On 5 December 2025, the Act Transposing the NIS 2 Directive and Regulating Key Aspects of Information Security Management in the Federal Administration (Gesetz zur Umsetzung der NIS-2-Richtlinie und zur Regelung wesentlicher Grundzüge des Informationssicherheitsmanagements in der Bundesverwaltung (“NIS2UmsG”) (see here, in German only) became binding in Germany. According to the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik (“BSI”) (see here, in German only), roughly 29,500 companies will have to comply with the increased cybersecurity requirements adopted by the NIS2UmsG.Continue Reading Germany Transposes NIS 2 Directive – Increased Cybersecurity Requirements for Businesses

Shortly before adjourning for 2025, the Senate passed two bills to broaden disclosure and registration requirements related to the regulation of foreign agents under the Foreign Agents Registration Act (“FARA”) and the Lobbying Disclosure Act (“LDA”): the Disclosing Foreign Influence in Lobbying Act (S. 856 / H.R. 1883)

Continue Reading Senate Advances Bills To Broaden Foreign Agent Disclosures in Lobbying Reports

On December 22, the Federal Trade Commission (“FTC”) issued an order setting aside its 2024 final consent order against Rytr, LLC (“Rytr”) on the grounds that the facts alleged in the Rytr complaint did not violate Section 5.  The Commission further found that the Rytr order did not provide any

Continue Reading FTC Sets Aside Rytr Final Order Pursuant to White House AI Action Plan

In 2024, the Federal Communications Commission (FCC) issued fines to four major telecommunications carriers—Verizon, AT&T, Sprint, and T-Mobile—for allegedly failing to protect the geolocation data of their subscribers, which the FCC claimed violated its Customer Proprietary Network Information (“CPNI”) rules. To challenge the action, all four carriers had to first pay the fines, which they did.  They then petitioned for review of the FCC’s decision in various U.S. courts of appeals, arguing that the FCC’s procedure for adjudicating monetary fines violated their right to a jury trial as guaranteed by the Seventh Amendment. Verizon sought relief in the Second Circuit, T-Mobile (which had merged with Sprint) sought relief in the D.C. Circuit, and AT&T sought relief in the Fifth Circuit.

The Second Circuit and the D.C. Circuit held in favor of the FCC, rejecting the carriers’ argument that the FCC violated their Seventh Amendment rights. But the Fifth Circuit reached a different conclusion, holding that the FCC’s procedure did in fact violate AT&T’s right to a jury trial. The FCC (which lost in the Fifth Circuit) and Verizon (which lost in the Second Circuit) each has filed a petition for certiorari at the Supreme Court.

With a 2-1 federal circuit split and two certiorari petitions pending, some are predicting that there is a good chance that the Supreme Court will decide to consider the appeals. The dispute raises a fundamental question about the FCC’s authority to impose monetary penalties through its in-house administrative enforcement procedures. If the Supreme Court grants certiorari, it will be called upon to determine whether the Communications Act violates the Seventh Amendment by authorizing the FCC to order the payment of monetary penalties for violations of the Act, without guaranteeing the right to a jury trial. The resolution of this dispute thus could have significant implications for how the FCC enforces the law against telecommunications carriers and other entities subject to its jurisdiction.

Both petitions for certiorari have been distributed for a January 9, 2026 conference.Continue Reading FCC Privacy Enforcement May Face More Constitutional Scrutiny: Supreme Court Review of FCC CPNI Fines Sought Amid Circuit Split

Companies find themselves in the most dynamic regulatory environment in recent memory.  That is due in part to changes President Trump has made to the way the White House interacts with the agencies.  By dramatically increasing the number, tempo, and detail of executive orders, Trump has strengthened presidential control of the executive branch.  The White House has never mattered more in regulatory policy-making, and companies should adjust their advocacy efforts accordingly.Continue Reading The Trump Administration’s Enhanced Use of Executive Orders

On December 16, 2025, the U.S. National Institute of Standards and Technology (“NIST”) published a preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence (“Cyber AI Profile” or “Profile”).  According to the draft, the Cyber AI Profile is intended to “provide guidelines for managing cybersecurity risk related to AI systems [and] identify[] opportunities for using AI to enhance cybersecurity capabilities.”  The draft Profile uses the existing voluntary NIST Cybersecurity Framework (“CSF”) 2.0 — which “provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks” — and overlays three AI Focus Areas (Secure, Detect, Thwart) on top of the CSF’s outcomes (Functions, Categories, and Subcategories) to suggest considerations for organizations to prioritize when securing AI implementations, using AI to enhance cybersecurity defenses, or defending against adversarial uses of AI.  This draft guidance will likely be familiar to organizations that already leverage the CSF 2.0 in their cybersecurity programs and might be complimentary to existing frameworks that organizations already have in place.  Even so, the outcomes are designed to be flexible such that a range of organizations (with mature or novel programs) can leverage the guidance to help manage AI-related cybersecurity risk.  Continue Reading NIST Publishes Preliminary Draft of Cybersecurity Framework Profile for Artificial Intelligence for Public Comment

The 2025 proxy season saw significant developments with respect to proposals calling on companies to disclose information about their political contribution activity and lobbying activity, including an increase in support for political contribution proposals. That stronger support, particularly against the backdrop of reduced support for socially-oriented shareholder proposals, may lead

Continue Reading Is a Political Law Shareholder Proposal Under Your Tree? Strategies for Responding in the New Year

On December 19, New York Governor Kathy Hochul (D) signed the Responsible AI Safety & Education (“RAISE”) Act into law, making New York the second state in the nation to codify public safety disclosure and reporting requirements for developers of frontier AI models.  Prior to signing, Governor Hochul secured several

Continue Reading New York Governor Signs Frontier AI Safety Legislation

On December 11, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) released its Cybersecurity Performance Goals 2.0 (“CPG 2.0”), an update to its core set of recommended cybersecurity practices for critical infrastructure owners and operators, which we previously wrote about here.  Established by the 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, the CPGs provide a list of essential, outcome-driven cybersecurity “goals” to establish “a common understanding of the baseline security practices” for critical infrastructure owners and operators, including government contractors and defense contractors.  The CPGs, which are voluntary, apply to both information technology (“IT”) and operational technology (“OT”) environments and are designed to reduce risk related to known, high-impact cyber threats and adversarial tactics, techniques, and procedures (“TTPs”).Continue Reading CISA Releases Cybersecurity Performance Goals 2.0 for Critical Infrastructure

On December 2, Greystar agreed to a $24 million settlement over allegations it misled renters by omitting mandatory fees from advertised monthly rents.  This settlement underscores the FTC’s continuing scrutiny of “junk fees” and signals that the FTC may pursue rulemaking requiring greater transparency in rental fee advertising. Continue Reading Greystar’s $24 Million Settlement Signals FTC Crackdown on Hidden Rental Fee