legislation

Last week, on 4 July 2024, the German Parliament (Bundestag) has passed significant changes to the country’s drug pricing and reimbursement laws. Just six months after the German Federal Health Ministry (BMG) presented a first draft bill for a “Medical Research Act” (Medizinforschungsgesetz or MFG), the German Parliament has now accepted a modified version of that bill. The Medical Research Act mainly amends (1) national laws for clinical trials with drugs and medical devices, (2) rules for ATMPs (3) drug pricing and reimbursement laws (AMNOG) and (4) initiates a re-organization of the regulatory agencies and ethics committees.

In this blog, we take a closer look at the much-discussed changes in the German drug pricing and reimbursement area. We will focus on two key elements:

  • The controversial new feature of “confidential reimbursement prices”; and
  • The new link between drug pricing and local clinical trials which offers pricing incentives for companies that can show that a “relevant part”  of the clinical trials for a new medicine were conducted in Germany.

We had noted in an earlier blog that the German rules for pharmaceutical pricing and reimbursement are among the most complicated legal areas in the entire world of life sciences laws. With the now coming new laws, Germany adds some additional complexity to its system.

1. Background

The discussed changes to the German drug pricing and reimbursement laws are part of the German Government’s new National Pharma Strategy that aims to enhance Germany’s attractiveness as a place for pharmaceutical research, development, and manufacturing. The Government presented an underlying strategy paper in December 2023 and the Medical Research Act is the first legislative implementation step of that strategy. For an overview of this new National Pharma Strategy, we invite you to read our previous blog on this topic.

The Medical Research Act was first presented to stakeholders in late January 2024. For a comprehensive overview of this first draft, please see our earlier earlier blog. After an initial consultation, the Government revised the draft and initiated the legislative process at the end of May 2024. Overall, the Government has deployed an unusually fast pace and was successful with its plan to get the bill through Parliament before the summer break.Continue Reading Germany amends drug pricing and reimbursement laws with “Medical Research Act” – Drug pricing becomes intertwined with local clinical research expectations

With three months left until the end of this year’s legislative session, the California Legislature has been considering a flurry of bills regarding artificial intelligence (AI). Notable bills, described further below, impose requirements on developers and deployers of generative AI systems. The bills contain varying definitions of AI and generative AI systems. Each of these bills has been passed by one legislative chamber, but remains under consideration in the other chamber.

Legislation Regulating AI Developers

Two bills would require generative AI systems to make AI-generated content easily identifiable.

  • SB 942 would require generative AI systems that average 1 million monthly visitors or users to provide an “AI detection tool” that would verify whether content was generated by the system. It would also require AI-generated content to have a visible and difficult to remove disclosure that the content was generated by AI. A noncompliant system would incur a daily $5,000 fine, although only the Attorney General could file an enforcement action.
  • AB 3211 would require, starting February 1, 2025, that every generative AI system, as defined under the law, place watermarks in AI-generated content. Generative AI systems would need to develop associated decoders that would verify whether content was generated by the system. A system available before February 1, 2025 could only remain available if the provider of the system created a decoder with 99% accuracy or published research that the system is incapable of producing inauthentic content. A system used in a conversational setting (e.g., chatbots) would need to clearly disclose that it generates synthetic content. Additionally, vulnerabilities in the system would need to be reported to the Department of Technology. The Department of Technology would have administrative enforcement authority to impose penalties up to the greater of $1 million or 5% of the violator’s annual global revenue.

Two additional bills would limit or require disclosure of information about data sources used to train AI models.

  • AB 2013 would require, beginning in January 1, 2026, that the developer of any AI model post on their website information regarding the data used to train the model. This would include: the source or owner of the data; the number of samples in the data; whether the data is protected by copyright, trademark, or patent; and whether there is personal information or aggregate commercial information in the data, as defined in the California Consumer Privacy Act (CCPA). AI models developed solely to ensure security and integrity would be exempt from this requirement.
  • AB 2877 would prohibit using personal information, as defined in the CCPA, of individuals under 16 years old to train an AI model without affirmative consent. The individual’s parent would need to give affirmative consent for individuals under 13 years old. Even with consent, the developer would need to deidentify and aggregate the data before using it to train an AI model.

Legislators also are considering preemptively regulating AI that is more advanced than systems currently in existence. SB 1047 would create a new Frontier Model Division to regulate AI models trained on a system that can perform 1026 integer operations per second (IOPS) or floating-point operations per second (FLOPS). The legislature emphasized this would not regulate any technology currently in existence. The bill would also require operators of a cluster of computers that can perform 1020 IOPS or FLOPS to establish certain policies around customer use of the cluster.Continue Reading California Legislature Advances Several AI-Related Bills

New Jersey and New Hampshire are the latest states to pass comprehensive privacy legislation, joining CaliforniaVirginiaColoradoConnecticutUtahIowaIndiana, Tennessee, Montana, OregonTexasFlorida, and Delaware.  Below is a summary of key takeaways. 

New Jersey

On January 8, 2024, the New Jersey state senate passed S.B. 332 (“the Act”), which was signed into law on January 16, 2024.  The Act, which takes effect 365 days after enactment, resembles the comprehensive privacy statutes in Connecticut, Colorado, Montana, and Oregon, though there are some notable distinctions. 

  • Scope and Applicability:  The Act will apply to controllers that conduct business or produce products or services in New Jersey, and, during a calendar year, control or process either (1) the personal data of at least 100,000 consumers, excluding personal data processed for the sole purpose of completing a transaction; or (2) the personal data of at least 25,000 consumers where the business derives revenue, or receives a discount on the price of any goods or services, from the sale of personal data. The Act omits several exemptions present in other state comprehensive privacy laws, including exemptions for nonprofit organizations and information covered by the Family Educational Rights and Privacy Act.
  • Consumer Rights:  Consumers will have the rights of access, deletion, portability, and correction under the Act.  Moreover, the Act will provide consumers with the right to opt out of targeted advertising, the sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.  The Act will require controllers to develop a universal opt out mechanism by which consumers can exercise these opt out rights within six months of the Act’s effective date.
  • Sensitive Data:  The Act will require consent prior to the collection of sensitive data. “Sensitive data” is defined to include, among other things, racial or ethnic origin, religious beliefs, mental or physical health condition, sex life or sexual orientation, citizenship or immigration status, status as transgender or non-binary, and genetic or biometric data.  Notably, the Act is the first comprehensive privacy statute other than the California Consumer Privacy Act to include financial information in its definition of sensitive data.  The Act defines financial information as an “account number, account log-in, financial account, or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a consumer’s financial account.”
  • Opt-In Consent for Certain Processing of Personal Data Concerning Teens:  Unless a controller obtains a consumer’s consent, the Act will prohibit the controller from processing personal data for targeted adverting, sale, or profiling where the controller has actual knowledge, or willfully disregards, that the consumer is between the ages of 13 and 16 years old.
  • Enforcement and Rulemaking:  The Act grants the New Jersey Attorney General enforcement authority.  The Act also provides controllers with a 30-day right to cure for certain violations, which will sunset eighteen months after the Act’s effective date.  Like the comprehensive privacy laws in California and Colorado, the Act authorizes rulemaking under the state Administrative Procedure Act.  Specifically, the Act requires the Director of the Division of Consumer Affairs in the Department of Law and Public Safety to promulgate rules and regulations pursuant to the Administrative Procedure Act that are necessary to effectuate the Act’s provisions.  

Continue Reading New Jersey and New Hampshire Pass Comprehensive Privacy Legislation

Last week, a bipartisan, bicameral group of legislators introduced the Retroactive Foreign Agents Registration Act (“RFARA”) in the U.S. Congress.  Led by Chairman Mike Gallagher (R-Wis.) and Ranking Member Raja Krishnamoorthi (D-Ill.) of the U.S. House Select Committee on the Chinese Communist Party, the bill would amend the Foreign Agents

Continue Reading Congress Introduces Retroactive Foreign Agents Registration Act in Response to Wynn Decision

On Thursday, the Senate passed two bills — The Lobbying Disclosure Improvement Act (S. 264) and Disclosing Foreign Influence in Lobbying Act (S. 289) — that attempt to increase disclosure of Foreign Agents Registration Act (“FARA”) activity through amendments to the Lobbying Disclosure Act (“LDA”).  The

Continue Reading Senate Passes Two FARA-Related Bills

In a new post on the Inside Tech Media blog, our colleagues discuss the “Quantum Computing Cybersecurity Preparedness Act,” which President Biden signed into law in the final days of 2022.  The Act recognizes that current encryption protocols used by the federal government might one day be vulnerable to

Continue Reading President Biden Signs Quantum Computing Cybersecurity Preparedness Act

Robert C. Byrd, America’s longest serving Senator, was fond of noting that the two great rights of Senators are the right to debate and the right to amend.  Not generally governed by germaneness requirements, the Senate amendment process has historically been open and robust.

Non-germane amendments have been an important
Continue Reading One Explanation for Dysfunction in the Senate