Insights

On March 26, 2026, President Trump issued an executive order (EO) titled Addressing DEI Discrimination by Federal Contractors. The EO declares diversity, equity, and inclusion (DEI) “activities” “unethical and often illegal,” and imposes new obligations on federal contractors and subcontractors related to DEI programming. Contractors that do business with the federal government — or that work as subcontractors for companies that do — should review the EO closely to determine the extent to which they are compliant with the new requirements.

On March 23, 2026, the Federal Communications Commission (FCC) updated its Covered List—a list of communications equipment and services deemed to pose an unacceptable risk to U.S. national security or the safety and security of U.S. persons—to include consumer-grade routers produced in a foreign country, absent an exemption granted by the U.S. Departments of War (DoW) or Homeland Security (DHS). This designation effectively prohibits the import of all consumer routers that are not produced in the United States.

In two recent pathbreaking judgments, juries in California and New Mexico held social media companies civilly liable for harming minors who used their products.

On March 20, 2026, the Centers for Medicare and Medicaid Services (CMS) released new guidance outlining the agency’s audit methods and instructions for Medicare Advantage (MA) plans subject to upcoming risk adjustment data validation (RADV) audits for payment year (PY) 2020. In addition to providing necessary context for MA plans selected for auditing, this resource clarifies CMS’s methodological and procedural expectations. While the high-level takeaways are recapped below for convenience, we strongly recommend that MA organizations selected for PY 2020 audits closely review the guidance to understand what may be involved — or required — during the agency’s review.

In its latest attempt to establish a national AI regulatory standard and quash “cumbersome” state AI laws, the White House on Friday, March 20, 2026, released legislative recommendations for a National Policy Framework on Artificial Intelligence. 

Legislative efforts to significantly expand California’s antitrust laws are working their way through the state legislature. The most comprehensive overhaul is Assembly Bill 1776 — the Competition and Opportunity in Markets for a Prosperous, Equitable and Transparent Economy (COMPETE) Act, introduced by Assembly Majority Leader Cecilia Aguiar-Curry, on March 23, 2026. AB 1776 is modeled closely after draft legislation recommended by the California Law Revision Commission (CLRC) in December. AB 1776 would not only significantly expand potential liability for single-firm conduct and monopolization but would also explicitly decouple California antitrust analysis from certain federal standards. Companies doing business in California should pay close attention to AB 1776 because of its potentially dramatic impact, including increased exposure to antitrust litigation and increased compliance costs.

False Claims Act (FCA) settlements and judgments hit record highs yet again in FY 2025, surpassing the previous record by over $1 billion and setting a new high-water mark for the number of new FCA cases filed.  These records were built both on existing enforcement priorities such as pandemic-related fraud and healthcare enforcement actions and new guidance from the Executive Branch instructing the Department of Justice to enforce its 2025 priorities including Diversity, Equity, and Inclusion (DEI), civil rights, and customs issues.  Procurement fraud, cybersecurity issues, and small business fraud also remained focal points, with significant settlements in each of those areas.  In the courts, an Eleventh Circuit decision expanded relators’ ability to use discovery to avoid dismissal under Rule 9(b), and a Ninth Circuit ruling clarified a number of customs fraud issues while applying the Supreme Court’s Schutte scienter test.  Debate over the qui tam provisions’ constitutionality continued to grow, with arguments made in multiple circuits, including an Eleventh Circuit oral argument in the appeal of the Middle District of Florida’s Zafirov decision that helped to spark the recent wave of challenges.  Crowell FCA attorneys explain these developments, trends, and what’s next for the FCA in a “Feature Comment” published in The Government Contractor.

On March 19, 2026, a U.S. District Court for the Fifth Circuit panel denied the Federal Trade Commission’s (FTC) emergency motion for a stay pending appeal of a district court’s order that vacated the FTC’s 2024 overhaul of the HSR premerger notification form.

2026 will prove to be a pivotal year for organ procurement organizations (OPOs). For the first time, the impact of the Center for Medicare and Medicaid Services’ (CMS) 2020 outcome measures will be fully felt, as the year marks the end of the first certification cycle governed by the new benchmarks. In the meantime, OPOs are challenging the 2020 rule in several federal lawsuits and, as that litigation progresses, CMS is accepting comments on a new proposed rule, which we discussed in a prior alert. 

On March 12, 2026, the U.S. Commodity Futures Trading Commission (CFTC) took formal steps toward establishing additional regulations for prediction markets. The agency issued an Advanced Notice of Proposed Rulemaking (ANPRM) soliciting public input on potential new rules, and separately, released staff guidance outlining its views on how existing rules apply to prediction market platforms currently in operation. These developments signal a significant shift in the regulatory landscape for an industry that has grown rapidly over the past year.

Entities regulated by the Animal Welfare Act (AWA) are potentially facing an unprecedented wave of federal enforcement as DOJ, USDA, HHS, and DHS unleash a plan to intensify inspections, increase compliance demands, and coordinate enforcement efforts like never before — making proactive preparation essential for all affected organizations.

In a rare move that could have significant impacts for businesses operating in regulated industries, the Trump administration has indicated plans to invoke the Endangered Species Committee, commonly referred to as the “God Squad.”  See 16 U.S.C. 1536(e); 50 C.F.R. Part 453. On March 16, 2026, the Interior Department published a notice in the Federal Register, stating that the Committee will hold a meeting – which will be livestreamed - on March 31 in Washington, D.C. to consider an ESA exemption “with respect to oil and gas exploration, development, and production activities” in the Gulf.[1]This little-known but powerful federal panel earned its nickname because it holds the authority to exempt certain projects from the protections of the Endangered Species Act (ESA), potentially clearing the way for development and other activities in sensitive habitats.

The New Jersey Legislature is considering two bills, that if enacted, would prohibit business entities from using either consumers' personal data or “personalized algorithmic pricing” to set prices for merchandise or services, including groceries. If enacted, the new laws would have broad implications for companies across industries that rely on algorithmic or data-informed pricing strategies. In her recent State Budget Address, New Jersey Governor Mikie Sherrill pledged to sign the proposals into law if they reach her desk.

In Wake Chapel Church, Inc. v. Church Mutual Insurance Company, the Fourth Circuit affirmed a $1.1 million jury verdict in favor of a policyholder, reaffirming that under North Carolina law insurers cannot defeat all-risk coverage by pointing to a postulated inherent defect or other excluded cause if a covered peril also contributed to the loss.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued six new general licenses, and updated a seventh that allow for many activities related to: the export of Venezuelan oil and petrochemical products from Venezuela; the exploration, development, and production of oil, gas, and petrochemical products in Venezuela; the generation, transmission, storage, or distribution of electricity in Venezuela; the export to Venezuela of U.S.-origin diluents; negotiating for investment in the oil, gas, petrochemical, and electricity sectors in Venezuela; and the export of Venezuelan gold.

On March 6, 2026, the General Services Administration (GSA) issued a significant proposed contract clause, GSAR 552.239-7001, Basic Safeguarding of Artificial Intelligence Systems (“Clause”), for inclusion in GSA Schedule solicitations and contracts for AI capabilities.  The proposed clause would impose substantial new requirements related to AI sources, intellectual property rights, data use, change management, and performance standards.  The Clause would also take precedence over any other contract terms (including commercial licensing terms) related to AI, including a Seller’s terms of sale and service to which the Government had previously agreed.  GSA requests comments by March 20, 2026.

On March 10, 2026, the Department of Justice released the first-ever Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy (the “Department-wide CEP” or “Policy”), which applies to all non-antitrust corporate criminal cases across the Department. The new policy has been anticipated since December 2025, when Deputy Attorney General Todd Blanche announced the Department’s plans to release a new, single corporate enforcement policy for all criminal matters. According to the Department, the new policy is designed to “help ensure consistency across the Department” and “transparently describe the Department’s policies and decisionmaking.”

On February 26, 2026, the Senate Health, Education, Labor, and Pensions (HELP) Committee voted 22-1 to advance the Health Care Cybersecurity and Resiliency Act of 2026. Sponsored by a bipartisan group — led by HELP Committee Chair Senator Bill Cassidy (R-LA); and Senators Mark Warner (D-VA), Maggie Hassan (D-NH), and John Cornyn (R-TX) — the bill represents perhaps the most significant federal legislative effort to overhaul health care cybersecurity since the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, and would compel health care companies to make major investments in cybersecurity.

On 26 February 2026, the EU published Directive (EU) 2026/470 (the Omnibus I Directive). Adopted as part of the European Commission's (Commission) simplification agenda and after a year of debates and negotiations between the Commission, the Council, and the European Parliament, this text effectuates far-reaching changes to both the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CS3D).