Insights

London – June 11, 2026: Crowell & Moring Partner Emma Wright has been appointed to the UK Government's newly formed Digital ID Advisory Group, an independent body of experts convened by Right Honorable Darren Jones MP, to support the delivery of a national digital ID system that is inclusive, useful, and trusted. 

Washington – June 4, 2026: Crowell & Moring earned 92 individual rankings for 81 attorneys, as well as 48 national and statewide practice area rankings, in the Chambers USA 2026 guide. The Chambers guide ranks the country’s top law firms and lawyers through in-depth research, client interviews, and feedback from attorneys at peer firms. 

Washington — Dec. 3, 2024: Crowell & Moring represented Microsoft and LF Projects in seizing 240 fraudulent websites linked to an Egypt-based criminal organization. On November 21, 2024, the U.S. District Court for the Eastern District of Virginia unsealed a temporary restraining order against Abanoub Nady (known online as “MRxC0DER”) and John Doe Defendants (collectively the “Fake ONNX Defendants”), who developed, sold, and implemented “do it yourself” phishing kits under the predominant brand names “ONNX” and “Caffeine,” among several others. In selling these kits under the ONNX name, the cybercriminals misappropriated and misused the “ONNX” trademark, which is owned by LF Projects. LF Projects uses the ONNX name and logo in connection with the Open Neural Network Exchange, a platform that enables interoperability between AI models throughout the tech industry. Numerous cybercriminal and online threat actors purchased these kits and used them in widespread phishing campaigns to bypass additional security measures and break into Microsoft customer accounts.

The EU Cyber Resilience Act (CRA) is an EU product cybersecurity law for connected products (formally, “products with digital elements” under the CRA) commercialized in the EU; it entered into force on 10 December 2024, with direct application across the EU. Full application begins 11 December 2027, but one of its most operationally demanding provisions takes effect in just under 100 days, on 11 September 2026: the mandatory vulnerability and incident reporting under Article 14 CRA.

On March 2, 2023, the Biden Administration released the 35-page National Cybersecurity Strategy (the “Strategy”) with a goal “to secure the full benefits of a safe and secure digital ecosystem for all Americans.”

Earlier this month, two courts, one in California and one in Massachusetts under two different scenarios, opined on the enforceability of browsewrap and hybridwrap agreements, providing important warnings for companies relying on such agreements to obtain legally required consent for activities such as telemarketing or to otherwise impose terms and conditions on website users. Many cases turn on the enforceability of such agreements, and companies should evaluate their use of browsewrap agreements (e.g., terms of use available through a hyperlink at the bottom of a webpage) and hybridwrap agreements to determine whether changes are appropriate to improve enforceability and mitigate legal risk.