National Security

On September 24, 2025, Covington’s tech industry experts explored what legal teams, government affairs professionals, and business leaders at tech companies need to know during this pivotal period and offered insights into anticipated challenges and emerging opportunities in the year ahead. Eight Covington attorneys shared their insights during a 60-minute session moderated by Covington partner Holly Fechner. Key takeaways from the Forum are outlined below.Continue Reading Covington Tech Briefing Spotlight: Impact of Latest Policy Developments on the Tech Industry

As the UK Government has recognized, cyber incidents—such as Jaguar Land Rover, Marks and Spencer, Royal Mail and the British Library—are costing UK businesses billions annually and causing severe disruption. The Government recognizes that cybersecurity is a critical enabler of economic growth (“we cannot have growth without stability”), and that the current laws have “fallen out of date and are insufficient to tackle the cyber threats faced by the UK.” Accordingly the UK Government this week published its long-awaited Cyber Security and Resilience Bill (the “Bill”), which will amend the existing Network and Information Systems Regulations 2018 (the “NIS Regulations”), and grant new powers to regulators and the Government in relation to cybersecurity.

The NIS Regulations are the UK’s pre-Brexit implementation of Directive (EU) 2016/1148 (the “NIS Directive”), which established a “horizontal” cybersecurity regulatory framework covering essential services in five sectors (transport, energy, drinking water, health, and digital infrastructure) and some digital services (online marketplaces, online search engines, and cloud computing services). EU legislators replaced NIS Directive in 2022 with the “NIS2” Directive, which Member States were meant to transpose into national law by October of last year (although many are still late in doing so. See our post on NIS2 here for an overview of the requirements of NIS2).

The Bill is the UK’s effort at modernizing the framework originally set out in the NIS Directive. In its current form, the Bill will:

  • Significantly expand the scope of the NIS Regulations—to cover, among other things, data centers and managed service providers—and impose additional substantive obligations on covered organizations.
  • Increase potential fines—up to GBP 17m or 4% of the worldwide turnover of an undertaking—and extend the powers of competent authorities to share information with one another, issue guidance, and take enforcement action.
  • Establish a framework for future changes to the NIS Regulations, mechanisms for competent authorities to impose specific cybersecurity requirements on covered organizations, and greater Government direction of cybersecurity matters.

Below, we set out further detail on five major changes in UK cybersecurity regulation arising from the Bill.Continue Reading Five major changes to the regulation of cybersecurity in the UK under the Cyber Security and Resilience Bill

On October 29, 2025, the Federal Communications Commission (“FCC”) released its Second Report and Order (the “R&O”) and Second Further Notice of Proposed Rulemaking (“FNPRM”) concerning changes to its equipment authorization rules.  The R&O and FNPRM continue the FCC’s ongoing efforts to update the agency’s equipment authorization rules to “protect

Continue Reading FCC Modifies Equipment Authorization Rules to Address National Security Concerns

The government is officially closed, and the House of Representatives is in an extended recess, but the Senate keeps working. 

On Wednesday October 22, the Senate Foreign Relations Committee held a business meeting to consider 19 bills and approve two nominations (Joel Rayburn to be Assistant Secretary of State for Near Eastern Affairs and Andrew Veprek to be Assistant Secretary of State for Population, Refugees and Migration).  The bills focused mostly on Russia’s war in Ukraine, and on security concerns relating to China, and generally commanded bipartisan support.  All of the bills were approved, though some were amended.

One of the more consequential bills was the “REPO Implementation Act”, S. 2918, sponsored by Sen. Whitehouse, and co-sponsored by, among others, Foreign Relations Committee Chairman Risch.  This bill seeks to build on last year’s “Rebuilding Economic Prosperity and Opportunity for Ukrainians Act”, or “REPO Act”.  That legislation granted authority to the President to confiscate the approximately $5 billion in immobilized Russian sovereign assets in the United States and provide that money to Ukraine and Ukrainian claimants as compensation for the injuries inflicted on them by the war. Continue Reading Senate Foreign Relations Committee Action on Russia and China-related Legislation

The war in Ukraine, and other recent geopolitical conflicts, has underscored the need for EU-based defence capabilities to scale up to face these challenges. Several EU initiatives which have sought to stimulate investment are starting to bear fruit, as the European Defence Agency recently reported record high defence spendings in the EU (€350bn for 2024, a 19% increase to 2023). Political support for the sector has been demonstrated by Commission President Von Der Leyen proclaiming “a new era for European Defence and Security” in her latest State of the European Union address.

In this context, understanding the regulatory framework applicable to investments in the EU defence sector is proving increasingly important. Foreign direct investment (“FDI”) screening regimes represent one of the most important regulatory checks to clear for investors.

This blog post reviews five key points for investors to consider when making investments in the defence sector given the current geopolitical context.Continue Reading Five Key Points on FDI Screening in the EU Defence Sector

Earlier this month on September 8, the Federal Communications Commission (FCC) announced that it was taking an initial set of actions to address threats posed by so-called “bad labs.”  “Bad labs” consist of test labs that review and approve radio frequency emitting devices for use in the U.S. but are

Continue Reading FCC Takes Action on Certain “Bad Labs”

The EU e-evidence Regulation and Directive, which establish a regime for law enforcement authorities (“LEAs”) in one Member State to issue legally-binding demands for data from certain types of providers established in other Member States, will come into effect on 18 August 2026 (our post on the specific requirements of the Regulation and Directive is available here). On 28 July 2025, the European Commission adopted an Implementing Regulation (“IR”) setting out the technical specifications for the decentralized communications system that LEAs and covered service providers must use when, among other things, issuing and responding to European Production Orders (“EPOs”) and European Preservation Orders (“EPrOs”) under the e-evidence Regulation.Continue Reading European Commission adopts technical standards for the decentralized communication system to be used under the forthcoming e-evidence Regulation

On July 23, the White House released its AI Action Plan, outlining the key priorities of the Trump Administration’s AI policy agenda.  In parallel, President Trump signed three AI executive orders directing the Executive Branch to implement the AI Action Plan’s policies on “Preventing Woke AI in

Continue Reading Trump Administration Issues AI Action Plan and Series of AI Executive Orders

The UK Parliament has passed emergency legislation to enable the government to direct the use of assets of British Steel, and to take control of assets if directions are not followed.

The government’s stated intention is “continuing the support of steel production in the UK [which] involves preserving current production capacity to ensure resilience in the production of steel”. The new law creates new powers for the government to intervene in relation to steelmaking businesses whose assets are at risk of ceasing to be used. If the operation of a steelmaking blast furnace, such as those operated by British Steel, is stopped, restarting its operation can be prohibitively expensive and it may be permanently unusable.

Following negotiations with its current owners (the Chinese steelmaker Jingye Group) on the future of British Steel, the government announced on Friday its intention to recall Parliament the following day to introduce a draft bill and complete the full legislative process within a single day. The bill was passed by both Houses of Parliament and received royal asset on Saturday 12 April, coming into force on the same day, as the Steel Industry (Special Measures) Act 2025 (the “Act”).

This is the first time that Parliament has responded to a perceived crisis in a UK industry by extending the government’s powers to intervene in specific industries for “public interest” reasons since 2008, in the context of the Global Financial Crisis. In that case, Parliament passed legislation to enable the government to nationalise the Northern Rock bank (and subsequently other banks), and later that year the government’s public interest intervention powers under the Enterprise Act 2002 were expanded in order to allow the government to override competition concerns in the Lloyds/HBOS merger. In contrast to previous measures that provide the government with powers to acquire businesses and to intervene in potential mergers and acquisitions between businesses, the new Act applies outside of the context of a transaction or takeover. Specifically, the new Act applies where specific assets may cease (or have ceased) to be used in a steel manufacturing business but the government considers that it is in the public interest that the use of the assets should continue.

New powers to give directions on use of assets and take control of assets

The Act gives the government the power to issue a notice to a steel manufacturing business to direct how assets (in England and Wales) used by this business are to be used. This power is available when (a) it appears to the government that the assets concerned have ceased to be used or are at risk of ceasing to be used by the business, and (b) where the government considers that it is in the public interest that the use of specified assets should resume or continue. Directions can include requirements to use (or not to use) the assets in a specified way, or requirements for the undertaking to take (or not to take) steps to secure the continued and safe use of the assets. Notably this can include requirements to enter into agreements and contracts of employment, the appointment of officers, management decisions, making payments, and preventing insolvency proceedings.Continue Reading UK passes emergency legislation to authorize “public interest” directions on use of British Steel assets

The Senate Intelligence Committee’s January 30, 2025, confirmation hearing for former Representative Tulsi Gabbard, President Trump’s nominee for Director of National Intelligence, previewed a potentially difficult reauthorization path for Section 702 of the Foreign Intelligence Surveillance Act (“FISA”).  While Gabbard appears to now publicly favor reauthorization of Section 702, her

Continue Reading Tulsi Gabbard’s Confirmation Hearing for Director of National Intelligence: A Preview of a FISA Section 702 Reauthorization Fight?