Insights

Earlier this month, California enacted Senate Bill 763 (“SB 763”). The legislation amends the state’s long-standing antitrust statute, the Cartwright Act, to increase both criminal and civil maximum penalties for corporations and individuals.  California Attorney General Rob Bonta, whose office is responsible for enforcing the Cartwright Act and stands to benefit from any civil penalties recovered under the new law, sponsored the bill.

On October 23rd, the U.S. Department of Energy (“DOE”) sent a letter to the Federal Energy Regulatory Commission (“FERC”) containing an Advance Notice of Proposed Rulemaking (“ANOPR”) with principles for all large load interconnections across the US, including those co-located with generating facilities.[1] Significantly, the Secretary of Energy states that the interconnection of large loads to the transmission system “falls squarely” within FERC’s jurisdiction, thus weighing in on a dispute that has been pending before FERC for over a year. This move appears to be a reaction to the continued pendency before FERC of the colocation dockets[2] and a technical conference on colocation held almost a year ago.[3]

This week, California Governor Newsom signed a new California pricing law that will have significant impact to companies doing business in California. The new legislation—known as AB325—will go into effect January 1, 2026 and makes it unlawful under California’s Cartwright Act to collude using a pricing algorithm and to “coerce another person to set or adopt a recommended price or commercial term” using a “common pricing algorithm.”

Last year, the California General Assembly passed the California AI Transparency Act (CAITA), which Governor Gavin Newsom signed into law on September 19, 2024, and goes into effect on January 1, 2026. This may change because this year, the same General Assembly passed AB 853, an amendment to CAITA with potentially far-reaching implications.

On September 24, 2025, the California Air Resources Board (“CARB”) issued a preliminary list of reporting/covered entities under California’s climate disclosure laws SB 253 (the Climate Corporate Data Accountability Act) and SB 261 (the Climate-Related Financial Risk Act) (the “Climate Disclosure Laws”) (both as modified by SB 219).

U.S. Government and private sector sources continue to report efforts by Democratic People’s Republic of Korea (DPRK) nationals to infiltrate companies around the world by posing as information technology (IT) professionals, in order to get hired by U.S. and other businesses and gain access to sensitive company systems. Crowdstrike, a U.S. cybersecurity company, has reported a 220% increase in the number of companies infiltrated by North Korean threat actors over the last 12 months. In particular, a DPRK-affiliated group known as “Famous Chollima” has leveraged artificial intelligence and deepfake technology to generate synthetic identities, as well as resumes and CVs, draft communications, and conduct job interviews. Enforcement actions brought by the U.S. Department of Justice identify victims in the cryptocurrency sector, including decentralized finance (“DeFi”) projects. In addition, media reports indicate that North Korean hackers are purportedly offering fake job offers targeting employees in the cryptocurrency sector, with the goal of stealing crypto.

On Thursday, the California Law Revision Commission (“CLRC”), the influential body that makes recommendations to the Legislature, took significant steps toward its goal of enacting antitrust legislation to regulate single-firm conduct under California’s antitrust law, the Cartwright Act. The CLRC unanimously voted to move forward with an unprecedented legislative proposal that not only outlaws single-firm “restraints of trade,” but also states that certain federal antitrust standards are not required in California state courts. As a next step, the CLRC will approve a formal recommendation to the Legislature along these lines at the CLRC’s December meeting. Companies doing business in California should pay close attention to these developments because of the potentially dramatic impact this kind of law could have, including increased exposure to antitrust litigation. Crowell & Moring is representing the California Chamber of Commerce (“CalChamber”) in monitoring, analyzing and responding to the CLRC’s recommendations.

California Governor Gavin Newsom has until October 12, 2025, to sign into law a first-in-the-nation bill that will, if enacted, likely impose significant regulatory obligations and litigation risk on companies deploying AI chatbots in California.

On September 10, 2025, the Department of Defense (DoD) published a final rule (CMMC Clause Rule) that will apply its much-anticipated Cybersecurity Maturity Model Certification program (CMMC) to DoD contractors and subcontractors. Under the CMMC Clause Rule, starting on November 10, 2025, DoD can include CMMC requirements—potentially including third-party cybersecurity assessments—in contracts that require the handling of Controlled Unclassified Information (CUI) or Federal Contract Information (FCI).

The System for Award Management (SAM, available at sam.gov) is set to incorporate Revolutionary FAR Overhaul (RFO) changes as early as the first quarter of 2026. The RFO process, which began earlier this year, will trigger matching changes to representations and certifications in SAM.gov.

On August 29, 2025, the Department of Justice (DOJ) and the Department of Homeland Security (DHS) launched a cross-agency Trade Fraud Task Force to expand efforts to target importers and other parties committing trade-related fraud. As stated in a press release issued on August 29, the Task Force will augment the existing coordination mechanisms within the DOJ and DHS, for instance through partnerships with CBP and Homeland Security Investigations, to “aggressively” take enforcement measures against parties that commit tariff evasion or attempt to smuggle prohibited goods into the U.S.

On August 19, 2025, the Office of Personnel Management (OPM) informed insurers participating in the Federal Employees Health Benefits or Postal Service Health Benefits programs that gender-affirming care would no longer be covered for federal workers starting in 2026. This coverage decision is the Trump Administration’s latest action stemming from Executive Order 14187 which aims to prevent certain treatments, such as gender-affirming hormone therapy, surgeries, and puberty blockers for those under the age of 19. As previously discussed, the Administration has also signaled its intent to use various law enforcement tools against gender-affirming care, including  Section 5 of the Federal Trade Commission Act to police false or unsupported claims by medical professionals about gender-affirming treatments.

On August 14, 2025, the Office of Federal Procurement Policy (OFPP) and the Federal Acquisition Regulatory Council (FAR Council) issued draft revisions to FAR Part 8 and FAR Part 12 (as well as to FAR Parts 4 and 40). These are the latest rewrites under the Revolutionary FAR Overhaul (RFO) initiative pursuant to Executive Order 14275, “Restoring Common Sense to Federal Procurement,” which we previously reported on here.

On August 11, 2025, the U.S. Department of Justice (“DOJ”) announced that it had unsealed an indictment against two Mexican businessmen for alleged violations of the Foreign Corrupt Practices Act (“FCPA”).  DOJ asserts that the defendants, both Mexican nationals living in Texas, paid bribes to officials at Petróleos Mexicanos (“PEMEX”), and its subsidiary, PEMEX Exploración y Producción (“PEP”) to secure contracts worth an estimated $2.5 million.  These charges come amidst a period of uncertainty regarding FCPA enforcement following the Trump administration’s temporary pause on FCPA enforcement and the subsequent issuance of new investigation and enforcement guidelines.

On August 7, 2025, the FAR Council issued a final rule amending FAR 52.204-7 to clarify that, effective immediately, an offeror’s failure to maintain continuous System for Award Management (SAM) registration between proposal submission and contract award does not render the offeror ineligible for award, so long as the offeror was registered in SAM at the time of proposal submission and is registered at the time of contract award. The final rule should address situations like TLS Joint Venture, LLC, B-422275, Apr. 1, 2024, 2024 CPD ¶ 74, where an offeror’s SAM registration lapsed for a single day between the proposal submission and award dates, and GAO found the offeror ineligible for award.

On July 24, the European Commission announced the imposition of new EU countermeasures in response to U.S. tariffs further to an agreement reached among EU Member States. These measures are adopted through Commission Implementing Regulation (EU) 2025/1564 and take the form of additional customs duties on U.S. products as well as export restrictions for certain EU products. In total, these measures concern about EUR 93 billion ($109 billion) worth of customs duties, the highest volume of bilateral trade caught by the EU so far. The EU countermeasures are set to enter into force as of August 7.

On July 23, 2025, the White House released Winning the Race: America’s AI Action Plan (“the Plan”) the Trump Administration’s most significant policy statement on artificial intelligence to date.

In April 2025, the IRS and the Department of Homeland Security (DHS) formalized a Memorandum of Understanding (MOU) enabling Immigration and Customs Enforcement (ICE) to create a system of information sharing between the agencies. Under the MOU, the IRS can share tax return information for non-tax criminal investigation purposes. More specifically, the MOU permits ICE to request sensitive tax information from the IRS for purposes of pursuing immigration related cases and deportations. Given the Trump administration’s focus on undocumented workers, the implications of the MOU likely will go even further as sharing this information will result in tax enforcement against employers of deported individuals.

On June 12, 2025, the Fifth Circuit ruled in Guardian Flight I[i] and Guardian Flight II[ii] that the No Surprises Act (“NSA”) does not confer a private right of action on parties to confirm an Independent Dispute Resolution (“IDR”) award in court. The Fifth Circuit is the first United States Court of Appeals to weigh in on the issue, which has divided some district courts. On July 11, 2025 the Fifth Circuit denied Appellant’s request for en banc review of the Court’s finding that the NSA lacks a private right of action.[iii] The panel’s ruling is now final and controlling precedent for the Fifth Circuit unless overturned by the Supreme Court.

On June 27, in Trump v. Casa, the Supreme Court held that federal courts lack equitable authority to issue “nationwide”—or, using the Court’s preferred parlance, “universal”—injunctions. Writing for the 6-3 majority, Justice Barrett explained that whether Congress vested the judiciary with such power depends on the existence of a founding-era antecedent to the practice of universal injunctions. Finding none, the Court held that universal injunctions fall outside a federal court’s equitable authority.