Insights

On September 24, 2025, the California Air Resources Board (“CARB”) issued a preliminary list of reporting/covered entities under California’s climate disclosure laws SB 253 (the Climate Corporate Data Accountability Act) and SB 261 (the Climate-Related Financial Risk Act) (the “Climate Disclosure Laws”) (both as modified by SB 219).

On Thursday, the California Law Revision Commission (“CLRC”), the influential body that makes recommendations to the Legislature, took significant steps toward its goal of enacting antitrust legislation to regulate single-firm conduct under California’s antitrust law, the Cartwright Act. The CLRC unanimously voted to move forward with an unprecedented legislative proposal that not only outlaws single-firm “restraints of trade,” but also states that certain federal antitrust standards are not required in California state courts. As a next step, the CLRC will approve a formal recommendation to the Legislature along these lines at the CLRC’s December meeting. Companies doing business in California should pay close attention to these developments because of the potentially dramatic impact this kind of law could have, including increased exposure to antitrust litigation. Crowell & Moring is representing the California Chamber of Commerce (“CalChamber”) in monitoring, analyzing and responding to the CLRC’s recommendations.

California Governor Gavin Newsom has until October 12, 2025, to sign into law a first-in-the-nation bill that will, if enacted, likely impose significant regulatory obligations and litigation risk on companies deploying AI chatbots in California.

On September 10, 2025, the Department of Defense (DoD) published a final rule (CMMC Clause Rule) that will apply its much-anticipated Cybersecurity Maturity Model Certification program (CMMC) to DoD contractors and subcontractors. Under the CMMC Clause Rule, starting on November 10, 2025, DoD can include CMMC requirements—potentially including third-party cybersecurity assessments—in contracts that require the handling of Controlled Unclassified Information (CUI) or Federal Contract Information (FCI).

The System for Award Management (SAM, available at sam.gov) is set to incorporate Revolutionary FAR Overhaul (RFO) changes as early as the first quarter of 2026. The RFO process, which began earlier this year, will trigger matching changes to representations and certifications in SAM.gov.

On August 29, 2025, the Department of Justice (DOJ) and the Department of Homeland Security (DHS) launched a cross-agency Trade Fraud Task Force to expand efforts to target importers and other parties committing trade-related fraud. As stated in a press release issued on August 29, the Task Force will augment the existing coordination mechanisms within the DOJ and DHS, for instance through partnerships with CBP and Homeland Security Investigations, to “aggressively” take enforcement measures against parties that commit tariff evasion or attempt to smuggle prohibited goods into the U.S.

On August 19, 2025, the Office of Personnel Management (OPM) informed insurers participating in the Federal Employees Health Benefits or Postal Service Health Benefits programs that gender-affirming care would no longer be covered for federal workers starting in 2026. This coverage decision is the Trump Administration’s latest action stemming from Executive Order 14187 which aims to prevent certain treatments, such as gender-affirming hormone therapy, surgeries, and puberty blockers for those under the age of 19. As previously discussed, the Administration has also signaled its intent to use various law enforcement tools against gender-affirming care, including  Section 5 of the Federal Trade Commission Act to police false or unsupported claims by medical professionals about gender-affirming treatments.

On August 14, 2025, the Office of Federal Procurement Policy (OFPP) and the Federal Acquisition Regulatory Council (FAR Council) issued draft revisions to FAR Part 8 and FAR Part 12 (as well as to FAR Parts 4 and 40). These are the latest rewrites under the Revolutionary FAR Overhaul (RFO) initiative pursuant to Executive Order 14275, “Restoring Common Sense to Federal Procurement,” which we previously reported on here.

On August 11, 2025, the U.S. Department of Justice (“DOJ”) announced that it had unsealed an indictment against two Mexican businessmen for alleged violations of the Foreign Corrupt Practices Act (“FCPA”).  DOJ asserts that the defendants, both Mexican nationals living in Texas, paid bribes to officials at Petróleos Mexicanos (“PEMEX”), and its subsidiary, PEMEX Exploración y Producción (“PEP”) to secure contracts worth an estimated $2.5 million.  These charges come amidst a period of uncertainty regarding FCPA enforcement following the Trump administration’s temporary pause on FCPA enforcement and the subsequent issuance of new investigation and enforcement guidelines.

On August 7, 2025, the FAR Council issued a final rule amending FAR 52.204-7 to clarify that, effective immediately, an offeror’s failure to maintain continuous System for Award Management (SAM) registration between proposal submission and contract award does not render the offeror ineligible for award, so long as the offeror was registered in SAM at the time of proposal submission and is registered at the time of contract award. The final rule should address situations like TLS Joint Venture, LLC, B-422275, Apr. 1, 2024, 2024 CPD ¶ 74, where an offeror’s SAM registration lapsed for a single day between the proposal submission and award dates, and GAO found the offeror ineligible for award.

On July 24, the European Commission announced the imposition of new EU countermeasures in response to U.S. tariffs further to an agreement reached among EU Member States. These measures are adopted through Commission Implementing Regulation (EU) 2025/1564 and take the form of additional customs duties on U.S. products as well as export restrictions for certain EU products. In total, these measures concern about EUR 93 billion ($109 billion) worth of customs duties, the highest volume of bilateral trade caught by the EU so far. The EU countermeasures are set to enter into force as of August 7.

On July 23, 2025, the White House released Winning the Race: America’s AI Action Plan (“the Plan”) the Trump Administration’s most significant policy statement on artificial intelligence to date.

In April 2025, the IRS and the Department of Homeland Security (DHS) formalized a Memorandum of Understanding (MOU) enabling Immigration and Customs Enforcement (ICE) to create a system of information sharing between the agencies. Under the MOU, the IRS can share tax return information for non-tax criminal investigation purposes. More specifically, the MOU permits ICE to request sensitive tax information from the IRS for purposes of pursuing immigration related cases and deportations. Given the Trump administration’s focus on undocumented workers, the implications of the MOU likely will go even further as sharing this information will result in tax enforcement against employers of deported individuals.

On June 12, 2025, the Fifth Circuit ruled in Guardian Flight I[i] and Guardian Flight II[ii] that the No Surprises Act (“NSA”) does not confer a private right of action on parties to confirm an Independent Dispute Resolution (“IDR”) award in court. The Fifth Circuit is the first United States Court of Appeals to weigh in on the issue, which has divided some district courts. On July 11, 2025 the Fifth Circuit denied Appellant’s request for en banc review of the Court’s finding that the NSA lacks a private right of action.[iii] The panel’s ruling is now final and controlling precedent for the Fifth Circuit unless overturned by the Supreme Court.

On June 27, in Trump v. Casa, the Supreme Court held that federal courts lack equitable authority to issue “nationwide”—or, using the Court’s preferred parlance, “universal”—injunctions. Writing for the 6-3 majority, Justice Barrett explained that whether Congress vested the judiciary with such power depends on the existence of a founding-era antecedent to the practice of universal injunctions. Finding none, the Court held that universal injunctions fall outside a federal court’s equitable authority.

Briefing. The Trump administration continues to raise the stakes for importers and other actors in the international trade space. Bloomberg Law reports that the Department of Justice has tasked its MIMF (Market Integrity and Major Frauds) Unit with investigating fraud schemes by companies dodging U.S. tariffs. The MIMF Unit is already well-versed in financial fraud investigations, is set to grow significantly with the addition of prosecutors previously assigned to consumer protection matters, and now is shifting resources to tariff evasion cases.

On July 4, President Trump signed into law the “One Big Beautiful Bill Act” (“the Act”), or H.R. 1, which makes significant changes to federal healthcare programs, including Medicaid, Medicare, and Health Insurance Marketplaces. As proposed in previous versions of the Act, the Act includes cuts to the Medicaid program and imposes new requirements on beneficiaries, states, and healthcare providers.

In response to the recent U.S. strikes on Iranian nuclear facilities, the New York State Department of Health (“NYS DOH”) issued a cybersecurity advisory (the “Advisory”) that cautions healthcare providers, such as hospitals, treatment centers, and healthcare practitioners, of a high likelihood of increased cyberattacks and heightened cybersecurity threat activity.  The Advisory follows similar announcements and warnings from U.S. Department of Homeland Security (“DHS”), NYS Intelligence Center (NYSIC) and the Health-ISAC (Information Sharing and Analysis Center).

Twenty years ago, the Supreme Court held that “one who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties.” MGM Studios, Inc. v. Grokster, Ltd., 545 U.S. 913, 919 (2005). In the Grokster case, the Supreme Court found that peer-to-peer file sharing companies could be liable for copyright infringement for their users’ deployment of file sharing software. There, the Court found that liability was warranted because the file sharing companies knew that its users were infringing, and the companies materially contributed to that infringement.

Over the past several months, hundreds of businesses across California have been served with Notices of Violation (NOVs) of California’s Proposition 65 (“Prop 65”) for issuing thermal receipts at the register and using thermal labels and stickers in their stores. The targeted businesses include large and small retailers, restaurants, banks, gas stations, and grocers.