Insights

Legislative efforts to significantly expand California’s antitrust laws are working their way through the state legislature. The most comprehensive overhaul is Assembly Bill 1776 — the Competition and Opportunity in Markets for a Prosperous, Equitable and Transparent Economy (COMPETE) Act, introduced by Assembly Majority Leader Cecilia Aguiar-Curry, on March 23, 2026. AB 1776 is modeled closely after draft legislation recommended by the California Law Revision Commission (CLRC) in December. AB 1776 would not only significantly expand potential liability for single-firm conduct and monopolization but would also explicitly decouple California antitrust analysis from certain federal standards. Companies doing business in California should pay close attention to AB 1776 because of its potentially dramatic impact, including increased exposure to antitrust litigation and increased compliance costs.

On March 10, 2026, the Department of Justice released the first-ever Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy (the “Department-wide CEP” or “Policy”), which applies to all non-antitrust corporate criminal cases across the Department. The new policy has been anticipated since December 2025, when Deputy Attorney General Todd Blanche announced the Department’s plans to release a new, single corporate enforcement policy for all criminal matters. According to the Department, the new policy is designed to “help ensure consistency across the Department” and “transparently describe the Department’s policies and decisionmaking.”

On March 3, 2026, the Department of Labor (DOL), Department of Health and Human Services (HHS), and Department of the Treasury (TREAS) — collectively, the “Tri-Agencies” — published their fourth annual report to Congress on enforcement of the Mental Health Parity and Addiction Equity Act (MHPAEA). The 2025 Report demonstrates a shift in approach by the Tri-Agencies in its tone and content and suggests that federal regulators, and the DOL in particular, are not as active as they previously were in MHPAEA enforcement. However, federal enforcement remains ongoing, and state enforcement of mental health parity laws continues to grow. Plans and issuers must continue to maintain comprehensive compliance processes and documentation for MHPAEA compliance.

On February 10, 2026, California enacted Senate Bill 25 (“SB 25”), known as the California Uniform Antitrust Pre-Merger Notification Act. The new law takes effect on January 1, 2027, making California the third state—following Washington (effective July 27, 2025) and Colorado (effective August 6, 2025)—to implement a “mini-HSR” regime modeled after the Uniform Antitrust Pre-Merger Notification Act (“UAPNA”). The legislation reflects the growing state-level focus on merger oversight, and it signals California’s continuing intent to increase early pre-merger scrutiny and concurrent review of transactions with federal authorities.

AI tools have significantly transformed how companies operate, but they come with serious legal risks that are only now taking shape. A recent ruling by a federal judge in the U.S. District Court for the Southern District of New York highlights one such risk: certain inputs and outputs from commercial AI models may not be considered privileged attorney-client communications or protected by the work-product doctrine.

On February 3, 2026, President Trump signed a $1.2 trillion spending deal that, among other points, introduced significant regulatory changes for Medicare Part D plans and PBMs providing services to PDP sponsors in the Medicare Advantage and Medicare Part D programs, and imposed significant new restrictions and transparency requirements on PBMs contracting with private group health plans.

On January 28, 2026, the Federal Aviation Administration (FAA) announced that it would reopen the comment period for the Notice of Proposed Rulemaking (NPRM) titled “Normalizing Unmanned Aircraft Systems Beyond Visual Line of Sight Operations” for fourteen days. This NPRM, jointly published with the Transportation Security Administration (TSA) on August 7, 2025, introduces performance-based regulations for beyond visual line of sight (BVLOS) unmanned aircraft systems (UAS) operations and the third-party services that support them. Although the NPRM’s initial comment period closed on October 6, 2025, the FAA is now accepting additional feedback through February 11, 2026, with a particular focus on the proposed rule’s right-of-way and detect-and-avoid requirements. The FAA previously rejected formal requests to extend the initial comment period, citing the deadline imposed by Executive Order 14307.

On January 5, 2026, District of Colorado Magistrate Judge Cyrus Chung issued a recommendation that the district court grant a motion to quash a Department of Justice (DOJ) administrative subpoena that sought records about the provision of gender-related care by Children’s Hospital Colorado (Children’s) in In re: Department of Justice Administrative Subpoena No. 25-1431-030, U.S. District Court for the District of Colorado, No. 1:25-mc-00063. The court concluded that the DOJ had failed to carry its “light” burden, noting that no other courts that had considered the more than 20 similar subpoenas issued by DOJ had ruled in the DOJ’s favor.  

Since the signing of Executive Order 14187 (“Protecting Children from Chemical & Surgical Mutilation”) in late January 2025, the Trump Administration has made its skeptical stance on gender-affirming care—especially regarding services provided to minors—clear.

After hosting a series of workshops and issuing multiple rounds of materials, including enforcement notices, checklists, templates, and other guidance, the California Air Resources Board (CARB) has proposed regulations to implement the Climate Corporate Data Accountability Act (SB 253) and the Climate-Related Financial Risk Act (SB 261) (both as amended by SB 219), which require large U.S.-based businesses operating in California to disclose greenhouse gas (GHG) emissions and climate-related risks. CARB also published a Notice of Public Hearing and an Initial Statement of Reasons along with the proposed regulations. While CARB’s final rules were statutorily required to be promulgated by July 1, 2025, these are still just proposals. CARB’s proposed rules largely track earlier guidance regarding how CARB intends to define compliance obligations, exemptions, and key deadlines, and establish fee programs to fund regulatory operations.

Earlier this month, California enacted Senate Bill 763 (“SB 763”). The legislation amends the state’s long-standing antitrust statute, the Cartwright Act, to increase both criminal and civil maximum penalties for corporations and individuals.  California Attorney General Rob Bonta, whose office is responsible for enforcing the Cartwright Act and stands to benefit from any civil penalties recovered under the new law, sponsored the bill.

On October 23rd, the U.S. Department of Energy (“DOE”) sent a letter to the Federal Energy Regulatory Commission (“FERC”) containing an Advance Notice of Proposed Rulemaking (“ANOPR”) with principles for all large load interconnections across the US, including those co-located with generating facilities.[1] Significantly, the Secretary of Energy states that the interconnection of large loads to the transmission system “falls squarely” within FERC’s jurisdiction, thus weighing in on a dispute that has been pending before FERC for over a year. This move appears to be a reaction to the continued pendency before FERC of the colocation dockets[2] and a technical conference on colocation held almost a year ago.[3]

This week, California Governor Newsom signed a new California pricing law that will have significant impact to companies doing business in California. The new legislation—known as AB325—will go into effect January 1, 2026 and makes it unlawful under California’s Cartwright Act to collude using a pricing algorithm and to “coerce another person to set or adopt a recommended price or commercial term” using a “common pricing algorithm.”

Last year, the California General Assembly passed the California AI Transparency Act (CAITA), which Governor Gavin Newsom signed into law on September 19, 2024, and goes into effect on January 1, 2026. This may change because this year, the same General Assembly passed AB 853, an amendment to CAITA with potentially far-reaching implications.

On September 24, 2025, the California Air Resources Board (“CARB”) issued a preliminary list of reporting/covered entities under California’s climate disclosure laws SB 253 (the Climate Corporate Data Accountability Act) and SB 261 (the Climate-Related Financial Risk Act) (the “Climate Disclosure Laws”) (both as modified by SB 219).

U.S. Government and private sector sources continue to report efforts by Democratic People’s Republic of Korea (DPRK) nationals to infiltrate companies around the world by posing as information technology (IT) professionals, in order to get hired by U.S. and other businesses and gain access to sensitive company systems. Crowdstrike, a U.S. cybersecurity company, has reported a 220% increase in the number of companies infiltrated by North Korean threat actors over the last 12 months. In particular, a DPRK-affiliated group known as “Famous Chollima” has leveraged artificial intelligence and deepfake technology to generate synthetic identities, as well as resumes and CVs, draft communications, and conduct job interviews. Enforcement actions brought by the U.S. Department of Justice identify victims in the cryptocurrency sector, including decentralized finance (“DeFi”) projects. In addition, media reports indicate that North Korean hackers are purportedly offering fake job offers targeting employees in the cryptocurrency sector, with the goal of stealing crypto.

On Thursday, the California Law Revision Commission (“CLRC”), the influential body that makes recommendations to the Legislature, took significant steps toward its goal of enacting antitrust legislation to regulate single-firm conduct under California’s antitrust law, the Cartwright Act. The CLRC unanimously voted to move forward with an unprecedented legislative proposal that not only outlaws single-firm “restraints of trade,” but also states that certain federal antitrust standards are not required in California state courts. As a next step, the CLRC will approve a formal recommendation to the Legislature along these lines at the CLRC’s December meeting. Companies doing business in California should pay close attention to these developments because of the potentially dramatic impact this kind of law could have, including increased exposure to antitrust litigation. Crowell & Moring is representing the California Chamber of Commerce (“CalChamber”) in monitoring, analyzing and responding to the CLRC’s recommendations.

California Governor Gavin Newsom has until October 12, 2025, to sign into law a first-in-the-nation bill that will, if enacted, likely impose significant regulatory obligations and litigation risk on companies deploying AI chatbots in California.

On September 10, 2025, the Department of Defense (DoD) published a final rule (CMMC Clause Rule) that will apply its much-anticipated Cybersecurity Maturity Model Certification program (CMMC) to DoD contractors and subcontractors. Under the CMMC Clause Rule, starting on November 10, 2025, DoD can include CMMC requirements—potentially including third-party cybersecurity assessments—in contracts that require the handling of Controlled Unclassified Information (CUI) or Federal Contract Information (FCI).