Insights

On May 1, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. National Security Agency (NSA), the Australian Cyber Security Centre, the UK National Cyber Security Centre, the Canadian Centre for Cyber Security, and the New Zealand National Cyber Security Centre, published joint guidance on the “Careful Adoption of Agentic AI Services” (Guidance).

According to the U.S. Supreme Court, freight brokers are the transportation industry’s “matchmakers, connecting sellers of goods to the carriers who move them.” Montgomery v. Caribe Transport II, LLC, No. 24-1238, slip op. at 1 (U.S. May 14, 2026). Those matchmakers now potentially face liability when they make a bad match.

On May 4, 2026, the U.S. Department of Justice (“DOJ”) filed a federal complaint seeking to enjoin Minnesota’s state-court climate lawsuit against major energy companies. DOJ contends that Minnesota’s claims—which target global greenhouse gas emissions—intrude on exclusive federal authority. The complaint asserts that Minnesota’s lawsuit violates the dormant Commerce Clause and is preempted based on uniquely federal interests, the prohibition on extraterritorial state regulation, the Clean Air Act (“CAA”), and the Foreign Affairs doctrine.

From June 11 to July 19, 2026, 16 cities across the United States, Mexico, and Canada will host the 2026 FIFA Men’s World Cup, the largest in history. For construction firms, vendors, and suppliers, this trinational event has presented a significant commercial opportunity. Yet, cross-border projects involving parties operating under three distinct legal systems — common law in the United States and Canada, and civil law in Mexico — also create fertile ground for commercial disputes. Given the scale, technical complexity, and commercial significance of the FIFA World Cup and all the projects surrounding it, disputes are often unavoidable. As companies navigate intricate contractual obligations across multiple jurisdictions, international arbitration may play a pivotal role in resolving conflicts tied to these major commercial undertakings.

The Department of Justice (DOJ) and the cross-agency Trade Fraud Task Force have upped the ante by an order of magnitude in the government’s pursuit of customs fraud. On May 1, 2026—only a few months after setting its previous record-high customs-related False Claims Act (FCA) settlement of $54.4 million with Ceratizit USA, LLC—the DOJ shattered that record with a $549.5 million settlement with Perfectus Aluminum Inc., its subsidiary Perfectus Aluminum Acquisitions LLC, and a set of four affiliated warehousing companies. The Perfectus settlement resolves allegations that the defendants violated the FCA by evading antidumping and countervailing duties (AD/CVD). The settlement resolves three separate qui tam complaints filed by two individual relators and the Aluminum Extruders Council, an international industry association. Defendants were previously criminally convicted on charges related to the same scheme, and those convictions were affirmed by the Ninth Circuit in 2024.

The U.S. Court of Appeals for the Seventh Circuit recently vacated the U.S. Tax Court’s decision in Hyatt Hotels v. Commissioner, a case concerning the taxation of loyalty programs. The Seventh Circuit remanded the case to the Tax Court for further review.

PFAS in cosmetics is quickly becoming one of the highest-stakes compliance issues in the beauty and personal care industry.

On May 5, 2026, CISA announced CI Fortify — an initiative directing critical infrastructure owners and operators to prepare for geopolitical conflict in which OT networks are actively targeted while communications infrastructure is simultaneously degraded.

On May 6, 2026, the Federal Aviation Administration (FAA) published a long-awaited Notice of Proposed Rulemaking (NPRM) that would create a formal process for designating drone-free zones — known as Unmanned Aircraft Flight Restrictions (UAFRs) — over critical infrastructure facilities. The proposed rule has significant implications for the entire drone ecosystem. Facility operators across a broad range of industries would gain a potential pathway to restrict unauthorized drone access to their airspace, while commercial drone operators and companies that rely on UAS services face new compliance obligations, operational constraints, and potential criminal liability in designated zones.

On May 7, 2026, the Department of War issued the long-awaited Proposed Rule to implement Section 847 of the FY 2020 National Defense Authorization Act (NDAA) regarding Foreign Ownership, Control or Influence (FOCI) requirements for contractors. The proposed rule would expand the applicability of FOCI reviews, requiring contractors and subcontractors on unclassified “covered contracts” — defense contracts and subcontracts valued in excess of $5 million that are not for commercial products and services — to submit FOCI disclosures to the Defense Counterintelligence and Security Agency (DCSA) for FOCI risk assessment (and as applicable, mitigation) as part of contract award. This would effectively require DCSA assessment and adjudication of FOCI considerations prior to contract award. Thus, both cleared and uncleared defense contractors would be subject to the rigorous DCSA disclosure requirements, scrutiny, and FOCI mitigation. Crowell discussed the Section 847 requirements in a prior alert.

The ICCU is poised to become one of the most significant international compensation mechanisms of this generation. Crowell & Moring has the experience to help with your claim.

This news bulletin is provided by the International Trade Group of Crowell & Moring. If you have questions or need assistance on trade law matters, please contact Anand Sithian or Simeon Yerokun or any member of the International Trade Group.

On April 30, 2026, USPTO Director John A. Squires issued an updated memorandum superseding the December 4, 2025, guidance on Best Practices for Submission of Rule 132 Subject Matter Eligibility Declarations (SMEDs). The USPTO has also created a new position — Deputy Commissioner for Patents focusing on AI Policy, Practice, and Operations — and has welcomed longtime practitioner and private-sector AI expert Barry Schindler to this role. This alert summarizes the key updates and actionable guidance for patent applicants and practitioners.

Employers should be aware of several California laws that were recently enacted or went into effect. These laws expand the scope of care recipients that can trigger paid family leave obligations, extend the statute of limitation for survivors of sexual assault, strengthen protections for tipped workers’ wages, increase minimum wage statewide, provide collective bargaining and organization rights to rideshare workers, and prohibit “stay-or-pay” clauses in employment contracts. 

On April 13, 2026, President Trump signed into law the Small Business Innovation and Economic Security Act, which reauthorized the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs.  These programs are Small Business Administration-sponsored initiatives intended to encourage small business contractors to conduct early-stage research and development (R&D) and help foster technological innovation related to U.S. government needs across several federal agencies, including the Department of War, Department of Energy, National Aeronautics and Space Administration, and National Institutes of Health.  SBIR/STTR are sometimes referred to as “America’s Seed Fund.”  Consistent with that characterization, SBIR contractors performing in the defense and technology space are often the focus of venture capital and private equity interest and investment.

The appropriate use of AI tools during the claims review process continues to be a major topic of debate within the health care industry — but in recent weeks, emerging litigation has inspired critics to turn their attention specifically to the technology’s application within federal health programs. On March 25, 2026, the Electronic Frontier Foundation (EFF) filed a lawsuit against the Centers for Medicare and Medicaid Services (CMS), citing the agency’s alleged failure to answer a Freedom of Information Act (FOIA) request for records the EFF believes will provide crucial insight into the design, safeguards, vendor relationships, and real-world performance of the Medicare Wasteful and Inappropriate Service Reduction (WISeR) Model, CMS’s  AI-driven prior authorization pilot program for certain Medicare services.

On April 15, 2026, a federal jury found Live Nation and its subsidiary Ticketmaster liable on every antitrust count submitted, including monopolization of primary ticketing markets and illegal bundling of its promotions and venue business lines. The jury found the defendants liable for $1.72 for each primary concert ticket sold pursuant to the anticompetitive conduct.[1] The trial opened March 2, 2026, before Judge Arun Subramanian in the Southern District of New York, as a case brought by the federal government and a coalition of states. The case, however, was rocked by an early-trial settlement between the Department of Justice (DOJ) and the defendants. Although the DOJ and six of the plaintiff states (Arkansas, Iowa, Mississippi, Nebraska, Oklahoma, South Dakota) exited the trial, 33 states and the District of Columbia rejected the settlement, brought in a law firm, and moved forward with the trial. Next up for the case: (1) a statutorily required Tunney Act review of the DOJ’s settlement; (2) defendants’ Rule 50 and Rule 59 motions; (3) determination by the Court of how many tickets are subject to the $1.72 damage award (before trebling as per the Clayton Act); and (4) a remedy phase where the Court will consider plaintiffs’ likely proposal to sever Ticketmaster from Live Nation.

Several recent class actions filed against Tempus AI, Inc., a health care technology company that combines AI with molecular and clinical data to develop precision medicine services, are the latest in a series of cases illustrating a fast-growing legal risk: the repurposing of genetic and clinical data — collected for diagnostic or treatment purposes — for artificial intelligence (AI) model training, analytics, and downstream commercialization following corporate acquisitions. At the same time, state genetic privacy regulation is expanding rapidly, with Utah and South Dakota being the most recent states to enact new statutes, and legislation advancing in several additional states. Organizations holding genetic datasets need to treat data governance as a core enterprise risk issue, not a downstream compliance matter.

A recent Illinois appellate decision has narrowed a key protection that state and local government contractors have long been able to rely on under Illinois’ Biometric Information Privacy Act (BIPA). In Thomas v. Cornerstone Services, Inc., the Illinois Appellate Court held that BIPA’s government contractor exemption does not provide blanket immunity to contractors simply because they hold a contract or subcontract with a state agency or local unit of government. The ruling carries important compliance implications for contractors and subcontractors operating across both government and private-sector markets.

On April 30, 2026, the DOJ announced the launch of the Fraud Oversight through Careful Use of Statistics initiative (FOCUS) to increase coordination between the Department and the growing host of data miners who sift through publicly available government data to identify patterns of alleged fraud. The launch of FOCUS highlights a growing trend in False Claims Act (FCA) enforcement: civilian data miners with access to public data — but no other connection to the alleged defendants — are filing almost as many qui tam complaints as company insiders.