sensitive company credentials and session cookies to initiate work sessions from non-company devices and for further compromise opportunities.”
The alert came the same day the U.S. Department of Justice (DOJ) announced indictments against two North Korean nationals and two U.S. nationals alleging they engaged in a “fraudulent scheme” to obtain remote work and generate revenue for the North Korean government, including to fund its weapons programs.
“FBI investigation has uncovered a years-long plot to install North Korean IT workers as remote employees to generate revenue for the DPRK regime and evade sanctions,” Assistant Director Bryan Vorndran of the FBI’s Cyber Division said in a statement. “The indictments … should highlight to all American companies the risk posed by the North Korean government.”
Data Monitoring
The FBI recommended that companies take steps to improve their data monitoring, including:

“Practice the Principle of Least Privilege” on company networks.
“Monitor and investigate unusual network traffic,” including remote connections and remote desktops.
“Monitor network logs and browser session activity to identify data exfiltration.”
“Monitor endpoints for the use of software that allows for multiple audio/video calls to take place concurrently.”

Remote Hiring Processes
The FBI further recommended that employers strengthen their remote hiring processes to identify and screen potential bad actors. The recommendations come amid reports that North Korean IT workers have used strategies to defraud companies in hiring, including stealing the identities of U.S. individuals, hiring U.S. individuals to stand in for the North Korean IT workers, or using artificial intelligence (AI) or other technologies to disguise their identities. These techniques include “using artificial intelligence and face-swapping technology during video job interviews to obfuscate their true identities.”
The FBI recommended employers:

implement processes to verify identities during interviews, onboarding, and subsequent employment of remote workers;
educate human resources (HR) staff and other hiring managers on the threats of North Korean IT workers;
review job applicants’ email accounts and phone numbers for duplicate contact information among different applicants;
verify third-party staffing firms and those firms’ hiring practices;
ask “soft” interview questions about specific details of applicants’ locations and backgrounds;
watch for typos and unusual nomenclature in resumes; and
complete the hiring and onboarding process in person as much as possible.

Legal Considerations
New vendors have entered the marketplace offering tools purportedly seeking to solve such remote hiring problems; however, companies may want to consider the legal pitfalls—and associated liability—that these processes may entail. These considerations include, but are not limited to:

Fair Credit Reporting Act (FCRA) Implications: If a third-party vendor evaluates candidates based on personal data (e.g., scraping public records or credit history), it may be considered a “consumer report.” The Consumer Financial Protection Bureau (CFPB) issued guidance in September 2024 taking that position as well, and to date, that guidance does not appear to have been rolled back.
Antidiscrimination Laws: These processes, especially as they might pertain to increased scrutiny or outright exclusion of specific demographics or countries, could disproportionately screen out protected groups in violation of Title VII of the Civil Rights Act of 1964 (e.g., causing disparate impact based on race, sex, etc.), even if unintentional. This risk exists regardless of whether the processes involve automated or manual decisionmaking; employers may be held liable for biased outcomes from AI just as if human decisions caused them—using a third-party vendor’s tool is not a defense.
Privacy Laws: Depending on the jurisdiction, companies’ vetting processes may implicate transparency requirements under data privacy laws, such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) in the European Economic Area (EEA), when using third-party sources for candidate screening. Both laws require clear disclosure to applicants about the types of personal information collected, including information obtained from external background check providers, and how this information will be used and shared.
Automated Decisionmaking Laws: In the absence of overarching U.S. federal legislation, states are increasingly filling in the gap with laws regarding automated decisionmaking tools, covering everything from bias audits to notice, opt-out rights, and appeal rights. If a candidate is located in a foreign jurisdiction, such as in the EEA, the use of automated decisionmaking tools could trigger requirements under both the GDPR and the recently enacted EU Artificial Intelligence Act.

It is becoming increasingly clear that multinational employers cannot adopt a one-size-fits-all vetting algorithm. Instead, companies may need to calibrate their hiring tools to comply with the strictest applicable laws or implement region-specific processes. For instance, if a candidate is in the EEA, GDPR and EU AI Act requirements (among others) apply to the candidate’s data even if the company is U.S.-based, which may necessitate, at a minimum, turning off purely automated rejection features for EU applicants and maintaining separate workflows and/or consent forms depending on the candidate’s jurisdiction.
Next Steps
The FBI’s warning about North Korean IT workers infiltrating U.S. companies is the latest involving security risks from foreign governments and foreign actors to companies’ confidential data and proprietary information. Earlier this year, the U.S. Department of Homeland Security published new security requirements restricting access to certain transactions by individuals or entities operating in six “countries of concern,” including North Korea.
Employers, particularly those hiring remote IT workers, may want to review their hiring practices, identity-verification processes, and data monitoring, considering the FBI’s warnings and recommendations. Understanding and addressing these risks is increasingly vital, especially as remote hiring continues to expand across industries.

Forward Movement Seen in April 2025 Visa Bulletin

The Visa Bulletin for April 2025 shows continued forward movement in the final action dates for all EB-2 and EB-3 categories. The bulletin also remains consistent in the EB-1 categories with slight forward movement for EB-1 India.

Quick Hits

The April 2025 final action dates in the EB-1 categories are unchanged for all countries except India, which has moved ahead by two weeks.
The April 2025 final action dates in the EB-2 and EB-3 categories for all countries have moved forward.
USCIS has confirmed it will accept adjustment of status applications based on the final action dates chart in April 2025.

Source: US Department of State, April 2025 Visa Bulletin
The final action dates chart in the April 2025 Visa Bulletin continues to move forward for most employment-based categories.
EB-1

EB-1 China remains at November 8, 2022.
EB-1 India has advanced two weeks from February 1, 2022, to February 15, 2022.
All other countries remain “current,” meaning adjustments of status for all priority dates in this category will be accepted by U.S. Citizenship and Immigration Services (USCIS).

EB-2

EB-2 China will advance by almost five months from May 8, 2020, to October 1, 2020.
EB-2 India will advance by one month from December 1, 2012, to January 1, 2013.
All other countries will advance by more than five weeks from May 15, 2023, to June 22, 2023.

EB-3

EB-3 China will advance by three months from August 1, 2020, to November 1, 2020.
EB-3 India will advance by two months from February 1, 2013, to April 1, 2013.
All other countries will advance by one month from December 1, 2022, to January 1, 2023.

Next Steps
Starting April 1, 2025, individuals whose priority dates are earlier than the listed final action dates can file Form I-485, “Application to Register Permanent Residence or Adjust Status.”

UK Home Office Announces New Visa and Sponsorship Fees Effective April 2025

On 19 March, the UK Home Office announced increases to visa and sponsorship fees to take effect from 9 April. There are increases for most fees listed which will impact almost everyone including Skilled Worker visa holders, sponsors, and those applying for settlement and citizenship. The increases range from as little as £8.50 (which leads one to wonder why bother, frankly? – the admin attached to that change must surely swallow all or most of the increased revenues) to a staggering £286. We have summarised the key changes in this post.

Certificate of Sponsorship (CoS) fees for Skilled Workers, Global Business Mobility – Senior or Specialist Workers, Ministers of Religion and International Sportsperson (over 12 months) will see the biggest increase with costs rising from £239 to £525.
Skilled Worker applications for up to three years (outside the UK):

Previously: £719
New fee: £769

Skilled Worker applications for up to five years (outside the UK):

Previously: £1,420
New fee: £1,519

Skilled Worker applications for up to three years (inside the UK):

Previously: £827
New fee: £885

Skilled Worker applications for up to five years (inside the UK):

Previously: £1,636
New fee: £1,751

Skilled Worker roles on the Immigration Salary List (formerly Shortage Occupation List) will see increases of £39-£76 depending on the length of the visa.
Sponsor Licence fees for medium or large sponsors will increase by £103 from £1,476 to £1,579
Indefinite Leave to Remain (Settlement) will increase from £2,885 to £3,029
Naturalisation (British Citizenship) will jump from £1,500 to £1,605.
The smallest increase of £8.50, which doesn’t relate specifically to sponsorship, will be applied to a Convention Travel Document for a child, increasing the cost from £53 to £61.50.

Interestingly, premium services such as priority processing fees will largely remain unchanged even though one might have thought that that would be an easier sell.
These increases mean higher costs for businesses sponsoring workers and greater financial burdens for migrants settling in the UK. Employers should factor these changes into their recruitment budgets, particularly as the government continues to tighten immigration rules and intensify scrutiny on sponsor compliance.
For full details on the new fee structure, visit the official Home Office website: UK Visa and Immigration Fees – April 2025.

ADGM Courts and Dubai Courts Sign Memorandum on Reciprocal Enforcement of Judgments

On 14 January 2025, the Abu Dhabi Global Market (ADGM) Courts and onshore Dubai Courts signed a memorandum of understanding (MoU) for the reciprocal enforcement of judgments. The MoU, which is publicly available, took effect the day it was signed and the mechanism it sets forth is available for parties seeking to utilize its reciprocal enforcement mechanisms.
The MoU, which follows approximately seven years after a similar MoU was signed between the ADGM Courts and the onshore Abu Dhabi Courts in February 2018, is designed to facilitate judicial cooperation between the ADGM and Dubai relating to mutually enforceable judgments.
Prior to the enactment of the MoU, parties seeking to enforce an ADGM Courts judgment in Dubai had to either go through the onshore Abu Dhabi Courts and then seek to rely on Federal Law No. 10 of 2019 (known as the Judicial Relations Law), which provides for reciprocal judgment enforcement between the onshore courts of the seven emirates, or seek recognition and enforcement directly in Dubai without the benefit of a streamlined process.
Highlights of the MoU

Extends to various executory instruments: The MoU applies to “judgments.” However, it defines the term to include all final judgments, decisions, orders, ratified or recognized arbitral awards, certified memoranda of composition, as well as any other paper that is defined as a judgment or executory instrument by law. 
No re-examination of judgments: The MoU makes clear that the court requested to enforce the judgment will not re-examine judgments on their merits. 
Framework for reciprocal enforcement: The MoU sets out a clear framework for enforcement, either by direct application or deputization.

Enforcement Under the MoU
A party can either enforce a judgment by direct application or deputization.
Enforcement of ADGM Courts Judgments in Onshore Dubai
As a first step, parties must apply to the ADGM Courts for a certified copy of the judgment, enclosing an Arabic translation. The ADGM Courts will then affix an executory formula on the judgment. For the direct application procedure, the judgment creditor must apply directly to the onshore Dubai Courts’ enforcement division, submitting a certified copy of the judgment translated into Arabic and affixed with the executory formula.
If seeking enforcement through deputization, the judgment creditor must first file an application. The ADGM Courts enforcement judge will then deputize an enforcement judge of the onshore Dubai Courts to enforce the judgment by providing the court with a letter enclosing, among other materials, an order indicating the enforcement measures or actions to be taken.
Enforcement of Dubai Courts Judgments in the ADGM
A similar process applies to enforcing onshore Dubai Courts judgments in the ADGM, save that such judgments must be translated from Arabic into English.
Conclusion
The process outlined in the MoU seeks to align judicial processes across the UAE. It signals a commitment to enhancing justice, transparency, and efficiency within the UAE’s diverse legal systems, while also aiming to integrate the nation’s common law and civil law courts.
Chady Deeb also contributed to this article. 

Interpretation and Application of EU Taxonomy Delegated Acts

Open Questions Regarding the Taxonomy Regulation
While the legislative file of the EU Taxonomy Regulation has been reopened with some proposed amendments by the Commission in its recently released Omnibus Sustainability Package, and a notice providing useful guidance to companies subject to the EU Taxonomy.
Following scrutiny by the European Parliament and the Council, the Taxonomy Environmental Delegated Act, the amendments to the Taxonomy Disclosures Delegated Act and to the Taxonomy Climate Delegated Act were published in the Official Journal on 21 November 2023 and these came into force on 1 January 2024.
The EU Commission released a Commission Notice on the interpretation and application of specific EU law provisions on 5 March 2025. Notably, the notice contains technical clarifications responding to frequently asked questions (FAQs) on the Technical Screening Criteria set out in the Taxonomy Climate Delegated Act (as amended) and the Taxonomy Environmental Delegated Act, as well as on the disclosure obligations for the non-climate environmental objectives laid down in the Taxonomy Disclosures Delegated Act.
The aim of the notice is to help stakeholders comply with the regulatory requirements in a cost-effective way and to ensure that the reported information is comparable and useful also in scaling up sustainable finance. Thereby, the EU Commission attempts to assist businesses in putting the law into practice by answering 155 questions that cover both the interpretation of the law and the justification of its provisions.  
Key Topics of the Notice
The EU Commission specifically addresses inquiries about the following topics:

Mitigation and adaptation to climate change
Water and marine resources
Circular economy transition
Pollution prevention and control
Biodiversity and ecosystems
Generic Do No Significant Harm (DNSH) criteria

The questions in Section IX regarding the Taxonomy Disclosures Delegated Act reporting requirements are especially pertinent to the financial industry, with specific information given on the following subjects:

Timeframe for reporting on Taxonomy eligibility and alignment of economic activities
Modified reporting templates included in the Taxonomy Environmental Delegated Act
CapEx and OpEx reporting scope
Terminology interpretation

The Omnibus Simplification Package
The Commission has prior presented on 26 February 2025 its Omnibus Simplification Package, which aims to create a consolidated sustainability framework, and simplify overlapping EU reporting and due diligence requirements. The omnibus package also proposes several changes to the Taxonomy framework. For companies within the proposed amended CSRD scope (that is, large companies with more than 1,000 employees and a net turnover up to EUR 450 million), the proposal envisages voluntary taxonomy reporting, reducing the number of companies obliged to report their taxonomy alignment. Companies that partially meet EU taxonomy requirements can voluntarily report their progress. The notice published by the Commission on 5 March remains fully relevant in that context.

European Commission Proposes to Extend UK Adequacy Decisions

On March 18, 2025, the European Commission proposed to adopt an extension of the two adequacy decisions with the UK for a period of six months. The adequacy decisions permit the transfer of data subject to the EU General Data Protection Regulation and to the EU Law Enforcement Directive to the UK without restriction. The adequacy decisions were each granted for a period of four years, expiring on June 27, 2025, unless extended. The extensions have been proposed to allow the UK time to finalize the legislative process regarding the draft Data (Use and Access) Bill. Once finalized, the European Commission will assess whether the UK continues to provide an adequate level of protection for personal data under the new regime. If that assessment is positive, the European Commission will propose to renew the UK adequacy decisions.
The draft extension decisions will now be transmitted to the European Data Protection Board for its opinion, as part of the adoption procedure. Once approved, the extension will be valid until December 27, 2025.

RFK Jr. Pushes to Ban Synthetic Dyes in Food

On March 10, 2025, the Secretary of the Department of Health and Human Services (HHS), Robert F. Kennedy Jr., met with executives at major companies across the food and beverage industry, including PepsiCo, General Mills, and others.  He informed industry leaders that eliminating artificial dyes is going to be a top priority for the Secretary.  Kennedy also expressed his desire to collaborate with industry but made it clear that he intends to act unless the industry proactively offers solutions. 
The movement to ban synthetic dyes has recently gained momentum, with California and FDA banning FD&C Red No. 3 as we previously blogged, as well and several states moving to ban foods that contain artificial dyes from school lunches.  
The public discussion regarding food colors has grossly misstated differences in the regulation of synthetic dyes in food, with critiques often pointing to the EU or Canadian markets as examples of regions that are more restrictive with food color regulation.
However – there are current 15 synthetic dyes approved in the European Union, 10 in Canada, and only 9 approved in the U.S.
Additionally, all food colors in the U.S. must submit a Color Additive Petition to FDA.  
While the EU and Canada have premarket requirements for many food colors, naturally derived concentrates and extracts in many cases are exempt from mandatory pre-market review in Canada.  
In the EU, ingredients that are derived from edible sources and are used because of their coloring properties are defined as “coloring foods,” which are not subject to a European Food Safety Authority (EFSA) evaluation prior to use and are not assigned an E number.
Keller and Heckman will continue to monitor the development of the new administration’s policy priorities and actions related to synthetic dyes and other food additives.

February 2025 ESG Policy Update — Australia

Australian Update
ASIC’s Key Issues Outlook for 2025
On 24 January 2025, the Australian Securities and Investments Commission (ASIC) released its key issues outlook for 2025 which provides insights for Australian businesses and consumers on the most significant current, ongoing and emerging issues within ASIC’s regulatory remit.
ASIC emphasised its desire to be a proactive regulator, ensuring a safe environment for Australian businesses and markets whilst safeguarding consumers. ASIC noted that key factors influencing its perspective on the issues facing Australia’s financial system included:

Increased market volatility;
Geopolitical changes;
The global accumulation of debt to drive growth;
Perceived and real inequality of wealth;
Shifts in the way capital is invested; and
Advances in artificial intelligence, data and cyber risk.

Among other issues, ASIC identified poor quality climate-related disclosures as leading to misinformed investment decisions. ASIC noted that informed decision making by investors is facilitated by the provision of high quality, consistent and comparable information regarding a reporting entities’ climate related risks and opportunities.
Furthermore, ASIC emphasised the importance of reporting entities having appropriate governance and reporting processes to comply with new mandatory climate reporting obligations introduced as part of the Treasury Laws Amendment (Financial Market Infrastructure and Other Measures) Bill 2024 (Cth), which took effect on 1 January 2025. Please refer to our earlier summary of the regime here.
ASIC also noted it will continue to scrutinise disclosures which misrepresent the green credentials of a financial product or investment strategies. Please refer to our summary of ASIC’s guidelines to prevent greenwashing here.
AU$2 Billion Investment in Clean Energy Finance Corporation
On 23 January 2025, the Australian Government announced it is providing an additional AU$2 billion to the Clean Energy Finance Corporation (CEFC). This is Australia’s specialist investor in the nation’s transition to net zero emissions.
The investment aims to enable the CEFC to support Australian households, workers and businesses who are making the shift to renewable energy by offering significant savings.
The investment aims to also help deliver reliable, renewable, cost-saving technologies to the Australian community by generating an expected AU$6 billion in private investment. It is anticipated that this will come from global and local organisations looking to capitalise on the nation’s future renewable energy plan.
This follows the CEFC’s announcement on 16 January 2025 that it had invested AU$100 million in a build-to-rent strategy to facilitate the design and delivery of affordable, sustainable and high-quality homes. These homes will harness the benefits of clean energy technologies, by aiming to be highly efficient, fully electric and powered by renewable energy.
Since its establishment in 2012, the CEFC has played a key role in helping Australia strive towards its emissions reduction targets. In 2024, the CEFC invested over AU$4 billion in local projects which the Australian Government claims unlocked around AU$12 billion in private investment and supported over 4,000 Australian jobs.
Superannuation CEO Roundtables Emphasise Importance of Consistent Climate Risk Disclosures
The Australian Prudential Regulation Authority (APRA) and ASIC recently hosted two Superannuation CEO Roundtables in November and December of 2024, attended by 14 chief executive officers (CEOs) and other executives from a cross-section of superannuation funds. Climate and nature risks were the key focus of discussions, given the recent legislation mandating climate-related financial disclosures and the introduction of the Australian Sustainability Reporting Standards.
The CEOs collectively acknowledged the importance of consistent climate risk disclosure whilst emphasising the need for clear and practical guidance from regulators and calling for standardised metrics, methods and scenarios to ensure comparability across the industry. The CEOs also outlined the current challenge of aligning different reporting standards across jurisdictions. The host regulatory bodies recognised the value of consistency with international standards of climate risk reporting. They noted that appropriate alignment can avoid duplication of efforts, ensure Australian superannuation funds remain in line with global best practices and provide for effective disclosures for members through which informed investment decisions may be made. In turn, discussions further touched on the impact of climate risk on investment strategies and the selection of investment managers and custodians, highlighting the impact on investment decision-making by participants across the industry.
The discussion also covered nature risk, with APRA interested in understanding how superannuation trustees are addressing nature risk given it is a topic of growing importance. It was acknowledged this was a topic that should continue to be explored.
Participants also discussed the role of industry bodies, and all agreed these bodies can play a crucial role in supporting trustees navigate the complexities of the data. ASIC and APRA expressed their commitment to support the superannuation industry and collaborate with industry bodies to drive consistent and accurate disclosures, effective communication with members and alignment with global standards.
Australian Government Announces Green Iron Investment Fund
On 20 February 2025, the Australian Government announced an AU$1 billion Green Iron Investment Fund to support green iron manufacturing and its supply chains by assisting early mover green iron projects and encouraging private investment at scale. “Green iron” refers to iron products made using renewable energy.
Australia is the world’s largest iron ore producer, earning over AU$100 billion in export income in the 2023-24 financial year. The iron and steel industry supports more than 100,000 jobs within Australia.
An initial AU$500 million of the Green Iron Investment Fund will be used to support the Whyalla Steelworks (Whyalla) after the Premier of South Australia, Peter Malinauskas, placed Whyalla into administration on 19 February 2025. The funding is proposed to transform Whyalla into a hub for green iron and steel.
Whyalla is considered strategically important for Australia due to its manufacturing capacity, highly skilled workforce, and access to a deep-water port, high-grade magnetite ore reserves and renewable energy sources.
The remaining AU$500 million will be available for nationwide green iron projects, targeting both existing facilities and new developments. Several companies within the industry are already exploring low-carbon iron production from the Pilbara ores in Western Australia.
The Green Iron Investment Fund is the latest initiative from the Australian Government aimed at bolstering Australia’s green metals sector. Existing initiatives include:

An AU$2 billion investment in Australian-made aluminium;
Passing legislation to deliver Production Tax Credits  for hydrogen and critical minerals;
Investing in major critical minerals and rare earth projects through the Critical Minerals Facility;
An AU$3.4 billion investment in Geoscience Australia to accelerate the discovery of resources; and
Funding Hydrogen Headstart to support Australia’s hydrogen and clean energy industries.

View From Abroad
CFOs Expect Higher Returns from Sustainability Initiatives than Traditional Investments
A new report from Kearney, ‘Staying the Course: Chief Financial Officers and the Green Transition’ (Report), released on 17 February 2025, reveals that chief financial officers (CFOs) across the world are prioritising sustainability investments.
Despite recent speculation that investments in the green economy would face a slowdown, this Report clearly indicates that out of more than the 500 CFO respondents across several jurisdictions, including the United Kingdom, United States, United Arab Emirates, and India, 92% noted their intention to increase current investments in sustainability. This Report also found that of all the CFOs surveyed:

69% expected a higher return from sustainability initiatives than from traditional investments;
93% saw a clear business case for investing in sustainability; and 
61% saw sustainability investments primarily as a cost decision rather than as something that creates value.

This commitment to increasing climate investments indicates that sustainability investment is not viewed as merely an arm of corporate social responsibility but is also seen as an integral means to maximise efficiencies and returns, take advantage of market opportunities and navigate rapidly evolving regulatory landscapes.
Decision to Scrap DEI Policies May Be Indicative of a Broader Trend
The recent omission of diversity, equity, and inclusion (DEI) commitments from numerous listed companies in their annual filing with the US Securities and Exchange Commission may be a harbinger of a broader global trend which could have repercussions for Australia’s environmental, social and governance (ESG) investment landscape.
Many of Australia’s largest funds currently hold significant capital under management which is invested based on ethical criteria.
DEI policies are integral to a company’s ESG rating, as determined by third-party analytics firms, particularly through the lens of social responsibility practices. By demonstrating a commitment to DEI, companies not only fulfil ethical obligations but also align with investor expectations for responsible corporate behaviour, thereby positively influencing their ESG rating. Contrastingly, deprioritising DEI commitments may result in reduced investor demand and potential exclusion from ESG-focused indices.
In the weeks since President Donald Trump signed executive orders to remove DEI hiring initiatives in the US government and its federal contractors, several US companies have begun withdrawing from similar commitments, potentially signalling a broader global trend that other companies might follow. Companies who withdraw from DEI-related commitments may face the possibility of a decrease in their ESG ratings. Broader market consequences include potentially increased volatility in the ESG indices and long-term negative impacts on corporate performance and investor confidence in sustainable economic growth.
Funds with active ESG investment strategies will need to monitor this trend to ensure that their investment portfolios maintain any positive or negative screens and that any ESG disclosures are not misleading or deceptive. ASIC has shown through its recent enforcement activity targeting greenwashing that it will pursue fund managers who do not have appropriate measures in place to ensure the effectiveness of its ESG-related representations.
Nathan Bodlovich, Cathy Ma, Daniel Shlager, and Bernard Sia also contributed to this article.
The authors would like to thank graduates Daniel Nastasi, Katie Richards, Natalia Tan and clerk Juliette Petro for their contributions to this alert.