Compliance Issues

Kenya has released its first National Artificial Intelligence Strategy (2025–2030), a landmark document on the continent that sets out a government-led vision for ethical, inclusive, and innovation-driven AI adoption. Framed as a foundational step in the country’s digital transformation agenda, the strategy articulates policy ambitions that will be of interest to global companies developing, deploying, or investing in AI technologies across Africa.

While the strategy is explicitly domestic in focus, its framing—and the architecture of its governance, infrastructure, and data pillars—reflects a broader trend, i.e., the localization of global AI governance norms in high-growth, emerging markets.

What the Strategy Means for Global Technology Governance

The strategy touches on several themes that intersect with enterprise risk, product development, and regulatory foresight for multinationals:

  • Data governance and sovereignty: Kenya signals a strong intent to develop AI within national parameters, grounded in local data ecosystems. The strategy explicitly references data privacy, cybersecurity, and ethics as core enablers of the AI ecosystem. For global companies with cloud-based models or cross-border data transfer frameworks, these developments may signal localization pressures or evolving consent standards.
  • Sector-specific use cases: Healthcare, agriculture, financial services, and public administration are named as strategic AI priorities. Companies operating in the life sciences, health tech, or diagnostics space should watch closely for how regulatory authorities may interpret and apply ethical or risk-based AI guidelines—especially where AI is used in clinical decision-making, diagnostics, or personalized medicine.
  • Public-private AI infrastructure development: The strategy envisages expanded digital infrastructure, data centers, and cloud resources, as well as national research hubs. This may create commercial opportunities—but could also trigger localization requirements or procurement-related restrictions, particularly for telecommunications and hyperscale cloud providers.
  • Future legal frameworks: The current strategy is not itself a binding legal instrument, but it points to future policy development—especially around governance, regulatory oversight, and risk classification of AI systems. Teams advising on AI risk, litigation exposure, and AI-assisted products (including generative tools) will want to track the next wave of draft legislation and implementation guidance.

Continue Reading Kenya’s AI Strategy 2025–2030: Signals for Global Companies Operating in Africa

On January 8, 2025, the Consumer Product Safety Commission (“CPSC”) published in the Federal Register a Final Rule that significantly changes the requirements for filing certificates of compliance for imported products under the Consumer Product Safety Act (“CPSA”). The publication of the Final Rule followed the CPSC’s vote to approve the Final Rule on December 18, 2024.

The Final Rule is intended to provide the CPSC and Customs and Border Protection (“CBP”) with significantly more information about imported products, which will likely enhance enforcement against noncompliant products. Companies should take proactive measures to ensure that all imported products comply with the CPSA. They should also prepare for increased scrutiny of products upon import, which may result in delays and potential seizures of products, and ensure that they have processes in place for complying with all aspects of the Final Rule.

The Final Rule makes two major changes to existing CPSC requirements for filing certificates of compliance, which will take effect on July 8, 2026 (except that for products entering from a foreign trade zone for consumption or warehousing, the rule will take effect on January 8, 2027).

First, the Final Rule requires that for all imported products subject to a mandatory safety standard under the CPSA, importers must electronically file (“eFile”) the requisite certificate of compliance at the time of entry with Customs and Border Protection (“CBP”), which will then share the certificate with CPSC. Notably, products claiming a de minimis duty exemption under 19 U.S.C. § 1321 (“Section 321”)—i.e., products valued at less than $800—are also subject to this eFiling requirement. By requiring eFiling of certificates of compliance, including for de minimis products, the Final Rule is intended to improve the CPSC and CBP’s ability to collect data on imported products and bolster their monitoring and enforcement capabilities.

Second, the Final Rule newly defines the term “importer” in the CPSC regulations to be synonymous with the importer of record (“IOR”). This change places the responsibility for filing certificates of compliance for most imported products on the IOR. However, if the IOR is a customs broker, the broker is responsible for filing the certificate but can designate the “owner, purchaser, or consignee” as legally responsible for complying with the CPSC’s testing and certification requirements, including for the accuracy and validity of the data submitted on the certificate.

For mail and de minimis shipments, which do not have an IOR, the Final Rule clarifies that the “importer” can be an owner, purchaser, consignee, or authorized customs broker. Similar to products that do not fall under the de minimis exemption, the customs broker may file the certificate for a de minimis shipment but identify the owner, purchaser, or consignee as the party responsible for compliance. Continue Reading CPSC Revises Requirements for Certificates of Compliance

Under a newly enacted law, beginning June 30, 2026, defense contractors risk losing all future contracts with the Defense Department if they engage outside consultants that lobby for certain Chinese companies. On December 23, 2024, President Biden signed the National Defense Authorization Act (“NDAA”) for Fiscal Year (“FY”) 2025

Continue Reading New Law Appears to Restrict Defense Contractors from Retaining Consultants Who Lobby for Chinese Military Companies

This is part of an ongoing series of Covington blogs on the implementation of Executive Order No. 14110 on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (the “AI EO”), issued by President Biden on October 30, 2023.  The first blog summarized the AI EO’s key provisions and

Continue Reading October 2024 Developments Under President Biden’s AI Executive Order

This is the thirty-fourth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs describes described the actions taken by various government agencies to implement the Cyber EO from June 2021through January 2024.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during February 2024.  It also describes key actions taken during February 2024 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, secure software, and federal government contractors. 

NIST Publishes Cybersecurity Framework 2.0

            On February 26, 2024, the U.S. National Institute of Standards and Technology (“NIST”) published version 2.0 of its Cybersecurity Framework.  The NIST Cybersecurity Framework (“CSF” or “Framework”) provides a taxonomy of high-level cybersecurity outcomes that can be used by any organization, regardless of its size, sector, or relative maturity, to better understand, assess, prioritize, and communicate its cybersecurity efforts.  CSF 2.0 makes some significant changes to the Framework, particularly in the areas of Governance and Cybersecurity Supply Chain Risk Management (“C-SCRM”).  Covington’s Privacy and Cybersecurity group has posted a blog that discusses CSF 2.0 and those changes in greater detail.

NTIA Requests Comment Regarding “Open Weight”

Dual-Use Foundation AI Models

            Also on February 26, the National Telecommunications and Information Administration (“NTIA”) published a request for comments on the risks, benefits, and possible regulation of “dual-use foundation models for which the model weights are widely available.”  Among other questions raised by NTIA in the document are whether the availability of public model weights could pose risks to infrastructure or the defense sector.  NTIA is seeking comments in order to prepare a report that the AI EO requires by July 26, 2024 on the risks and benefits of private companies making the weights of their foundational AI models publicly available.  NTIA’s request for comments notes that “openness” or “wide availability” are terms without clear definition, and that “more information [is] needed to detail the relationship between openness and the wide availability of both model weights and open foundation models more generally.”  NTIA also requests comments on potential regulatory regimes for dual-use foundation models with widely available model weights, as well as the kinds of regulatory structures “that could deal with not only the large scale of these foundation models, but also the declining level of computing resources needed to fine-tune and retrain them.”Continue Reading February 2024 Developments Under President Biden’s Cybersecurity Executive Order, National Cybersecurity Strategy, and AI Executive Order

On June 20, 2023, the Federal Communications Commission (“FCC”) released a Notice of Proposed Rulemaking (“NPRM”) to require cable operators and direct broadcast satellite (“DBS”) providers to display an “all-in” price for their video programming services in their billing and marketing materials.  The White House issued a press release that

Continue Reading FCC Proposes “All-In” Pricing Rules for Cable/Satellite TV

Covington annually publishes a detailed survey of state campaign finance, lobbying, and gift rules.  Now, for the first time, Covington is releasing an updated survey that details federal campaign finance, lobbying, and gift rules, in addition to those of the 50 states and the District of Columbia. Corporations, trade associations, non-profits, other organizations, and individuals face significant penalties and reputational harm if they violate federal or state laws governing corporate and personal political activities, the registration of lobbyists, lobbying reporting, or the giving of gifts or items of value to government officials or employees. To help organizations and individuals comply with these rules, this detailed survey—now 327 pages—summarizes the campaign finance, lobbying, and gift rules adopted by the federal government, all 50 states, and the District of Columbia.

Newly added federal sections cover the Lobbying Disclosure Act, the Foreign Agents Registration Act, Congressional gift rules, executive branch gift rules, and the Federal Election Campaign Act. Information is provided in a table question and answer format intended to address common questions with practical guidance. Continue Reading Covington Releases Updated Survey of Federal and State Campaign Finance, Lobbying, and Gift Rules (2023 Edition)

Today, the California Attorney General announced the first settlement agreement under the California Consumer Privacy Act (“CCPA”).  The Attorney General alleged that online retailer Sephora, Inc. failed to disclose to consumers that it was selling their information and failed to process user requests to opt out of sale via user-enabled

Continue Reading California Attorney General Announces First CCPA Settlement

Importers of merchandise into the United States must use “reasonable care” in the importation process, which includes providing accurate and complete information necessary for U.S. Customs and Border Protection (“CBP”) to process and release the merchandise into the United States.[1]  Importers who fail to take this obligation seriously do so at their peril, because catching importer mistakes that result in duty underpayments is an enforcement priority for CBP.  If CBP determines that an importer has failed to exercise reasonable care, CBP may impose substantial civil penalties, even if an error was unintentional.[2]  However, where importers discover their own import compliance errors before CBP does, they may significantly reduce their exposure to penalties by proactively and voluntarily disclosing such errors to CBP with a “prior disclosure.”  This article summarizes the fundamentals of a prior disclosure, and reports on recent efforts by CBP to standardize prior disclosure practices across U.S. ports of entry.

Prior Disclosure Fundamentals

CBP encourages importers to file prior disclosures,[3] and it often makes sense for an importer to do so.  The statutes, regulations and procedures that govern the importation of merchandise into the United States are complex and constantly changing, such that even the most experienced and vigilant importers make mistakes.  A prior disclosure allows an importer to disclose its violations of Customs laws and regulations to CBP and pay any unpaid duties or fees owed.  In exchange, the importer limits exposure to otherwise applicable penalties, by limiting the penalty to the interest owed.  CBP benefits as well, receiving prompt payment of duties owed (plus interest) without using internal resources to conduct an investigation of the reported violations and enforce a penalty order. Continue Reading Voluntary Disclosures to CBP: What Importers Need to Know About the Changing Landscape

The 2021 report from the Government Accountability Office (“GAO”) offers new details on the landscape of Lobbying Disclosure Act (“LDA”) compliance and enforcement.  The report is based on random audits of lobbyists’ filings and analysis of enforcement by the U.S. Attorney’s Office for the District of Columbia (“USAO”).

The report
Continue Reading GAO Report Highlights Trends in Lobbying Disclosure Act Compliance and Enforcement