Regulatory

Subscribe to Regulatory

The UK government has reported a successful start to the implementation of the National Security and Investment Act 2021 (the “NSIA” or “Act”). During the first three months (Jan-March 2022) in which the new NSIA regime has been active, the Investment Screening Unit (“ISU”) received 222 filings and reviewed 17 transactions in depth. Of those 17 transactions, three have been cleared unconditionally, with the other 14 transactions still under review at the end of the reporting period.

Mandatory NSIA filings, which represented 196 of the total flings, were most commonly made in six sectors: defence, military and dual-use, critical suppliers to government, artificial intelligence, data infrastructure and advanced materials.  There were significantly fewer filings in other sectors, with fewer than five filings per sector in areas such as synthetic biology, civil nuclear, advanced robotics and transport.

Collectively, these figures and other data suggest that the NSIA regime is operating, so far, broadly in line with expectations. While there are fewer filings than expected overall, this may reflect a broader global slowdown in M&A and investment activity. The ISU further reports that it is meeting, and often working well within, the maximum statutory time periods for the assessment of filings. The ISU indicates its willingness to complete reviews expeditiously where possible, including for in-depth assessments.

Continue Reading UK National Security and Investment Regime Working Well

The UK government has reported a successful start to the implementation of the National Security and Investment Act 2021 (the “NSIA” or “Act”). During the first three months (Jan-March 2022) in which the new NSIA regime has been active, the Investment Screening Unit (“ISU”) received 222 filings and reviewed 17 transactions in depth. Of those 17 transactions, three have been cleared unconditionally, with the other 14 transactions still under review at the end of the reporting period.

Mandatory NSIA filings, which represented 196 of the total flings, were most commonly made in six sectors: defence, military and dual-use, critical suppliers to government, artificial intelligence, data infrastructure and advanced materials.  There were significantly fewer filings in other sectors, with fewer than five filings per sector in areas such as synthetic biology, civil nuclear, advanced robotics and transport.

Collectively, these figures and other data suggest that the NSIA regime is operating, so far, broadly in line with expectations. While there are fewer filings than expected overall, this may reflect a broader global slowdown in M&A and investment activity. The ISU further reports that it is meeting, and often working well within, the maximum statutory time periods for the assessment of filings. The ISU indicates its willingness to complete reviews expeditiously where possible, including for in-depth assessments.

Continue Reading UK National Security and Investment Regime Working Well

Last month, the U.S.-EU Trade and Technology Council (TTC) met in Paris-Saclay for the second time since its launch in June 2021. (The first ministerial took place in Pittsburgh in September. France hosted this session as holder of the rotating presidency of the Council of the EU.) The meeting was co-chaired by Secretary of State Blinken, Secretary of Commerce Raimondo, and U.S. Trade Representative Tai, and European Commission Executive Vice Presidents Vestager and Dombrovskis. European Commissioner Breton also joined the discussions and the French ministers for foreign affairs, economy, and trade (Le Drian, Le Maire, and Riester) hosted the opening dinner.

The TTC is a new model of economic integration through regulatory coordination. Although both sides reserve their “regulatory autonomy,” they have also invested significant political capital, time, and effort into this process. The TTC spans broad policy areas including tech standards, climate, supply chains, export controls, and investment screening. It operates through ten working groups, which meet at staff working levels and seek input from outside stakeholders. For instance, the European Commission sponsors a “Trade and Technology Dialogue” facility to conduct outreach to the private sector and civil society. Through this technical work, the TTC’s aim is to shape the “rules of the road” for the global economy to favor liberal democracies, leveraging the transatlantic community’s half of global GDP. The ministerials set the themes and political direction for the working groups.

Against the backdrop of Russia’s ongoing aggression against Ukraine, the U.S. and EU noted that the TTC has become a “central pillar” of the transatlantic partnership, “indispensable” in facilitating coordination on sanctions and export controls. It will serve as a forum to monitor and discuss the Russia sanctions and may coordinate their eventual removal. Indeed, the TTC has arguably become more of a geopolitical tool than originally intended. Its 48-page joint statement reflects the breadth and depth of the underlying discussions and signals various future policy directions.

Continue Reading U.S.-EU Trade and Tech Council: Paris Takeaways and Next Steps

On 4 May 2022, the Council of the EU (the “Council”) formally adopted its position on the proposal of the European Commission (the “Commission”) for a Regulation on foreign subsidies distorting the internal market (the “Foreign Subsidies Regulation”) (see our alert on the proposal). On the same day, the European Parliament (the “Parliament”) also adopted its position on the Foreign Subsidies Regulation (see our blog post). The Council’s adoption confirms the Commission’s initial proposal of the regulation while seeking to limit the Commission’s power to investigate foreign subsidies.

The three most important things for you to know about the recent amendments to the Foreign Subsidies Regulation:

  • The thresholds above which companies are obliged to inform the Commission about their foreign subsidies have been increased, reducing the scope of the new rules to a narrower set of acquisitions, mergers and public procurements. In addition, foreign subsidies of less than EUR 5 million would not be subject to notification and foreign subsidies of less than EUR 200,000 would escape any scrutiny.  
  • The time period in which the Commission has to investigate foreign subsidies in large public procurements has been reduced. Furthermore, the “retroactive” application of the Foreign Subsidy Regulation is limited to foreign subsidies granted in the five years prior to the application of the regulation.
  • The application of some concepts (e.g., the power to request prior notification) will be subject to further guidance by the Commission.


Continue Reading The Council of the EU endorses the European Commission’s proposal on the Foreign Subsidies Regulation

Securities and Capital Markets

On March 21, 2022, the SEC proposed landmark rules regarding climate-related disclosures that would, if finalized, impact both domestic and foreign private issuers that are subject to the reporting requirements of the Securities Exchange Act of 1934.  The much-anticipated proposal will elicit discussion regarding the type, amount, and materiality of certain climate-related information that a company could be required to report.  The proposal also highlights the significant shift in market expectations globally regarding a company’s oversight of evolving climate-related risks and opportunities.  The SEC also published a fact sheet describing the proposed new disclosure requirements, which includes a matrix outlining the proposed phase-in periods and accommodations for the new disclosures.  The timing and scope of final rules remains uncertain, but the earliest that certain large accelerated companies would need to comply with the proposed rules if adopted would be 2023 (with the possibility of a filing by 2024).

Below we summarize:

  1. Background developments that led to the proposal;
  2. Key provisions of the proposed rules;
  3. Controversial elements of the proposal that may engender further debate; and
  4. What companies should be doing now.

Background

In recent years, investors have become increasingly focused on climate-related issues and risks related to a company’s business.  This heightened awareness has resulted in the SEC taking various steps to address investor demand for more transparent, comparable, decision-useful climate-related disclosure.  For example, in 2010, the SEC released guidance on how companies should apply existing disclosure requirements pertaining to a company’s business operations and exposure to material climate-related matters.[1]

In March 2021, SEC Commissioner and then-Acting Chair Allison Herren Lee requested public input from investors, companies and other market participants on whether current disclosures regarding climate-related opportunities and risks provided adequate information to investors.[2]  ESG-related task forces were also established with the purpose of evaluating climate-related disclosures and claims.  In July 2021, SEC Chair Gary Gensler announced the SEC would propose mandatory climate-related disclosure rules.  In September 2021, the SEC’s Division of Corporate Finance issued a Sample Letter to Companies Regarding Climate Change Disclosures to provide companies with additional guidance regarding climate-related disclosures.
Continue Reading SEC Proposes Landmark Climate-Related Disclosure Rules

In the wake of rulings upholding federal regulators’ “valid when made” rules, a new lawsuit serves as a reminder that state regulators and class-action plaintiffs’ lawyers may continue to challenge the bank partnership lending model under the “true lender” doctrine.

In early March, the fintech OppFi filed suit to stop California’s banking commissioner from enforcing

This is the tenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the secondthirdfourthfifthsixthseventheighth, and ninth blogs described the actions taken by various Government agencies to implement the EO from June 2021 through January 2022, respectively.

This blog summarizes key actions taken to implement the Cyber EO during February 2022.  As with steps taken during prior months, the actions described below reflect the implementation of the EO within the Government.  However, these activities portend further actions in March 2022 that are likely to impact government contractors, particularly those who provide software products or services to government agencies.

NIST Publishes Guidance to Federal Agencies on Practices to Enhance Supply Chain Security When Procuring Software

Section 4(e) of the Cyber EO requires the National Institute of Standards and Technology (NIST) to publish guidelines on practices for software supply security for use by U.S. Government acquisition and procurement officials.  Section 4(k) of the EO requires the Office of Management and Budget, within 30 days of the publication of this guidance (or March 4, 2022), to “take appropriate steps to require that agencies comply with such guidelines with respect to software procured after the date of the EO.  Section 4(n) of the EO states that within one year of the date of the EO (or May 12, 2023), the Secretary of Homeland Security…shall recommend to the FAR Council contract language requiring suppliers of software available for purchase by agencies to comply with, and attest to complying with, any requirements issued pursuant to subsections (g) through (k) of this section.”

NIST issued the Supply Chain Security Guidance called for by Section 4(e) of the EO on February 4, 2022.  The Supply Chain Security Guidance states that it “provides recommendations to federal agencies on ensuring that the producers of software they procure have been following a risk-based approach for secure software development throughout the software life cycle,” and that “[t]hese recommendations are intended to help federal agencies gather the information they need from software producers in a form they can use to make risk-based decisions about procuring software.”  The scope of the Supply Chain Security Guidance is expressly limited to “federal agency procurement of software, which includes firmware, operating systems, applications, and application services (e.g., cloud-based software), as well as products containing software.”  The Guidance further provides that “the location of the implemented software, such as on-premises or cloud-hosted, is irrelevant,” and also excludes open source software and software developed by federal agencies.  However, open-source software that is bundled, integrated, or otherwise used by software purchased by a federal agency is within the scope of the Guidance.

The Supply Chain Security Guidance defines minimum recommendations for federal agencies as they acquire software or a product containing software:

  1. Use the Secure Software Development Framework (SSDF) terminology and structure to organize communications about secure software development requirements.
  2. Require attestation to cover secure software development practices performed as part of processes and procedures throughout the software life cycle.
  3. Accept first-party attestation of conformity with SSDF practices unless a risk-based approach determines that second or third-party attestation is required.
  4. When requesting artifacts of conformance, request high-level artifacts.


Continue Reading February 2022 Developments Under President Biden’s Cybersecurity Executive Order

Covington’s Inside Privacy Audiocast offers insights into topical global privacy issues and trends. Subscribe to our Inside

On November 8, 2021, New York Governor Kathy Hochul signed a new electronic monitoring law (S2628) requiring New York businesses that monitor or intercept employees’ e-mails, telephone calls, or internet usage to notify employees in writing of these practices.  The new law amends the state’s civil rights law and takes effect on May

On September 24, the Safer Federal Workforce Task Force released guidance on workplace safety protocols for federal contractors and subcontractors related to COVID-19 (“the Guidance”).  The Guidance was issued pursuant to President Biden’s Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors.

As expected, the Guidance covers a broad range of contract