• President López Obrador has been a strong critic of independent regulators, including the anti-trust (COFECE) and telecommunications (IFT) regulators.
  • COFECE is at an inflection point with a leadership transition this month while it continues to be under pressure from the López Obrador administration.
  • Eliminating or reducing the autonomy of these bodies will undermine free market principles in Mexico, thus making it more challenging for companies to do business in the country.

Mexico’s independent anti-trust regulator, the Federal Economic Competition Commission (COFECE), is at an inflection point with a leadership transition this month while it continues to be under pressure from the López Obrador administration.  COFECE is an autonomous, constitutional body responsible for overseeing, promoting and ensuring competition and free market access.  The Board of Commissioners is COFECE’s seven-member governing body in charge of accepting cases and resolving matters through a simple a majority vote.

Since the 2013 constitutional reform, when it became an autonomous body, COFECE has been instrumental in protecting free market access in many sectors of the Mexican economy.  In the past few years, COFECE has been on the front lines in challenging President López Obrador’s policies in important matters such as energy reform, food labeling, and pensions.  For example, earlier this year, COFECE filed a constitutional challenge with the Supreme Court against the law passed by the governing party, MORENA, regarding the electricity sector.  COFECE argued the law threatened competition in the sector.  Specifically, COFECE argued that the policy eliminated competition in the generation and supply of electricity as set forth in Mexican law, which requires the dispatch to take place based on price.

Similarly, on the trade of oil products, hydrocarbons and petrochemicals, COFECE issued recommendations to stop proposed changes to the regulation claiming they would reduce incentives for companies to invest in transport and storage infrastructure of hydrocarbons and petrochemicals, give the Ministry of Energy broad discretion on import and export volumes, and deny permits without justification or explanation.

COFECE’s board also made recommendations regarding the amendment to the “Mexican Official Standard for the labeling of foods and beverages NOM-051-SCFI/SSA1-2010, which established certain nutritional specifications for the frontal labeling on foods and beverages.  On this matter, COFECE recommended that the labeling regulation provide complete nutritional information for consumers, but without eliminating opportunities for competition through differentiation in labeling and marketing strategies.[1]

On the Retirement Savings System, COFECE’s Board issued an opinion recommending Congress not pass a draft bill to reform the retirement system, as it imposed an inflexible cap on the commissions charged by Retirement Fund Administrators.  Consequently, the Commission recommended the adoption of a system for regulating commissions based on technical, transparent and pro-competitive criteria through the pension funds regulatory agency.[2]


  • President López Obrador has been a strong critic of independent regulators. Moreover, earlier this year, the President signaled he would promote a bill to transfer COFECE’s responsibilities to the Ministry of Economy, and those of another independent regulator, the Federal Institute for Telecommunications (IFT), to the Communications and Transportation Ministry.  This move is widely believed to be an attempt to consolidate control of independent regulators.
  • Critics of the President’s plans argue that eliminating or reducing the autonomy of these independent bodies will undermine free market principles in Mexico. They also argue that the independence of many of Mexico’s regulators is enshrined in Mexico’s free trade agreements, including USMCA, and any moves to undermine their status would contravene Mexican trade commitments.


  • COFECE’s Commissioner President, Alejandra Palacios, stepped down from her role on September 9, 2021.. Currently, Brenda Gisela Hernández, the commissioner with the longest tenure, is serving as acting President.

The Board is composed of seven Commissioners, including the Chairperson.[3]  In order to operate, it needs at least four Commissioners to have quorum; matters will be decided by a majority of votes of those who can resolve on the corresponding case, as long as at least three Commissioners vote.  As of today, the Commission stands precisely at the limit because President López Obrador has not designed substitutions since November 2020.

  • As of today, COFECE has no quorum (five) for resolutions related to the procedures to determine barriers to competition, for the issuance of regulatory provisions, and to appoint the Head of the Investigating Authority (recently appointed) responsible for initiating and conducting the Commission’s investigations to determine the existence of monopolistic or anti-competitive practices.
  • The law does not indicate any time limit for the President to name Commissioners. Therefore, the President could indirectly debilitate COFECE by choosing to do nothing.  This is a possible scenario since  the President’s Party does not have enough votes to make constitutional changes.

[1] https://www.cofece.mx/wp-content/uploads/2020/02/COFECE-002-2020.pdf

[2] https://www.cofece.mx/wp-content/uploads/2020/11/COFECE-041-2020_ENG.pdf

[3] Each Commissioner is selected and appointed by an Evaluation Committee, which is comprised of government officials from the Bank of Mexico, the National Institute for the Evaluation of Education and the National Institute for Statistics and Geography.  The Committee examines and evaluates applicant’s technical capacities. Results are submitted to the head of the executive branch for his or her selection and subsequently submitted to the Senate for ratification.

Last week, the office of Acting FCC Chairwoman Jessica Rosenworcel released a draft Notice of Inquiry (NOI) regarding spectrum availability and requirements to support the growth of Internet of Things (IoT).  The FCC will consider this NOI, which is intended to collect information and does not propose rules, in its next Open Commission Meeting scheduled for September 30, 2021. This proposed NOI is the latest in a series of FCC actions that will affect the future deployment of IoT products and services in the United States.

Pursuant to the National Defense Authorization Act of 2021, the FCC is required to issue this NOI to seek comment on “current and future spectrum needs to enable better connectivity relating to the Internet of Things (IoT).”  As a part of its inquiry, the FCC would seek comment on:

  • whether the licensed spectrum that is available, or is planned for allocation, for commercial wireless services is adequate to support the needs of IoT;
  • how to ensure adequate spectrum is available outside of the bands being considered for commercial wireless access, including alternative bands that may be suitable for IoT;
  • whether spectrum sharing that is not possible for other types of commercial wireless networks could serve IoT deployment;
  • the role and spectrum requirements needed for IoT applications and services provided by satellites;
  • what regulatory barriers may exist to providing needed spectrum access for IoT deployment, including buildout requirements for IoT networks, license areas, and license terms;
  • the role of unlicensed devices in the growth of IoT and whether there is adequate spectrum available for such operations; and
  • how the topics covered in the NOI may promote or inhibit advances in diversity, equity, inclusion, and accessibility.

This proceeding will join other open proceedings where the FCC is considering new policies and rules to promote and regulate IoT products and services.  As we covered previously, the FCC in June sought comment on whether it should encourage manufacturers of IoT devices to follow the guidance of the NIST’s IoT Report as a standard.  Additionally, the FCC in July adopted a Notice of Proposed Rulemaking (NPRM) which would expand the permissible uses for short-range radars in the 57 to 64 GHz band.  As the FCC explained in its accompanying News Release, the rules could support a wide range of IoT applications, including “Internet of Things technologies for in-home automation services like environmental control and smart home appliances” as well as “enterprise solutions like factory automation.”

If adopted at the September meeting (as is expected), comments on the NOI will be due 30 days after publication in the Federal Register, with reply comments due 45 days after publication.

A number of recent reports have raised the question of how much of existing hydrocarbon reserves can be used if the world is to meet the Paris Goal of no more than 1.5 degrees of global warming.  This blog examines the conclusions of the most recent of those reports, published in the journal Nature, in the light of an article written by the IEA’s Director and Iraq’s Foreign Minister about the geopolitical impact of the Energy Transition.

The 8 September Report

An 8 September Report in the journal Nature (the Report) made an important link between forcing the pace of the Energy Transition and the geopolitical impacts of tackling climate change. In doing so, the Report underlined the tension between ensuring that the Energy Transition is a Fast Transition, but also a Just Transition.  The Transition must move the world as fast as possible to a low carbon future.  But it must do so without destroying the value on which stock markets and pension funds rely; leaving millions in fuel poverty; or tipping regions which are heavily dependent on hydrocarbons for their economic growth into instability and unrest.

The Report concludes that global coal production peaked in 2013 and oil output is at, or near, peak demand.  The Report compares its 2021 analysis with a similar analysis carried out in 2015, concluding that the proportions of un-extractable reserves are significantly higher than those in the 2015 analysis.  Although that change is partly due to the reduction of the temperature target from 2C to 1.5C following the Paris Agreement, it is also driven by the falling costs of renewables and electric vehicles, which reduce demand for oil.

The Report, together with the IEA’s Report in May 2021 and the UN’s Report from last December conclude that fossil fuel production must fall rapidly to keep global temperature rises to under 1.5C and avoid severe climate disruption.

A Zero Carbon Future Means Significant Change for Hydrocarbon Companies…

Using a global energy systems model to assess the amount of fossil fuels that would need to be left unexploited, to allow for a 50% probability of limiting warming to 1.5 °C, the Nature Report argues that meeting the Paris Climate Goal of 1.5 degrees will result in significant volumes of fossil fuel assets  (90% of coal and 60% of oil and gas reserves) becoming stranded – effectively making them worthless. The Report estimates that companies will be obliged to write down their reserves and should plan for a reduction in production by up to 50% over the next decade.

The Report concludes that in order to meet the Paris goal, oil, gas and coal production should already have peaked and will need to decline at 3% a year from now. Such a scenario would have a significant impact on company valuations, meaning that hydrocarbon companies should put in place strong transition plans now.

But the Impact on Hydrocarbon-reliant Countries is even starker…

This analysis leads the Report’s authors to conclude that all Arctic fossil fuels and 99% of unconventional oil and gas must remain un-extracted due to ‘their large size (as well as less-favourable economics and higher carbon intensity)’.  The Report calculates that this would mean that in a 1.5 degree world, 58% of all currently known reserves of oil would remain un-extracted; 59% of proven methane reserves and 89% of coal.  There are regional variations in the model – Canada, for example, would have to leave 83% of its oil untouched; Central and Southern America 73%.  For Russia and FSU Countries, that figure falls to 38%, but for Middle Eastern countries the model suggests that 62% of proven oil reserves would have to remain in the ground.  The picture for individual countries’ coal reserves is similarly bleak for those countries dependent on hydrocarbon revenue.  The model concludes that the US, Russia and the former Soviet Union countries would need to leave 97% of their coal reserves in the ground; Australia, 95% and China and India, 76%.  The Report submitted these figures to a sensitivity analysis model which included the deployment at scale of CCUS.  This analysis did not have a significant impact on the headline figures, leading the Report’s authors to conclude that the results are relatively robust to uncertainties across key assumptions.

The authors of the Report state that the impact of such an abrupt change will be felt at national and individual levels. Workers in the Hydrocarbon sector will need to be re-trained and energy companies will need to aggressively shift over their portfolios to focus exclusively on renewables.

The Report does not comment on whether such a rapid (and truncated) transition could be carried out at the same time as ensuring uninterrupted supplies of energy (and transport) to consumers.  But it seems clear that such a swift transition would place huge strain on the economies and social fabric of States that are heavily reliant on fossil fuel revenue. Countries in the Middle East are particularly at risk, given the centrality of global oil and gas markets to their economies – the Report notes that the MEA region will see a decline of 50% in production by 2050, relative to 2020 production levels and juxtaposes that decline with the statistic that Iraq, Bahrain, Saudi Arabia and Kuwait currently rely on fossil fuels for 65–85% of total government revenues.

This tension lies behind an article written by IEA Chairman Fatih Birol and the Iraqi Foreign Minister, Ali Allawi earlier this month, which highlighted the impact climate change is already having on the Middle East.  The article quotes the example of Iraq, where temperatures are estimated to be rising up to seven times faster than the global average, exacerbating stress on the country’s water supplies. The article notes the risks of instability and unrest if the Energy Transition is not handled early and the economy is not proactively transformed in an equitable, affordable way by transferring employment and investment from hydrocarbons to renewables, creating employment for the region’s large youth population and economic growth.

The Article quotes the IEA’s forecast in its December 2020 report ‘Global Roadmap to Net Zero by 2050’ that, to reach Net Zero, the world’s demand for oil will need to decline from more than 90m barrels a day to less than 25m by 2050, noting that such a reduction would reduce net revenues for oil-producing economies (many of which rely on oil exports and revenues to pay the wages and associated costs of a large public sector) by 75%.

The article uses this statistic to underline the importance of engaging with the needs of fossil fuel-producing countries.  The Article’s authors quote Iraq again where poverty rates doubled in 2020, due to the global reduction in hydrocarbon demand caused by the pandemic.  The authors make a plea for this engagement, noting that failure to do so risks the Energy Transition being an Unjust Transition, with profound implications not only for regional and international security but also for the stability of global energy markets.

The Article concludes that hydrocarbon producing countries will increasingly be forced to aggressively diversify their economies before the Energy Transition strips them of their core revenue sources.  If that chronology is not observed, livelihoods will be lost and poverty rates will increase – that combination of factors risks creating deepening economic hardship and increasing unemployment with the associated dangers of broader societal unrest and instability.  Getting the timing right will be key to maintaining the balance between Fast and Just Transitions.

A Silver Lining?

The world will continue to need energy through the Energy Transition (indeed, with a growing world population, it will need more energy, not less), but – if climate goals are to be met – that energy will have to come increasingly from sources other than hydrocarbons. Developments in production and efficiency (as well as the impact of different subsidy regimes) have continued to drive down the costs of renewable energy, meaning that, in some parts of the world, renewable energy is competing on price with that produced by fossil-fueled plants.

The Birol Article notes that the worst potential solar sites in Iraq get up to 60% more direct energy from the sun than the best sites in Germany, underlining the advantages that the Middle East has for producing energy from solar power – that includes electricity and green hydrogen.  Although effective exploitation of that potential will require significant investment in infrastructure, ports and interconnectors, all four of the interventions mentioned in this blog make the point that early and effective investment in the Energy Transition offers countries in the Middle East the opportunity to continue to play a core role in the supply of global energy markets.

Investment on this scale will create opportunities for renewable and infrastructure companies. Covington’s legal and public policy teams have considerable expertise in the energy sector and would be delighted to discuss with those companies how to manage the Energy Transition, helping them avoid the risks and seize the opportunities the changes to global energy systems offer.

On September 9, the Biden Administration released a number of new details for its Path out of the Pandemic that will impact U.S. Government contractors and a number of other individuals and entities.  In addition to requiring most executive agency employees to receive COVID-19 vaccines, the Administration plans to mandate that executive agency contractors and subcontractors, with some exceptions, impose similar requirements on their employees pursuant to an executive order that will fully go into effect on October 15, 2021.  The overall impact of the executive order will not be clear until additional details are released in the coming weeks, but government contractors should begin considering the implications of the new requirements and take steps to ensure timely compliance.

Timing of Implementation

The new Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors (“Executive Order”) went into effect immediately, but its impact will not be felt by contractors for at least a few weeks.  Initially, the Safer Federal Workforce Task Force has been directed to issue guidelines by September 24, 2021 that will define the scope of required COVID-19 safeguards, as well as any exceptions.  The Administration has indicated that a vaccine mandate will be included in the guidelines.  However, other workplace requirements relating to masks, tests, and sanitation could be included as well.  Once issued, The Director of the Office of Management and Budget will need to determine that the guidelines are appropriate and publish this determination in the Federal Register.

In parallel, the Federal Acquisition Regulatory (“FAR”) Council has until October 8, 2021 to issue a contract clause that will be included in covered solicitations and contract actions (including new contract awards, contract extensions, and option exercises) beginning on October 15, 2021, or any later dated selected by the FAR Council.  The Executive Order does not directly impose requirements on existing contracts already in effect on September 9, 2021, or entered into prior to the effective date of the new clause, but does “strongly encourage” executive agencies to ensure that COVID-19 safeguards required by the new clause are applied in such contracts.

Past experience with similar policy-based clauses suggests that many agencies may push contractors to accept modifications that would include the clause in existing contracts even if not technically required by the Executive Order or subsequent guidance.  Contractors may also be required to implement related COVID-19 safeguards under new labor, Medicare and Medicaid, or on-site contractor requirements as discussed below.

Scope of Covered Solicitations and Contracts

The Executive Order applies to a broad range of solicitations, contracts, and “contract-like” instruments, but ambiguity remains as to whether it will extend to prime contracts that are primarily for products.  The Executive Order also indicates that it likely will apply only to specific work locations at which employees are “working on or in connection with” a covered agreement.

In defining the scope of covered instruments, the Executive Order adopts a definition from a recent proposed rule for a federal contractor minimum wage that broadly defines a covered “contract-like” instrument as “an agreement between two or more parties creating obligations that are enforceable or otherwise recognizable at law.”  The proposed rule notes that this definition would cover:

all contracts and any subcontracts of any tier thereunder, whether negotiated or advertised, including procurement actions, lease agreements, cooperative agreements, provider agreements, intergovernmental service agreements, service agreements, licenses, permits, or any other type of agreement, regardless of nomenclature, type, or particular form, and whether entered into verbally or in writing.

The Executive Order, therefore, would clearly extend to procurement contracts, other transaction authority agreements, and leases.  However, because the Executive Order only applies to particular types of work and is subject to various exceptions, it likely will not apply to other forms of agreements covered by the definition in the proposed rule, such as grants, intellectual property licenses, and cooperative research and development agreements, unless expressly extended by the FAR Council or individual agencies to cover such agreements.

Importantly, although the Executive Order covers a wide range of instruments, it only applies when a covered instrument is:

  1. for services, construction, or a leasehold interest in real property;
  2. covered by the Service Contract Labor Standards statute (i.e., the Service Contract Act); or
  3. a concession contract or related to federal lands and offering services for federal employees, their dependents, or the general public.

The Executive Order expressly excludes grants (without specifically excluding related cooperative agreements) in addition to agreements with Indian tribes under the Indian Self-Determination and Education Assistance Act.  Moreover, the Executive Order excludes contracts valued at or below the simplified acquisition threshold, which is currently $250,000.  Employees performing work outside the United States and its outlying areas are also not covered by the Executive Order’s requirements.  Once covered contractors receive a contract with the new clause, they will need to flow down the Executive Order’s requirements to their subcontractors, unless they are subject to an exemption.

The Executive Order expressly excludes subcontracts that “are solely for the provision of products.”  However, as noted above, there is an open question as to whether the Executive Order intends also to exclude prime contracts that primarily require the contractor to provide products to the U.S. Government.  A contract to provide products would generally not fall into any of the covered categories enumerated in the Executive Order, which are listed above.  It is critical that the FAR Council address this issue in the implementation process, as it affect a large number of contractors that solely provide products to the U.S. Government.

Other Vaccination Requirements

In tracking implementation of the Executive Order, contractors should keep in mind that they separately also may be subject to COVID-19 safeguard requirements through a parallel rulemaking process that has been announced by the Occupational Safety and Health Administration (“OSHA”).  If fully implemented without being successfully challenged, this process is expected to result in a requirement that employers with 100 or more employees mandate that their workforce be fully vaccinated or, at minimum, provide proof of negative test results on a weekly basis.  Contractors are also expected to need to offer employees paid time off for vaccination and recovery.  OSHA currently is developing an emergency rule mandating implementation of these requirements in advance of issuance of a final rule.  Similar requirements are expected to be implemented by the Centers for Medicare & Medicaid Services with respect to workers in healthcare settings employed by organizations that receive Medicare or Medicaid reimbursement.

As a result of these parallel processes, contractors that are ultimately not covered by the federal contractor Executive Order may still need to implement similar requirements under OSHA or Medicare and Medicaid mandates.  In addition, contractors that are subject to the Executive Order may need to navigate overlapping requirements in each of these settings, which may limit their options to, for example, permit employees to offer weekly test results instead of proof of vaccination status.  More stringent state and local requirements would also continue to apply under the federal contractor Executive Order.

Separately, contractor employees that perform work at federal facilities or on federal land will likely still need to consider additional and potentially conflicting requirements imposed by federal agencies.  On-site employees have already been subject to additional requirements for some time following a previous executive order and Office of Management and Budget guidance.

The Cyber EO requires federal agencies to meet several important deadlines in August 2021.  These deadlines are in the areas of enhancing critical software supply chain security, improving the federal government’s investigative and remediation capabilities, and modernizing federal agency approaches to cybersecurity.  In addition, the National Institute of Standards and Technology (“NIST”) took several significant actions related to supply chain security in August 2021, not all of which were driven by deadlines in the Cyber EO.  This blog examines the actions taken by federal agencies to meet the EO’s August deadlines as well as the NIST actions referred to above.

A.  Enhancing Critical Software Supply Chain Security

  1. Actions Taken By OMB During August 2021

Section 4(a) of the Cyber EO states that the security and integrity of “critical software” is of particular concern, and that the federal government must take action to rapidly improve the security and integrity of the software supply chain, with a priority on addressing critical software.  Pursuant to section 4(g) of the EO, NIST published a definition of the term “critical software” on June 25, 2021.  Subsequently, on July 8, 2021, NIST published guidance to federal agencies on security measures for critical software.  These developments are discussed in greater detail in our blogs on the June and July 2021 Cyber EO developments.

Section 4(j) of the EO requires the Office of Management and Budget (“OMB”) to take appropriate steps by August 10, 2021 to require that agencies comply with the July 8 critical software security guidance issued by NIST.  On August 10, 2021, Shalanda Young, the Acting Director of OMB, issued a Memorandum to the Heads of Executive Departments and Agencies entitled “Protecting Critical Software Through Enhanced Security Measures” (the “August 10 Memo”).

The August 10 Memo sets out a “phased approach” for agency implementation of the NIST guidance.  During the initial phase, agencies are required to focus on identifying and securing stand-alone, on-premise software that performs “security-critical functions or poses similar significant potential for harm if compromised.”  Such software includes applications that provide the following categories of service:

  • identity, credential, and access management (ICAM)
  • operating systems, hypervisors, container environments
  • web browsers
  • endpoint security
  • network control
  • network protection
  • network monitoring and configuration
  • operational monitoring and analysis
  • remote scanning
  • remote access and configuration management
  • backup/recovery and remote storage

Along these lines, during the initial phase the August 10 Memo requires each agency to identify by October 10, 2021 all “critical software” as defined by NIST that falls within the categories of service described above that is in use or in the process of acquisition by the agency. The August 10 Memo further provides that each agency must implement the security measures designated in NIST’s July 8 guidance for all categories of critical software included in the initial phase by August 10, 2022.

The August 10 Memo states that OMB will address subsequent phases of implementation in the future for additional categories of software as determined by CISA.  The Memo states that the following categories of software, among others, will be addressed in these future phases:

  • software that controls access to data;
  • cloud-based and hybrid software;
  • software development tools, such as code repository systems, testing software, integration software, packaging software, and deployment software;
  • software components in boot-level firmware; and
  • software components in operational technology.
  1. Actions Taken by NIST During August 2021

The Biden Administration announced at a “Cybersecurity Summit” held at the White House on August 25, 2021 that NIST would collaborate with industry and other partners to develop a new framework for improving the security and integrity of the technology supply chain. The Administration states that this framework will serve as guidance to public and private entities on how to build secure technology and how to assess the security of technology, including open-source software, in their supply chains. This new framework will focus on promoting the development and adoption of international standards.

In a related development, a NIST spokesman announced on August 25, 2021 that NIST will delay issuance of a second draft (update) of SP 800-161 Rev. 1, “Supply Chain Risk Management”, from September 2021 until October or November 2021 in order to incorporate requirements imposed by the Cyber EO.  In particular, Section 4(c) of the EO requires NIST to publish by November 8, 2021 preliminary guidelines for enhancing software supply chain security based on input from federal agencies, private industry, and academia that NIST received in June and July 2021. The NIST spokesperson stated that delaying the issuance of the NIST SP 800-161 Rev. 1 update would allow the agency to meet the EO’s November 8 deadline for preliminary guidance on enhancing software supply chain security.  It is unclear whether the update to SP 800-161 is the same as the new NIST framework for improving the security and integrity of the technology supply chain that the Biden Administration announced at the White House Cybersecurity Summit.

On August 24, 2021, NIST released the final version of NISTIR 8259B, “IOT Non-Technical Supporting Capability Core Baseline“.  This document complements NISTIR 8259A, “Core Device Cybersecurity Capability Baseline (May 2020), which is NIST’s guide to the technical aspects of manufacturing secure Internet of Things (“IOT”) devices and products.  The document describes four recommended non-technical supporting capabilities related to the lifecycle of cybersecurity management that manufacturers should implement, including (1) documentation, (2) information and query reception, (3) information dissemination, and (4) education and awareness.  Together, NISTIR 8259A and NISTIR 8259B are intended to define a baseline set of activities that manufacturers should undertake during the planning, development, and operational life of IOT devices to address the cybersecurity needs and goals of their customers.

On August 31, NIST issued a draft White Paper setting forth criteria that can be used to create the pilot labelling program for consumer IOT devices contemplated by Section 4 of the Cyber EO.  This program is intended to educate the public on the security capabilities and vulnerabilities of IOT devices and software development practices.  The White Paper notes among other things that in line with the direction set forth by the Cyber EO, IoT products must reflect increasingly comprehensive levels of testing and assessment, and that “[m]ore cybersecurity controls may be needed for devices that pose inherently greater risks such as a door lock or stove.”  The White Paper notes that a label should clearly convey information to consumers about elevated security capabilities, and that it should be understandable and actionable by the consumer.  The White Paper states that NIST plans to hold a workshop on September 14 and 15, 2021, to obtain comments and other input on the pilot labelling program.

B.  Improving the Federal Government’s Cyber Investigative and Remediation Capabilities

Section 8(c) of the Cyber EO requires OMB, in consultation with the Secretaries of Commerce and DHS, to formulate policies for agencies to establish requirements for logging, log retention, and log management that ensure centralized access and visibility for the highest level security operations center (“SOC”) of each agency.  On August 27, 2021, the OMB Director issued a Memorandum to the heads of federal agencies regarding the logging, log retention, and log management requirements of EO section 8(c) (the “August 27 Memo”).  The August 27 Memo also establishes requirements for agencies to increase the sharing of such information, as needed and appropriate, to accelerate incident response efforts and to enable more effective defense of federal information and agencies.

Section 1 of the August 27 Memo establishes an “Event Logging (“EL”) maturity model that includes the four “Logging Tiers” described in the following table:

Event Logging Tiers Rating Description
EL0 Not Effective Logging requirements of highest criticality are either not met or are only partially met
EL1 Basic Only logging requirements of highest criticality are met
EL2 Intermediate Logging requirements of highest and intermediate criticality are met
EL3 Advanced Logging requirements at all criticality levels are met

The August 27 Memo requires each federal agency to assess its current logging maturity against the four tiers in the Memo’s maturity model and identify any resource and implementation gaps that may exist relative to the respective requirements of each of  those tiers. Agencies are required to report their assessments and gap analyses to OMB by October 27, 2021. In addition, the August 27 Memo requires each agency to reach the EL Tier 1 Maturity level by August 27, 2022, the EL Tier 2 Maturity level by February 27, 2023, and the EL Tier 3 Maturity level by August 27, 2023.

C.  Modernizing Federal Agency Approaches To Cybersecurity

Section 3(c) of the Cyber EO states that federal agencies should migrate to cloud technology in a coordinated, deliberate way that adopts Zero Trust Architecture as practicable.  The EO directs CISA to modernize its current cybersecurity programs, services, and capabilities to be fully functional with cloud-computing environments that have Zero Trust Architecture.  The EO also directs CISA, in consultation with the GSA’s FedRAMP Program, to develop security principles governing Cloud Service Providers (“CSPs”) for incorporation into agency modernization efforts.

To implement these requirements, Section 3(c) imposes an August 10, 2021 deadline for completion of the following:

  • OMB’s development of a Federal cloud-security strategy and its issuance of guidance to agencies that seeks to ensure that they fully understand and effectively address the risks of using cloud-based services and to move them closer to Zero Trust Architecture.
  • CISA’s issuance of cloud-security technical reference architecture documentation for civilian agencies that illustrates recommended approaches to cloud migration and data protection for agency data collection and reporting.
  • Evaluation by each federal agency of the types and sensitivity of its unclassified data that includes appropriate processing and storage solutions for such data, with priority on identifying that data that is most sensitive and under the greatest threat.

It is unclear what, if any, actions were taken by OMB, CISA, or federal agencies to implement these requirements during August 2021.

Ireland is beginning to emerge from the shades of Covid with almost full opening of the economy now planned for October 22nd.  It brings with it some significant changes to working lives, education and business and while the signals are optimistic, caution is in the air.

The Irish have followed a conservative approach to the management of the pandemic and the approach has been widely supported.  87% of the population has been fully vaccinated with 91% having at least one vaccine.  Recent figures suggest that while 20% would like to see a quicker opening up of the economy than the October plan, most support the government plan.

But like most other places it’s been a tortured road with twists and turns and no shortage of controversy.  Current controversy revolves around the risks to pregnant teachers returning to schools where most children are unvaccinated.  Also the rash purchase of unusable poor quality ventilators early on in the crisis.  Overall, however, democracy and good communications have managed the crisis reasonably well.  Vaccines and variants have, like everywhere else, been controversial with particular focus here on who gets what vaccine and in what priority.  Suppressing socializing has been hard on everyone but especially the old and the young with the traditional community togetherness of funerals taking a particular hit.  On line education has been a struggle for families with parents also working remotely.

But the changes in employment, facilitated by technology, have been fundamental.  How employment is defined, how we manage blended working arrangements and how we accommodate new forms of work are all topics of increasing importance for policy makers, businesses and workers.  It also has significant spillover effects in other policy areas, most notably housing and transport policy.

Employment status

Home working has fundamentally changed attitudes towards the workplace with opportunities and challenges ahead for employer and employee – and the taxman.  Caselaw continues to evolve to deal with the changing nature of the workplace and how employment status is defined.

The responsibility for employment tax deductions and payment rests with the employer in the case of employees whereas contractors are directly responsible for their own tax.  Misclassification of workers can deny them certain protections arising from employment such as Payment Related Social Insurance (PRSI), in the Irish context and employment rights protection.  It reduces the tax take also so is of concern to tax authorities generally.

The Irish Revenue has recently issued a Code of Practice on Determining Employment Status.  The changing face of employment with increasing dependence on the so called ‘gig economy’, especially during Covid with food and other delivery platforms, has challenged authorities.  The Revenue have, over the years, looked at particular sectors they suspect of using bogus self employment.  It used to be the construction industry before the economic crash of 2008, today it’s the gig economy worker.

The use of delivery riders had led to Court challenges across numerous jurisdictions.  In Ireland, Dominoes Pizzas challenged the Revenue finding that their delivery guys were employees and not self employed as the company asserted.  Ultimately the case ended up in the High Court with a judgement in favour of the Revenues assessment that the delivery guys were employees and not self employed independent contractors.

The basis for the decision was multifactored but included the fact that there was a mutuality of obligation between employer and employee to carry out the work in question which formed an umbrella of individual contracts in respect of each assignment.  If the driver was not able to fulfill a particular order then s/he could nominate a substitute who would be paid directly by the company.  One of the key tests which the court saw as supporting an employment relationship was the fact that the drivers formed an integral and essential part of the business.  It couldn’t function without them.  They were required to wear a uniform and had other brand supporting obligations, for which they received specific additional payments.  They also took orders directly from Dominoes and not from the customer, again suggesting they were vital to the business and not simply ancillary to it.  They also clocked in and out and worked rosters and shifts unlike most self employed workers.

The court stated that ” A self employed plumber may agree to service a boiler but the plumber has inherently tremendous latitude in that task unlike the drivers who had ongoing obligations.”  While it acknowledged the absence of a comprehensive statutory or common law definition, the court was not in favour of a box ticking exercise to analyse employment status instead taking the practical approach that “classification needs a careful and flexible understanding of relationships.”

Remote working and the right to disconnect

A Code of Practice issued earlier this year on the right to disconnect from work.  While not legally binding it is a commitment under the National Remote Working Strategy 2021 which was informed by the large response to a public consultation which took place in October 2019, which showed that 94% of participants would like to work remotely after Covid recedes.  A key issue behind the drive to plan the management of remote working was the potential dampening of workplace creativity and innovation which officials worried “could result in long-term impacts on firms’ productivity.”

While the right to disconnect does not have legal effect, there is legal provision for it to be influential in employment dispute mechanisms.  For more detail on the right to disconnect see earlier blog International Employment Law Update | Covington & Burling LLP

Tax and investment

Investment is increasing globally in 2021 with biotech and pharma companies featuring strongly.  The trend is mirrored in Ireland with venture capital investment now described as ‘very robust’, particularly in health and biotech and expected to increase given the importance and value of innovations in those sectors.  Fintech has also seen significant 2021 investment.

Tax how long been a thorny issue for Ireland.  Taxes kept Irish windows small.  Tithes to church and rents to landlords kept the Irish poor for centuries.  However, in the last few decades the Irish have turned taxes to their advantage with a low corporate tax regime that incentivizes foreign investment.  The days of the small windows are over.

But the low corporate tax regime has been controversial and change is likely as implementation of the OECD base erosion and profit sharing project rolls out.  

Population trends

The Irish population has now exceeded 5 million for the first time since 1851, in the aftermath of the Irish famine which destroyed an already impoverished country and led to wholesale emigration of those lucky enough to survive.  It’s now a much different Ireland, although the memory of the ‘Great Hunger’ lives on in the Irish psyche.  An unexpected illustration of this happened during Covid.  The Choctaw Indian tribe had heard of the famine difficulties facing the Irish in 1847. Despite their own poverty, they collected and sent monies to Ireland to help.  173 years later, during Covid, the Navajo and Hopi Indian tribes were struggling and set up an on line fund seeking help.   The Irish contributed in significant numbers and the story, largely unknown to the Indians, resurrected in the Irish thank you messages.  The Irish repaid the historic kindness, facilitated by an enduring memory, economic prosperity and a social media savvy population.

The Irish population has grown hugely since the 1960s.  In 1961 the population was just 2.8m, with emigration still widespread and the economy just beginning to industrialise.  Ireland, in 2021, has a young population with the highest birthrate in the EU and the lowest death rate.

It’s an advantage emerging from Covid.

On 26 August 2021, the UK Government unveiled a package of announcements which effectively set out its post-Brexit data strategy.

This blog looks at the politics around the costs and benefits of a Brexit divergence dividend in this sector, which the UK Government views as a key area of competitive advantage.

High-Level Content of the UK’s New Data Package

The package has several parts:

  • The unveiling of New Zealand’s current Privacy Commissioner as DCMS’ preferred candidate to be the new Head of the UK’s Information Commissioner’s Office;
  • A Mission Statement on the new approach to International Data Transfers;
  • A Data Adequacy Manual to assess the adequacy of a third country’s data handling system;
  • The creation of a Council of Experts to inform the UK’s international data transfers policy; and
  • Plans to establish Data Adequacy Partnerships with the US, Australia, Colombia, S. Korea and Singapore, and plans for future partnerships with India, Brazil, Kenya and Indonesia.

The Government also has announced that it will launch a Consultation on the UK’s post-Brexit data regime to identify a new data regime. The Consultation will focus on how to increase trade and innovation by breaking down barriers to innovative and responsible uses of data to boost growth, speed up scientific discoveries and improve public services.

The new Information Commissioner’s mandate will be extended beyond protecting data rights to include the promotion of the use of data to achieve economic growth and social goals. The Consultation is likely to include a section examining how best to do this.


The UK Government views data as a sector where the UK already has a competitive advantage and in which divergence from the EU could deliver further economic benefit to the UK. In the commentary accompanying the release of the package, the UK Government noted that the UK already exports £80 billion of data-enabled service exports to the above-listed countries every year and estimated that up to a further £11 billion in revenue is lost due to barriers associated with data transfers.

Data, Brexit and the EU

The EU’s GDPR was retained in UK law following Brexit, becoming the UK GDPR, supplemented by The Data Protection Act 2018 (DPA). – see our previous blog on this issue  The UK GDPR and DPA deliberately mirrored the GDPR, so as to avoid any conflict between British and European data protection legislation when the UK left the EU and ensure a continuity of rules. It is that continuity of rules which enabled the EU to grant its 28 June Data Adequacy Decision (DAD) – see Covington blog – enabling the continued and unimpeded transfer of data from the EU to the UK, a transfer which is particularly vital to companies in the AI, data-driven health, life sciences and tech sectors – key areas of comparative competitive strength for the UK.

The nature of the EU’s adequacy determination process limits the UK’s scope for divergence from the EU.  Any amendment to the UK’s domestic rules as the UK seeks commercial competitive advantage, risks the loss of the DAD, which would have serious financial implications for companies trading across the Channel. Without a DAD, companies would be obliged to seek alternative methods of transferring data to the EU, e.g., by relying on standard contractual clauses, binding corporate rules, or other methods.

Politics and Divergence

However, as noted above, this sector is one of competitive advantage for the UK.  And it is therefore one in which the UK Government is seeking to demonstrate a Brexit Dividend. So, whilst the current objective is to retain the DAD – and the imperative of hanging onto it limits the UK’s space for divergence – it may be that in due course the UK assesses it has more to gain by aggressive divergence towards a lighter touch regulatory framework (a policy position to which the UK is instinctively attracted).

Such a policy inclination risks creating tension with the EU’s direction of travel – towards tighter and tougher regulation. The content of the Consultation may give an early indication of the UK’s future direction of travel.

For its part, the EU has already warned the UK that it would be prepared to rescind its DAD in the event of a divergence it considered too great.  The last-minute granting of the original DAD, just days before the transition bridge provided for in the EU-UK Trade and Cooperation Agreement expired, demonstrates that the EU is prepared to use all the trade levers at its disposal in managing the new relationship with the UK.

Is the EU’s Loss the World’s Gain?

Only time will tell whether the UK will take the risk of losing the EU’s Adequacy Decision. But if it does, part of its calculation may be that any losses thus incurred could be offset by reaching digital partnership agreements with third countries on issues such as cyber security co-operation; acceptance of e-signatures; or streamlining standards for permitting international data transfer.

However, it is worth noting that the impact of the EU’s approach to data regulation extends beyond Europe. Several countries, most recently including South Korea, seek to obtain an EU Data Adequacy Decision and in order to ensure EU-originating data can flow easily to their jurisdictions.

This is a volatile policy area for the UK. The Government may not yet have carried out the impact assessment to check whether the divergence benefit is worth the cost of losing the EU DAD.  But the Government does feel the UK believes it has a competitive advantage in this field and the indications are that, in time, it will judge that ‘aggressive divergence’ is worth the risk and that the price of a lost EU DAD is a price worth paying.

Covington’s mixed team of legal and public policy experts is uniquely placed to help companies work out how to manage these potential changes and we would be delighted to discuss how we might assist your company navigate current and future developments in the UK’s data sector.

  • The composition of the Chamber of Deputies of the new Congress will challenge President Andrés Manuel López Obrador’s ability to enact constitutional changes and consolidate the agenda of his party, Morena.
  • Companies should watch the coming budget battle in Congress because of its implications for the economy overall and for tax collection.
  • Prospects for a major tax reform that López Obrador was considering earlier this year seem to be dimming, leaving the government with few options other than closing loopholes and increasing tax pressure on existing payers to meet the government’s social spending goals. 

López Obrador’s Government Passes the Halfway Mark

This week Mexico’s Congress for the next three years and the second half of the López Obrador administration began.  June’s midterm elections reflected the country’s political plurality, a strong and efficient electoral system –in spite of high political polarization, Covid-19 and the presence of organized crime– and the natural weakening of the incumbent government and its party.

President López Obrador’s party, Morena, and its allies lost 52  seats in the Chamber of Deputies, and now have 278  out of the Chamber’s 500 seats.  There were no races for the Senate, which renews only every six years, and where Morena and its allies hold a simple majority (75 out of 128 seats).  The governing coalition took 11 governorships and now controls 16 of the country’s 31.  It also will have an absolute majority (50%+1) in 18 state legislatures.  With this outcome, López Obrador and his allies came short of the supermajority needed in both Houses of Congress, as well as a majority of state legislatures, to pass constitutional reforms.  The general perception is that López Obrador, although remaining popular and with high approval ratings (57%), lost ground in June’s election and can be defeated.

What is at Stake

At the outset of his administration, López Obrador outlined an ambitious reform program.  He has attempted profound changes on several policy fronts, including energy, the judiciary, public health, and pensions, among others.  Several of these changes have been challenged in the courts or were blocked by the political opposition.  However, the President has made clear his intent to continue pressing on with his agenda, including a comprehensive electoral reform that is widely believed to be designed to favor his party.  His prospects, however, are limited by Morena and its allies lacking a congressional supermajority for constitutional changes, and by the fact that they hold a smaller legislative bloc than in the past, even for “must move forward” ordinary legislation like the budget.

What to Watch

Political maneuvering will start early in the first congressional period (September 1 to December 15) given the present context and that time is not in favor of the President (who is prohibited by law to run for reelection).

  • During the past Congress, the President was able to maintain strong party discipline. This will become harder as the administration’s end nears and the race for the 2024 presidential election picks up.  The President has already named a list of potential Morena candidates for 2024.
  • One of the first fights that will take place in Congress will be over the distribution of committee chairmanships. The result will help gauge the Morena’s capacity to control the legislative process.
  • The government will submit the Budget and Revenue Law on September 8. Most analysts expect a fierce legislative battle.  The opposition will try to limit funds for the President’s main programs and projects.  With respect to taxes, the government must find additional revenue to cover expenditures, but prospects for a major tax reform or an expansion of the tax base seem to be dimming.  Given the President’s recent pledge of “no new taxes”, which appeared to be driven by both political calculations and concerns over lagging growth and investment, Morena seems more likely to move to close tax loopholes and harden collection measures and audits for current taxpayers.
  • Early on, Congress is expected to take on legislation to regulate next year’s the referendum on whether the President should continue or not his mandate, something he has set at the center of his direct democracy agenda, though it has been widely interpreted as a strategy to galvanize his base more than anything else. Similarly, the President announced that he will push for a comprehensive electoral reform which would, among other things, renew all members of the National Electoral Institute and the Electoral Court. These two issues are likely to contribute to the current polarized environment and keep legislators busy throughout the next couple of months.


As discussed in our prior client alert, the NPRM implements Executive Order 14005 (“Ensuring the Future Is Made in All of America by All of America’s Workers”) by proposing three major changes to existing BAA regulations: (1) higher domestic content thresholds; (2) enhanced price preferences for “critical” items and components; and (3) new domestic content reporting requirements for “critical” items and components.  The agenda for the public meeting covered each of these changes, as well as other questions raised in the NPRM related to BAA waivers and exceptions.

At the outset, Celeste Drake, Director of the recently established Made in America Office, provided prepared remarks regarding the goals of that office.  The goals include: (1) creating confidence and trust in Made in America Laws; (2) maximizing the use of domestic content to support economic recovery and expand the U.S. manufacturing base; and (3) institutionalizing the Made in America Office so that it is viewed as a valuable resource.

The FAR Council devoted the rest of the meeting to soliciting input from various stakeholders on the ten identified topic areas set out in the NPRM.  A variety of interests were represented among the commentators; some spoke as representatives of trade associations or unions, while others spoke in their own individual capacities as small business owners.  The nature of the NPRM’s questions for discussion — which included, for example, a question concerning the role of trade agreements and a question concerning the existing BAA waivers for commercial IT products and COTS products — necessarily resulted in a wide-ranging conversation.

As expected, commentators took different positions with respect to the proposed rule, with some speaking in favor of the proposed changes while others warned that the significant changes proposed in the NPRM could have a range of unintended consequences for industry and government customers.  In particular, some commentators suggested that an increase in domestic content thresholds to 75% might lead companies to exit the market if the cost of reaching that threshold are too high, and that BAA priorities must be considered in the context of U.S. international trade relationships and national defense priorities.  Others correctly noted that BAA requirements and other procurement rules are only one of many tools that the government may use to influence industrial development, and that the BAA rules in particular may impact some industries more significantly than others.  At the same time, many commentators — including union spokespersons and representatives of domestic manufacturing concerns — spoke in favor of the proposed increase to the domestic threshold, based on the perceived benefits for U.S.-based manufacturing.

Through it all, Ms. Drake and the representatives of the FAR Council appeared to be primarily in listening mode and gave away little about whether and how they intended to further revise the proposed rule in the next phase of the rulemaking process.  Moving forward, the FAR Council will need to determine not only how it manages domestic content thresholds and requirements related to “critical” items, but also whether and how it pursues further changes to BAA waivers and exceptions identified in the NPRM.

Written comments on the rule may be submitted through September 28, 2021, and we expect to see detailed comments filed by a variety of interested parties.  We will continue to monitor changes to the NPRM and other domestic preference developments and provide further updates in this space.

In December 2020, the UK PM set out an ambitious 10 Point Plan for a green industrial revolution, one of the key points of which was the production of 5 GW of low carbon hydrogen in the UK by 2030.  The Plan envisaged hydrogen playing a key role in decarbonising energy-intensive industries and heavy transport and replacing natural gas in domestic heating.

On 17 August the UK Government published its Hydrogen Strategy (together with a number of associated Consultations), which lays the foundations for the UK’s future hydrogen economy and sets out how the UK Government will support innovation and stimulate investment in low carbon hydrogen to meet its 5GW target.

The Hydrogen Strategy is one of a series of strategies the UK government is publishing ahead of the COP26. The UK government has already published its Industrial Decarbonisation Strategy, Transport Decarbonisation Strategy and North Sea Transition Deal and plans to publish its Heat and Buildings and Net Zero Strategies, as well as Number 10’s overarching Net Zero Strategy later this year.

The Hydrogen Strategy

The Strategy is honest about the scale of the challenge and acknowledges that producing 5 GW of hydrogen by 2030 will require rapid and significant scale-up in domestic low carbon hydrogen production. The Strategy also notes the urgent need for a public awareness campaign to overcome consumer concerns about safety.

The Strategy is divided into five main parts:

  • The case for low carbon hydrogen: how it is produced and used; its potential role in meeting net zero; and opportunities for UK firms.
  • A whole-systems approach to the UK hydrogen economy: the roadmap to 2030; the actions needed to develop each element of the hydrogen value chain to reach the 2030 target, Carbon Budget Six and net zero; the market and regulatory frameworks the UK will need to develop a hydrogen market by 2030.
  • The economic opportunities: how the UK will use hydrogen to create jobs in sustainable supply chains; improve research and innovation to accelerate cost reduction and technology deployment; and maximise future hydrogen export opportunities.
  • International collaboration with other countries to support the global transition to net zero.
  • Monitoring and evaluation: how the UK will monitor its progress to ensure it meets the objectives set out in the first two chapters.

Continue Reading Hydrogen in The UK