Covington Team

Subscribe to Covington Team's Posts
Contact: Email

At the beginning of a new year, we are looking ahead to five key technology trends in the EMEA region that are likely to impact businesses in 2023.

1. Technology Regulations across EMEA

European Union

If 2022 was the year that the EU reached political agreement on a series of landmark legislation regulating the technology sector, 2023 will be the year that some of this legislation starts to bite:

  • The Digital Services Act (DSA): By 17 February 2023, online platforms and online search engines need to publish the number of monthly average users in the EU. Providers that are designated as “very large online platforms” and “very large search engines” will need to start complying with the DSA in 2023, and we may start to see Commission investigations kicking off later in the year too.
  • The Digital Markets Act (DMA): The DMA starts applying from 2 May 2023. By 3 July 2023, gatekeepers need to notify their “core platform services” to the Commission.
  • The Data Governance Act (DGA): The DGA becomes applicable from 24 September 2023.

Also this year, proposals published under the European Data Strategy—such as the Data Act and European Health Data Space—and EU legislation targeting artificial intelligence (AI) systems—including the AI ActAI Liability Directive and revised Product Liability Directive—will continue making their way through the EU’s legislative process. These legislative developments will have a significant impact on the way that businesses ingest, use and share data and develop and deploy AI systems. In addition, the new liability rules will create potentially significant new litigation exposure for software and AI innovators.

Continue Reading Top Five EMEA Technology Trends to Watch in 2023

There is near universal agreement among policymakers, lawyers, and lobbyists that the Foreign Agents Registration Act (“FARA”) is deeply in need of legislative reforms to update the statute and bring it in line with modern practices. Agreeing on specific amendments, however, has been challenging, and several prior efforts ended with no new enactments, as we

Securities and Capital Markets

On March 21, 2022, the SEC proposed landmark rules regarding climate-related disclosures that would, if finalized, impact both domestic and foreign private issuers that are subject to the reporting requirements of the Securities Exchange Act of 1934.  The much-anticipated proposal will elicit discussion regarding the type, amount, and materiality of certain climate-related information that a company could be required to report.  The proposal also highlights the significant shift in market expectations globally regarding a company’s oversight of evolving climate-related risks and opportunities.  The SEC also published a fact sheet describing the proposed new disclosure requirements, which includes a matrix outlining the proposed phase-in periods and accommodations for the new disclosures.  The timing and scope of final rules remains uncertain, but the earliest that certain large accelerated companies would need to comply with the proposed rules if adopted would be 2023 (with the possibility of a filing by 2024).

Below we summarize:

  1. Background developments that led to the proposal;
  2. Key provisions of the proposed rules;
  3. Controversial elements of the proposal that may engender further debate; and
  4. What companies should be doing now.

Background

In recent years, investors have become increasingly focused on climate-related issues and risks related to a company’s business.  This heightened awareness has resulted in the SEC taking various steps to address investor demand for more transparent, comparable, decision-useful climate-related disclosure.  For example, in 2010, the SEC released guidance on how companies should apply existing disclosure requirements pertaining to a company’s business operations and exposure to material climate-related matters.[1]

In March 2021, SEC Commissioner and then-Acting Chair Allison Herren Lee requested public input from investors, companies and other market participants on whether current disclosures regarding climate-related opportunities and risks provided adequate information to investors.[2]  ESG-related task forces were also established with the purpose of evaluating climate-related disclosures and claims.  In July 2021, SEC Chair Gary Gensler announced the SEC would propose mandatory climate-related disclosure rules.  In September 2021, the SEC’s Division of Corporate Finance issued a Sample Letter to Companies Regarding Climate Change Disclosures to provide companies with additional guidance regarding climate-related disclosures.
Continue Reading SEC Proposes Landmark Climate-Related Disclosure Rules

Corporations, trade associations, non-profits, other organizations, and individuals face significant penalties and reputational harm if they violate state laws governing corporate and personal political activities, the registration of lobbyists, lobbying reporting, or the giving of gifts or items of value to government officials or employees. To help organizations and individuals comply with these rules, Covington

This quarterly update summarizes key federal legislative and regulatory developments in the first quarter of 2022 related to artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and data privacy, and highlights a few particularly notable developments in the States.  In the first quarter of 2022, Congress and the Administration focused

This alert provides a further update on the rapidly evolving sanctions landscape with regard to the Ukraine crisis, further to our alerts on February 22 and February 25. On 25 February 2022, the European Union adopted an additional package of targeted and sectoral sanctions against Russia in response to its military actions in Ukraine. Those measures, which were announced earlier last week, include a range of new asset-freezing designations, financial sector restrictions, export controls, and other measures. The UK has also announced further economic sanctions against Russian individuals.

According to a joint statement issued by Canada, France, Germany, Italy, the UK, the U.S., and the European Commission on 26 February, further economic sanctions yet will be introduced in the coming days. Those measures will include the removal of selected Russian banks from the SWIFT messaging system using to facilitate global financial transactions.

New EU Targeted and Sectoral Sanctions

Additional Asset-freezing Designations

Council Implementing Regulation (EU) 2022/332 adds 98 people to the EU asset-freezing list. The list notably includes the Russian President Vladimir Putin and the Minister of Foreign Affairs Sergey Lavrov, as well as other members of the Russian National Security Council. Sanctions will also be extended to the remaining members of the Russian State Duma, who ratified the government decision of the Treaty of Friendship, Cooperation and Mutual Assistance between the Russian Federation and the two Ukrainian non-government controlled regions of the Donetsk and Luhansk oblasts. The Regulation also targets individuals who facilitated the Russian military action from Belarus.

New EU Sectoral Sanctions

The most far-reaching measures are introduced in Council Regulation (EU) 2022/328 (the “Regulation”). The Regulation amends Regulation (EU) 833/2014, first issued in August 2014, which set out the EU’s existing Russia sectoral sanctions regime, and introduces new measures targeting various sectors of the Russian economy.

As with regard to the original version of Regulation 833/2014, the restrictions summarized below extend to the worldwide conduct of EU persons and entities, conduct aboard EU-flagged vessels and aircraft, and to non-EU parties with regard to business occurring in whole or in part within the EU.

The Regulation introduces the following new export and related services restrictions:

  • Restrictions on exports of dual-use goods and technology: The Regulation replaces the pre-existing prohibition on exports of dual-use goods and technology under Council Regulation 833/2014. The pre-existing prohibition was limited to the export of dual-use goods and technology that were intended for military use or for a military end-user; the amended Regulation expands that prohibition to restrict the export of dual-use goods and technology and the provision of related services to persons in Russia regardless of the intended end-use or end user.

While exports of dual-use items always required licensing for Russia pursuant to the EU Dual Use Regulation, these new restrictions expand on those measures in important ways. In particular, as the jurisdictional scope of the Regulation extends to the conduct abroad of EU persons and entities, dual-use export controls on Russia are no longer limited to exports from the EU – the Regulation’s dual-use controls could apply with regard to actions by EU persons and entities in connection with the sale, supply, or transfer of dual-use items to Russia from anywhere in the world.
Continue Reading EU and UK Adopt Additional Sanctions Against Russia, with Further International Sanctions Measures Announced

On February 23, 2022, the European Commission published its long-awaited proposal—first announced in April 2020—for a Directive that is expected to require a significant number of EU and non-EU companies to conduct human rights and environmental due diligence across their operations and value chains.

The Commission’s Proposal for a Directive on corporate sustainability due diligence (the “Proposal”) is robust and signals that companies will need to make meaningful investments in effective due diligence programs. The Proposal also contemplates a significant expansion of directors’ duties, which would require directors of EU companies subject to the law to oversee the implementation of sustainability due diligence programs and take into account sustainability matters—including human rights, climate change, and environmental consequences—in the discharge of their duty to act in the best interest of the company.

The Proposal follows calls from the European Council (in December 2020) and the European Parliament (in January 2021) for a mandatory corporate due diligence and accountability law and extensive public consultation. It will now go through the EU’s legislative procedure, which requires agreement on the final text among the Commission, Parliament, and Council. Once passed, the law will represent a significant addition to the global legal landscape on business and human rights.

This alert summarizes key takeaways for companies established or doing business in the EU.

Which Companies Will Be Subject To The Law?

The Proposal sets forth application thresholds for EU and non-EU companies, with staggered implementation dates based on employee and turnover thresholds.

The proposed Directive’s due diligence obligations would initially apply (two years from the date it enters into force) to:

  • EU companies with an average of more than 500 employees and net worldwide turnover exceeding EUR 150 million; and
  • Non-EU companies with net turnover in the EU exceeding EUR 150 million in the financial year preceding the last financial year.


Continue Reading European Commission Publishes Proposal for a Corporate Sustainability Due Diligence Law

Overview

On January 25, 2022, the House of Representatives unveiled the America Creating Opportunities for Manufacturing, Pre-Eminence in Technology, and Economic Strength Act of 2022 (H.R. 4521) (“America COMPETES”), which is companion legislation to the United States Innovation and Competition Act (S. 1260) (“USICA”) passed by the Senate last summer. At over 2,900 pages, the legislation is an omnibus package of incentives and proposed funding for technology areas (principally semiconductors), supply chain proposals, investments in science, technology, engineering, and mathematics (“STEM”), and other pieces of legislation—all directed squarely at enhancing the United States’ competitive position against China.

Nestled within America COMPETES is a 25-page legislative proposal to create an inter-agency process—National Critical Capabilities Reviews—to review and regulate outbound investment (the “Outbound Review Process”). If enacted, the United States would become the first major Western advanced economy to adopt a broad-gauged outbound investment screening process, raising the prospect of a new era in national security-based reviews and restrictions of international investment flows.

To be sure, the concept of an outbound review process in the United States is not new—it first arose in early drafts of what ultimately became the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), which updated the statutory authorities governing the Committee on Foreign Investment in the United States (“CFIUS”). More recently, both Senators and House Members have pushed legislation nearly identical to the proposal in America COMPETES, including an attempt last summer by Senators Bob Casey (D-PA) and John Cornyn (R-TX) to add an outbound investment review process as an amendment to USICA. The Casey-Cornyn proposal ultimately was not included in USICA, partly because of pushback by the U.S. business community based on its breadth, but the Biden Administration, notably in a speech last summer by National Security Advisor Jake Sullivan, has signaled potential support for an outbound review process. Thus, while it is by no means certain that the Outbound Review Process will be enacted, the prospect is more real than ever given potential bipartisan support within Congress and alignment between Congress and the Executive Branch.

Outbound Review Process

The stated rationale for an outbound screening process is to safeguard against the U.S. becoming dependent on China for critical parts of the supply chain and production capabilities. The concerns that motivated earlier attempts to regulate outbound investment, however, were centered on technology transfers to China, especially through joint ventures. Among some policymakers, there is a broader view that investments by U.S. companies in China that can help China advance its own capabilities, even if only through financing, should be curbed.

Against that backdrop, the Outbound Review Process, as proposed, is both sweeping in scope and lacking in specifics. As proposed, the legislation would establish a new committee—the “Committee on National Critical Capabilities” (the “Committee”)—that would be chaired by the U.S. Trade Representative (“USTR”) and composed of a number of Executive Branch Agencies.[1]  Modeled to an extent on CFIUS, the Committee would have the authority to review certain transactions that may impact “national critical capabilities.” Specifically, the Committee could review any transaction by a United States business that “shifts or relocates to a country of concern, or transfers to an entity of concern, the design, development, production, manufacture, fabrication, supply, servicing, testing, management, operation, investment, ownership, or any other essential elements involving one or more national critical capabilities,” or “could result in an unacceptable risk to a national critical capability” (a “Covered Transaction”).

As a definitional matter:

  • Much like in the CFIUS regime, the term “United States business” means a “person engaged in interstate commerce in the United States.” The full scope of this is not clear and is a source of ambiguity and tension in CFIUS. This ambiguity would be more acute in legislation that, unlike CFIUS, does not have a 30-plus year history of practice, and that screens outbound capital flows. For example, as drafted, the legislation could arguably capture investments by U.S.-headquartered companies or financial sponsors that are made out of their foreign-based subsidiaries or funds.
  • “Country of concern” means any foreign government or foreign nongovernment person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons, or any non-market economy that is later identified by the Committee.
  • “Entity of concern” means any entity “the ultimate parent entity of which is domiciled in a country of concern; or that is directly or indirectly controlled by, owned by, or subject to the influence of a foreign person that has a substantial nexus with a country of concern.” Thus, for example, the definition could capture companies from allied countries that have substantial minority shareholdings from, or operations in, China or Russia (or other foreign adversaries). (The term “substantial nexus” is not defined.)
  • While the legislation would defer the full definition of “national critical capabilities” to implementing regulations, it suggests that at a minimum the term would mean “systems and assets… so vital to the United States that the inability to develop such systems and assets or the incapacity or destruction of such systems or assets would have a debilitating impact on national security or crisis preparedness” and could include articles in the following general categories, along with any others identified through implementing regulations:
    • medical supplies, medicines, and personal protective equipment;
    • articles essential to the operation, manufacture, supply, service, or maintenance of critical infrastructure;
    • articles critical to infrastructure construction after a natural or manmade disaster;
    • components of systems critical to the operation of weapons systems, intelligence collection systems, or items critical to the conduct of military or intelligence operations; and
    • services critical to each of the foregoing.

Moreover, the legislation requires a study of the following additional industries to identify other critical capabilities:

  • Energy
  • Medical
  • Communications, including electronic and communications components
  • Defense
  • Transportation
  • Aerospace, including space launch
  • Robotics
  • Artificial intelligence
  • Semiconductors
  • Shipbuilding
  • Water, including water purification


Continue Reading National Security Update—The House of Representatives Proposes an Outbound Investment Review Regime as Part of the America COMPETES Act

On 22 December 2021, the conference of German data protection supervisory authorities (“DSK”) published its Guidance for Providers of Telemedia Services (Orientierungshilfe für Anbieter von Telemedien).  Particularly relevant for providers of websites and mobile applications, the Guidance is largely devoted to the “cookie provision” of the German Telecommunication and Telemedia Privacy Act (TTDSG),