The US Inflation Reduction Act (the IRA) has raised concerns in the EU about the potential impact on international investment – particularly the possibility that such investment will be pulled into the US, rather than directed to the EU and may encourage ‘green industries’ to relocate production to the US. The EU has been working on an appropriate response that would increase the attractiveness of the EU as a green investment destination without breaching either WTO rules or its own State Aid rules.

Background

The IRA has provoked diverse reactions across EU Members States.  Whilst some countries have lined up behind calls for a “Made in Europe” strategy which would accelerate production targets (cf the EU Chips Act); weaken state aid rules; establish an EU emergency sovereign fund; and mobilize WTO-compliant trade defense instruments.  Other Member States have expressed concern that such an approach would risk undermining EU provisions on State Aid and fragmenting the EU internal market. 

With some justification, smaller EU Member States are concerned that weakening the EU’s State Aid rules would favour more fiscally powerful Member States (52% of the Temporary Crisis Framework (“TCF”) established following Russia’s invasion of Ukraine was notified by Germany and a further 24% by France).  Such Member States would prefer the creation of a joint EU fund – a proposal in turn opposed by fiscally conservative Member States who reject any further joint EU borrowing. 

On 1 February, the Commission released its Communication for A Green Deal Industrial Plan for the Net Zero Age (The Communication) which contains a series of proposals for discussion at the EU Council Summit on February 9-10.  The differences between the various Member States noted above, are likely to influence the discussions at the Council Summit and impact the formal proposal which is expected to be presented to the European Council in late-March.

Continue Reading The EU’s Green Deal Industrial Plan for the Net-Zero Age

The Federal Election Commission has announced contribution limits for 2023-2024.  The new “per election” limits are effective for the 2023-2024 election cycle (November 9, 2022 – November 5, 2024), and the calendar year limits are effective January 1, 2023. The new limits represent the largest election cycle increase since the limits started being indexed for inflation in the 2003-2004 election cycle.

The FEC increased the amount an individual can contribute to a candidate to $3,300 per election, up from $2,900.  Because the primary and general count as separate elections, individuals may give $6,600 per candidate per cycle.

The limit on contributions from individuals to national party committees also increased from $36,500 to $41,300 per year.  This increase also affects the limit on contributions to additional specialized accounts of the party committees, which were first allowed through legislation passed in 2014.  Each of these accounts can receive contributions that are triple the amount that can be given to the main party account, or $123,900 per account per year.  These accounts can be used to pay for expenses related to presidential nominating conventions, headquarters buildings of the party, and election recounts, contests, and other legal proceedings.

The following chart shows more details on the limits for individuals in 2023 and 2024:

An individual may contribute to …
Federal Candidates$3,300per election
National party committees — main account$41,300per year
National party committees — convention account (RNC and DNC only)$123,900per year
National party committees — party building account$123,900per year
National party committees — legal fund account$123,900per year
State or local party committees’ federal accounts$10,000per year
Federal PACs$5,000per year

On February 1, the Federal Trade Commission (“FTC”) announced its first-ever enforcement action under its Health Breach Notification Rule (“HBNR”) against digital health platform GoodRx Holdings Inc. (“GoodRx”) for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to third-party advertisers.  According to the proposed order, GoodRx will pay a $1.5 million civil penalty and be prohibited from sharing users’ sensitive health data with third-party advertisers in order to resolve the FTC’s complaint. 

This announcement marks the first instance in which the FTC has sought enforcement under the HBNR, which was promulgated in 2009 under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, and comes just sixteen months after the FTC published a policy statement expanding its interpretation of who is subject to the HBNR and what triggers the HBNR’s notification requirement.  Below is a discussion of the complaint and proposed order, as well as key takeaways from the case.

The Complaint

As described in the complaint, GoodRx is a digital healthcare platform that advertises, distributes, and sells health-related products and services directly to consumers.  As part of these services, GoodRx collects both personal and health information from its consumers.  According to the complaint, GoodRx “promised its users that it would share their personal information, including their personal health information, with limited third parties and only for limited purposes; that it would restrict third parties’ use of such information; and that it would never share personal health information with advertisers or other third parties.”  The complaint further alleged that GoodRx disclosed its consumers’ personal health information to various third parties, including advertisers, in violation of its own policies.  This personal health information included users’ prescription medications and personal health conditions, personal contact information, and unique advertising and persistent identifiers.

Continue Reading FTC Announces First Enforcement Action Under Health Breach Notification Rule

On January 31, 2023, FDA Commissioner Robert M. Califf announced a proposed redesign of the human foods program at FDA. The proposal follows the findings and recommendations of a Reagan-Udall Foundation expert panel that Dr. Califf had charged with evaluating the agency’s existing human foods program. Commissioner Califf called the redesign “transformative” and believes the proposed structures will have clear priorities to protect and promote a safe and nutritious food supply in the current and evolving environment.

Overall Structure

In the high-level proposal, FDA intends to unify various functions of the Center for Food Safety and Applied Nutrition (CFSAN), Office of Food Policy and Response (OFPR), and Office of Regulatory Affairs (ORA) under an organization called the Human Foods Program. A Deputy Commissioner for Human Foods will lead that program and have decision-making authority over policy, strategy, and regulatory program activities, as well as resource allocation and risk-prioritization. The Deputy Commissioner will report directly to the FDA Commissioner. The Human Foods Program will have a larger executive team with clearly defined lines of authority to ensure decisive leadership. This will include a Principal Associate Commissioner reporting to the Deputy Commissioner. Based on the organizational chart provided in the proposal, the Deputy Commissioner for Human Foods appears to be on the same level as the Director of the Center for Veterinary Medicine (CVM).

In addition, a Human Foods Advisory Committee of external experts will be formed to advise FDA on issues in food safety, nutrition, and innovative food technologies.

Nutrition

FDA also plans to create a Center for Excellence in Nutrition within the Human Foods Program, that will work with industry to offer healthier, more nutritious foods. The Center is intended to elevate and empower action on nutrition science, policy, and initiatives to reduce diet-related chronic diseases and improve health equity. The Center will include an Office of Critical Foods responsible for the regulation of infant formula and medical foods, presumably also to help ensure a robust supply of such critical products.

Food Safety

FDA intends to establish an Office of Integrated Food Safety System Partnerships to prioritize and unify FDA’s work with state and local regulators. The aim is to ensure greater collaboration and support to state-level inspectional activities. The changes to ORA mentioned below will strengthen the goals in the New Era of Smarter Food Safety.

Office of Regulatory Affairs

The proposal also reimagines ORA. The new model will focus on setting the global gold standard in inspections, investigations, laboratory analysis, and import operations. ORA will support the Human Foods Program and other regulatory programs by focusing on critical activities. As a result, ORA will take a more prevention-based approach to food safety inspections. It will also will modernize and increase its specialization alongside the regulatory programs. Certain ORA functions such as state and local food safety partnership functions will be realigned into the Human Foods Program to streamline the agency’s oversight over foods.

Center for Veterinary Medicine

FDA proposes to create an Office of Animal Biotechnology Innovation within CVM, which will work on advancing FDA’s regulation of animal biotechnology. The office will collaborate with the Human Foods Program on agricultural biotechnology innovation. The CVM Director’s role will be expanded to include duties as Chief Veterinary Officer (CVO) to reinforce CVM’s One Health mission; where the Director is not a veterinarian, the duties will be held by a senior veterinarian within CVM. 

Next Steps

Commissioner Califf will next turn this high level proposal into a concrete reorganization plan. To do so, the Commissioner will engage with internal and external stakeholders on this proposal, and will provide an additional update on FDA’s progress on reorganization and timeline by the end of February.

*           *           *

If you have any questions concerning the material discussed in this client alert, please contact the members of our Food, Beverage, and Dietary Supplements or Animal Food and Drug practices.

*This guide was originally published in 2018 and we have updated it periodically.

January 31, 2023, Covington Guide

In 1938, Congress enacted the Foreign Agents Registration Act (“FARA”), requiring “foreign agents” to register with the Attorney General. As amended over the years, it applies broadly to anyone who acts on behalf of a “foreign principal” to, among other things, influence U.S. policy or public opinion. Until recently, it was a backwater of American law—and a very still backwater at that, with just seven prosecutions between 1966 and 2016.

That now has changed. Like the once obscure Foreign Corrupt Practices Act, which prosecutors revived from hibernation some years ago, FARA is receiving its close-up. Prosecutors have brought more FARA prosecutions in the last several years than they had pursued in the preceding half century. In-house lawyers have scrambled to bone up on this famously vague criminal statute, at a time when the nation’s tiny bar of experienced FARA lawyers can still hold its meetings in the back of a mini-van.

While cases related to Special Counsel Robert Mueller’s investigation are the most salient examples, the renewed focus on foreign agents actually began prior to the Mueller investigation and has continued long after the Special Counsel closed up shop. A significant uptick in audits of registered foreign agents by the FARA Unit (the Department of Justice office that administers FARA), followed by significant staffing changes in the FARA Unit, and then noticeably more aggressive interpretations of the statute in advisory opinions and informal advice from the FARA Unit, all have signaled a sea change.

Continue Reading The Foreign Agents Registration Act (FARA): A Guide for the Perplexed

Executive Summary

In this alert, we look at Colombian President Gustavo Petro’s first months in office and the outlook for his reform agenda in 2023.  We discuss the implications for U.S.-Colombia relations and for doing business in the country.

  • Petro’s election has led to a reconfiguration of power structures in Colombia and a change in the way policies are designed and implemented. The administration has a statist bent and views the private sector’s role as less prominent than prior administrations. There is less emphasis on attracting investment.
  • This year will be crucial for Petro’s reform agenda and for his party, Pacto Histórico. The government’s energy transition policy and labor, health care, and pension reforms will shape Colombia’s economy in the decades to come and companies will need to be on notice that coming changes may be profound.
  • The Biden and Petro administrations have made efforts to find common ground. But the change of leadership in the House of Representatives, the proximity of the 2024 U.S. presidential election, an emboldened Florida GOP, and implementation of controversial reforms in Colombia could test the relationship in 2023.
  • Security remains a key concern for companies doing business in Colombia and conditions have deteriorated in the past few years. Progress on peace negotiations and the government’s new crime and drug policies will determine whether conditions improve.

Petro’s First Months in Office

“Today begins the Colombia of the possible. Today begins our second opportunity,” Petro told a cheering crowd in Bogotá on August 7. His inauguration as President of Colombia, he said, marked the end of Gabriel García Márquez’s One Hundred Years of Solitude for the Colombian people. The election and orderly transition to a left-wing former guerrilla president and the first Afro-Colombian vice president in the country’s history showed the strength of Colombia’s democracy, one of the oldest and most stable in the Americas.

Continue Reading Colombia in 2023: A Crucial Year for Petro’s Reform Agenda

On January 5, 2023, the Federal Trade Commission (“FTC”) issued a groundbreaking proposed rule that would, if finalized:

  • prohibit most employers from entering into non-compete clauses with workers, including employees and individual independent contractors;
  • prohibit such employers from maintaining non-compete clauses with workers or representing to a worker that the worker is subject to a non-compete clause; and
  • require employers to rescind any existing non-compete clause with workers by the compliance date of the rule and notify the affected workers that their non-compete clause is no longer in effect.

The FTC’s notice of proposed rulemaking explains that the FTC considered possible limitations on the rule—such as excluding senior executives or highly paid employees from the ban—but it ultimately proposed a categorical ban on non-competes.  The only exception is for non-competes related to the sale of a business.  However, even this exception is unusually narrow: it would only apply to selling business owners who own at least 25% percent of the business being sold.  (The proposal also would not apply to most non-profits, certain financial institutions, common carriers, and others who are also outside the scope of FTC regulation.)

As discussed in Covington’s January 5 client alert, the FTC explained that it issued the proposed rule due to its belief that non-competes reduce wages, stifle innovation and business, and are exploitative and unnecessary. 

Continue Reading FTC Proposes Rule to Ban Most Non-Competes

The Federal Energy Regulatory Commission (“FERC”) issued a final rule (Order No. 887) directing the North American Electric Reliability Corporation (“NERC”) to develop new or modified Reliability Standards that require internal network security monitoring (“INSM”) within Critical Infrastructure Protection (“CIP”) networked environments.  This Order may be of interest to entities that develop, implement, or maintain hardware or software for operational technologies associated with bulk electric systems (“BES”).

The forthcoming standards will only apply to certain high- and medium-impact BES Cyber Systems.  The final rule also requires NERC to conduct a feasibility study for implementing similar standards across all other types of BES Cyber Systems.  NERC must propose the new or modified standards within 15 months of the effective date of the final rule, which is 60 days after the date of publication in the Federal Register.  

Background

According to the FERC news release, the 2020 global supply chain attack involving the SolarWinds Orion software demonstrated how attackers can “bypass all network perimeter-based security controls traditionally used to identify malicious activity and compromise the networks of public and private organizations.”  Thus, FERC determined that current CIP Reliability Standards focus on prevention of unauthorized access at the electronic security perimeter and that CIP-networked environments are thus vulnerable to attacks that bypass perimeter-based security controls.  The new or modified Reliability Standards (“INSM Standards”) are intended to address this gap by requiring responsible entities to employ INSM in certain BES Cyber Systems.  INSM is a subset of network security monitoring that enables continuing visibility over communications between networked devices that are in the so-called “trust zone,” a term which generally describes a discrete and secure computing environment.  For purposes of the rule, the trust zone is any CIP-networked environment.  In addition to continuous visibility, INSM facilitates the detection of malicious and anomalous network activity to identify and prevent attacks in progress.  Examples provided by FERC of tools that may support INSM include anti-malware, intrusion detection systems, intrusion prevention systems, and firewalls.   

Continue Reading FERC Orders Development of New Internal Network Security Monitoring Standards

At the beginning of a new year, we are looking ahead to five key technology trends in the EMEA region that are likely to impact businesses in 2023.

1. Technology Regulations across EMEA

European Union

If 2022 was the year that the EU reached political agreement on a series of landmark legislation regulating the technology sector, 2023 will be the year that some of this legislation starts to bite:

  • The Digital Services Act (DSA): By 17 February 2023, online platforms and online search engines need to publish the number of monthly average users in the EU. Providers that are designated as “very large online platforms” and “very large search engines” will need to start complying with the DSA in 2023, and we may start to see Commission investigations kicking off later in the year too.
  • The Digital Markets Act (DMA): The DMA starts applying from 2 May 2023. By 3 July 2023, gatekeepers need to notify their “core platform services” to the Commission.
  • The Data Governance Act (DGA): The DGA becomes applicable from 24 September 2023.

Also this year, proposals published under the European Data Strategy—such as the Data Act and European Health Data Space—and EU legislation targeting artificial intelligence (AI) systems—including the AI ActAI Liability Directive and revised Product Liability Directive—will continue making their way through the EU’s legislative process. These legislative developments will have a significant impact on the way that businesses ingest, use and share data and develop and deploy AI systems. In addition, the new liability rules will create potentially significant new litigation exposure for software and AI innovators.

Continue Reading Top Five EMEA Technology Trends to Watch in 2023

This quarterly update summarizes key legislative and regulatory developments in the fourth quarter of 2022 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity.

Artificial Intelligence

In the last quarter of 2022, the annual National Defense Authorization Act (“NDAA”), which contained AI-related provisions, was enacted into law.  The NDAA creates a pilot program to demonstrate use cases for AI in government. Specifically, the Director of the Office of Management and Budget (“Director of OMB”) must identify four new use cases for the application of AI-enabled systems to support modernization initiatives that require “linking multiple siloed internal and external data sources.” The pilot program is also meant to enable agencies to demonstrate the circumstances under which AI can be used to modernize agency operations and “leverage commercially available artificial intelligence technologies that (i) operate in secure cloud environments that can deploy rapidly without the need to replace operating systems; and (ii) do not require extensive staff or training to build.” Finally, the pilot program prioritizes use cases where AI can drive “agency productivity in predictive supply chain and logistics,” such as predictive food demand and optimized supply, predictive medical supplies and equipment demand, predictive logistics for disaster recovery, preparedness and response.

At the state level, in late 2022, there were also efforts to advance requirements for AI used to make certain types of decisions under comprehensive privacy frameworks.  The Colorado Privacy Act draft rules were updated to clarify the circumstances that require controllers to provide an opt-out right for the use of automated decision-making and requirements for assessments of profiling decisions.  In California, although the California Consumer Privacy Act draft regulations do not yet cover automated decision-making, the California Privacy Protection Agency rules subcommittee provided a sample list of related questions concerning this during its December 16, 2022 board meeting.

Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022