Insights

The Small Business Administration (SBA) has rolled out changes to its 8(a) Program even as it suspends 8(a) participants for failure to respond to the SBA’s December 5, 2025 8(a) audit letters.

On January 13, 2026, Miami-based pharmaceutical wholesaler Atlantic Biologicals Corporation entered into a two-year DPA, admitting to conspiracy to distribute and dispense controlled substances, including more than 14 million opioid doses to “pill mill” pharmacies in Texas at a markup. The DOJ and DEA underscored the company’s deliberate evasion of compliance checks and disregard for red flags signaling diversion.

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide initiative established to standardize the security assessment, authorization, and continuous monitoring of cloud products and services used by federal agencies. FedRAMP’s primary objective is to ensure that cloud service providers (CSPs) implement robust security controls to protect federal information in cloud environments. By leveraging a consistent framework for security assessment and authorization, FedRAMP is intended to reduce duplication of effort, cost, and time for both agencies and vendors.

On January 16, 2026, U.S. Secretary of War Pete Hegseth posted a video on social media outlining the U.S. Department of War’s (DoW) plan to combat fraud, waste, and abuse in the Small Business Administration’s (SBA) 8(a) Business Development Program. 

On January 14, 2026, the United States filed a lawsuit against the State of Minnesota in federal district court, challenging the state's affirmative action requirements for civil service employment as violations of Title VII of the Civil Rights Act of 1964 (“Title VII”). This action comes almost a year after President Trump issued Executive Order 14173, which rescinded federal affirmative action requirements for federal government contractors and set up a potential conflict between federal requirements and certain state contracting requirements. The United States has designated this case as a matter of general public importance. This entitles the federal government to an expedited review by a three-judge panel at the district court with direct appeal to the United States Supreme Court—setting the path for a show-down on affirmative action in employment at the highest court.

The Federal Trade Commission (FTC) has announced its annual updates to the thresholds and filing fees related to the Hart-Scott-Rodino Antitrust Improvements Act of 1976 (the HSR Act). These dollar thresholds are indexed annually based on changes in the U.S. gross national product and the Consumer Price Index.

On January 8, 2026, the Trump Administration announced the creation of a new Division for National Fraud Enforcement within the Department of Justice (DOJ). The division will be led by a newly appointed Assistant Attorney General (AAG), pending Senate confirmation, who will report directly to both the President and Vice President and operate out of the White House. Such a reporting structure is unprecedented in the history of the DOJ.

State regulation of PFAS-containing products will ramp up significantly in 2026. Most notably, companies will have to comply with Minnesota’s sweeping new product-reporting requirements.  As we explain below, Minnesota’s requirements cast a wide net, capturing companies that may not sell products directly into the state. This and other features of the state’s reporting program are likely to present significant compliance challenges for a wide range of businesses.

On January 5, 2026, District of Colorado Magistrate Judge Cyrus Chung issued a recommendation that the district court grant a motion to quash a Department of Justice (DOJ) administrative subpoena that sought records about the provision of gender-related care by Children’s Hospital Colorado (Children’s) in In re: Department of Justice Administrative Subpoena No. 25-1431-030, U.S. District Court for the District of Colorado, No. 1:25-mc-00063. The court concluded that the DOJ had failed to carry its “light” burden, noting that no other courts that had considered the more than 20 similar subpoenas issued by DOJ had ruled in the DOJ’s favor.  

The National Institute of Standards and Technology (“NIST”) recently released draft guidelines for applying NIST’s Cybersecurity Framework to organizations adopting artificial intelligence. NIST requests public comments on its “Initial Preliminary Draft” Cybersecurity Framework Profile for Artificial Intelligence (the “Cyber AI Profile”) by midnight on January 30, 2026. 

On December 17, 2025, the U.S. Food and Drug Administration (FDA) issued a request for information (RFI) on a proposal designed to help the FDA engage more directly with innovative, venture-backed companies focused on biotechnology, medical devices, AI, and regulatory technology.[i]The RFI includes 19 questions, with responses due by 2:00 p.m. ET on January 18, 2026.

In an important first, the yearly defense policy law, the National Defense Authorization Act (NDAA) for Fiscal Year 2026, directs the Department of Defense (DoD)  to develop and implement a framework addressing the cybersecurity and physical security of artificial intelligence and machine learning technologies (AI/ML) acquired by the Pentagon.

This news bulletin is provided by the International Trade Group of Crowell & Moring. If you have questions or need assistance on trade law matters, please contact Anand Sithian or Simeon Yerokun or any member of the International Trade Group.

The California Privacy Protection Agency (“CPPA”) is intensifying its oversight of data brokers with a new dedicated Data Broker Enforcement Strike Force within its Enforcement Division. The strike force will monitor and investigate data brokers’ compliance with their legal obligations under California’s Delete Act and the California Consumer Privacy Act (“CCPA”).

In Trump v. CASA, the Supreme Court significantly constrained the equitable authority of federal district courts to grant universal or nationwide injunctive relief, clarifying that, with specific exceptions, a federal court’s power to grant relief is limited to the parties before it. When it was issued, many bemoaned CASA’s implications for preventing government overreach.

As artificial intelligence (AI) continues to evolve and integrate into various aspects of legal practice, counsel and arbitral tribunals drawing up their Terms of Reference (TOR) establishing the terms of the dispute being referred to arbitration and also formulating their procedural orders should consider the implications of AI. This client alert highlights the importance of addressing AI in TOR negotiations and provides an overview of likely topics international arbitration practitioners can expect to treat in TORs and procedural orders.

On December 4, 2025, an advisory committee of the U.S. Securities and Exchange Commission (SEC or Commission) voted to advance a recommendation that the agency issue guidance requiring issuers to disclose information about the impact of artificial intelligence (AI) on their companies.

GAO’s key personnel rule is well-known—and often a source of frustration— amongst government contractors.  Proposed key personnel who become “unavailable” prior to contract award—especially where they have accepted employment with a different company—may doom an offeror’s proposal by rendering it noncompliant with solicitation requirements.  But GAO’s recent decision in FYI – For Your Information, Inc., B-423774, B-423774.2 (Dec. 19, 2025) provides some potential relief from that rule. 

Since the signing of Executive Order 14187 (“Protecting Children from Chemical & Surgical Mutilation”) in late January 2025, the Trump Administration has made its skeptical stance on gender-affirming care—especially regarding services provided to minors—clear.

On December 22, 2025, the Federal Trade Commission (“FTC”) took its first step in enforcing its August 2024 Consumer Review Rule (“Rule”) that regulates online companies’ moderation and curation of user reviews, by issuing warning letters to 10 unidentified companies alerting them of their potential violations of the Rule, and cautioning that continued noncompliance could lead to enforcement action and substantial civil penalties. The FTC warning letters directed each recipient to immediately cease and desist from any non-compliant practices and required the company to confirm in writing the steps taken to ensure ongoing compliance with the Rule.