Executive Summary

In this alert, we look at Colombian President Gustavo Petro’s first months in office and the outlook for his reform agenda in 2023.  We discuss the implications for U.S.-Colombia relations and for doing business in the country.

  • Petro’s election has led to a reconfiguration of power structures in Colombia and a change in the way policies are designed and implemented. The administration has a statist bent and views the private sector’s role as less prominent than prior administrations. There is less emphasis on attracting investment.
  • This year will be crucial for Petro’s reform agenda and for his party, Pacto Histórico. The government’s energy transition policy and labor, health care, and pension reforms will shape Colombia’s economy in the decades to come and companies will need to be on notice that coming changes may be profound.
  • The Biden and Petro administrations have made efforts to find common ground. But the change of leadership in the House of Representatives, the proximity of the 2024 U.S. presidential election, an emboldened Florida GOP, and implementation of controversial reforms in Colombia could test the relationship in 2023.
  • Security remains a key concern for companies doing business in Colombia and conditions have deteriorated in the past few years. Progress on peace negotiations and the government’s new crime and drug policies will determine whether conditions improve.

Petro’s First Months in Office

“Today begins the Colombia of the possible. Today begins our second opportunity,” Petro told a cheering crowd in Bogotá on August 7. His inauguration as President of Colombia, he said, marked the end of Gabriel García Márquez’s One Hundred Years of Solitude for the Colombian people. The election and orderly transition to a left-wing former guerrilla president and the first Afro-Colombian vice president in the country’s history showed the strength of Colombia’s democracy, one of the oldest and most stable in the Americas.

Continue Reading Colombia in 2023: A Crucial Year for Petro’s Reform Agenda

On January 5, 2023, the Federal Trade Commission (“FTC”) issued a groundbreaking proposed rule that would, if finalized:

  • prohibit most employers from entering into non-compete clauses with workers, including employees and individual independent contractors;
  • prohibit such employers from maintaining non-compete clauses with workers or representing to a worker that the worker is subject to a non-compete clause; and
  • require employers to rescind any existing non-compete clause with workers by the compliance date of the rule and notify the affected workers that their non-compete clause is no longer in effect.

The FTC’s notice of proposed rulemaking explains that the FTC considered possible limitations on the rule—such as excluding senior executives or highly paid employees from the ban—but it ultimately proposed a categorical ban on non-competes.  The only exception is for non-competes related to the sale of a business.  However, even this exception is unusually narrow: it would only apply to selling business owners who own at least 25% percent of the business being sold.  (The proposal also would not apply to most non-profits, certain financial institutions, common carriers, and others who are also outside the scope of FTC regulation.)

As discussed in Covington’s January 5 client alert, the FTC explained that it issued the proposed rule due to its belief that non-competes reduce wages, stifle innovation and business, and are exploitative and unnecessary. 

Continue Reading FTC Proposes Rule to Ban Most Non-Competes

The Federal Energy Regulatory Commission (“FERC”) issued a final rule (Order No. 887) directing the North American Electric Reliability Corporation (“NERC”) to develop new or modified Reliability Standards that require internal network security monitoring (“INSM”) within Critical Infrastructure Protection (“CIP”) networked environments.  This Order may be of interest to entities that develop, implement, or maintain hardware or software for operational technologies associated with bulk electric systems (“BES”).

The forthcoming standards will only apply to certain high- and medium-impact BES Cyber Systems.  The final rule also requires NERC to conduct a feasibility study for implementing similar standards across all other types of BES Cyber Systems.  NERC must propose the new or modified standards within 15 months of the effective date of the final rule, which is 60 days after the date of publication in the Federal Register.  

Background

According to the FERC news release, the 2020 global supply chain attack involving the SolarWinds Orion software demonstrated how attackers can “bypass all network perimeter-based security controls traditionally used to identify malicious activity and compromise the networks of public and private organizations.”  Thus, FERC determined that current CIP Reliability Standards focus on prevention of unauthorized access at the electronic security perimeter and that CIP-networked environments are thus vulnerable to attacks that bypass perimeter-based security controls.  The new or modified Reliability Standards (“INSM Standards”) are intended to address this gap by requiring responsible entities to employ INSM in certain BES Cyber Systems.  INSM is a subset of network security monitoring that enables continuing visibility over communications between networked devices that are in the so-called “trust zone,” a term which generally describes a discrete and secure computing environment.  For purposes of the rule, the trust zone is any CIP-networked environment.  In addition to continuous visibility, INSM facilitates the detection of malicious and anomalous network activity to identify and prevent attacks in progress.  Examples provided by FERC of tools that may support INSM include anti-malware, intrusion detection systems, intrusion prevention systems, and firewalls.   

Continue Reading FERC Orders Development of New Internal Network Security Monitoring Standards

At the beginning of a new year, we are looking ahead to five key technology trends in the EMEA region that are likely to impact businesses in 2023.

1. Technology Regulations across EMEA

European Union

If 2022 was the year that the EU reached political agreement on a series of landmark legislation regulating the technology sector, 2023 will be the year that some of this legislation starts to bite:

  • The Digital Services Act (DSA): By 17 February 2023, online platforms and online search engines need to publish the number of monthly average users in the EU. Providers that are designated as “very large online platforms” and “very large search engines” will need to start complying with the DSA in 2023, and we may start to see Commission investigations kicking off later in the year too.
  • The Digital Markets Act (DMA): The DMA starts applying from 2 May 2023. By 3 July 2023, gatekeepers need to notify their “core platform services” to the Commission.
  • The Data Governance Act (DGA): The DGA becomes applicable from 24 September 2023.

Also this year, proposals published under the European Data Strategy—such as the Data Act and European Health Data Space—and EU legislation targeting artificial intelligence (AI) systems—including the AI ActAI Liability Directive and revised Product Liability Directive—will continue making their way through the EU’s legislative process. These legislative developments will have a significant impact on the way that businesses ingest, use and share data and develop and deploy AI systems. In addition, the new liability rules will create potentially significant new litigation exposure for software and AI innovators.

Continue Reading Top Five EMEA Technology Trends to Watch in 2023

This quarterly update summarizes key legislative and regulatory developments in the fourth quarter of 2022 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity.

Artificial Intelligence

In the last quarter of 2022, the annual National Defense Authorization Act (“NDAA”), which contained AI-related provisions, was enacted into law.  The NDAA creates a pilot program to demonstrate use cases for AI in government. Specifically, the Director of the Office of Management and Budget (“Director of OMB”) must identify four new use cases for the application of AI-enabled systems to support modernization initiatives that require “linking multiple siloed internal and external data sources.” The pilot program is also meant to enable agencies to demonstrate the circumstances under which AI can be used to modernize agency operations and “leverage commercially available artificial intelligence technologies that (i) operate in secure cloud environments that can deploy rapidly without the need to replace operating systems; and (ii) do not require extensive staff or training to build.” Finally, the pilot program prioritizes use cases where AI can drive “agency productivity in predictive supply chain and logistics,” such as predictive food demand and optimized supply, predictive medical supplies and equipment demand, predictive logistics for disaster recovery, preparedness and response.

At the state level, in late 2022, there were also efforts to advance requirements for AI used to make certain types of decisions under comprehensive privacy frameworks.  The Colorado Privacy Act draft rules were updated to clarify the circumstances that require controllers to provide an opt-out right for the use of automated decision-making and requirements for assessments of profiling decisions.  In California, although the California Consumer Privacy Act draft regulations do not yet cover automated decision-making, the California Privacy Protection Agency rules subcommittee provided a sample list of related questions concerning this during its December 16, 2022 board meeting.

Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022

The European Parliament and Council are about to formally adopt a General Product Safety Regulation (“GPSR”), which will repeal and replace the General Product Safety Directive 2001/95 (“GPSD”)Just like the GPSD, the GPSR sets out the basic rules on the safety of products placed on, or made available in, the EU market and intended for, or likely to be used by, consumers.  While the GPSR builds on the existing legal framework of the GPSD it introduces several changes and new requirements that aim to enhance the protection of consumer’s health and safety, and adapt its requirements to new technologies.

This blog post outlines 16 changes and new requirements that the GPSR introduces and that industry should carefully take into consideration.

Changes Introduced by the GPSR

The GPSR will introduce the following 16 changes:

Continue Reading Sixteen Changes of the Upcoming EU General Product Safety Regulation

The House of Representatives formally established the new “Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party,” with a bipartisan vote of 365-65. The Select Committee, to be chaired by Rep. Mike Gallagher (R-WI), a former military intelligence officer who also serves on the House Intelligence Committee, has been in the works for some time. The Select Committee will be heavily focused on oversight and investigations and is expected to scrutinize, among other things, U.S. businesses operating in China, businesses in China on which the United States is perceived to depend, and other areas where Congress sees opportunities for private industry to bolster America’s competitive position against China. The Select Committee’s objectives are clear—companies, entities, and individuals with significant cross-border business with China should get ready for expected oversight now. 

We outline key knowns and unknowns about the Select Committee, and offer suggestions to prepare for its expected activities, in this client alert.

Regulation (EU) 2022/2560 of the European Parliament and of the Council of 14 December 2022 on foreign subsidies distorting the internal market (FSR) entered into force on 12 January 2023 and will start to apply as of 12 July 2023.

The FSR creates a brand new instrument to fill a regulatory gap, by preventing foreign subsidies from distorting the European Union (EU) internal market. Whereas companies receiving public support in the EU are subject to strict State aid rules, companies obtaining public support outside the EU are generally not. This was perceived as putting companies in the EU at a disadvantage compared to companies that obtained subsidies outside the EU, but that also engaged in economic activity in the Union.

The FSR’s scope extends far beyond the obvious State support, to cover common types of benefits that are granted all over the world, including in countries driven by a market economy. Its obligations will inevitably place an additional administrative burden on companies engaging in an economic activity in the EU. Acceptance of a foreign subsidy distorting the EU internal market may have far-reaching consequences for the company. The FSR places additional compliance obligations on companies, and for many will entail a thorough assessment to identify and justify foreign subsidies received. For companies considering transactions in the EU, the FSR effectively creates a third layer of deal conditionality, besides merger control and Foreign Direct Investment laws. This is adding a further unique set of thresholds, timings and factual considerations, to be included in companies’ strategies to invest in the EU. This will require expertise in EU antitrust and State aid law, and a good understanding of the details of the FSR.

Key things you need to know:

Continue Reading The EU Foreign Subsidies Regulation enters into force

Recent legislation allows employers to continue offering first-dollar telehealth coverage without jeopardizing the ability to contribute to a health savings account (“HSA”), but only through the end of the 2024 plan year.

Background – HSA Eligibility

Employees can make and receive pre-tax contributions to HSAs to use for qualified medical expenses. To be “eligible” to make or receive contributions to an HSA, you (a) must be covered by a high deductible health plan (“HDHP”), and (b) may not have other non-HDHP coverage that covers benefits before the HDHP deductible has been met.

Certain types of coverage, like dental and vision care, is disregarded in determining whether an individual is “eligible” to contribute to an HSA. Disregarded coverage does not have to be coordinated with HDHPs. This means that participants can receive “first-dollar” coverage for disregarded coverage and still be eligible to make or receive contributions to an HSA.

Telehealth is Disregarded Coverage Through 2024

Under prior legislation, telehealth coverage provided (i) during plan years beginning before December 31, 2021; and (ii) during the period beginning April 1, 2022 and ending December 31, 2022, is disregarded coverage under the HSA rules. See the CARES Act and the Consolidated Appropriations Act, 2022. 

Continue Reading Employers Can Continue to Cover Telehealth Benefits Before HDHP Deductible Is Met

A Re-cap

The Good Friday Agreement (GFA)

The 1998 GFA brought an end to the 30 years of violent sectarian strife, euphemistically known as ‘The Troubles’. The GFA was carefully constructed so as to balance the competing positions of both communities and to remove all infrastructure on the border between N and S Ireland.  Importantly, it also created a power-sharing system in N Ireland, with the largest political party appointing the First Minister and the second largest party appointing the Deputy First Minister. 

The GFA was ‘guaranteed’ by the UK and the Republic of Ireland both being members of the EU and therefore subject to the same trading and legal arrangements. When the UK left the EU, it became necessary to work out a new arrangement for Northern Ireland which did not risk re-creating a border between N and S Ireland, but still enabled the UK as a whole to be treated as a third-country outside the EU.

The Northern Ireland Protocol (NIP)

A third country outside the EU requires a land border. The solution to squaring this complex and sensitive this circle (one of the most difficult elements of the UK’s departure from the EU, along with the status of Gibraltar) was The Northern Ireland Protocol (the NIP), an integral part of the broader Trade and Cooperation Agreement between the UK and the EU (The TCA).

The NIP allows N Ireland to remain in the EU Single Market, but takes it out of the Customs Union.  This deliberate fudge imposes the requirement to carry out checks on goods coming from GB to N Ireland to  avoid them entering the EU’s Single Market via the ‘back door’ of N / S Ireland trade.  Since the GFA means there can be no infrastructure on the N/S Ireland Border, those controls have to be carried out ‘in’ the Irish Sea – in practice on arrival of goods in N Ireland.

Continue Reading The Northern Ireland Conundrum: A Path Forward?