Insights

The states of the Persian Gulf are moving rapidly to establish themselves as global centers of investment and innovation in artificial intelligence (AI). The Kingdom of Saudi Arabia, the United Arab Emirates (UAE), and the State of Qatar are making substantial outlays in technology and infrastructure as they seek to diversify their economies away from oil. As important, their governments are implementing digital regulations and AI strategies in a bid to attract foreign investment and develop technology companies that can go toe-to-toe with American and European competitors. 

On August 28, 2025, France, Germany, and the UK (the E3) initiated the process to reinstate (or snapback) UN sanctions on Iran. The snapback mechanism (which was set to expire on October 18, 2025) is outlined in UN Security Council Resolution 2231 (UNSCR 2231).

On September 10, 2025, the Department of Defense (DoD) published a final rule (CMMC Clause Rule) that will apply its much-anticipated Cybersecurity Maturity Model Certification program (CMMC) to DoD contractors and subcontractors. Under the CMMC Clause Rule, starting on November 10, 2025, DoD can include CMMC requirements—potentially including third-party cybersecurity assessments—in contracts that require the handling of Controlled Unclassified Information (CUI) or Federal Contract Information (FCI).

On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:

On July 23, 2025, the White House released Winning the Race: America’s AI Action Plan (“the Plan”) the Trump Administration’s most significant policy statement on artificial intelligence to date.

Open source data and software play a foundational role in software development, artificial intelligence (AI), education, and research. Open source AI refers to systems where the source code, model parameters, and related components are freely available for anyone to use, study, modify, and distribute.

The U.S. Department of Justice’s (DOJ) reprieve on civil enforcement of its Data Security Program (DSP), which imposes sweeping restrictions on bulk data transfers by U.S. entities to certain “countries of concern” and “covered persons,” is set to expire on July 8, 2025.

The flow of data across borders is essential to our global economy. As companies grow more and more dependent on cross-border data transfers to conduct business, two parallel legal trends have emerged:

On April 11, 2025, the U.S. Department of Justice (DOJ) issued guidance regarding the implementation and enforcement of the newly enacted final rule, “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons,” now referred to as the Data Security Program (DSP). The release included an Implementation and Enforcement Policy, a Compliance Guide, and Frequently Asked Questions (FAQs). Collectively, these documents are designed to help entities subject to the DSP understand and comply with the obligations set out under the Final Rule.

On March 12, 2025, the Government of Canada announced plans to launch the Canadian Program for Cyber Security Certification (CPCSC). CPCSC is a cybersecurity compliance verification program that aims to protect sensitive unclassified government information handled by Canadian government contractors and subcontractors within Canada’s defense sector. Canada will roll out CPCSC to contractors in four phases, with the first phase launching this month.

As digitalization has become more ubiquitous and attacks surfaces widened, the number of cyberattacks have correspondingly increased. In 2024, ransomware attacks in particular grew in their frequency and impact. In an effort to enact more stringent policy approaches, governments introduced over 170 data protection laws between 2023 and 2024. With not a single company immune from these regulatory winds, industry must keep a close watch.

Significant shifts in U.S. technology policy are taking shape at the start of the new administration. This is especially true in the field of artificial intelligence (AI), where President Trump revoked President Biden’s Executive Order 14110, titled “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence,” as part of his flurry of Day One executive actions. The administration is now moving quickly to put its own stamp on this area in an effort to strengthen U.S. AI leadership and competitiveness and outpace other nations, particularly the People’s Republic of China.

Amid the continued exponential rise and adoption of artificial intelligence (AI) systems, the Council of Europe set a unique precedent earlier this year by adopting the first-of-its-kind legally binding international AI framework. Aimed at ensuring the respect of human rights, the rule of law, and democracy in the use of AI systems, the framework strikes an important balance in addressing the risks throughout the lifecycle of an AI system without hampering innovation.

On October 30, 2023, President Biden released an Executive Order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI).  This landmark EO seeks to advance the safe and secure development and deployment of AI by implementing a society-wide effort across government, the private sector, academia, and civil society to harness “AI for good,” while mitigating its substantial risks.

On 16 July 2020, we started one of our Client Alerts as follows:

On March 1, 2023, the Office of the United States Trade Representative (“USTR”) issued the Biden Administration’s 2023 Trade Policy Agenda (“Agenda”) and 2022 Annual Report (“Report”). The Report was submitted to the Congress pursuant to Section 163 of the Trade Act of 1974, as amended. The Report’s 211 pages, plus three annexes, detail the Administration’s ongoing trade priorities and summarize trade activities in 2022, including trade agreements and negotiations, trade enforcement activities, other trade activities, and updates on work at the World Trade Organization.

On February 28, 2023, the Commerce Department released the first Notice of Funding Opportunity (“First NOFO”) under the recently enacted CHIPS and Science Act (CHIPS Act), P.L. 117-167. The First NOFO seeks applications for assistance—including direct funding, loans, and loan guarantees—for projects to construct, expand, or modernize commercial semiconductor facilities.  

On October 7, 2022, President Biden signed an executive order implementing the EU-U.S. Data Privacy Framework.  Announced in March, this framework replaces the Privacy Shield program that the EU Court of Justice invalidated in July 2020 with its Schrems II decision. That decision stated that the United States did not provide a level of data protection that was “essentially equivalent” to that provided within the EU because signal intelligence surveillance by U.S. agencies was considered too broad and EU residents were not provided with effective remedies.

There is a great urgency for all stakeholders, including governments, employers, academia to invest in digital upskilling and reskilling of the workforce, as digital skills become integral to the future of work and post-COVID-19 recovery. According to the APEC Closing the Digital Skills Gap Report: Trends and Insights, in developing economies such as China, Indonesia and Mexico, the demand for digitally skilled workers has been growing much faster than supply. Additionally, economies such as New Zealand, Singapore, and United States are hiring individuals with digital talent at the fastest month on month rates.

Private companies account for over 71% of global emissions and are a vital group in the fight to reach net zero. This article explores the trend towards uniform environmental reporting standards in a bid to incentivize firms to improve their environmental performance.