Insights

About one year ago, the European Court of Justice (CJEU) ruled in its landmark Illumina/Grail judgment that the European Commission could not accept merger referrals from national competition authorities under Article 22 of the EU Merger Regulation (EUMR) unless those authorities had jurisdiction to review the transaction themselves (see our previous alert).

On September 9, 2025, GSA released version 1 of the FAR Companion, a living resource guide aimed primarily at assisting federal acquisition professionals. The FAR Companion is designed to provide guidance and recommendations to acquisition professionals to better understand the FAR and related procurement principles for planning, awarding, managing, and closing out contracts. It consolidates practitioner insights, innovation and vendor engagement strategies, handbooks, training materials, and problem-solving ideas into one source.

On September 10, 2025, the Department of Defense (DoD) published a final rule (CMMC Clause Rule) that will apply its much-anticipated Cybersecurity Maturity Model Certification program (CMMC) to DoD contractors and subcontractors. Under the CMMC Clause Rule, starting on November 10, 2025, DoD can include CMMC requirements—potentially including third-party cybersecurity assessments—in contracts that require the handling of Controlled Unclassified Information (CUI) or Federal Contract Information (FCI).

On September 9, 2025, the California Privacy Protection Agency (“CPPA”), along with California Attorney General Rob Bonta, Colorado Attorney General Phil Weiser, and Connecticut Attorney General William Tong, (collectively the “Coalition”) announced a joint investigative sweep (the “Sweep”) into businesses refusing to honor consumers' requests to opt-out of the sale of their personal information submitted via Global Privacy Controls (“GPCs”). This Sweep is another action in a growing trend of multi-state cooperation in data privacy enforcement activities. Given the continued lack of a federal data privacy law, state cooperation and enforcement activities are expected to continue.

On September 5, 2025, the Federal Trade Commission (“FTC”) withdrew its appeals of decisions issued by Texas and Florida federal district courts, which enjoined the FTC from enforcing a nationwide rule banning almost all noncompete employment agreements. Companies, however, should not read this decision to mean that their noncompete agreements will no longer be subjected to antitrust scrutiny by federal enforcers. In a statement joined by Commissioner Melissa Holyoak, Chairman Andrew Ferguson stressed that the FTC “will continue to enforce the antitrust laws aggressively against noncompete agreements” and warned that “firms in industries plagued by thickets of noncompete agreements will receive [in the coming days] warning letters from me, urging them to consider abandoning those agreements as the Commission prepares investigations and enforcement actions.”

The Best Lawyers in America 2026 Recognizes 43 Crowell & Moring Attorneys, One Selected as Lawyer of the Year

In 2023, California passed two landmark laws—SB 253, the Climate Corporate Data Accountability Act; and SB 261, the Climate-Related Financial Risk Act—that will require large public and privately-held entities doing business in California to comply with sweeping disclosure requirements regarding their direct and indirect greenhouse gas emissions and their climate-related financial risks. California subsequently passed SB 219, which updated certain deadlines and requirements of the laws (collectively, the “Climate Disclosure Laws”).

CMS is well underway in initiating and conducting its Risk Adjustment Data Validation (RADV) audits of Medicare Advantage (MA) organizations for PY 2019, and PY 2020 audit notices are likely to arrive by the end of September. The timing for subsequent PY audits is less clear, but notices will likely be coming soon given CMS’s announced plans to complete all remaining audits by early 2026, including all contracts for PY 2020 and beyond. This approach marks a significant deviation from the agency’s prior policy of reviewing only a fraction of contracts and at a much slower pace.

The System for Award Management (SAM, available at sam.gov) is set to incorporate Revolutionary FAR Overhaul (RFO) changes as early as the first quarter of 2026. The RFO process, which began earlier this year, will trigger matching changes to representations and certifications in SAM.gov.

On August 29, 2025, the Department of Justice (DOJ) and the Department of Homeland Security (DHS) launched a cross-agency Trade Fraud Task Force to expand efforts to target importers and other parties committing trade-related fraud. As stated in a press release issued on August 29, the Task Force will augment the existing coordination mechanisms within the DOJ and DHS, for instance through partnerships with CBP and Homeland Security Investigations, to “aggressively” take enforcement measures against parties that commit tariff evasion or attempt to smuggle prohibited goods into the U.S.

Nearly a decade and a half after the passage of the Leahy-Smith America Invents Act (“AIA”), the Federal Circuit finally had its first occasion to review an appeal of a derivation proceeding that was litigated before the Patent Trial and Appeal Board (“Board”) in Global Health Solutions LLC v. Selner. This case provides helpful guidance for patent litigators regarding the proper legal framework in a derivation proceeding and serves as a reminder that patent applications should be filed as soon as possible. As the facts of this case show, it is important that inventors retain documents and other evidence of the conception of their invention, as well as its communication to others, should there be any challenge to their invention.

On August 22, 2025, the Small Business Administration (SBA) published a proposed rule that would raise the receipts-based small business size standards across 259 industries and the asset-based size standard across 4 industries. The proposed rule aims to provide greater opportunity for growing small businesses to retain their small business status longer and continue to benefit from SBA loan programs and federal contracting opportunities reserved for small businesses.

For years, the deployment of unmanned aircraft systems (UAS), or drones, in U.S. airspace has been constrained by regulations that limited how those devices operated when they strayed beyond the sightline of their human controller. Heretofore, regulations required drone operators to receive individual waivers or exemptions when using drones “beyond their visual line of sight,” known as BVLOS. Industry has felt that these regulations have hampered widespread UAS usage in areas such as package delivery, surveying, and farming, among others.

A charity will be in scope of the new failure to prevent fraud offence if they meet two of the three following criteria:

On August 19, 2025, the Office of Personnel Management (OPM) informed insurers participating in the Federal Employees Health Benefits or Postal Service Health Benefits programs that gender-affirming care would no longer be covered for federal workers starting in 2026. This coverage decision is the Trump Administration’s latest action stemming from Executive Order 14187 which aims to prevent certain treatments, such as gender-affirming hormone therapy, surgeries, and puberty blockers for those under the age of 19. As previously discussed, the Administration has also signaled its intent to use various law enforcement tools against gender-affirming care, including  Section 5 of the Federal Trade Commission Act to police false or unsupported claims by medical professionals about gender-affirming treatments.

The Ninth Circuit ruled that NFTs are not just digital collectibles but legally recognized goods under the Lanham Act. Yuga Labs, Inc. v. Ryder Ripps and Jeremy Cahen, Case No. 24-879 (9th Cir. July 23, 2025). NFTs are intangible, fully virtual, authenticating software code that is associated with separate digital or physical content. Although the Ninth Circuit found that there were genuine issues of material fact that precluded summary judgment on the issue of likelihood of confusion, the court recognized that NFTs are commercial products with tangible value subject to trademark protection. This means that NFT creators and projects can now claim trademark rights in their collections’ names, logos, and associated marks.

A question often asked by consumer product companies these days is whether the eFiling requirements will go into effect as planned given the political upheaval at the U.S. Consumer Product Safety Commission (CPSC) and the dismissal of the three Democrat Commissioners. While that is an impossible question to answer with certainty, all signals suggest the requirements will be implemented on schedule for July 8, 2026.

In this ninth and final alert in our weekly series on the EU Pharma Package, we consider the proposals of the European Commission, European Parliament and the Council of the EU as regards the advertising of medicinal products and we conclude by suggesting various ways in which pharmaceutical companies can already prepare for the upcoming changes.

In our latest Bloomberg Law article about the growing range of antitrust concerns facing government contractors, Crowell lawyers Michelle D. Coleman and Lauren Fleming explore best practices for contractors who are navigating antitrust investigations involving classified information. 

On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included: