Regulation Round Up: January 2025

Welcome to the Regulation Round Up, a regular bulletin highlighting the latest developments in UK and EU financial services regulation.
Key developments in January 2025:
31 January
UK Listing Rules: The FCA published a consultation paper (CP25/2) on further changes to the public offers and admissions to trading regime and to the UK Listing Rules.
Cryptoassets: The European Securities and Markets Authority (“ESMA”) published a supervisory briefing on best practices relating to the authorisation of cryptoasset service providers under the Regulation on markets in cryptoassets ((EU) 2023/1114) (“MiCA”).
FCA Handbook: The Financial Conduct Authority (“FCA”) published Handbook Notice 126, which sets out changes to the FCA Handbook made by the FCA board on 30 January 2025.
Public Offer Platforms: The FCA published a consultation paper on further proposals for firms operating public offer platforms (CP25/3).
30 January
FCA Regulation Round-Up: The FCA published its regulation round-up for January 2025, which covers, among other things, the launch of “My FCA” in spring 2025 and changes to FCA data collection.
29 January
EU Competitiveness: The European Commission published a communication on a Competitiveness Compass for the EU (COM(2025) 30). Please refer to our dedicated article on this topic here.
EMIR 3: ESMA published a speech given by Klaus Löber, Chair of the ESMA CCP Supervisory Committee, that sets out ESMA’s approach to the mandates assigned to it by Regulation (EU) 2024/2987 (“EMIR 3”).
28 January
EMIR 3: The European Systemic Risk Board published its response to ESMA’s consultation paper on the conditions of the active account requirement under EMIR 3.
ESG: The FCA published its adaptation report, which provides an overview of the climate change adaptation challenges faced by financial services firms.
27 January
Artificial Intelligence: The Global Financial Innovation Network published a report setting out key insights on the use of consumer-facing AI in global financial services and the implications for global financial innovation.
DORA: The Joint Committee of the European Supervisory Authorities (“ESAs”) published the terms of reference for the EU-SCICF Forum established under the Regulation on digital operational resilience for the financial sector ((EU) 2022/2554) (“DORA”).
24 January
Cryptoassets: ESMA published an opinion on draft regulatory technical standards specifying certain requirements in relation to conflicts of interest for cryptoasset service providers under MiCA.
MiFIR: The European Commission adopted a Delegated Regulation (C(2025) 417 final) (here) supplementing the Markets in Financial Instruments Regulation (600/2014) (“MiFIR”) as regards OTC derivatives identifying reference data to be used for the purposes of the transparency requirements laid down in Articles 8a(2), 10 and 21.
ESG: The EU Platform on Sustainable Finance published a report providing advice to the European Commission on the development and assessment of corporate transition plans.
23 January
Financial Stability Board: The Financial Stability Board published its work programme for 2025.
20 January
Motor Finance: The FCA published its proposed summary grounds of intervention in support of its application under Rule 26 of the Supreme Court Rules 2009 to intervene in the Supreme Court motor finance appeals.
Motor Finance: The FCA published its response to a letter from the House of Lords Financial Services Regulation Committee relating to the Court of Appeal judgment on motor finance commissions.
Cryptoassets: ESMA published a statement on the provision of certain cryptoasset services in relation to asset-referenced tokens and electronic money tokens that are non-compliant under MiCA.
17 January
DORA: The ESAs published a joint report (JC 2024 108) on the feasibility of further centralisation of reporting of major ICT-related incidents by financial entities, as required by Article 21 of DORA.
Basel 3.1: The Prudential Regulation Authority published a press release announcing that, in consultation with HM Treasury, it delayed the UK implementation of the Basel 3.1 reforms to 1 January 2027.
16 January
Cryptoassets: The European Banking Authority and ESMA published a joint report (EBA/Rep/2025/01 / ESMA75-453128700-1391) on recent developments in cryptoassets under MiCA.
14 January
FMSB’s Workplan: The Financial Markets Standards Board (“FMSB”) published its workplan for 2025.
FSMA: The Financial Services and Markets Act 2000 (Designated Activities) (Supervision and Enforcement) Regulations 2025 (SI 2025/22) were published, together with an explanatory memorandum. The amendments allow the FCA to supervise, investigate and enforce the requirements of the designated activities regime.
Sanctions: HM Treasury and the Office of Financial Sanctions Implementation published a memorandum of understanding with the US Office of Foreign Assets Control.
13 January
BMR: The European Parliament published the provisionally agreed text (PE767.863v01-00) of the proposed Regulation amending the Benchmarks Regulation ((EU) 2016/1011) (“BMR”) as regards the scope of the rules for benchmarks, the use in the Union of benchmarks provided by an administrator located in a third country and certain reporting requirements (2023/0379(COD)).
10 January
Artificial Intelligence: The UK Government published its response to the House of Commons Science, Innovation and Technology Committee report on the governance of AI.
9 January
Collective Investment Schemes: The Financial Services and Markets Act 2000 (Collective Investment Schemes) (Amendment) Order 2025 (SI 2025/17) was published, together with an explanatory memorandum. The amendments clarify that arrangements for qualifying cryptoasset staking do not amount to a collective investment scheme.
8 January
EU Taxonomy: The EU Platform on Sustainable Finance published a draft report and a call for feedback on activities and technical screening criteria to be updated or included in the EU taxonomy. Please refer to our dedicated article on this topic here.
3 January
Consolidate Tape: ESMA published a press release launching the first selection for the consolidated tape provider for bonds.
 
Sulaiman Malik & Michael Singh contributed to this article.

D.C. Circuit Vacates PHMSA’s LNG-by-Rail Rule

On 17 January 2025, the D.C. Circuit Court of Appeals vacated a 2020 Pipeline and Hazardous Materials Safety Administration (PHMSA) rule—the “Hazardous Materials: Liquefied Natural Gas by Rail Rule” (the LNG-by-Rail Rule)—that allowed for the transportation of liquefied natural gas (LNG) on rail cars.1 The LNG-by-Rail Rule was challenged by a collection of environmental organizations, state governments, and tribal governments for failing to adequately consider the environmental impact of allowing LNG transport by rail. The decision to limit the domestic transportation of LNG conflicts with President Trump’s “American Energy Dominance” agenda and the stated intentions of the nominee for secretary of energy to expand US LNG infrastructure.2 In light of the D.C. Circuit vacating a PHMSA natural gas pipeline safety rule in August 2024 and the published-but-paused 17 January 2025 PHMSA final rule on pipeline methane emission detection requirements, this decision adds yet another element of regulatory uncertainty for domestic natural gas transportation as the second Trump administration prepares to implement its energy agenda.3
History of the LNG-by-Rail Rule 
The LNG-by-Rail Rule was first promulgated by PHMSA during the Trump administration in October 2019 and permitted LNG to be transported subject to specific rail car tank requirements and operational controls.4 PHMSA determined that the LNG-by-Rail Rule would not trigger the preparation of an environmental impact statement (EIS) pursuant to the National Environmental Policy Act (NEPA).5 The final rule was published in July 2020 but was promptly suspended in 2021 by President Biden in a series of executive actions that reconsidered various Trump administration rules and actions that were deemed inconsistent with the Biden administration’s climate policies.6 PHMSA implemented the suspension before LNG transport by rail could occur, and directed that the suspension would last until 30 June 2025 or until PHMSA completed rulemaking amending the LNG-by-Rail Rule, whichever occurred first.7
Despite the suspension of the LNG-by-Rail Rule, the Biden administration continued to defend the LNG-by-Rail Rule against challenges from environmental groups, state governments, and tribal governments.8 During oral argument, the federal government claimed that it had no intention of modifying the LNG-by-Rail Rule—meaning that the suspension would lift in 2025 and the LNG-by-Rail Rule would retake effect. Petitioners challenged, among other issues, PHMSA’s decision to forgo the preparation of an EIS as arbitrary and capricious. The D.C. Circuit agreed, vacating the LNG-by-Rail Rule and remanding to PHMSA for further proceedings.9
Summary of the LNG-by-Rail Rule 
In October 2019, PHMSA issued the Notice of Proposed Rulemaking in consultation with the Federal Railroad Administration after the Association of American Railroads (AAR) petitioned for a review of existing regulation concerning the transportation of LNG by rail.10 In its petition, the AAR cited the commercial interest in shipping LNG by rail, specifically from Pennsylvania to New England and between the US-Mexico border.11 The AAR noted that shipment by rail was “undeniably safer” that over-the-road transportation of LNG and compared LNG to the other, similar cryogenic liquids that PHMSA permits to be transported by rail.12 The petition specifically suggested that the DOT-113C120W (DOT-113) rail car be used for the shipment of LNG.13 
Nine months later, PHMSA published the final rule authorizing the transportation of LNG by rail in DOT-113 tank cars.14 DOT-113 cars are designed to carry cryogenic liquids and have “numerous safety features that reduce the risk of an explosion or the release of cargo.”15 DOT-113 rail cars have typically been used to transport refrigerated ethylene and argon, and PHMSA required a number of safety and operational updates for DOT-113 cars used for transporting LNG.16 First, The LNG-by-Rail Rule required several physical updates to tank cars transporting LNG, including increased tank thickness, improved steel quality, the installation of remote monitoring devices, and advanced braking technology.17 Second, the LNG-by-Rail Rule increased the maximum filling density of each tank to reduce the number of rail cars needed for LNG transport and required railroads to adopt routing safety requirements for analyzing LNG transportation routes.18 Notably, the LNG-by-Rail rule did not include speed limits or tank car-per-train limits for trains transporting LNG. 
PHMSA published an Environmental Assessment (EA) that “touted the demonstrated safety record” of the DOT-113 tank car and determined that the LNG-by-Rail Rule did not have a “significant impact on the human environment” and would therefore not require an EIS under Section 102(2) of NEPA.19 
Challenges to the LNG-by-Rail Rule 
A group of environmental petitioners, a collection of 15 states, and the Puyallup Tribe all petitioned the D.C. Circuit Court of Appeals to review the LNG-by-Rail Rule.20 The D.C. Circuit consolidated the appeals and reviewed petitioners’ arguments against the LNG-by-Rail Rule. Although the petitioners challenged the LNG-by-Rail Rule on multiple grounds, the D.C. Circuit only ruled on the question of whether PHMSA’s decision to forgo an EIS was arbitrary and capricious.21
Petitioners argued that PHMSA “disregarded” the DOT-113 tank car’s history of failure and ignored significant risk by failing to include car limits or speed limits for rail cars transporting LNG.22
The D.C. Circuit Court Ruling 
The D.C. Circuit sided with petitioners and vacated the LNG-by-Rail Rule. Judge Florence Pan authored the opinion, joined on the panel by Judges Patricia Millet and A. Raymond Randolph. Even though the LNG-by-Rail Rule was suspended and there was at least the theoretical possibility of pending rulemaking, the court concluded that the case was ripe for review. The court found that transporting LNG by rail poses a “low-probability but high-consequence risk” to the environment in the case of a derailment.23 The spread of a “suffocating vapor cloud” or an “explosion” of the flammable material were “real possibilities” that PHMSA failed to consider in its EA, according to the decision.24 The court held that PHMSA should have considered the history of DOT-113 car derailments—two derailments in the last four years—and concluded that the risk of another derailment was “neither remote nor speculative.”25 Given the small number of DOT-113 cars in use and the history of failure, the court held that PHMSA’s assessment of environmental risk was insufficient. 
Additionally, The D.C. Circuit held that by failing to impose a speed limit on rail cars transporting LNG or limit the number of LNG tank cars per train, the LNG-by-Rail Rule increased the risk of environmental impact from derailment.26 Although PHMSA did impose additional safety controls and mandated upgrades to the DOT-113 car, the court was unsatisfied by the safeguards and noted that PHMSA failed to explain how specific procedures were “adequate to address the extreme dangers associated with a derailment.”27 
The D.C. Circuit concluded that the risk of an accident while transporting LNG by rail under the LNG-by-Rail Rule was sufficiently significant to require an EIS and remanded the LNG-by-Rail Rule to PHMSA for further proceedings.28 The court noted that the LNG-by-Rail Rule “raise[d] substantial environmental questions” that may require further review once an EIS was prepared, but expressed no opinion on the “wisdom of any particular set of safety protocols” for transporting LNG by rail.29 
Revisiting the LNG-by-Rail Rule: The Trump Administration 
The D.C. Circuit’s ruling—which came down the Friday before President Trump’s inauguration—will add another layer of complexity to any effort to reinstate the LNG-by-Rail Rule. For now, this hurdle remains procedural. To reinstate the LNG-by-Rail Rule, PHMSA will have to prepare an EIS and take into account the environmental risks before approving the transportation of LNG by rail. And while the D.C. Circuit expressed “no opinion on the wisdom of any particular set of safety protocols,” it left the door wide open to later challenges, explaining that “future legal challenges to the substance of that decision would . . . be brought under some other statute, not NEPA.”30
The Trump administration has not made any comment on the D.C. Circuit ruling or the LNG-by-Rail Rule specifically. However, the new administration has taken several actions indicating a substantial departure from the Biden position on natural gas. President Trump’s day-one executive orders have directed federal agencies to begin reviewing any policies that affected domestic energy production. The “Unleashing American Energy” and the “Declaring a National Energy Emergency” executive orders identify the development, transportation, and export of natural gas as a top priority.31 
As the second Trump administration begins to take form and implement its “American Energy Dominance” agenda, regulating the domestic and international transportation of natural gas will remain a prominent focus. Over the coming months, the incoming leadership at the Departments of Energy, Interior, and Transportation are likely to act on a series of pressing natural gas policy questions. PHMSA will likely review major pipeline-related policies like the “Pipeline Safety: Gas Pipeline Leak Detection and Repair” rule finalized in the last days of the Biden administration but paused subject to President Trump’s “Regulatory Freeze Pending Review” executive order.32 Agencies have been granted emergency authority to “facilitate” domestic energy transportation, specifically on the West Coast, in the Northeast, and in Alaska.33 The Firm will continue to monitor this rapidly developing area of policy and provide relevant updates on our page. 
Footnotes

1 Sierra Club, et al., v. U.S. Dep’t of Transp., et al., 2025 WL 223869 (D.C. Cir. 2025).
2 Timothy Gardner, Trump’s Energy Department Pick Calls for More LNG and Nuclear Power, Reuters (Jan. 15, 2025), https://www.reuters.com/business/energy/trumps-energy-department-pick-call-more-lng-nuclear-power-2025-01-15/.
3 David Wochner, Tim Furdyna, Stuart Robbins, D.C. Circuit Vacates New PHMSA Rules Related to Natural Gas Pipelines, K&L Gates (Aug. 28, 2024), https://www.klgates.com/DC-Circuit-Vacates-New-PHMSA-Rules-Related-to-Natural-Gas-Pipelines-8-28-2024; Pipeline Safety: Gas Pipeline Leak Detection and Repair, Pipeline and Hazardous Materials Safety Administration, Docket No. PHMSA-2021-0039 (Jan. 17, 2025).
4 Unleashing American Energy, The White House (Jan. 20, 2025), https://www.whitehouse.gov/presidential-actions/2025/01/unleashing-american-energy/.
5 Hazardous Materials: Liquefied Natural Gas by Rail, 85 Fed. Reg. 44994 (Jul. 24, 2020).
6 Exec. Order No. 13,990, 86 Fed. Reg. 7,037 (Jan. 20, 2021); Sierra Club at 10.
7 Sierra Club at 11.
8Id., at 10.
9 Id., at 24.
10 85 Fed. Reg. at 44996.
11 Petition for Rulemaking to Allow Methane, Refrigerated Liquid to be Transported in Rail Tank Cars, Association of American Railroads, PHMSA-2017-0020-0002 (Jan. 17, 2017) at 2.
12 Id., at 2-3.
13 Id., at 4.
14 85 Fed. Reg. at 44994.
15 Sierra Club at 6.
16 Id., at 20-21.
17 Id., at 9.
18 Id., at 9.
19 85 Fed. Reg. at 45027.
20 Sierra Club at 10 (Environmental petitioners included the Sierra Club, Center for Biological Diversity, Clean Air Council, Delaware Riverkeeper Network, Environmental Confederation of Southwest Florida, and Mountain Watershed Association; State petitioners included Maryland, New York, California, Delaware, the District of Columbia, Illinois, Massachusetts, Michigan, Minnesota, New Jersey, Oregon, Pennsylvania, Rhode Island, Vermont, and Washington).
21 Id., at 17 (Petitioners also brought claims under NEPA’s public participation requirement, the Hazardous Materials Transportation Act safety standards, the Administrative Procedure Act, and PHMSA’s failure to consider greenhouse gas emissions and environmental justice communities).
22 Id., at 17.
23 Id., at 19.
24 Id., at 19.
25 Id., at 20.
26 Id., at 22.
27 Id., at 23.
28 Id., at 24.
29 Id., at 23-24.
30 Id. at 23-24 n. 6.
31 Unleashing American Energy, The White House (Jan. 20, 2025), https://www.whitehouse.gov/presidential-actions/2025/01/unleashing-american-energy/; Declaring a National Energy Emergency, The White House (Jan. 20, 2025), https://www.whitehouse.gov/presidential-actions/2025/01/declaring-a-national-energy-emergency/.
32 Regulatory Freeze Pending Review, The White House (Jan. 20, 2025), https://www.whitehouse.gov/presidential-actions/2025/01/regulatory-freeze-pending-review/.
33 Declaring a National Energy Emergency, The White House (Jan. 20, 2025), https://www.whitehouse.gov/presidential-actions/2025/01/declaring-a-national-energy-emergency/.

Cybersecurity in the Marine Transportation System: What You Need to Know About the Coast Guard’s Final Rule

The U.S. Coast Guard (“USCG”) published a final rule on January 17, 2025, addressing Cybersecurity in the Marine Transportation System (the “Final Rule”), which seeks to minimize cybersecurity related transportation security incidents (“TSIs”) within the maritime transportation system (“MTS”) by establishing requirements to enhance the detection, response, and recovery from cybersecurity risks. Effective July 16, 2025, the Final Rule will apply to U.S.-flagged vessels, as well as Outer Continental Shelf and onshore facilities subject to the Maritime Transportation Security Act of 2002 (“MTSA”). The USCG is also seeking comments on a potential two-to-five-year delay of implementation for U.S.-flagged vessels. Comments are due March 18, 2025.
Background
The need for enhanced cybersecurity protocols within the MTS has long been recognized. MTSA laid the groundwork for addressing various security threats in 2002 and provided the USCG with broad authority to take action and set requirements to prevent TSIs. MTSA was amended in 2018 to make clear that cybersecurity related risks that may cause TSIs fall squarely within MTSA and USCG authority.
Over the years, the USCG, as well as the International Maritime Organization, have dedicated resources and published guidelines related to addressing the growing cybersecurity threats arising as technology is integrated more and more into all aspects of the MTS. The USCG expanded its efforts to address cybersecurity threats throughout the MTS in its latest rulemaking, publishing the original Notice of Proposed Rulemaking (“NPRM”) on February 22, 2024. The NPRM received significant public feedback, leading to the development of the Final Rule.
Final Rule
In its Final Rule, the USCG addresses the many comments received on the NPRM and sets forth minimum cybersecurity requirements for U.S.-flagged vessels and applicable facilities. 
Training. Within six months of the Final Rule’s effective date, training must be conducted on recognition and detection of cybersecurity threats and all types of cyber incidents, techniques used to circumvent cyber security measures, and reporting procedures, among others. Key personnel are required to complete more in-depth training.
Assessment and Plans. The Final Rule requires owners and operators of U.S.-flagged vessels and applicable facilities to conduct a Cybersecurity Assessment, develop a Cybersecurity Plan and Cyber Incident Response Plan, and appoint a Cybersecurity Officer that meets specified requirements within 24 months of the effective date. There are a host of requirements for the Cybersecurity Plan, including, among others: provisions for account security, device protection, data safeguarding, training, drills and exercises, risk management practices, strategies for mitigating supply chain risks, penetration testing, resilience planning, network segmentation, reporting protocols, and physical security measures. Additionally, the Cyber Incident Response Plan must provide instructions for responding to cyber incidents and delineate the key roles, responsibilities, and decision-making authorities among staff.
Plan Approval and Audits. The Final Rule requires Cybersecurity Plans be submitted to the USCG for review and approval within 24 months of the effective date of the Final Rule, unless a waiver or equivalence is granted. The Rule also gives the USCG the power to perform inspections and audits to verify the implementation of the Cybersecurity Plan.
Reporting. The Final Rule requires reporting of “reportable cyber incidents”[1] to the National Response Center without delay. The reporting requirement is effective immediately on July 16, 2025. Further, the Final Rule revises the definition of “hazardous condition” to expressly include cyber incidents. 
Potential Waivers. The Final Rule allows for limited waivers or equivalence determinations. A waiver may be granted if the owner or operator demonstrates that the cybersecurity requirements are unnecessary given the specific nature or operating conditions. An equivalence determination may be granted if the owner or operator demonstrates that the U.S.-flagged vessel or facility complies with international conventions or standards that provide an equivalent level of security. Each waiver or equivalence request will be evaluated on a case-by-case basis.
Potential Delay in Implementation. Due to a number of comments received related to the ability of U.S.-flagged vessels to meet the implementation schedule, the Final rule seeks comments on whether a delay of an additional two to five years is appropriate.
Conclusion
As automation and digitalization continue to advance within the maritime sector, it is imperative to develop cyber security strategies tailored to specific management and operational needs of each company, facility, and vessel. Owners and operators of U.S.-flagged vessels and MTSA facilities are advised to review the new regulations closely and begin preparations for the new cybersecurity requirements at the earliest opportunity. Stakeholders are also encouraged to provide comments before March 18, 2025, addressing the potential two-to-five-year delay in implementation for U.S.-flagged vessels. 

[1] A reportable cyber incident is defined as an incident that leads to, or, if still under investigation, can reasonably lead to any of the following: (1) substantial loss of confidentiality, integrity, or availability of a covered information system, network, or operational technology system; (2) disruption or significant adverse impact on the reporting entity’s ability to engage in business operations or deliver goods or services, including those that have a potential for significant impact on public health or safety or may cause serious injury or death; (3) disclosure or unauthorized access directly or indirectly of non-public personal information of a significant number of individuals; (4) other potential operational disruption to critical infrastructure systems or assets; or (5) incidents that otherwise may lead to a TSI as defined in 33 C.F.R. 101.105.

Fifth Circuit Strikes Down FTC’s ‘Junk Fee’ Rule for Auto Dealers

On January 24, 2025, the Fifth Circuit Court of Appeals struck down an FTC rule aimed at curbing deceptive advertising and sales practices in the auto industry. The rule, which sought to prohibit certain “junk fees” and misleading pricing tactics, was challenged by industry groups who argued that the FTC had exceeded its authority.
The FTC’s Combating Auto Retail Scams (CARS) rule (previously discussed here) required auto dealers to provide consumers with a clear and conspicuous “Offering Price” that included all required charges, with limited exceptions. It also would have prohibited several practices, including:

Bait-and-switch Advertising. Advertising a vehicle at a certain price and then not having that vehicle available when a consumer attempts to purchase it.
Failing to Disclose Key Terms in Advertisements. Key terms for which the rule required a disclosure included the total price of the vehicle, including the enumeration of all additional all fees and charges.
Charging Consumers for Add-on Products without Consent. Such add-on products included items like extended warranties, gap insurance, and paint protection.

The Fifth Circuit sided with the industry groups, vacating the FTC’s rule. The court found that the CARS rule exceeded the FTC’s authority to address “unfair or deceptive acts or practices” by regulating pricing practices that were not inherently deceptive. Additionally, the court determined that the FTC failed to provide adequate notice of the proposed rulemaking, violating procedural rules.
Putting It Into Practice: The decision to strike down the rule marks the latest development in state and federal efforts war on “junk fees” in the financial sector. While the Fifth Circuit Court determined the FTC overstepped its regulatory authority in this instance, federal and state agencies have clearly prioritized combatting “junk fees” (a trend we previously discussed here, here, and here). Companies should closely monitor this development to see if other federal circuit courts follow suit.
Listen to this post

2024 In Review: California Climate Change Legislation, Policy and Regulation

As we enter 2025 amid the devastating Los Angeles fires[1] and with a new presidential administration, we continue our series of yearly reviews of the most significant governmental actions taken by the state of California relevant to climate change in the previous year.[2]
Unless otherwise specified, the legislation discussed herein is effective as of January 1, 2025.
Climate Corporate Data Accountability Act
Senate Bill (SB) 219 amends the Climate Corporate Data Accountability Act (SB 253) and the Climate-Related Financial Risk Act (SB 261)[3] and consolidates both under the unified title of the Climate Corporate Data Accountability Act (CCDAA).
Specifically, SB 219 delays the deadline for the California Air Resources Board (CARB) to establish regulations implementing the CCDAA from January 1, 2025, to July 1, 2025. It further amends the previous legislation to authorize, instead of require, CARB to partner with third-party emissions or climate reporting organizations to collect and make relevant data publicly available. SB 219 also provides additional flexibility concerning the reporting of Scope 3 emissions – previously required to be reported within 180 days of Scope 1 and Scope 2 emissions – by allowing CARB to set a separate timeline for the reporting of Scope 3 emissions as part of its rulemaking process. Finally, SB 219 permits reporting entities to consolidate their emissions reports at the parent company level and allows payment of the statutory annual fee at any time, as opposed to at the time of filing.
Geothermal and Gas
Streamlining Geothermal Projects
Assembly Bill (AB) 1359 amends Section 3715.5 of the Public Resources Code to streamline the environmental review process for geothermal exploratory projects under the California Environmental Quality Act (CEQA). AB 1359 is classified as an urgency statute and, as such, took effect upon signature by Governor Gavin Newsom on September 27, 2024, to help accelerate the deployment of geothermal energy projects as part of California’s renewable energy generation goals.
This bill simplifies the process for applicants of “geothermal exploratory projects”[4] by allowing counties to take on lead agency roles, potentially expediting project approvals. The Geologic Energy Management Division (CalGEM) is designated as the lead agency for geothermal exploratory projects. However, upon request, the county where the project is located must assume lead agency responsibilities (as defined by CEQA), regardless of whether it has a geothermal element in its “General Plan.” If a county takes on the lead agency role, it must work with CalGEM to ensure all necessary information for environmental review is included, supporting CalGEM’s role as a responsible agency (as defined by CEQA). The previous requirement for counties to complete lead agency duties within 135 days has been removed, allowing more flexibility in managing project timelines.
 Reforming Approach to Idle Oil and Gas Wells
AB 1866 amends sections of the Public Resources Code to address issues related to idle oil and gas wells in California. The bill increases fees for operators of idle wells, including those idle for less than 3 years, with fees escalating based on the duration a well has been inactive. Operators must file a management plan for all idle wells (not just long-term idle wells) by May 1st each year, focusing on prioritizing wells for plugging and abandonment based on specific criteria, such as proximity to sensitive receptors and potential threats. Wells that cannot be accessed or are subject to more stringent court-approved settlement agreements are exempt from these requirements.
Local Control Over Oil and Gas Operations
AB 3233 empowers local governments, such as cities and counties, to impose their own restrictions, including on method or location, or prohibitions on oil and gas operations within their jurisdictions through local ordinances. These local regulations can be more stringent than state laws, particularly in areas related to public health, climate, and environmental protection. If a local entity chooses to limit or prohibit these operations, responsible operators must adhere to existing regulations concerning the plugging and abandoning of wells and the decommissioning of production facilities.
Overall, AB 3233 represents a significant shift in California’s regulatory framework by decentralizing authority and enhancing local control over oil and gas operations.
Transportation
Ban of Gasoline Car Sales by 2035
On December 18, 2024, the United States Environmental Protection Agency (EPA) granted California the authority to move ahead with the state’s “Advanced Clean Cars II” program, which includes the much-publicized ban on the sale of new gasoline-powered cars after 2035.[5] As discussed in our 2023 in Review article, the EPA waiver allowing California to set its own vehicle emission standards at a more stringent level than federal standards had been granted as a matter of course until 2019, when the EPA (under the first Trump administration) revoked the waiver. Such revocation was subject to legal challenges before being reinstated by the Biden administration. The waiver was officially granted in April 2024, after the DC Court of Appeals affirmed the DC Circuit Court’s decision that the waiver did not present any constitutional issues.[6] The United States Supreme Court then denied certiorari on December 16, 2024.
It must be noted that the waiver was only approved for the Advance Clean Cars II program, not the state’s sister programs for medium and heavy-duty vehicles and locomotives. Anticipating rejection of the waivers by the incoming Trump administration, CARB withdrew its requests for these additional waivers on January 13, 2025.[7] It is also anticipated that the Trump administration will again attempt to revoke the waiver granted for the Advance Clean Cars II program, which will likely lead to additional litigation and a period of limbo for California and the 11 states (representing nearly 40% of the nation’s population) that choose to follow California’s emissions standards.[8]
Potential Mandate for Bidirectional Electric Vehicles
SB 59 grants the California Energy Commission (CEC) authority to require that battery electric vehicles of any weight class be bidirectional-capable (capable of both receiving and discharging electricity). This decision is contingent upon the CEC, in collaboration with CARB and the California Public Utilities Commission, identifying a vehicle weight class in which both the vehicle operator and the electrical grid would benefit from the mandate. In making this determination, the relevant agencies are required to assess vehicle readiness and the operational demands of vehicles used by essential service providers.
Interested parties should follow the agencies’ ongoing research and look for opportunities to contribute to any potential rulemaking on this topic.
CARB updates Low Carbon Fuel Standard
In November 2024, after several rounds of public hearings and comments, CARB approved significant updates to the Low Carbon Fuel Standard (LCFS), aiming to drive private investment in clean transportation fuels and zero-emission infrastructure. The amendments set targets of 30% reduction in the carbon intensity of transportation fuels by 2030 and 90% by 2045, while supporting the growth of electric vehicle (EV) charging stations, hydrogen refueling infrastructure, and clean fuels for medium- and heavy-duty vehicles.
These proposed updates were submitted to the California Office of Administrative Law (OAL) on January 3, 2025. OAL has until February 18, 2025, to make a final determination on the proposals.
Proposition 4 – Climate Preparedness Bond
Proposition 4 was passed through the State’s November 5, 2024 general election and authorizes California to sell a $10 billion bond to fund natural resources and climate-related initiatives. The bond will support projects in 8 key areas, including water supply and flood management ($3.8 billion). About half of this funding ($1.9 billion) would be dedicated to improving the availability and quality of water for public use, forest health and wildfire prevention ($1.5 billion), coastal restoration and sea-level rise mitigation ($1.2 billion), land conservation ($1.2 billion), energy infrastructure development ($850 million), park expansion and maintenance ($700 million), extreme heat mitigation ($450 million), and sustainable farming practices ($300 million). At least 40% of the funds must benefit low-income or climate-vulnerable communities, and there will be regular public reporting on the spending.
Statewide Mobile Monitoring Initiative
In November 2024, CARB announced the launch of the Statewide Mobile Monitoring Initiative (SMMI) in connection with the Community Air Protection Program (CAPP) originally established in 2017 by AB 617. The CAPP’s purpose is to identify communities most at risk of air pollution within California and develop strategies to mitigate and reduce such pollution. The SMMI is designed to address the challenges of detecting elusive pollutants that pose serious health risks, particularly to disadvantaged and frontline communities. The SMMI is funded by a $27 million appropriation from the California Climate Investment program.
The SMMI focuses on detecting greenhouse gases, toxic air contaminants, and criteria pollutants, with a strong emphasis on community involvement. The initiative aims to empower local entities by providing data that validates community-reported pollution concerns. Initially, the SMMI will target 64 communities identified under the CAPP.
Looking Forward
Following his inauguration as the 47th President of the United States, Donald Trump again withdrew the United States from the Paris Climate Accord and signaled his intent to follow through on his campaign promises to slash the Biden administration’s climate change policies and combat California’s state-level climate change policies. Governor Newsom, meanwhile, issued a brief statement following the inauguration indicating that California again plans to pursue its ambitious climate targets regardless of the level of support or opposition from the federal government.
The potential for uncertainty, instability, and conflict between federal law and the laws of the state representing the nation’s largest economy bears watching closely for all those who may be impacted.
FOOTNOTES
[1] See articles related to the State’s fire response here and here.
[2] See our previous articles covering 2022 and 2023, respectively.
[3] See prior articles on these bills here and here.
[4] Projects designed to evaluate the “presence and characteristics of geothermal resources” prior to development of a geothermal energy project.
[5] See EPA Grants Waiver for California’s Advanced Clean Cars II Regulations | US EPA.
[6] Ohio et al. v. U.S. Environmental Protection Agency et al., case number 22-1081, in the U.S. Court of Appeals for the District of Columbia Circuit.
[7] See withdrawal letters at this link: Vehicle Emissions California Waivers and Authorizations | US EPA.
[8] See California Vehicle Waivers ‘Legally Solid’ as Trump Eyes Repeal; Trump takes aim at clean energy, climate change and the environment on day one – Los Angeles Times.

Ethical Hacker Uncovers Vulnerability in Subaru Starlink Service

Ethical hackers identified an arbitrary account takeover flaw in the administrator portal for Subaru’s Starlink service, which could allow a threat actor to hijack a vehicle through a Subaru employee account. This vulnerability could allow a threat actor to remotely track, unlock, and start connected vehicles. The ethical hacker reported to Subaru that they could bypass multi-factor authentication (MFA) by removing the client-side overlay from the user interface. Through various endpoints, the ethical hacker could use a vehicle search to query a consumer’s last name, zip code, telephone number, email address, or VIN number and gain access to the vehicle.
This “access” allowed the ethical hacker to:

Remotely start, turn off, lock, unlock, and retrieve the current location of any Subaru vehicle.
Retrieve a Subaru vehicle’s location history from the past 12 months, accurate to within about 15 feet.
Query and retrieve the personal information of any consumer, including emergency contacts, authorized users, physical address, billing information, and vehicle PIN.
Access other user data (e.g., support call history, previous owners, odometer reading, sales history, etc.).

The ethical hacker informed Subaru that this vulnerability could allow any threat actor to track and hijack any Subaru vehicle in the United States, Canada, or Japan. Fortunately, Subaru responded to the ethical hacker’s outreach immediately and patched the offending vulnerability within 24 hours, but this issue raises wider concerns about the motor vehicle industry. With broad access built into vehicle systems as a default, they are very difficult to secure and protect from outside threats. Manufacturers may consider security by design when building these systems and find a balance between ease of service and consumer information security.

How to Successfully Transfer Your Manufacturing Plant From Mexico to the United States

President Trump’s promise to impose a new 25% tariff on goods produced in Mexico has prompted many companies to consider alternatives to their current or planned operations in Mexico. The decades following the 1994 North American Free Trade Agreement (NAFTA) saw enormous industrial investment in Mexico, especially in northern cities like Monterrey, Tijuana, Chihuahua, and Baja California.1 The benefits of producing goods in Mexico were clear – low labor costs, modest transportation costs to the United States, and reduced tariffs under NAFTA. These benefits, however, could be eclipsed by a new 25% tariff on Mexican origin goods. Companies with industrial plants that have tight profit margins are in a precarious position, so it is not surprising that many are now “looking to shift operations to the US to avoid these additional costs and reroute cargo from Mexican ports to US ports.”2
The automotive sector is a prime example of an industry that will be significantly impacted by the proposed tariffs, if implemented. The United States imported more than US$86 billion worth of motor vehicles from Mexico and more than US$63 billion of auto parts from Mexico last year, according to US Department of Commerce data, excluding December.3 This reflects the major investments automotive manufacturers and their suppliers made in Mexico in the years since NAFTA. It also reflects the extent to which Production in Mexico and the US became highly integrated, with producers in both countries (and Canada) relying on a free flow of parts and finished goods across borders. New tariffs, therefore, pose a major challenge to the status quo.
The question of whether to shift operations from Mexico to the United States requires a careful cost-benefit analysis to determine if there is an opportunity to increase profits by relocating to the United States. But, once this analysis is complete, how does one evaluate the opportunity? Proactive planning is essential. For example, when evaluating potential moves, it is important to: (1) select an ideal site that meets the utility and labor needs of the plant; (2) negotiate and maximize economic incentives; (3) conduct real estate due diligence and analyze real estate documents for the facility and its operations; (4) review the tax and corporate considerations with respect to the transaction; and (5) analyze supply chains to ensure products produced or processed in the United States will meet US country of origin standards.
For companies facing these challenges, the firm can assist in finding a successful solution. The firm has an internationally recognized Global Location Strategies practice and an experienced Policy and Regulatory practice with special capabilities in international trade regulation. We have strong relationships with federal, state, and local economic development and government officials all over the United States. This enables our clients to gain government assistance with evaluating when and where to move their operations in the United States. The firm has obtained incentives up to a billion US dollars for our clients and has assisted with finding the perfect site for our clients through our strong relationships with federal, state, and local governments and agencies. 
Now is the perfect time to explore relocating to the United States, as doing so will better position your company to navigate future disruptions and obtain the best incentives possible when making use of the firms’ years of experience and success in obtaining those incentives.
Footnotes

1 The Los Angeles Times, p. 6.
2 State of the American Supply Chain, Averitt p. 2 January 9, 2025.
3 WDSU, p. 3, January 21, 2025. 

Beach Buggy Battle: Stipulation Insufficient to Establish Trademark Distinctiveness

The US Court of Appeals for the Fourth Circuit found that a district court does not need to accept both parties’ stipulation that a mark is distinctive but instead is permitted to make an evidentiary inquiry in determining whether the mark is distinctive or generic. Moke America LLC v. Moke Int’l Ltd., Case No. 23-1634 (4th Cir. Jan. 15, 2025) (King, Groh, JJ.) (Richardson, J., dissenting).
Starting in the 1960s, British Motor Corporation (BMC) sold vehicles colloquially referred to as “Mokes” in the United Kingdom, Australia, and Portugal. By the time BMC ceased production in 1993, Mokes had garnered a small but devoted following for use as beach buggies in the United States, the Caribbean, and Australia.
In August 2015, Moke International and Moke USA sold their first vehicle using the MOKE mark and subsequently sought trademark registration. One year later, Moke America began US sales of vehicles using the MOKE mark. Both parties described their vehicles as being reengineered and redesigned versions of the BMC Moke.
The present dispute began when Moke America opposed Moke International and Moke USA’s registration based on priority use of the MOKE mark. The Trademark Trial & Appeal Board dismissed the opposition. Moke America then filed a district court complaint seeking a declaration of trademark ownership and asserting trademark infringement. Moke International and Moke USA counterclaimed for a declaration of trademark ownership and trademark infringement, as well as affirmance of the Board’s dismissal.
A party claiming ownership of a mark bears the burden of proving distinctiveness. A generic term is not distinctive. Generic terms in trademark law are those that describe a genus or class of which a particular product is a member, such as “CONVENIENT STORE retail stores, DRY ICE solid carbon dioxide, and LIGHT BEER ale-type beverages.” Generic terms can never be protected. The purpose of denying protection for these terms is to safeguard the public from having commonly used words and phrases removed from the “linguistic commons.” Certain marks that are originally distinctive may become generic through the public’s pervasive use of the term through a process known as “genericide.” Genericide occurs when the trademark ceases to identify the particular source of a product or service to the public and instead identifies a class of product or service. Common examples include ASPIRIN and ESCALATOR.
Since both parties sought ownership of the MOKE mark, the parties stipulated that the mark was distinctive and not generic. The district court found that a stipulation was insufficient and noted that the parties must set forth evidence that the mark was distinctive and not generic. The district court concluded that MOKE was once inherently distinctive but had become generic before either party sold a vehicle bearing the MOKE mark. Both parties appealed.
Seeking to overturn the district court’s finding of genericness, the parties argued that the district court was required to accept their stipulation of the MOKE mark’s distinctiveness. The Fourth Circuit disagreed, finding that blindly accepting a stipulation was incompatible with the court’s role of protecting the public interest by not allowing trademark protection for generic terms.
Turning to the merits, the Fourth Circuit concluded that an inherently distinctive mark does not necessarily convert to a generic term upon abandonment, and abandonment of an inherently distinctive mark does not foreclose the possibility that the mark at some point became generic due to genericide. The Court explained that because neither party took the position that MOKE was a generic term, and because there was no serious endeavor to prove distinctiveness at the district court, there was insufficient record evidence (particularly consumer surveys and conventional purchaser testimony) to affirm or reverse the district court’s decision.
Accordingly, the Fourth Circuit vacated the judgment and remanded to the district court to conduct further proceedings, including consideration of additional evidence, to resolve whether MOKE was generic.

Texas Railroad Commission’s New Environmental Rules: A Step Toward Sustainability or Business as Usual?

In 1984, while Ronald Reagan was securing a landslide reelection and Apple introduced the Macintosh, the Railroad Commission of Texas (RRC) last updated the state’s primary oil and gas waste regulations. Now, four decades later, the RRC is revisiting these rules to better align them with modern industry practices and rising demands for stronger environmental protections.
Oil and gas extraction methods have evolved dramatically since the 1980s. Hydraulic fracturing (fracking) and horizontal drilling have sparked a production boom, significantly increasing both the volume and complexity of waste generated. This waste includes drilling fluids, fracking chemicals, and produced water—all of which, if mishandled, pose serious risks to soil, water, and public health.
While most oil and gas wastes are exempt from federal hazardous waste laws under the Resource Conservation and Recovery Act, states maintain broad authority to regulate their disposal and management. In Texas, the RRC oversees this responsibility. However, increasing environmental concerns and evolving industry practices have driven calls for regulatory updates, resulting in the recent revisions in the RRC’s rules.
Key Changes in the New Rules
The new rules, published in the Texas Administrative Code (“TAC”) on January 3, 2025, reflect a multiyear effort by the RRC to modernize waste management, encourage and expand recycling, and strengthen groundwater protections. These changes aim to balance industry needs with environmental stewardship, though their impact will depend on implementation and enforcement when they take effect on July 1, 2025.

Oil and Gas Waste Pits and Produced Water Recycling Pits (16 TAC §§ 4.113-114). A major change consolidates provisions from Statewide Rule 8 (“Disposal of Oil and Gas Waste”) and Rule 57 (“Produced Water Recycling”) into a new subchapter. Key updates include:

Authorization for certain pits (e.g., reserve and mud circulation pits) to operate without a specific RRC permit, with new registration requirements.
Updated standards for pit liners, groundwater monitoring, and closure procedures.
Stricter location restrictions, construction standards, and closure requirements for produced water recycling pits.

Produced Water Recycling (16 TAC § 4.112). One of the most significant shifts is facilitating produced water recycling. Operators can recycle produced water for reuse in drilling, fracking, and completion operations without requiring an RRC permit. However, they must still meet specific design, groundwater monitoring, and siting requirements. This change reflects growing interest in recycling as a solution to mitigate environmental risks, especially in areas like the Permian Basin, where seismicity concerns are increasing.
Transportation of Oil and Gas Waste (16 Tex. Admin. §§ 4.190-195). The new rules introduce enhanced accountability for waste transportation. Notable provisions include:

Detailed manifests for waste characterization.
Special waste authorizations.
Enhanced recordkeeping for waste haulers, improving tracking and compliance.

Public Participation (16 Tex. Admin. § 4.125). To boost transparency and public involvement, the new rules require that affected individuals and entities be notified about permit applications for waste facility construction. The notice must include details about the application, the protest process, and the location of the proposed facility. Notices must be sent via registered or certified mail, and recipients have 30 days to protest. If a protest is filed, the applicant must respond within 30 days. If no protests are received, the permit may be issued. Protests may lead to a hearing, with notice given to all affected parties.
Recycling Drill Cuttings (16 Tex. Admin. §§ 4.301-302)The rules aim to promote recycling of drill cuttings for beneficial use. Operators must comply with specific treatment and recycling requirements. The Commission may approve permits for using treated drill cuttings in commercial products like lease pads or roads, provided the products meet engineering standards, ensure public safety, and avoid water pollution.

Reactions to the New Rules
The revisions have sparked mixed reactions. For the oil and gas industry, the rules provide much-needed clarity, particularly on produced water recycling and waste transportation. However, many changes merely codify existing practices—like new registration requirements for certain pits—so their day-to-day impact may be minimal. That said, the ability to recycle produced water presents an opportunity for operators to reduce disposal costs and environmental impacts, especially in areas with limited disposal well capacity.
Environmental groups and landowners, however, view the revisions as insufficient. While the new rules offer clearer guidance on waste management and promote recycling, critics argue they fall short in addressing critical environmental issues. Concerns include a lack of more stringent regulations on pit liners, groundwater monitoring, and disposal in sensitive areas. Environmental advocates are also frustrated by the RRC’s decision not to require operators to notify landowners about waste disposal activities on their property. Despite these concerns, the RRC maintains it lacks the statutory authority to require such notifications or consent.
Practical Considerations for Landowners
Landowners whose properties are affected by oil and gas operations may need to take proactive steps to protect their interests. Since mandatory landowner notification is not required, surface owners should negotiate specific lease provisions, such as:

Restrictions on the types of waste disposed of on their land.
Designated disposal locations and management methods.
Operator notification before disposal activities—or even consent for certain types of waste disposal.

Landowners may also seek additional safeguards, such as stricter pit liner requirements, enhanced groundwater monitoring, or more comprehensive closure plans for waste pits.
Looking Ahead
The RRC’s overhaul of its oil and gas waste management regulations marks a significant step toward modernizing Texas’s regulatory framework in response to changing industry practices and environmental concerns. However, the real impact of these revisions will depend on how they are implemented and enforced when they take effect on July 1, 2025. Stakeholders—from industry operators to environmental advocates—should carefully consider the potential implications. For landowners, consulting legal counsel may be wise to ensure their interests are protected under the new rules. These final regulations could shape Texas’s oil and gas industry and environmental stewardship for years to come. 

Advance Parole Process Unaffected by Trump EO, But Confusion + Delay Expected Anyway

Humanitarian parole programs for individuals from Cuba, Haiti, Nicaragua and Venezuela have been cancelled by President Trump’s Executive Order (EO) on Securing Our Borders. USCIS’s Uniting for Ukraine application process has also been paused. To date, although it has been reported that Afghan refugees have been removed from flight manifests, the Afghan parole program remains active on the USCIS website.
Despite the suspensions, individuals with valid advance parole documents (Forms I-512) may still board flights returning to the United States based upon guidance from the CBP’s Carrier Liaison Program (CLP). The CLP provides guidance to airlines, including guidance on requirements for allowing foreign nationals to board. Airlines are fined if individuals that they allow to board do not have the documentation required to enter the United States. The CLP has stated that the EO does not affect individuals holding valid I-512 Advance Parole documents and they can board airlines returning to the United States. This would also include DACA, TPS and general adjustment of status advance paroles.
Keep in mind that it takes time for guidance to be distributed and implemented. That means there may be confusion at airline counters and at the border. At best, entrance on advance parole is discretionary so individuals should be prepared for long waits, travel with all their relevant documentation and consider avoiding travel that is not necessary until the rules have been “tested.”

Coast Guard Issues Final Maritime Cybersecurity Rule: Key Requirements and Implementation Timeline

On January 17, the US Coast Guard released its much-anticipated final rule on cybersecurity in the US Marine Transportation System, which establishes mandatory minimum cybersecurity requirements for the maritime sector. The new regulations are effective July 16, 2025 and represent the most significant maritime cybersecurity regulations to date. Affected entities should review their existing policies, identify any gaps or deficiencies, and implement compliance procedures.
Jones Walker’s 2022 Ports and Terminals Cybersecurity Survey data was cited in the final rule, helping to shape some of the new regulations.
I. Scope and Applicability
The primary goal of the final rule is to enhance the cybersecurity of the US Marine Transportation System. The new regulations establish minimum mandatory requirements for US flag vessels, Outer Continental Shelf (OCS) facilities, and facilities subject to the Maritime Transportation Security Act of 2002. The rule aims to address the increasing risks posed by cyber threats due to the growing reliance on interconnected digital systems within the maritime industry. It emphasizes both preventing cyber incidents and preparing to respond to them effectively.
The rule applies to:
a. US flag vessels subject to 33 CFR part 104
33 CFR part 104 applies to: 

Cargo vessels greater than 100 gross tons
Commercial passenger vessels certified to carry more than 150 passengers
Offshore Supply Vessels (OSVs)
Mobile Offshore Drilling Units (MODUs)
Towing vessels more than 26 feet long engaged in towing certain dangerous cargo barges
Cruise ships and passenger vessels carrying more than 12 passengers on international voyages

b. Facilities subject to 33 CFR part 105
These facilities are covered by the regulation:

Container terminals
Chemical facilities with waterfront access
Petroleum terminals
Cruise ship terminals
Bulk liquid transfer facilities
LNG/LPG terminals
Barge fleeting facilities handling dangerous cargo
Facilities that receive vessels carrying more than 150 passengers
Marine cargo terminals otherwise subject to the Maritime Transportation Security of 2002

c. OCS facilities subject to 33 CFR part 106
These OCS facilities are affected:

Offshore oil and gas production platforms
Offshore drilling rigs
Floating production storage and offloading units (FPSOs)
Deepwater ports
Offshore wind energy facilities
Offshore loading/unloading terminals

II. Core Requirements
The cybersecurity plan must include measures for account security (e.g., automatic account lockout, strong passwords, multifactor authentication), device security (e.g., approved hardware/software lists, disabling executable code), and data security (e.g., secured logging, data encryption). Entities must also create or implement the following:
a. Cybersecurity Officer — Each covered entity must designate a Cybersecurity Officer (CySO) responsible for implementing and maintaining cybersecurity requirements. The rule allows for designation of alternate CySOs and permits one individual to serve multiple vessels or facilities, providing welcome flexibility for operators.
b. Cybersecurity Plans and Assessments — Organizations must develop and maintain the following:

A comprehensive Cybersecurity Plan
A separate Cyber Incident Response Plan
Regular cybersecurity assessments

Plans must be submitted to the Coast Guard for review within 24 months of the rule’s effective date.
c. Training and Exercises — The rule mandates the following:

Cybersecurity training for all personnel using IT/OT systems beginning July 17, 2025
Two cybersecurity drills annually
Regular penetration testing aligned with plan renewal cycles

d. Technical Controls — Required security measures include the following:

Account security controls including multifactor authentication
Device security measures and approved hardware/software lists
Data encryption and secure log management
Network segmentation and monitoring
Supply chain security requirements

III. Implementation Timeline
Key phase-in compliance dates include:

Rule effective date: July 16, 2025
Training requirements begin: July 17, 2025
Initial cybersecurity assessment: Due by July 16, 2027
Cybersecurity Plan submission: Due by July 16, 2027

The Coast Guard is seeking comments on extending implementation periods for the new requirements by two to five years for US flag vessels. Comments are due no later than March 18, 2025. After review of these comments, the Coast Guard may issue a future rule to allow additional time for US flag vessels to implement the new regulations.
IV. Harmonization with Other Requirements
The Coast Guard has worked to align these requirements with other cybersecurity regulations, including the Cybersecurity and Infrastructure Security Agency’s (CISA) Cyber Incident Reporting for Critical Infrastructure Act of 2022 reporting requirements. The rule establishes the National Response Center (NRC) as the primary reporting channel for maritime cyber incidents, simplifying compliance for regulated entities.
V. Some Basic Questions and Answers

What are the mandatory cybersecurity measures outlined in the rule? Owners and operators must implement a range of cybersecurity measures that are based on “cybersecurity performance goals” developed by CISA. This includes vulnerability identification of critical IT and OT systems, addressing known exploited vulnerabilities in those critical systems, and conducting penetration testing in conjunction with renewing the Cybersecurity Plan.
What constitutes a reportable cyber incident, and to whom do I report it? A reportable cyber incident is defined as any incident leading to substantial loss of confidentiality, integrity, or availability of a covered system; to disruption to business operations; to unauthorized access to nonpublic personal information of a large number of individuals; or to operational disruption of critical infrastructure. Such an incident also includes any event that may lead to a “transportation security incident.” Such incidents must be reported to the NRC.
What is the Coast Guard’s approach to compliance and enforcement of this new rule? The rule takes a performance-based approach, meaning that it focuses on outcomes rather than prescribing specific technical solutions, thus providing some flexibility to the entities in meeting the requirements. However, the rule does not specify the methods of enforcement, and the Coast Guard is currently working with policymakers to define the compliance criteria. The Coast Guard will address those questions at upcoming symposiums. Noncompliance with the rule could lead to penalties, legal action, and financial losses.
Is there any flexibility or possibility of waivers in complying with this rule? Yes. After completing a cybersecurity assessment, owners and operators can seek a waiver or an equivalence determination for the requirements, based on the waiver and equivalency provisions of 33 CFR parts 104, 105, and 106. Owners and operators must also notify the Coast Guard of temporary deviations from the requirements.

VI. Key Takeaways

Begin preparation now — the 24-month implementation period will pass quickly given the scope of required changes.
Evaluate current cybersecurity staffing and capabilities against new CySO requirements.
Review existing security measures against the detailed technical requirements.
Plan for increased training and exercise obligations.
Consider whether to comment on the proposed implementation extension for vessels.

Our cross-disciplinary team has extensive experience helping clients navigate complex regulatory requirements. We can assist with:

Gap analysis against new requirements
CySO program development
Cybersecurity Plan creation and review
Training program development
Technical compliance assessment

LNG by Rail: The D.C. Circuit Vacates a DOT Rulemaking and Outlines a Path for Challenges Yet to Come

In Sierra Club v. United States Dep’t of Transportation[1], a panel of the United States Court of Appeals for the District of Columbia Circuit (“D.C. Circuit”) vacated and remanded a final rule[2] issued by the Department of Transportation (“DOT”) permitting the transportation of liquefied natural gas (“LNG”) in approved rail cars. The final rule was subsequently stayed and never took effect.
DOT Rulemaking & the Sierra Club Decision
The rulemaking proceeding began with an executive order published on April 10, 2019. Then President Trump directed the Secretary of Transportation to propose a rule to permit LNG to be transported in approved rail cars within 100 days from the date of the executive order and to finalize the rule within thirteen months.[3] DOT subsequently issued a proposed rule that would permit the transportation of LNG by rail in DOT-113 rail cars. The proposed rule proposed no limit on the number of cars to be used to transport LNG on a single train and imposed no mandatory speed limit. The proposed rule also included a preliminary environmental assessment finding that the proposed rule would have no significant environmental impact.[4]
The proposed rule was challenged by environmental organizations, states, and the National Transportation Safety Board, all citing potentially grave risks related to potential explosions or fires related to transportation of LNG by rail and separately arguing that the proposed rule failed to mitigate those risks.[5] 
In July 2020, the DOT modified the final rule in several respects. The Court summarizes the changes as follows:
The final Rule authorizes transportation of LNG by rail, but it differs from the Proposed Rule in several respects. First, the final LNG Rule imposes new requirements for the outer tank of approved railcars: The outer tank must be both thicker and made of stronger steel than that used in existing 120W cars. Specifically, the tanks must be 9/16″ thick, rather than the current minimum of 7/16″. The outer tank also must be made of TC-128 Grade B normalized steel, which is less likely to crack or puncture than the steel typically used in DOT-113 cars. Second, the Pipeline and Hazardous Materials Safety Administration (“PHMSA”) boosted the maximum filling density from 32.5% to 37.3%. Finally, the LNG Rule includes additional operating controls to promote safety: (1) Tank cars carrying LNG must be equipped with remote monitoring devices for detecting and reporting each car’s internal pressure and location; (2) Any train with at least 20 LNG tank cars in a continuous block or with 35 such cars throughout the train must be equipped with advanced braking capabilities; and (3) PHMSA adopted the routing requirements of 49 C.F.R. § 172.820, which require railroads to consider safety risk factors, such as population density, when analyzing potential routes for transporting LNG.[6] 
The final rule reiterated the finding that the rule would have no significant environmental impact. As a result, no environmental impact statement was prepared. The petitions for review that are the subject of the Sierra Club case followed. 
The Court determined that the case was ripe for review even though the rule had never been finalized and was at the time of the decision stayed.[7] 
The Court affirmed that each class of petitioners had requisite standing to pursue its appeal.[8]
On the merits, the Court found that the final rule authorizing transportation of LNG by rail was arbitrary and capricious:
[Petitioners] claim that PHMSA failed to take a hard look at how the LNG Rule would affect public safety and therefore violated [National Environmental Policy Act (“NEPA”)]. In support of their argument, they note that PHMSA disregarded the checkered safety record of the 120W tank car and ignored the risks of including numerous cars of LNG within a single train without any required speed limit. We agree and vacate the LNG Rule.[9]
The Court’s decision in this respect was very narrow. The error was not preparing an Environmental Impact Study (“EIS”). The Court explained:
In this case, PHMSA determined that an EIS was not required because authorizing LNG transport by rail under the LNG Rule would have no significant impact on the environment. But the record reflects that transporting LNG by rail poses a low-probability but high-consequence risk of a derailment that could seriously harm the environment: A breach of one or more rail cars containing LNG could cause an explosion, an inferno, or the spread of a freezing, flammable, suffocating vapor cloud. The real possibility of such catastrophes significantly affects the quality of the human environment. For that reason, NEPA required PHMSA to prepare an EIS.[10] 
The Court reminded observers that the scope of NEPA review is itself narrow:
NEPA is “primarily information-forcing,” so it “directs agencies only to look hard at the environmental effects of their decisions, and not to take one type of action or another.” Sierra Club v. FERC, 867 F.3d 1357, 1367 (D.C. Cir. 2017) (cleaned up). After preparing an EIS, the agency will be best positioned to determine whether the environmental risk is worth taking. Any future legal challenges to the substance of that decision would then be brought under some other statute, not NEPA. Because we vacate the instant LNG Rule due to PHMSA’s failure to prepare an EIS, such questions are left for another day.[11] 
Takeaways for Future Regulatory Reforms
The challenges the Court elected not to address are also significant. These include variations on the argument that the DOT’s modification to the standards applied to the cars to be used to transport LNG by rail after the notice of proposed rulemaking was issued violated the notice and comment provisions of the Administrative Procedure Act and the public participation requirement of NEPA, as well as arguments related to the failure to take into account environmental justice concerns and the impact of LNG transport by rail on greenhouse gas emissions. At least some of these challenges (perhaps variations of all) could be deployed against future regulatory reform efforts. For example, in Liquid Energy Pipeline Ass’n v. FERC[12], a panel of the D.C. Circuit vacated a Federal Energy Regulatory Commission (“FERC”) oil pipeline index rule that was modified on rehearing by FERC without being subjected to another round of notice and comment rulemaking. 
For those industry stakeholders who support, wholly or in part, regulatory reform initiatives, this decision highlights the need to anticipate and to address alleged administrative process flaws at an early stage in policy development to ensure that any such concerns are fully addressed and resolved on the administrative record. The failure to do so can delay or undermine entirely proposed changes, regardless of their public policy bona fides. It will likely not be enough to wait and hope that affected departments and agencies who are managing multiple initiatives and challenges will have the time and resources to develop a full and adequate administrative record that can withstand judicial review. All affected stakeholders need to take affirmative steps to ensure that procedural missteps do not take on outsized consequences. 
Download This Alert

[1] No. 20-1317, 2025 WL 223869 (D.C. Cir. Jan. 17, 2025).
[2] Hazardous Materials: Liquefied Natural Gas by Rail, 85 Fed. Reg. 44,994 (July 24, 2020).
[3] Sierra Club at *2 (citing Executive Order 13,868, 84 Fed Reg. 15,495, 1497 (April 10, 2019)).
[4] Id. at **2-3.
[5] Id.
[6] Id. at *3
[7] The Court also found that the stay did not moot the case. “Voluntary cessation does not moot a case unless it is absolutely clear that the allegedly wrongful behavior could not reasonably be expected to recur.” Id. at 5 ( citing West Virginia v. EPA, 142 S.Ct. 2587, 2602 (2022)).
[8] Id. at **6-7.
[9] Id. at *7.
[10] Id. at *8.
[11] Id. *10, n. 6.
[12] 109 F.4th 543 (D.C. Cir. 2024).